Dear Facebook,
The open letter from Sophos requested three specific things from Facebook:
- Privacy by default: Self explanatory. Currently, Facebook requires users to opt-in when it comes to a handful of features that keep their information out of the general public's eye.
- Vetted app developers: Want to be a Facebook developer? No problem-- pretty much anyone can. And therein lies the problem. With over one million developers already registered on the platform, services are often filled with viral scams. Sophos proposes only vetted and approved third-party developers be allowed to publish.
- Https for everything: HTTPS was a recently added option, but because it doesn't gel with every application, Facebook left it turned off by default. Further, the platform only commits to provide a secure connection “whenever possible”. Sophos asks that the secure connection be enforced, by default, all of the time. (Chech out our how-to article for enabling it here.)
Dear Sophos et al.,
Facebook's privacy updates mildly touch on the requests:
More Resources for Families: The Family Safety Center now features useful articles and videos for parents and teens on safety and privacy issues. A free guide for teachers is also slated to be released within the next few weeks.
Social Reporting Tools: Photo Gallery encourages users to seek help from friends by allowing them to notify a member of their community when they see something inappropriate.
Double Authentication: If you turn this feature on, Facebook will ask you to enter a code anytime you try to log into the site from a new device.
HTTPS Improvements: HTTPS support has been improved in that if you start using a non-HTTPS application on Facebook, the site will automatically switch your session back to HTTPS when you’re finished.
The Verdict
Unsurprisingly, Sophos still isn’t 100% happy with the network's improvements.
Learning Opportunities
Webinar
Mar
29
The CX Commute vs. the CX Joy Ride
Is your CX traffic holding up your customer's journey?
Webinar
Mar
29
Is Your Microsoft 365 Data Recoverable? How to Survive the IT Hotseat When Data is Lost
See why MIcrosoft recommends third party backup
Webinar
Mar
30
An Optimized Customer Contact Strategy Combines Transparency and Intelligence: The State of Outbound Communications
Learn from the Neustar-commissioned Forrester Consulting study on challenges and solutions for contact centers
Webinar
Apr
13
Accelerating Content Velocity Across the Digital Supply Chain
Learn to integrate DAM with upstream tools to improve workflow efficiency.
Conference
May
10
CMSWire CONNECT Customer Experience Conference - Austin 2023
Don't miss the top customer experience and digital experience conference of the year — live in Austin, Texas May 10-12.
Conference
May
10
Reworked CONNECT Employee Experience & Digital Workplace Conference Austin 2023
North America's best employee experience and digital workplace conference of the year — live in Austin May 10-12, 2023.
“Facebook has got a longer road ahead of it if it’s really serious about protecting its users,” said Graham Cluley, senior technology consultant at Sophos. “HTTPS is still not on by default, and isn’t present at all for users who visit the mobile version of Facebook’s website. Users continue to contact us in their droves concerned about rogue applications, survey scams and Facebook’s attitude that privacy isn’t something that users should be entitled to by default.”
In contrast, some think Sophos' requests are too heavy.
"The first and third suggestions are critical and really need to be implemented as soon as possible. As for the second suggestion, while I agree there definitely needs to be more oversight added to the app approval process, the sheer number of Facebook developers and apps makes the implementation of such a change much more difficult," wrote Emil Protalinski of ZDNet.
What do you think? Let us know in the comments below.