Feeds

Dear Facebook: your privacy sucks

Security not much chop either, says Sophos

Protecting users from Firesheep and other Sidejacking attacks with SSL

Sick of having its users ask what’s wrong with Facebook privacy, security vendor Sophos has taken its concerns public in this open letter.

It may well be restating things that intelligent and informed users could already have worked out for themselves, but Sophos’ complaint adds to public concerns raised by credible sources.

Sophos’ letter suggests Facebook adopt three basic principles in its handling of user information: decent default privacy, vetting of application developers, and HTTPS not as an option, but as a default for all access*.

When adding new information-sharing features, Sophos says, the popular social site should not assume that users want these features defaulting to “on”.

As to application developers, Sophos is harsher in its terminology. Because it has more than a million un-vetted application developers, the letter calls the Facebook apps market “riddled with rogue applications and viral scams”.

Sophos ends with a call to action, asking Facebook when it plans to act – or if, perhaps, it intends to leave action until its hand is forced by regulators. Perhaps optimistically, Sophos seems to think that Facebook might recognize a “greater good” that isn’t its own. ®

*Mind you, Sophos didn't think to put its own open letter on an HTTPS connection. The open letter says HTTPS should be enforced "all the time, by default". ®

The next step in data security

More from The Register

next story
Israeli spies rebel over mass-snooping on innocent Palestinians
'Disciplinary treatment will be sharp and clear' vow spy-chiefs
Infosec geniuses hack a Canon PRINTER and install DOOM
Internet of Stuff securo-cockups strike yet again
'Speargun' program is fantasy, says cable operator
We just might notice if you cut our cables
Apple Pay is a tidy payday for Apple with 0.15% cut, sources say
Cupertino slurps 15 cents from every $100 purchase
YouTube, Amazon and Yahoo! caught in malvertising mess
Cisco says 'Kyle and Stan' attack is spreading through compromised ad networks
Hackers pop Brazil newspaper to root home routers
Step One: try default passwords. Step Two: Repeat Step One until success
Greater dev access to iOS 8 will put us AT RISK from HACKERS
Knocking holes in Apple's walled garden could backfire, says securo-chap
Microsoft to patch ASP.NET mess even if you don't
We know what's good for you, because we made the mess says Redmond
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.
Security and trust: The backbone of doing business over the internet
Explores the current state of website security and the contributions Symantec is making to help organizations protect critical data and build trust with customers.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.