Dire Warning: Beware the LIKE button, for you know not how the Open Graph is wired
Monday, April 26th 2010 @ 8:51 AM (not yet rated)
When you click the LIKE button on any web page, you may be telling Facebook and 400 million of your closest friends where you are. How could telling others that you "LIKE" a web page cost you your privacy? Well, it turns out that Facebook has some pretty complicated wiring behind that button that stretches our trust farther than Elastigirl’s reach. This is a long post, but you should read it all if you use the Internet.
What does Free and Open mean these days?
In the name of everything that should be free on the Internet, Facebook has kindly offered what it calls the “Open Graph” – a new way to tell your friends which web pages you find interesting – and it’s Free of charge. Clearly, there is value in sharing this information with your friends. But what you may not see is how this information can also be used by Facebook and its partners.
Somebody seems to have twisted the positive information age connotations of the word “Open” from being inclusive, transparent and democratic into something that embodies a “value for permission” trade-off. It’s open to those who give Facebook something – partners get permission to use data in return for payment, or users get to use valuable new features in return for granting Facebook permission to use your data.
How this new Open Graph can hurt you
So, what’s the harm? How could this be used against you? To start with, the sharing of every place you surf could at least have the potential for embarrassment, and might cost you valuable credibility or even your job. I’m pretty sure there will soon be a rash of stories (complete with screenshots) showing how Harry clicked a LIKE button on a page when he was supposed to have been giving a speech somewhere, but claimed he had a family emergency.
The possibilities are endless and a bit scary, but I’m sure Facebook will argue that the value they are bringing to society as a whole with these kinds of features will outweigh the few costly incidents that individuals may suffer. Before you buy that argument, think about how this could affect you or your business.
You can learn more about the most recent details of the changes and how they affect your privacy settings at Tom Eston’s website:
http://www.spylogic.net/2010/04/privacy-of-open-graph-social-plugins-and-instant-personalization-on -facebook/
Losing more that just the data you entered
In addition to the LIKE button, Facebook is also enabling something called Instant Personalization, which clearly indicates they are handling and sharing more information in ways you may not have considered when you signed up and (if you did) set your privacy settings. Otherwise, how would they know that 3 of your Facebook friends also visited a certain page, without you ever having registered or logged in at that site. It’s all tied back to Facebook’s tracking of all its users' personal actions.
If nothing else, Facebook will be growing its valuable network of third-party partners who can buy the right to access your surfing habits. For the moment, they say they won’t share your specific information with partners, but their record for keeping their commitments is not a good one. In August of 2009, Facebook agreed to a number of changes in how it handles personal information at the request of the Privacy Commissioner of Canada, to make it clearer and easier for users to understand the implications of their privacy settings.
Now, eight months later, we have had at least two changes that seem to be showing disregard for that agreement in that settings have become more convoluted and default values are less private than they were before. The Privacy Commissioner is launching another probe into Facebook’s practices, based on a new complaint:
http://www.priv.gc.ca/media/nr-c/2010/nr-c_100127_e.cfm
Facebook also claims that they give you complete control over your privacy settings. The sad truth is that these settings are becoming so complicated, very few people take the time to review them and set the permissions properly. I invite you to post a comment at the end of this article with your experience in Facebook privacy settings. Have you taken the time to review them? Were the default settings what you expected? Were confused? Were they easy to work with? etc.
How should you proceed?
What can you do about this potentially dangerous slide toward Facebook’s vision of an Open Internet? When I pointed a few of my Facebook friends to Tom’s article above, they immediately started deleting information they had entered and looking for alternatives to Facebook.
In my view, it’s a personal choice for individuals. But you should take notice of Facebook’s moves and make an informed choice that suits your lifestyle. You should also consider the effects on your employer (see below).
For businesses, I believe there are more secure and reliable ways to use social media for collaboration. I also believe that business and personal information should generally be kept separate. LinkedIn.com is a better place than Facebook (at the moment) for many external business networking functions, and there are many other tools that can be implemented that can provide more control and protection for internal and external collaboration.
If you are in any kind of competitive industry, you really need to spend more time thinking about how you will protect business information than you did previously, especially with employees wanting to use social media sites like Facebook. Seemingly good ideas on the surface may actually be dangerous for your business - like setting up a collaboration site on Facebook because it's FREE.
So, what you thought was true yesterday may not be true today. How you choose to let others handle the information you enter - and the actions you take - on the Internet is becoming more important. As sites offer you more features, you increasingly give up control over your data, and even information about your actions online.
| | I am now offering monthly briefings, tailored to organizations that want to build and sustain security awareness for staff. Just because your security team is too busy to do its own training and awareness doesn't mean you can't have an economical way to address human security risks. Please call or email me at the coordinates below...
Scott Wright
The Streetwise Security Coach
Join the Streetwise Security Zone at:
http://www.streetwise-security-zone.com/join.html
Phone: 1-613-693-0997
Email: scott@streetwise-security-zone.com
Twitter ID: http://www.twitter.com/streetsec
To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.
 |
