Facebook straddles a precarious line when it comes to information security and data privacy. As a social networking site, its very existence is based on the premise of freely sharing information -- status updates, photos, likes, location check-ins -- with others. However, that sharing has to be tempered as well to ensure personal privacy is not violated. This week, Facebook simultaneously introduced a new ad model that could infringe on user privacy, while also improving security for the site itself.
Don't tell Facebook, but tomorrow is National Data Privacy Day. Actually -- Facebook is aware of the significance as noted in a recent blog post. "This Friday is Data Privacy Day, an international effort by governments, businesses and advocacy groups to raise awareness about the importance of staying in control of personal information. A key part of controlling information has always been protecting it from security threats like viruses, malware and hackers."
With that in mind, Facebook is implementing HTTPS to enable you to connect with and use the social networking site over a secure, encrypted connection. The feature adds some processing overhead and will impact performance to some extent, so Facebook is leaving HTTPS off by default and leaving it to the individual user to choose to enable it.
In addition to the encrypted surfing, Facebook is also rolling out new social authentication features to authenticate users. If Facebook detects suspicious activity, it will request additional authentication information. Rather than the traditional Captcha test, though -- with its warped text that is hard even for legitimate users to decipher, Facebook will use photos and information from your social network to validate your identity using questions that only a legitimate user should be able to answer.
More secure access to the site, and tighter authentication controls are great, and they are a great step toward achieving the goal of protecting your information from security threats like viruses, malware, and hackers. However, these security controls won't protect your information from Facebook itself.
With tomorrow being set aside for Data Privacy Day -- and with Facebook being aware of and acknowledging the event -- news that Facebook is also introducing a new "sponsored stories" ad model that co-opts user likes and location check-ins as advertisements without any consent from the user and no ability for the user to opt out seems a tad ironic.
Now, it can be argued that Facebook is not doing anything with the information that you weren't already doing. The sponsored stories advertising will ostensibly only be displayed to your friends -- with the idea being that your opinion holds some weight with your social network -- and odds are fair that your likes and location check-ins were already being shared with that group.
That said, Facebook isn't just sharing the information. It is repackaging it as an explicit, or at least implicit endorsement of the product or company buying the ad. It is that implied endorsement that is ruffling some feathers and causing privacy advocates to cry foul over the sponsored stories ad model.
So, Happy Data Privacy Day Facebook! I commend you for your continued efforts at providing a safe and secure social networking experience and the introduction of controls to prevent hackers and malware from exploiting my data. Now, if we could just work on some tools to help me protect my data from you, I think we'll be good.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.