Feeds

Facebook simplifies controls but continues exposing users

Default settings flash entire internet

Top three mobile application threats

Analysis Facebook was praised for simplifying its privacy controls on Wednesday, but critics say the moves fail to restore users' trust in the appropriate handling of their information.

The social network unveiled a greatly simplified interface for controlling user privacy settings, hosted on a single page. The previous set-up, featuring a bewildering array of 50 privacy settings and 170 privacy options, is to be phased out as the new controls are put in place.

Facebook has also backed away from insisting users need to share their friends list and pages with the world at large, effectively undoing controversial changes made last December.

Lastly there are new options to block all applications and websites, and opt-out of Instant Personalization. However users who opt-out of applications and the entire Facebook platform will be unable to play games, a major downside. Users are still being pushed to share information by default - the site still forces users to opt out of features they dislike rather than creating compelling reasons for users to opt in.

Privacy International reacted to the changes with "disappointment and frustration".

"While we acknowledge Facebook for putting right the mess that it created last December by deploying unusable settings, this latest action is only the first of many steps to be taken before the company can even hint that it understands the nature of privacy," it said.

Key to PI's concerns are that the default settings, which few users change, open up most of what a user posts on the site to the internet as a whole.

"The defaults - which Facebook unhelpfully describes as 'recommended settings' - are still set to for maximum disclosure to everyone. That means the vast majority of users will continue to operate on the site fully exposed. The company has done little to change this situation," PI said.

The privacy activists argue that Facebook's business model relies on monetising data harvested from customers. This runs counter to claims by chief exec Mark Zuckerberg at a press conference on Wednesday that the extent to which people shared or restricted data they posted on the site had little effect on ad revenue.

Chester Wisniewski, a researcher at anti-virus firm Sophos, argues that Facebook has changed its privacy controls without actually offering any increase in privacy:

"I welcome the simplified controls, but nothing has changed. Users are still defaulted to sharing too much information with the world, privacy itself has not really improved in any meaningful way, and the return of controls that were present previously simply addresses some of the most vocal complaints of their users," Wisniewsk said.

"I didn't see any hints of an apology, nor a solid acknowledgment that Facebook went too far."

Don Smith, VP of Engineering and Technology at web security firm SecureWorks agreed that the changes were an improvement but repeated the criticism that they do not go far enough, and will leave the majority of users sharing data to more people than they might suspect.

"The changes are definitely an improvement. However, they still do not go far enough in ensuring the default privacy settings minimise disclosure. For example, the new 'recommended' privacy settings expose data such as status updates to 'everyone' and photos and birthdates to 'friends of friends'.

“Looking at Facebook’s default settings over the last six years you can see that privacy eroded from initially sharing only a user’s name, gender and picture to a default stance of displaying all wall posts, photos, friends and networks to the entire Internet." ®

Seven Steps to Software Security

More from The Register

next story
NO MORE ALL CAPS and other pleasures of Visual Studio 14
Unpicking a packed preview that breaks down ASP.NET
Cheer up, Nokia fans. It can start making mobes again in 18 months
The real winner of the Nokia sale is *drumroll* ... Nokia
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
Put down that Oracle database patch: It could cost $23,000 per CPU
On-by-default INMEMORY tech a boon for developers ... as long as they can afford it
Google shows off new Chrome OS look
Athena springs full-grown from Chromium project's head
Apple: We'll unleash OS X Yosemite beta on the MASSES on 24 July
Starting today, regular fanbois will be guinea pigs, it tells Reg
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
prev story

Whitepapers

Top three mobile application threats
Prevent sensitive data leakage over insecure channels or stolen mobile devices.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.