The open letter from Sophos requested three specific things from Facebook:
- Privacy by default: Self explanatory. Currently, Facebook requires users to opt-in when it comes to a handful of features that keep their information out of the general public's eye.
- Vetted app developers: Want to be a Facebook developer? No problem-- pretty much anyone can. And therein lies the problem. With over one million developers already registered on the platform, services are often filled with viral scams. Sophos proposes only vetted and approved third-party developers be allowed to publish.
- Https for everything: HTTPS was a recently added option, but because it doesn't gel with every application, Facebook left it turned off by default. Further, the platform only commits to provide a secure connection “whenever possible”. Sophos asks that the secure connection be enforced, by default, all of the time. (Chech out our how-to article for enabling it here.)
Dear Sophos et al.,
Facebook's privacy updates mildly touch on the requests:
More Resources for Families: The Family Safety Center now features useful articles and videos for parents and teens on safety and privacy issues. A free guide for teachers is also slated to be released within the next few weeks.
Social Reporting Tools: Photo Gallery encourages users to seek help from friends by allowing them to notify a member of their community when they see something inappropriate.
Double Authentication: If you turn this feature on, Facebook will ask you to enter a code anytime you try to log into the site from a new device.
HTTPS Improvements: HTTPS support has been improved in that if you start using a non-HTTPS application on Facebook, the site will automatically switch your session back to HTTPS when you’re finished.
Unsurprisingly, Sophos still isn’t 100% happy with the network's improvements.
“Facebook has got a longer road ahead of it if it’s really serious about protecting its users,” said Graham Cluley, senior technology consultant at Sophos. “HTTPS is still not on by default, and isn’t present at all for users who visit the mobile version of Facebook’s website. Users continue to contact us in their droves concerned about rogue applications, survey scams and Facebook’s attitude that privacy isn’t something that users should be entitled to by default.”
In contrast, some think Sophos' requests are too heavy.
"The first and third suggestions are critical and really need to be implemented as soon as possible. As for the second suggestion, while I agree there definitely needs to be more oversight added to the app approval process, the sheer number of Facebook developers and apps makes the implementation of such a change much more difficult," wrote Emil Protalinski of ZDNet.
What do you think? Let us know in the comments below.