With all the security bugs that Facebook has lately been experiencing and the new privacy settings changes it has made, you might be wondering if it isn’t the time to think about deleting (or deactivating) your account.
I’m not saying that you should, and I’m not saying that you shouldn’t. I’m just saying that you should inform yourself before making a decision.
Joey Tyson (also known as “theharmonyguy”) a security engineer that covers privacy and security issues in online social networking applications on his Social Hacking blog, revealed for CSO Online that there are a few things that Facebook would never come out and say directly.
We prefer your privacy settings to remain as we set them
When Facebook started out, users had almost complete control over what information they want to share and with whom they want to share it. Today, some information can’t even be made private, and other can be made so but requires patience and knowledge to do it – not to mention that every time privacy settings are changed, they are automatically set to the most open option.
Basically, you CAN restrict (some) information, but Facebook would rather you don’t. And to “encourage” you to see things their way, they make explanations confusing.
Application security is not something we have a lot of control over
Facebook tries and – for the most part – succeeds in tracking down vulnerabilities and security holes on their site, but third-party applications are another matter.
“When you use an application that is interacting with Facebook, you are trusting that application and its level of security as well,” says Tyson. But you probably shouldn’t. Tyson did some research recently, and it revealed that half of the most popular Facebook applications are compromised. And he expects that attackers will be starting to take advantage of that fact very soon.
Another problem are the third-party websites that are included in Instant Personalization – things like the recently discovered security hole in the Yelp website will probably not be the last.
We know where you’ve been (online)
If you thought that the omnipresent “Like” button was there just so that you can express your satisfaction with a particular website, you are dead wrong. The information is collected by Facebook and used to provide its users with “personalized and social experiences.”
Tyson equals this with tracking cookies, but the difference is in the fact that all the information about your preferences is directly tied to your personal information in your profile.
Your information is also stored locally by third-party applications
As you authorize a third-party application to be downloaded, you also authorize it to access to some personal information. It’s usually “your profile information, photos, your friends’ info, and other content that it requires to work.”
And how do you know which “other content” is that? Recently, though, Facebook announced that starting June 1, applications will be obligated to state explicitly and exactly all the categories of information they are going to access if authorized.
The bad news is that those applications will now be allowed to store information about the users in their databases, and if hackers manage to compromise such a database, they will be able to use all the information within.