Thursday, November 04, 2010

Sorry FaceBook But for Me Too Little Too Late

In PC World’s latest article on FaceBook's user ID information scandal we see FaceBook doing what they always do, covering most up the facts, slapping the hand of a few offenders, and continuing business as usual.

And while FaceBook reveals some of the facts behind their latest security problems they in general accept no part of the blame while pointing a finger at everybody else.

But those of us who understand the close relationships that FaceBook has developed with many of the companies involved still have questions left unanswered and doubts that anything is either better or changed over what it has always been.

For what we see from FaceBook on this issue is their usual window dressing and PR designed to cover the up the truth and hide the full extent of the problem. And as a PR job it's one that would make any Washington politician or the guys over at BP proud.

But the long and short of it is that FaceBook and Mr. Zuckerberg are again insulting the intelligence of anyone familiar with how IT works. There had to be people who knowingly turned a blind eye to what was going on within FaceBook! And I'll believe that FaceBook is truly beginning to address the problem when some FaceBook people are held accountable and join the unemployment lines.

For when you look at what FaceBook is admitting happened you see a company that having already faced more security issues and problems in the last couple of years than most companies will face in a 100 still violated every basic IT security protocol in the book.

FaceBook made no rules regarding user ID information and how it was stored nor had in place any policy of what companies could do with such information once they obtained it.

FaceBook also kept little information about the principals of the businesses involved and did little to check out where they were located or how their programs tracked user interaction and site movement within both FaceBook and the application.

And finally FaceBook had in place no kind of firewall or portal that in any way inspected or controlled the data that was allowed to leave FaceBook’s network. By their own admission they don’t really know to this day just how much or what kinds of information may have been obtained about FaceBook users.

All of these facts taken together show a pattern of total disregard for anything even approaching a security policy by a company that has already been caught in numerous security issues and violations. Worse still many of these previous security issues have been in the very recent past.

So Mr. Zuckerber, what’s the reason you and FaceBook can’t seem to get the message?

When, Mr. Zuckerberg, can I expect that you will finally understand that I deserve both your respect and your protection as a user of FaceBook?

Just what is it going to take for you to wake up and finally start to treat FaceBook users as more than dumb cattle being lead to an unsuspected slaughter?

As you ponder these questions Mr. Zuckerbert I would also ask you to keep in mind those companies that have gone before you and FaceBook like AOL and MySpace that thought they were too big to care or listen to their users.

Ponder their fate and ask yourself, is this what I want for FaceBook?

Amplify’d from

Facebook and Your User ID Explained

Facebook blew it when it comes to handling your identity and now it's trying to save face. It already outlined how it is coming down hard on app developers that sold personally-identifying information to data brokers. For that offence it nailed developers who knowingly passed along User IDs with a six month suspension. But the site also announced several policy changes and clarifications on what will happen to User IDs that were already shared.

Facebook Ad Networks Must Delete User IDs

In a blog post, Facebook developer Mike Vernal said the site will not allow ad networks to continue operating on Facebook Platform unless they delete all User IDs, regardless of how they were obtained. The idea, I'm guessing, is that advertising on Facebook is more valuable than having personally-identifiable information on file. Vernal doesn't explain how Facebook will verify deletion.

User IDs Must Stay in the App

While app developers were previously not allowed to share User IDs with advertisers or data firms, Facebook is changing its policy to say that User IDs may not leave the app at all. Because apps may still want unique identifiers to share with permitted outside parties, such as advertisers or content partners, Facebook is creating a way to share an anonymous alternative to the User ID, to be released next week. It'll be required for all apps starting January 1, 2011.

RapLeaf is Out

Facebook "reached an agreement" with RapLeaf, one of the data brokers called out in the Wall Street Journal's original article on User ID sharing, Vernal said. RapLeaf, which created detailed profiles on people from Facebook and other Web sources, will delete all User IDs and won't operate on Facebook Platform anymore. It's not clear what RapLeaf gets in return, if anything.

No Private Data Changed Hands

Vernal emphasized that no private Facebook data was accessed as a result of User ID sharing with advertisers. We already knew this -- User IDs allow access to the public parts of a profile, including names and any other information shared with "everyone" -- but the assurance is somewhat comforting.


No comments: