Feeds

Facebook revises privacy policy

Plain English update

Seven Steps to Software Security

Facebook has published a simpler, easier to understand privacy policy which removes complicated technical and legal terms in the previous document without changing much of substance.

Less than 7,000 people commented on the social networking site's proposals to change its privacy policy. This allows the company to adopt the revised scheme without a public vote. If more than 7,000 people had commented on the policy during a week long consultation period, then a vote would have been triggered. In the event only 453 commentards weighed into the debate before the 5 November deadline.

The revised policy advises users to make full use of the social network's privacy settings and application settings to control how much information they share, and with who they share this information with. Facebook provides controls, but it is up to individuals to check and ensure that appropriate settings are in place.

Facebook is supported by ads but it promises users that it "will not share your information with advertisers without your consent", though it will allow advertisers "to select characteristics of users they want to show their advertisements to and we use the information users share with us to serve those advertisements".

One significant difference is that advertisers will be given more details about how their adverts perform. User data related to this will be "anonymised", Facebook promises.

The new policy was completely rewritten, so any changes are not marked as such. Based on user feedback, Facebook promised to publish a redline version with any future revision so users can more easily see what changes have been made in future editions of the policy.

One of the most significant threats to user data comes from malicious applications. A statement of "Rights and Responsibilities" associated with the revised Facebook privacy policy again puts most of the emphasis on surfers to be careful. "We require applications to respect your privacy settings, but your agreement with that application will control how the application can use the content and information you share," Facebook explains.

Users who set their profile as viewable by everyone (the default setting) can expect search engines to index any content they upload.

Users who upload video or pictures to Facebook hand over "non-exclusive, transferable, sub-licensable, royalty-free, worldwide" license, the statement further explains. Up until recently, Facebook only allowed users to "deactivate" their accounts so that their profile was left dormant and no longer visible rather than deleted. This Hotel California policy policy was changed last year, so that users can remove their profile, a point reaffirmed by the revised privacy policy. The new policy also aims to address concerns on this and related privacy policy raised by the Canadian Privacy Commission back in July

More information on the revised policy can be found on the site governance section of Facebook's website here.

In related news, Facebook came under fire on Wednesday over allegations it had failed to implement child safety measures. Jim Gamble of the Child Exploitation and Online Protection Centre criticised Facebook and MySpace for failing to follow Bebo's lead in including Ceop's "Report button" on pages, so that illegal content or online abuse might be more easily reported. Facebook said it already had a robust reporting system in place. The issue is covered in greater depth in our earlier story here. ®

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.