Facebook tackles latest privacy slip with encryption
However, some wonder whether encrypting user IDs is enough for Facebook to save face among privacy advocates and users
Computerworld - Facebook yesterday said it will use encryption to deal with its latest privacy problem, but the question remains as to whether that move is enough for the social network to save face.
Earlier this week, the Wall Street Journal reported that some of Facebook's most popular applications, including FarmVille and FrontierVille, have been sending users' personal information to dozens of advertising and Internet monitoring companies. The Wall Street Journal, which broke the story, noted that the issue affects tens of millions of users, even those who have set their privacy settings to the strictest levels.
And now Facebook said it plans to solve the latest problem by encrypting the user IDs that are being transmitted to third-party Web sites.
"Over the past few days, we have been investigating a technical solution to the issue of sharing Facebook User IDs (UIDs)," said Mike Vernal, a Facebook engineer, in a blog post yesterday. "To address this inadvertent sharing of UIDs, we plan to start encrypting the parameters that we pass to iframe-based applications."
It would be great if Facebook took steps to keep user information from being transmitted off Facebook's site, but encryption is better than no solution at all, said Ezra Gottheil, an analyst with Technology Business Research.
"Yes, they should stop the transmission, but they won't. They will continue to meet specific objections and fix specific problems, but the company is built on selling user information," said Gottheil. "Most [users] don't want to get down in the weeds on this stuff. They hear 'problem,' they pay some attention. They hear 'encryption,' they go back to what they were doing."
Zeus Kerravala, an analyst with the Yankee Group, questions why Facebook didn't encrypt user IDs long ago.
"The thing you have to ask yourself is why Facebook didn't do this up front," he added. "Security isn't really in the DNA of social networking today. Why did it have to take an embarrassing situation to have them do something basic like encrypt user IDs?"
Gottheil, though, did note that Facebook could gain a little traction because they tackled the latest problem so quickly. "The company has apparently learned to respond quickly to privacy concerns," he said. "When done quickly, it actually enhances their reputation, at least the first few times."
Sharon Gaudin covers the Internet and Web 2.0, emerging technologies, and desktop and laptop chips for Computerworld. Follow Sharon on Twitter at @sgaudin, or subscribe to Sharon's RSS feed . Her e-mail address is email@example.com.
- What to expect in Facebook's earnings call today
- Could you quit Facebook for 99 days?
- Facebook is a school yard bully that's going down
- EPIC says Facebook 'messed with people's minds,' seeks FTC sanctions
- 7 things you need to know about Facebook's mood experiment
- Facebook emotional manipulation test turns users into 'lab rats'
- Facebook tries to stop Snapchat drain with Slingshot
- TMI! Facebook moves to stop over-sharing
- Inside Facebook's brilliant plan to hog your data
- Facebook shows mobile app developers the money with new ad network
Read more about Web Apps in Computerworld's Web Apps Topic Center.
- The DDoS Threat Spectrum Bolstered by favorable economics, today's global botnets are using distributed denial-of-service (DDoS) attacks to target firewalls, web services, and applications, often simultaneously.
- Need to Replace MS Threat Management Gateway? Read this article to learn how F5's Secure Web Gateway solution provides a full set of features that can help you successfully migrate...
- The Shortfall of Network Load Balancing Applications running across networks encounter a wide range of performance, security, and availability challenges as IT department strive to deliver fast, secure access...
- Leave No App Behind with Software Defined Application Services F5 Software Defined Application Services (SDAS) is the next-generation model for delivering application services that enables service injection, consumption, automation, and orchestration across...
- Keep Servers Up and Running and Attackers in the Dark An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily...
- On Demand: Mastering the Art of Mobile Content Management Mobile device usage in the enterprise has skyrocketed, and it continues to escalate. IT must answer to users who demand access to their... All Web Apps White Papers | Webcasts