Sophos Sends an Open Letter to Facebook
Earlier today I mentioned Sophos because Chester Wisniewski, Senior Security Advisor with the company that specializes in providing antivirus, anti-spam, spyware removal software, network and internet security, said that the vulnerability that plagues Skype for Android and could lead to private data being exposed is not really a vulnerability. It is an example of sloppy coding at best or disrespect for the user’s privacy at worst.
Sophos once again makes the headlines, this time because it sent an open letter to Facebook, the incredibly popular social networking site. In the letter Sophos asks Facebook to improve online safety and implement the following three-point plan.
Privacy by default
When a new feature is added, feature that shares the additional user information with others, Facebook should assume that users care about their privacy and ask them to opt-in. Facebook should not automatically turn on that feature and then tell the user to opt-out if he doesn’t want to share information with others.
Vetted app developers
Sophos said that because it's so easy to become a developer on Facebook (and there are more than 1 million app developers out there), the bad guys exploit this to put out malicious Facebook apps. Sophos said that only vetted and approved third-party developers should be allowed to publish apps on the Facebook platform.
HTTPS for everything
Earlier this year Facebook introduced the option to turn on HTTPS and browse on a secure, encrypted connection – you can turn it on from the “Account Security” section on the Account Settings page. The problem is that you can’t browse on HTTPS all the time because, you can “Browse Facebook on a secure connection (HTTPS) whenever possible”. Sophos said that Facebook should use HTTPS all the time and should turn this feature on for all users (currently you have to opt-in).
"Facebook is no stranger to making headlines for all the wrong reasons when it comes to security and privacy. The Sophos three-point plan would turn Facebook into the good guys and also be a real safety step-up for its 500 million users," said Graham Cluley of Sophos Naked Security. "Facebook is popular and successful and is not going away. So it is essential that Facebook takes proper care of its users by making their security and privacy a top priority."
Sophos once again makes the headlines, this time because it sent an open letter to Facebook, the incredibly popular social networking site. In the letter Sophos asks Facebook to improve online safety and implement the following three-point plan.
Privacy by default
When a new feature is added, feature that shares the additional user information with others, Facebook should assume that users care about their privacy and ask them to opt-in. Facebook should not automatically turn on that feature and then tell the user to opt-out if he doesn’t want to share information with others.
Vetted app developers
Sophos said that because it's so easy to become a developer on Facebook (and there are more than 1 million app developers out there), the bad guys exploit this to put out malicious Facebook apps. Sophos said that only vetted and approved third-party developers should be allowed to publish apps on the Facebook platform.
HTTPS for everything
Earlier this year Facebook introduced the option to turn on HTTPS and browse on a secure, encrypted connection – you can turn it on from the “Account Security” section on the Account Settings page. The problem is that you can’t browse on HTTPS all the time because, you can “Browse Facebook on a secure connection (HTTPS) whenever possible”. Sophos said that Facebook should use HTTPS all the time and should turn this feature on for all users (currently you have to opt-in).
"Facebook is no stranger to making headlines for all the wrong reasons when it comes to security and privacy. The Sophos three-point plan would turn Facebook into the good guys and also be a real safety step-up for its 500 million users," said Graham Cluley of Sophos Naked Security. "Facebook is popular and successful and is not going away. So it is essential that Facebook takes proper care of its users by making their security and privacy a top priority."
