Facebook announced yesterday that changes are coming soon to the
Facebook interface, in particular to the 'Groups' system. According
to CEO Mark Zuckerberg, Facebook will, for the first time, make it
easier to share information with smaller and more intimate groups
Among the changes announced, Mark Zuckerberg revealed tighter
control over 'Groups' and a dashboard amongst the Facebook privacy
interface to show what Facebook applications have access to users'
Computer security experts at Sophos, however, are concerned that
although these changes suggest a step in the right direction
towards protecting personal information online, they may add
complexity, rather than improving online safety.
Paul Ducklin, Sophos's Head of Technology, Asia Pacific, argues
that the latest changes implemented by Facebook may well simply be
another missed opportunity to get the fundamentals right.
"Adding more security-related dashboards, buttons and knobs is a
start, I guess," says Ducklin. "But I, and many others, think that
Facebook would do better to make a real grassroots change to its
Ducklin wants to see Facebook adopt a completely opt-in model,
in which you can sign up as easily as you can today, but can't do
much at all on the site until you have decided to open up each
feature. In a poll conducted by Sophos earlier this year*, 93% of
those asked said that they would prefer to "opt-in" rather than
"opt-out" of sharing their information with others.
"No doubt Facebook shareholders looking forward to the IPO will
want to maximise the number of users and the openness and
availability of the information posted," continued Ducklin. "But
Facebook is influential enough now, I reckon, to make bigger
long-term gains by getting ahead of the regulatory curve than by
waiting until legislators force them to change their opt-
More information can be found on
Paul Ducklin's blog.
Sophos, May 2010.