Our Facebook privacy super-hero - The Harmony Guy - don't let him retire before the battle is won

If you use Facebook, you should thank your lucky stars for people like "The Harmony Guy". This masked avenger - and fellow socialmediasecurity.com blog contributor - spends his spare time fighting to protect your privacy, and all he asks is that Facebook take his well-researched recommendations seriously. But in his latest blog post, The Harmony Guy recounts his futile attempts over the past year to convince Facebook to put some reasonable amount of effort into creating a more secure platform for Facebook applications - like "Photos I Love" - that are used by millions of people, and to keep to its word about monitoring malicious or exploitative Facebook applications. And what is Facebook apparently doing in response to the detailed information about serious vulnerabilities he provides?

He who prefers not to be named says (click HERE for his first-hand account) that Facebook has offered to copy him on their email responses to developers who have questions about securing their applications - presumably so that he can provide a quality check on their advice. This is pretty disturbing. Why on earth would any company that's valued at over a $1 Billion not dedicate a competent, fulltime staff position to  something as important as doing continuous security vulnerability assessments on their own application framework - something The Harmony Guy has been doing up to now in his spare time? I don't blame him for being close to giving up on this thankless mission.

But let's not allow him to throw in the towel just yet. If you read about the series of security holes in Facebook that The Harmony Guy has uncovered - even if you don't understand any of the technical details - it becomes evident that this is a huge, fundamental problem for all Facebook users.  What he's telling us is that he has demonstrated several times how malicious application developers can currently collect more private information about you than your friends can, even when you think your privacy settings are configured to protect your information. If this is the case, you might as well be posting your private information, comments and photos on a public Web page. Shouldn't we be cheering him on to convince Facebook to show us some real commitment to security in order to earn our trust as users?

Until we see more evidence of properly implemented security features, I'm recommending that people assume the worst. Don't put anything into Facebook, or other similar social networking sites, that you wouldn't want to have shown on Fox News tomorrow - no matter what your privacy settings are. This includes any information about your employer, clients, partners or your job that may be sensitive.

Thanks to The Harmony Guy for keeping us informed about the risks he's found in using Facebook and its associated applications. We should not have to depend on the volunteer efforts of security professionals to keep the applications we use safe. Please give him your support and encourage Facebook - and all other software product or service vendors - to invest in professional security  resources if they want us to trust them with private information.

What do you think? Will we ever be able to trust social networking sites with any private information, and what will it take to convince us that the sites are trustworthy?

rate this post: