Facebook Announcement: 8 Reasons to Fear

more images

Two years ago privacy control was cardinal to Facebook. The founder Mark Zuckerberg always stood by his word that privacy is the fundamental to DNA of the social network. He was of the opinion that users information should not be shared publicly and must be accessible to people whom they accept as friend. Antagonistically, Zuckerberg in a six minute interview with TechCrunch founder Michael Arrington clarified his new vision - “the age of privacy is over“. Clearly, the social networking Czar breeding a culture that cast’s aside privacy. What matters is impact of the Facebook’s announcement at f8 conference. We had already done with behind the scene story on Facebook Instant Personalization. Now we provide you with an insight on the fallacies of Facebook announcements.

1. The Open Graph

With the new Open Graph API and protocol users will be able to integrate websites and web apps within their existing social network.  This makes the platform more robust than ever before. Facebook’s plans about broadening its open graph. This will essentially map the connections between people, companies, product, websites and more. The interests and tastes on your profile will provide the data for building a structured database of links.

This Open graph is open to access and contribute, but only under Facebook control.  Certainly there are business, political and philosophical implications. However, centralized administration of such graphs have technical trade-offs as well. It might have dependence on single point of failure. New version of the Semantic Web on Facebook has the same issues as older versions, such as major privacy concerns, data poisoning, and data inconsistencies.

2. Insecurities with Instant Personalization

It is a marketing term for a feature Facebook . The company has partnered with certain pre-approved websites that can now automatically identify a Facebook user at the first visit. The sites might also access what Facebook classifies as publicly available information.

This feature raises privacy concerns as it repeats a similar mistakes committed after the launch of Buzz. There is not full opt-in, users are opted in by default. The Instant personalization might be the many surprises and violated expectations.

Facebook controls who has access to the setup. Currently, there is no clear hint how sites will become pre-approved or how much the program will expand in the future. The privacy controls lack some clarity, as the opt-out does not cover information shared by friends who use instantly personalized sites.

4. Introduction of OAuth 2.0

Facebook launched a new OAuth 2.0 technology for authenticating application and websites. This will replace the propriety model the site had been using and is expected to simplify the building of Facebook-enabled services.

As Provided in Joey Tyson’s blog, OAuth doesn’t diminish the threat of application-based attacks with vulnerabilities known as XSS and CSRF. We have seen similar technology in sites like Twitter for some time now. This is a major roll-out of a very new version. We might see new security issues related to Facebook’s implementation.

5. Facebook application payments

Facebook expanded on their plans to offer a virtual currency system for application payments. Several applications are already using Facebook Credits, but we might see far more changes in the near future.

Since Facebook has been widely alleged of privacy issues. Some users might hesitate to add credit information to their Facebook profiles. It might be accessed by Facebook. The service makes Facebook a middleman in potentially millions of dollars of transactions and could raise liability issue.

6. Granualar data access

Facebook came up with a much-need addition by including more granular permissions when applications request user information. In the new setup applications will have to individually request private profile fields when users choose to authorize.

Last fall Facebook changed the granular access. However, the modification also radically redefined what constitute private information. Several fields that might have been included in this setup are now considered public, which will allow outside access controls.

7. Data Storage for Unlimited time

Facebook allowed applications and Facebook-enabled websites to store most information accessed via the Facebook API only for a day. According to the new policy Facebook has removed the time limit for storing the information. Now the app developers can save data and use it as long as they wish.

Facebook applications will be far more valuable targets for attackers. In case, a popular application, say farmville, is compromised, private data of millions of users will be at risk. The security of Facebook might be reliable, but the applications might not have the same level of security.

The unlimited retention of data by Facebook apps might increase the risk of behavioral targeting and visitor tracking. The third-party developers will not be able to maintain complete achieves of profile information.

7. ‘Like’ feature

The new like button on Facebook allows users to share content on Facebook. On clicking the Like button a link to the page is added to the Facebook profile and the story is shared with your friends. Facebook users should be aware when they “Like” an article on CNN, that “Like” may show up on a customized view that their friends see. However, Facebook can use the data from these interactions to target them with related adverts once they return to Facebook.com. For more details read here.

8. Social Plugins

Facebook provides access to a range of simple tools that add Facebook features, such as ‘like” mentioned above. By Liking a page and publishing approved stories to a user’s news feed. The plugins depend on many ways on whether the developers provide an accurate data. These features can be easily by scam artist and crackers. The Facebook socialplugins seem to lack certain authentications which might lead to unexpected consequences.