PC World Philippines

Posts Tagged ‘ blog post ’

Facebook Mulls Privacy Changes, Causes More Outrage

By Fei on March 31, 2010

By Jared Newman
March 31, 2010

SAN FRANCISCO – Facebook users are expressing strong disapproval of proposed privacy changes that will let the site share some user information with third-party Web sites and applications.
Under Facebook’s current rules you’re asked first if you want to share information (your name, photos and friends list) with third-party sites. The proposed policy, which Facebook hasn’t implemented yet, would bypass asking you for approval when visiting some sites and applications Facebook has business relationships with, sharing limited personal information automatically.

In other words, if Facebook deems a Web site or application trustworthy, it’ll immediately grab your information when you visit or use it, provided you’re logged into Facebook when that happens. Users will be able to opt-out, but it’s not clear if this would happen on a user’s settings page or by some other means. Facebook didn’t get into specifics on when these changes will be made, why they’re happening now or which sites will be participating.

Right now, there are more than 900 comments on the blog post in which Facebook Deputy General Counsel Michael Richter announced the proposed changes. Most of them are negative (though more than 2000 people “like” the blog post itself). Users are particularly angry that the third-party data sharing is opt-out, meaning users will take part by default.
“Don’t be evil,” Scott Allan Wallick wrote. “Or if you do have to be evil, at least make the evil opt in and not the other way around.”

“Has Facebook compared the projected revenue gained from this proposed change to the projected revenue *lost* by the number of users (including myself) that will be driven away?” wrote Nick Williams.

“Why isn’t opt-in the default for all public disclosure of information? The next time Facebook changes its policy from opt-in to opt-out, I’ll be gone,” wrote David Jasinski.

Facebook users are understandably sensitive about what the site does with their personal data. In 2007, the site got into hot water over Beacon, which logged user activity on third-party sites even when they weren’t logged into Facebook, and optionally published that activity to users’ profiles. That resulted in a $9.5 million lawsuit settlement last December. This proposal differs from Beacon in that the user must be logged into Facebook to share data, and there’s no indication that Facebook will log or publish what you do on those sites.

Facebook also retooled user privacy settings in December in hopes that people would make parts of their profiles public. That effort backfired when users realized their friends lists were made public even when the rest of their profiles were not, causing Facebook to relent and tweak its settings.

If anything, those past examples show that Facebook is willing to bend on privacy when its users get mad enough. Keep in mind that the changes announced by Richter aren’t in effect, and the announcement itself was meant to spur feedback from users. Maybe the overwhelming negativity will prompt even more backpedaling from the behemoth of social networking.

Twitter Becomes More Proactive About Phishing

By Fei on March 12, 2010

By Ian Paul
March 12, 2010

SAN FRANCISCO – Twitter is finally being proactive about the large number of phishing scams that have plagued the micro-blogging service in the past year. On Wednesday, Twitter introduced its own anti-phishing service designed to protect its users from these types of attacks. The new security measures will focus on Twitter direct messages (DMs) — private tweets addressed to a specific user — and corresponding e-mail notifications. Twitter believes DMs are the primary source of Twitter-based phishing attacks, and has not yet announced any plans to extend the new service to regular Twitter messages.

DMs will now be routed through Twitter’s anti-phishing service to “detect, intercept, and prevent the spread of bad links,” Del Harvey, director of Twitter’s trust and safety team, wrote in a recent blog post. After Twitter has approved a link, it will be delivered to users via a new ‘twit.tl’ URL instead of bit.ly, tinyURL or other link-shortening services. Twitter also claims that if a bad link gets through to a user via e-mail, the company would still “be able to keep that user safe.”

Social Phishing

Phishing scams are often used to harvest log-in credentials for social networks and financial sites by encouraging users to log in to phony versions of legitimate Websites. These types of scams often entice users to click on a bogus link to check out a new video or log in to a particular service to verify some data. The fake Website can then either inject some form of malware onto your computer or steal your log-in credentials to the legitimate site. Typically, phishing messages use URL shortening services to mask the phony site’s actual Web address.

Malicious activity like this has become a regular problem for social networking services and tools, and some are starting to be more proactive about dealing with the issue. Bit.ly checks all links created using its service against three independent malware blacklists to help fight phishing and malware scams. Bit.ly is Twitter’s default link-shortening service.

Another URL-shortening service, Tr.im does not specify how or if it monitors for phishing attacks, as far as I could tell anyway, but it does have a spot on its Webpage where users can report suspicious or spammy tr.im links. TinyURL does not publicly state it protects against abuse of its service, but states at the bottom of its homepage that it forbids illicit uses of its services.

Facebook last month instituted an automated security system in partnership with security firm McAfee, after being targeted with its fair share of phishing scams. The new system is supposed to help detect user accounts that may have fallen prey to malicious activity; however, Facebook’s malware strategy may not be as effective as it could be, especially since it’s designed, at least in part, to sell McAfee security software to its users.

Google’s new social networking experiment Google Buzz is also reportedly proactive about phishing scams. Google recompresses images sent to Buzz and scans all links in Buzz against its blacklist of Websites, according to Webpronews. Google also reportedly has spam detection and abuse monitoring in place for Google Buzz comments.

The Problem with Lists

Of course, the downside of any Website blacklist is that it will never be large and agile enough to catch the newest scam sites. Since the use of blacklists is the most common way modern Web browsers and security services protect users against malware, the best defense is still to trust one’s own instincts.

Be wary of oddly worded or unsolicited messages you receive through social networking sites, and make sure you don’t log in to a site based on a link you received via e-mail. More importantly, make sure the site you’re trying to log in to is the real thing by verifying you have the right URL in your browser’s address bar — Facebook has a brief explanation about legitimate URLs here. Automated protection against phishing scams and malware is a great help, but in the end it’s no substitute for common sense.