Thursday, December 10, 2009

Facebook starts to fix application privacy

Facebook's new privacy controls have received global media coverage today. Their new privacy defaults have been called a "disaster in the making". However, they have at least started to fix the gaping privacy problems their platform has with third-party applications:
When you visit a Facebook-enhanced application or website, it may access any information you have made visible to Everyone as well as your publicly available information. This includes your Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages. The application will request your permission to access any additional information it needs.

Users can also separately control which information their friends' applications can access. Previously your installed applications could access just about all of your profile information (and much of your friends').

The largest remaining issue is that your friends list should not be publicly available, as it can reveal not just your patterns of association but also enable de-anonymisation attacks on your privacy based on your social network. This is otherwise a positive step — shame it only came after a ruling from the Canadian Privacy Commissioner and an opinion from the European data protection commissioners.

UPDATE: Much more on this by the Electronic Frontier Foundation.

No comments: