LinkGard Security Blog » Social Networking http://www.linkgard.com/security_blog Security Thoughts and Insight in Black and White Thu, 18 Feb 2010 14:05:47 +0000 en hourly 1 Facebook Sued Over Privacy ‘Improvements’ http://www.linkgard.com/security_blog/facebook-sued-over-privacy-improvements/ http://www.linkgard.com/security_blog/facebook-sued-over-privacy-improvements/#comments Wed, 17 Feb 2010 16:27:50 +0000 Hovanes http://www.linkgard.com/security_blog/?p=139 In late November/early December of 2009, Facebook — the popular social networking site — rolled out a set of privacy changes billed as improvements. Being a regular Facebook user, my initial reaction to the announcement itself was positive. Facebook touted several new features, such as per-post privacy controls and a more simplified interface to control privacy settings.

However, as we all began to explore and see the changes, we learned there was a big catch. Along with strengthening some privacy features, Facebook actually relaxed or completely removed others. Electronic Frontier Foundation (EFF) was quick to criticize the changes as having an overall negative effect on privacy. Another privacy group, Electronic Privacy Information Center (EPIC) filed a complaint with the Federal Trade Commission (FTC) in December.

Now, five Facebook users have filed a class-action lawsuit on behalf of all users. The lawsuit alleges that Facebook was deceptive in its portrayal of the changes as being positive for privacy. Among other things, the claims are made:

  • At one time Facebook users had “exclusive” control of privacy.
  • Facebook now characterizes the following user information as “publicly available information:” name, profile, friends list, pages the user is fan of, gender, geographic region, and networks the user belongs to.
  • In addition, the lawsuit notes that Facebook by default sets the privacy setting of certain information to “everyone.”
  • Tools and information provided by Facebook are misleading and do not help users interested in privacy.
  • Facebook permits third-party application developers to access more information than they were previously allowed. In fact, all applications will now have access to “publicly available” information such as Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages.

In addition to damages and restitution, the lawsuit is seeking an injunction with the following remedies:

  • That Facebook notify its users that it set the privacy settings to an “unreasonably low level”
  • Change default privacy settings
  • Improved privacy help including: an 800-number hotline for privacy, a simple PowerPoint presentation in plain English and Spanish explaining the settings, and a complete redraft of the privacy policy.
  • Require third-party developers to display a privacy settings page for every application when the user signs in to the application for the first time.

Here is the full filing as hosted by Courthouse News Service.  (PDF reader required)

]]> http://www.linkgard.com/security_blog/facebook-sued-over-privacy-improvements/feed/ 0