Facebook is failing on privacy and security

Privacy controls that don't work, rampant phishing attacks, and the ability to hack live chats -- can't Facebook do anything right?

First, I need to get something off my chest. This blog, Thank You For Not Sharing (TY4NS), was not intended to be All Facebook, All The Time. It's supposed to be about privacy and social media in general. But to paraphrase Michael Corleone, every time I try to get away from Facebook, they pull me back in.

OK, now I feel better. On to today's items.

Item #1: Last time out I wrote about Facebook's failure to make parts of my profile private, despite all efforts on my part to do so. I also noted how incredibly difficult it is to go private on Facebook (ie, the 50-click problem), and suggested they adopt a simple, one-click solution.

I also solicited a response from Facebook, hoping to find out why its privacy controls don't actually work as advertised, and how it feels about my one-click privacy idea. I attached a receipt to my email to see what happened.

The box score: Five Facebook flacks read my email; three deleted it without reading. Zero responded. Nice.

I bet if Ellen DeGeneres made a cutesy commercial making fun of Facebook they'd have been all over it.

Item #2: On the same day Facebook was busy ignoring my queries, I received three (count em, 3) emails from friends of mine whose accounts had been phished. All of them urged me to join various Groups they apparently liked.

In one instance, a friend mistakenly clicked the "Join" button before changing her mind. That's all it took for some delinquent to spam everyone in her address book. This is the group she sent me to, your garden variety Acai Berry scam:

Facebook spam group

In another instance, a friend (a very tech-savvy individual) copied and pasted a URL into his browser, which took him to a page that ran a quick bit of Javascript, which proceeded to spam everyone in his address book with a message urging people to join the "see who deleted you" group. The third spam directed me to a group where they were allegedly giving away iPads, but that had already been nuked by Facebook's security police before I got there.

The box score: Facebook nailed one out of three, or 33%. An acceptable percentage for three-point shooting, but otherwise kinda crappy.

I still have a dozen other group invitations from various friends. I don't trust any of them now. I don't even want to click "ignore" on the odd chance it will somehow corrupt my account and spam all 700-odd people in my FB posse. So this spam attack has effectively killed that feature for me. And if spammers can manipulate Facebook's group recommendations that easily, imagine what they could do to Facebook's plan to butter "Like" buttons all over the Web.

Item #3: Finally, there's today's news that a security hole within Facebook could allow you to view your friends' live chats as they occur. Facebook has since patched the hole, but it wasn't even aware of its existence until somebody at TechCrunch pointed it out to them. Lord knows how long this bug has been squirreled away in Facebook's code -- possibly since the very beginning.

The box score: When TechCrunch is your QA department, you've got problems so big I can't begin to describe them.

I like Facebook. But the more I use it, the less I trust it.

Dan Tynan really doesn't spend all his time complaining about Facebook, even if it sometimes seems that way. He also carves out a little time for his burgeoning geek humor empire, eSarcasm.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies