Facebook Gifts could encourage users to expose more private information
Security experts outline potential security and privacy risks posed by Facebook's new social gifting service
IDG News Service - Facebook Gifts, the new social gifting service launched by Facebook on Thursday, might encourage users to expose information like their home addresses, birth date, clothing or shoe size that could pose security and privacy risks, according to security experts.
Facebook used to have a Gift Shop application that allowed users to send virtual gifts in the form of images, but it was discontinued in August 2010. The revamped Facebook Gifts feature is the result of Facebook's May acquisition of mobile e-commerce app Karma and allows users to send physical gifts to their friends.
"Choose a gift, attach a card and send," Facebook said Thursday in an announcement on its website. "You can post your gift to your friend's timeline or send it privately. Your friend can then unwrap a preview of the gift and it will show up on their doorstep a few days later."
Facebook has partnered with many vendors in order to offer a large selection of gifts that includes stuffed animals, cupcakes, toys, coffee mugs, Starbucks gift cards and more. The company receives a percentage of every gift purchase.
Facebook Gifts will be rolled out gradually to users starting with those in the U.S, the company said. Users will have the option to send gifts from the birthday reminder panel on their news feeds or by clicking on a gift icon in a friend's timeline. The payment can be made before or after the intended recipient has accepted the gift.
Recipients will receive a notification when someone sends them a gift and can select the item's size, color or even swap it for another item of equal or lower price. They then have to input a delivery address or select from the ones already saved under their account.
The launch of the new Facebook Gifts service is good news for Facebook investors because it will provide the company with a new revenue stream and the feature might even prove popular with users in the long run. However, some security experts are concerned about its security and privacy implications.
"The amount of private data users are sharing on social networking sites already exceeds all security precautions," said Bogdan Botezatu, a senior e-threat analyst at antivirus vendor Bitdefender, via email Friday. "Making it so much easier for the user to add a number of addresses they can receive parcels at (including probably work or school addresses) would make it even easier for real-life criminals to gather information about a potential victim."
"The new information that might be shared by users is particularly dangerous in the case of account compromise," the Bitdefender security researcher said. Home addresses combined with other information commonly shared by users on Facebook like vacation dates, pictures of houses or news about recent high-value purchases, could make it very easy for burglars to select potential victims and plan raids, he said.
- Improving IT Efficiencies: Four Advantages of Multi-Tenant Data Centers Increasing demands on IT are forcing organizations to rethink their data center options. For many organizations, that means turning to the flexibility afforded...
- Accelerating Cloud Deployment and Operations with Managed Services Companies that do not have sufficient in-house expertise to either deploy or maintain an IaaS cloud should turn to Managed Service Providers .
- Rethinking IT Operations in the Cloud This paper breaks down the challenges that often prevent the cloud from delivering the fast, flexible and affordable infrastructure companies seek - and...
- Gartner Magic Quadrant for Cloud-Enabled Managed Hosting, North America Cloud-enabled managed hosting brings cloudlike consumption and provisioning attributes to the traditional managed hosting market
- Live Webcast How to serve up a Grand Slam with a scalable IT Infrastructure for cloud, big data and advanced analytics Register today to attend this webcast, and see examples of how The U.S. Tennis Association, Wimbledon and U.S. Golf Association are using the...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Live Webcast IBM FlashSystem V840: Leveraging Software-Defined Flash to Drive Your Business With end-to-end, tightly integrated functionality and super-fast flash technology, products like IBM FlashSystem V840 Enterprise Performance Solution empower businesses to leverage the efficiency...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Topic Center White Papers | Webcasts