Sophos, a well-respected Internet security firm, has published an open letter to Facebook about how it can improve it’s security and privacy measures on Facebook.com. The message sent was: It’s time for some changes in order to better protect users. My message to them in this article is: “Facebook Facebook Facebook – shame, shame, shame on you!” for ignoring Internet security best practices that would protect your unsuspecting users from harm.
I know that Facebook was intended to be a free and open way to use the Internet to socialize, hence the name for this genre of Internet sites, “social media”, and that would be well and good. Except that the Internet has changed considerably since Facebook was invented. The Internet has become a very dangerous place to be free and open, and to socialize. Cybercriminals have infiltrated it with the purpose of stealing identities, credit and money from any of us who are not careful, suspicious, and protected.
I liken using the Internet to walking alone in a bad part of town, unarmed. You have to be aware of everything and everyone around you, and suspicious of all that you come upon.
Getting back to the Sophos letter: they told Facebook to “clean up their act” in the following ways.
- Privacy By Default-you should not share information without users’ express agreement. Right now the default is to share, but the opposite, share only if expressly opted, should be the case.
- Developers for Facebook Apps (software applications) Should Be Vetted– Facebook uses over one million “free lance” programmers to help them create the many features of Facebook that we all have grown to love…games, etc. However, it’s quite easy for a programmer with criminal intentions to develop an app for them that will embed malware on users’ computers to perform illegal deeds. Facebook should vet them by doing background checks, reference checks, etc. to make sure they can be trusted.
- HTTPS For Everything– HTTPS is a security feature on the Internet that encrypts information and further secures the data which is stored and transferred. Facebook, to the applause of security professionals, recently introduced an HTTPS option. But…here again, it’s only an option and instead should be used by default for all Facebook pages, every Facebook profile, Facebook friends, Facebook apps.
Facebook.com has taken an important few steps in improving the protection of its users’ privacy and security, but not nearly enough. They should take the open letter by Sophos very seriously. They should change their mindset that all is well in the world of Internet, and that it’s safe for its users. Then…perhaps they’ll take some meaningful steps to make Facebook as safe as it can be.
See the CSO Online article Security Firm to Facebook: Clean Up Your Act for more information.
Please comment on this subject; we all learn from each other when our views and opinions are shared.
Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Home computing is a blast…keep it safe, productive and enjoyable.