Should Facebook be doing more to protect us?

19th April 2011 by

Web security firm Sophos is not impressed by Facebook’s privacy policy. So much so, that the company has posted an open letter to Facebook on its Naked Security blog. The letter urges the network to reassess the safety and privacy issues associated with the website.

So why is Sophos so annoyed with Facebook? Sophos is constantly plagued by Facebook users desperate for advice on how to deal with the consequences of unofficial apps. With rogue applications becoming more frequent, Sophos has had enough.

Through its blog, Sophos, frequently tracks various phishing scams and clickjacking attacks that appear on Facebook. Whilst the social network has managed to keep its logging on system clean, the majority of threats are from rogue Facebook applications.

The letter, although brief, highlights three steps that Sophos thinks Facebook should take in order to better protect its users.

Privacy by default

The default setting should be completely private. This would enable users to select the information they wish to share - rather than the information they wish to hide. Also, when a user adds a new feature to their page, the details of this should not be shared unless the user chooses to.

Stricter selection process for developers

You would be forgiven for assuming that becoming a Facebook developer is too easy. With over a million app developers already registered on the network it’s hardly surprising that there are so many rogue applications and viral scams. What would be a possible solution? Only vetted and approved third-party developers should be allowed to publish apps on the platform.

HTTPS for everything

The main idea of HTTPS is to create a secure channel over an insecure network. Facebook introduced HTTPS earlier this year. However, it’s turned off by default. Shouldn’t Facebook be enforcing a safe connection at all times? Without this protection users are at risk of loosing personal information to hackers.

So should Facebook be doing more in terms of security? There is no way that spam, malware, and phishing will ever be eliminated from Facebook – it’s too big. But could they be minimised? Spammers are always going to find new ways onto the system but there is no sense in making it easy for them.

Back to Blog