Feeds

Facebook revises privacy policy

Plain English update

Protecting users from Firesheep and other Sidejacking attacks with SSL

Facebook has published a simpler, easier to understand privacy policy which removes complicated technical and legal terms in the previous document without changing much of substance.

Less than 7,000 people commented on the social networking site's proposals to change its privacy policy. This allows the company to adopt the revised scheme without a public vote. If more than 7,000 people had commented on the policy during a week long consultation period, then a vote would have been triggered. In the event only 453 commentards weighed into the debate before the 5 November deadline.

The revised policy advises users to make full use of the social network's privacy settings and application settings to control how much information they share, and with who they share this information with. Facebook provides controls, but it is up to individuals to check and ensure that appropriate settings are in place.

Facebook is supported by ads but it promises users that it "will not share your information with advertisers without your consent", though it will allow advertisers "to select characteristics of users they want to show their advertisements to and we use the information users share with us to serve those advertisements".

One significant difference is that advertisers will be given more details about how their adverts perform. User data related to this will be "anonymised", Facebook promises.

The new policy was completely rewritten, so any changes are not marked as such. Based on user feedback, Facebook promised to publish a redline version with any future revision so users can more easily see what changes have been made in future editions of the policy.

One of the most significant threats to user data comes from malicious applications. A statement of "Rights and Responsibilities" associated with the revised Facebook privacy policy again puts most of the emphasis on surfers to be careful. "We require applications to respect your privacy settings, but your agreement with that application will control how the application can use the content and information you share," Facebook explains.

Users who set their profile as viewable by everyone (the default setting) can expect search engines to index any content they upload.

Users who upload video or pictures to Facebook hand over "non-exclusive, transferable, sub-licensable, royalty-free, worldwide" license, the statement further explains. Up until recently, Facebook only allowed users to "deactivate" their accounts so that their profile was left dormant and no longer visible rather than deleted. This Hotel California policy policy was changed last year, so that users can remove their profile, a point reaffirmed by the revised privacy policy. The new policy also aims to address concerns on this and related privacy policy raised by the Canadian Privacy Commission back in July

More information on the revised policy can be found on the site governance section of Facebook's website here.

In related news, Facebook came under fire on Wednesday over allegations it had failed to implement child safety measures. Jim Gamble of the Child Exploitation and Online Protection Centre criticised Facebook and MySpace for failing to follow Bebo's lead in including Ceop's "Report button" on pages, so that illegal content or online abuse might be more easily reported. Facebook said it already had a robust reporting system in place. The issue is covered in greater depth in our earlier story here. ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
THREE QUARTERS of Android mobes open to web page spy bug
Metasploit module gobbles KitKat SOP slop
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.