NEW YORK – In an effort to challenge programmers worldwide, Facebook has brought back its Hacker Cup contest for a third round, the company announced Wednesday.

“Hacking is core to how we build at Facebook,” wrote Facebook mobile engineer David Alves in a blog post announcing the contest. Company engineers are “always hacking to find better ways to solve problems,” he said.

Facebook is using the original definition of “hacker,” referring not to someone who breaks into computer systems, but rather to an individual who “enjoys exploring the details of programmable systems and how to stretch their capabilities,” to borrow the definition from the canonical online computer slang dictionary The Jargon File.

The first four rounds of the contest will be held online, starting Jan. 28. The top 25 finalists will be flown to Facebook’s headquarters on March 27 for a final round. The winner will be awarded US$5,000, and three runners-up will be awarded cash prizes as well.

The contest consists of successive sets of increasingly difficult algorithmic problems. Scoring will be based on how accurately and quickly the programmers complete the puzzles. Last year’s contest featured challenges such as determining the optimum number of shield generators and warriors one should acquire for the Facebook game Starcraft II and calculating the best race car driving strategy given a variable number of opponents, race track curves and likelihood of crashing.

For each problem, the participant is given a set of inputs and an explanation of the problem. They have six minutes to submit an answer, along with the source code used to solve the problem. Participants can use any programming language, as well as language-extending libraries and even complete programs, such as a spreadsheet.

Last year’s Hacker Cup got off to a rough start. Some users on the Quora social networking site complained that the contest’s procedures were confusing and sometimes contradictory. The social networking giant had improved the process by the end of the contest, though, participants reported.

SAN FRANCISCO – Facebook now lets iPhone owners view its new Timeline layout and has added several extra handy features in an app update pushed out to iPhone users on Sunday. iPad users still can’t view Facebook Timeline layouts.

Facebook launched its updated Android apps last week when Timeline was released. Facebook has already updated its Android mobile app with the layout. It’s unclear why the iOS update was delayed until the weekend but possibilities include waiting for approval from Apple’s app store and bug fixes. The Timeline layout was shown earlier this year at the company’s f8 Conference.

Timeline however isn’t the only new feature added in 4.1. The new version of Facebook’s app brings a lot of the new features that the social networking giant added over the last year to its mobile apps.

You now have the ability to add and sort into Facebook’s lists feature to help them organize their friends. It also adds the subscribe to page feature that the company added along with it’s revamp of news feed. And, as originally reported byTechcrunch, the new app felt considerably faster than previous versions during my time with the app.

This new iOS update leaves only the company’s iPad app without the new Timeline layout. Facebook promised that an update for Apple’s popular tablet is on the way.

By Lucian Constantin
October 10, 2011

IASI, ROMANIA – Members of a hacking think-tank called Blackhat Academy claim that Facebook’s URL scanning systems can be tricked into thinking malicious pages are clean by using simple content cloaking techniques.

Such attacks involve Web pages filtering out requests that come from specific clients and feeding them content that is different from what is displayed to regular users.

Attackers have been using this method to poison search results on Google for years now by serving keyword-filled pages to its indexing robot, but redirecting visitors to malware when they click on the links. However, it turns out that Facebook is also vulnerable to this type of content forging. “Hatter,” one of the Blackhat Academy members, provided a live demonstration, which involved posting the URL to a JPEG file on a wall.

Facebook crawled the URL and added a thumbnail image to the wall post, however, clicking on its corresponding link actually redirected users to YouTube. This happened because the destination page was able to identify Facebook’s original request and served a JPEG file.

“While most major sites that allow link submission are vulnerable to this method, sites including Websense, Google+ and Facebook make the requests easily identifiable,” the Blackhat Academy hackers said.

“These sites send an initial request to the link in order to store a mirror thumbnail of the image, or a snapshot of the website being linked to. In doing so, many use a custom user agent, or have IP addresses that resolve to a consistent domain name,” they explained.

Earlier this week, Facebook signed a partnership with Websense to use the security vendor’s cloud-based, real-time Web scanner for malicious URL detection. Blackhat Academy has now provided proof-of-concept code, which, according to its advisory, can be used to bypass it.

Websense doesn’t believe that to be the case. “This is nothing new. We use numerous methodologies and systems to ensure that our analysis of content (in real time) is not manipulated by malware authors, including using IP addresses not attributable to Websense so that malware authors are unaware that it is Websense analyzing the content,” the company said.

“Also, the Websense ThreatSeeker Network is fed via an opt-in feedback loop from tens of thousands of customers distributed globally. These IPs are also not attributable to Websense.com. It is because of technologies like this that Facebook chose Websense to provide protection for their growing user base of more than 750 million users,” it added.

That could well be true, but it’s worth keeping in mind that Websense primarily sells security solutions to businesses and Facebook is usually blocked on many corporate networks. It would be logical to assume that relying on its customers’ appliances to scan URLs on the social networking website might not have an immediate impact.

Hatter says that as a security research outfit Blackhat Academy follows responsible disclosure and notified Facebook of the content cloaking issue at the end of July. Despite this, the method still works.

“We’re well aware of the content forgery technique described and have built protections into our systems to account for it,” a Facebook spokesman said via email.

“The content returned when we crawl a shared link is only one of many signals we use to combat spam and abuse on Facebook. We know that this content can change between visits, and therefore can’t always be trusted, and our systems account for that,” he added.

Earlier this year, Facebook signed a partnership with Web of Trust (WOT), an organization that maintains a community-driven spam URL block list. However, it’s well-known that blacklisting is not very efficient and there can be a significant window of exposure between the time when a URL starts being spammed and the time when it’s flagged by such a system.

At the very least, content cloaking can be a powerful social engineering technique. A link with a .jpg termination accompanied by a thumbnail can look harmless enough to trick a lot of users into clicking on it.

Facebook and Websense are not the only ones with this problem. Google+ and Digg are also vulnerable to cloaking attacks, but other sites such as Twitter have developed strong protections against them.

By John P. Mello Jr.
September 29, 2011
SAN FRANCISCO – “Security” isn’t usually linked with “fun,” but a Finnish security is taking a stab at connecting the two with its new application. F-Secure’s ShareSafe app runs inside Facebook and flags links to dangerous websites before you post them to your friends’ walls (or your own).

“Security applications and Facebook tend to mix together like oil and water,” Sean Sullivan writes in an F-Secure blog post. “Folks generally want to share when they’re online–and not to worry about security.”
For this reason, ShareSafe’s development team has designed the app to be entertaining, with security benefits “tagging along for the ride,” Sullivan adds.

Indeed, the security feature of the app does take up very little of the offering’s screen real estate. It’s just a form field that occupies the top of the app’s home screen. You can paste a link in the form and ShareSafe will tell you if there is any unsafe content at the other end of the web address.

This can be especially useful if you’re dealing with shortened URLs, since their destinations usually can’t be guessed just by looking at the characters in the address.

The rest of ShareSafe’s interface page is made up of a dashboard and a feed of top links.

From the dashboard, you can keep tabs on badges and rewards you’ve earned (you get a “Rookie Cookie” badge just for activating the app), as well as notifications. The app awards reward points for sharing safe links, for clicks and “likes” generated by those links, and, of course, for the number of friends you get to join the ShareSafe community. Points are also awarded for other behaviors, but the exact details are secret to “keep things interesting,” F-Secure explains.

Points can then be redeemed for products. Right now, prizes are limited to security software made by F-Secure, but perhaps we’ll see a wider selection in the future.

From the links feed, you can see top links for all of Facebook. You can also choose a category and see the top links for that category–such as pictures, news, or health. A “top link” is determined by the number of Facebook “likes” it has received.

Why Share Safely?

Why would you want to view your news feed and wall items through ShareSafe? Because before ShareSafe displays any items with links, it checks the links for malicious content. This way, you can make sure neither you nor any of your friends are circulating URLs to poisoned sites.
According to security experts, poisoned links on social networks are a big problem. In an experiment by Dasient Security, researchers set up accounts on 11 social networks and found that not one of those networks stopped them from posting malware links. In addition, nine of the 11 links failed to block links listed in a Google compilation of poisoned websites.

“The social networks we tested have some work to do on their malware countermeasures,” says Neil Daswani, Dasient CTO.

According to Carole Theriault, a senior consultant at security firm Sophos, “Facebook is a very enticing playground for bad guys. It is no surprise that surveys have shown an increase in malware activity on the site.”

By Eric Mack
September 26, 2011

SAN FRANCISCO – How will Facebook users react to the huge changes soon to land at the world’s largest social network? Anecdotal evidence suggests, not well. According to a number of informal poles, four out of five Facebook users see the upcoming facelift and new features as unpopular.

We know Facebook users are adverse to change. Just this week an anti-change Facebook campaign sprang up within hours of Facebook unveiling changes to its news feed. Now, with Thursday’s f8 conference keynote by Mark Zuckerberg where he announced sweeping changes over how your Facebook profile will look and a radical new approach to collecting user data, it’s a foregone conclusion some users will be outraged.
Here is quick overview of the changes and some comments from the pitchfork wielding Facebook crowd that is already amassing.

New Features:

o Timeline: A whole suite of changes to user profiles that makes them wider and more visual than before and adds a number of interface and privacy controls. Timeline adds the scrolling ticker of real-time activity from friends that rolled out earlier this week and will also summarize past events in an attempt to tell the full story of users’ lives, as Facebook puts it.

o Media and app integration: Music from Spotify and news from Yahoo (more Facebook integration is already rolling out on the Yahoo News’ site) are among the new “Open Graph” apps that will soon allow for real-time interaction, like listening to the same song at the same time as friends.

o Privacy filters: A new private activity log will provide control over what gets displayed on profiles and what doesn’t.
o Cover photo: A huge banner makes the top of your profile page look more blog-like.

This week’s sneak peek at the tectonic redesign changes coming soon to Facebook has clearly already stirred the pot of social networking discontent.

“What Facebook needs to understand is that every user is different. What Facebook should do is offer the extra options instead of forcing them on us users,” writes PCWorld reader BikDav. “That way, we can choose what we need and what we don’t need.”
Complaints about Facebook’s new features have also provided new ammunition for the ongoing battle with Google+, which just opened its doors to the public this week after a twelve-week closed field test.

“I am seeing nothing but complaining about the new Facebook features on my Google+ page,” observed PCWorld reader stewdanko.

A poll released just hours after the f8 announcements on Thursday by SodaHead, an online community and survey site founded by a former MySpace VP, found 84 percent of over 1400 users surveyed disapproved of Facebook’s facelift.

Web poll

PCWorld’s Facebook page seems like the most likely place to find some words of support for the changes, but our own informal survey returned the same findings. A quick review of over 50 responses to our request for comments on the redesign posted within the first twelve hours following the f8 announcement shows less than 20 percent expressed support for the new Facebook. The word “sucks” dominated the conversation and the merits of Google+ were widely espoused.

“Organized chaos or shuffling deck chairs on the Titanic. I pick the latter. It’s not working for me,” comments Heather Carey on the PCWorld Facebook page.

A handful of people that responded to our request said they were excited about the new features, and others didn’t understand what has so many people in a tizzy.

“Really don’t get why everyone’s complaining,” wrote Ted Geistlinger in the comment stream. “In the end it’ll be for the best. I don’t feel sorry for people who are complaining that the free service that they aren’t obligated to use is making minorly inconveniencing changes.”

Such complaints are a familiar refrain, one that was heard years ago when Facebook introduced the idea of status updates, and when that was expanded to the News Feed. Today, both concepts are part of the daily lives of almost one-sixth of humanity. Will we all come around to the new Facebook? Or is the social network sinking under its own weight? What do you think?

SAN FRANCISCO – Video chat is all the rage these days, thanks to new services such as Google+ Hangouts and Skype/Facebook integrated video chat. Video chatting is a great way to stay in touch with family and friends–seeing loved ones’ faces on a computer screen is almost like actually being there.

If you’re a video-chat newbie, shopping for webcams and setting up video calls can be a daunting process. Luckily, it isn’t as hard as you think it is. Here’s how to get started with video chat. You’ll be reconnecting with relatives and pals in no time.

Choose a Webcam

These days most laptops–and a lot of desktop monitors–come with built-in webcams. Before you rush out and buy a webcam, confirm whether your laptop or desktop monitor already has one.

1. Resolution: Picture resolution is measured in megapixels–more megapixels is typically better. Built-in webcams are usually 1.3 megapixels, which is okay but not great. Look for a webcam that has 2 or 3 megapixels; having anything more than 3 megapixels probably won’t make much of a difference when it comes to video chat.

2. Speed: Video is measured in frames per second, a figure also known as the frame rate. You’ll want a webcam that captures 30-plus frames per second for smooth video–though the actual smoothness of the video will depend on a number of factors, including the speed of your Internet connection.

3. Lens: Entry-level webcams typically have plastic lenses, but a webcam with a glass lens is a better choice. It’s also nice to have a webcam with a manual focus ring, so you can adjust the webcam yourself.

4. Connection point: You’ll come across both USB-wired webcams and wireless (Bluetooth or Wi-Fi) webcams. Of the two types, USB 2.0 is the more reliable choice, in my opinion, because you’ll get a steady connection and you won’t have to worry about your Wi-Fi cutting out (this is good if you’re, say, recording video). You should also consider the type of stand a webcam has. If you plan to use the webcam on a thin monitor or a laptop screen, you’ll want a clip-style stand. If you have a larger monitor, or if you want to put the webcam on a shelf or desk, you’ll need a flat stand.

5. HD: If you wish to use your webcam just for video chatting and socializing, you don’t really need an HD webcam. But if you intend to do a lot of streaming or recording–you have a Stickam show, for instance, or you want to make YouTube video logs–you might consider an HD model. The “HD” label refers to webcams that capture images of 720p or better.

Set Up Your Webcam

Setting up a webcam should be pretty straightforward, but here are a few tips to ensure a trouble-free setup.

1. Plug the webcam in: If your webcam doesn’t plug in (it’s a wireless- or Bluetooth-enabled model), turn it on and make sure your computer recognizes it as a webcam. If you can’t tell whether your computer is recognizing the webcam, go to Cameroid and click Snap; if your computer recognizes your webcam, you’ll get an Adobe Flash window that requests camera and microphone access. Click Allow, and check for a picture.

2. Download and install the latest drivers: Verify that you have the latest drivers for your webcam by going to the webcam’s manufacturer’s website. You may not need to do this if your webcam is a plug-and-play USB device. Also be sure to download and install the latest version of Adobe Flash, if you plan on using a Flash-based video-chat service (such as Google Talk).

3. Lighting, lighting, lighting: Webcam image quality isn’t great, but that doesn’t mean it has to be terrible. To get some decent lighting, follow a few rules. Don’t use your computer monitor as a source of light, and don’t put a light behind you (your face will just look dark). Instead, position a source of light (such as a desk lamp) in front of you or beside you. Soften the light by taping a piece of white paper over the bulb–this will make you look less orange and oversaturated.

4. Wear white: Many webcams have automatic exposure and white balance. Basically, that means the webcam will focus on the brightest thing in the picture and assume that it is white, adjusting its picture accordingly. You need to put something that’s actually white in the picture, or your webcam will focus on something that isn’t white–and your picture will end up looking all weird. You can either wear a white shirt or constantly hold up a piece of white paper (your choice).

For more tips on how to perfect your webcam video, check out photography blogger Strobist’s post on getting a good picture.
Next page: Selecting a service, and video chatting by phone

Select a Service

You can find tons of video-chat services out there. Which one you decide to use depends on a number of factors, including what you want to do with it and what services you’re comfortable using. Most major instant messenger services–including AOL Instant Messenger, Facebook, Google Talk, and Skype–have video-chat support. If you already use one of these services regularly, you should probably just stick with it. Otherwise, read on.

Google Talk

Google Talk, the chat service located inside Google’s Web programs (such as Gmail and Google+), has had video-chat support since late 2008. To use Google Talk’s video service, you must first install the voice-and-video chat software. Once the software is installed, video chatting with your Gmail contacts is simple.

Get started: To begin a video-chat session, open a chat window as you normally would, by double-clicking on your friend’s name in the chat list, or by hovering over your friend’s name and selecting Chat. Once the chat window is open, a little video icon will appear in the top-left corner of the window. Click that icon to start a video call.

Either you or your friend (or both) must have a webcam in order to video chat (this should be obvious). If your friend has a webcam plugged in, a small camera icon will appear next to their name in your chat list. Also, both of you must be online–if one of you is “invisible,” you won’t be able to video chat.

Add a contact: If you want to video chat with someone who isn’t on your contact list, simply add that person as a contact for Gmail chat. At the top of the chat window is a box where you can ‘Search, add, or invite’ a friend. Type in your pal’s email address, and then click Invite to chat.

Adjust the video: Google uses Flash video, which means you can do little in the way of adjusting your webcam directly from your chat window. If for some reason you can’t see video, right-click the video window and choose Settings. Confirm that you’ve allowed Google to access your camera and microphone (the icon looks like a computer with an eye inside it). Next, verify that you’ve chosen the correct webcam–go to the icon with the webcam on it, and find your camera in the drop-down menu.

If you’re a member of Google+, you can use Google’s messenger service to broadcast your webcam in a Google+ Hangout. To start a Google+ Hangout, go to your Google+ homepage and click Start a Hangout on the right side. Hangouts can hold up to ten people video chatting simultaneously in the same room.

You should use Google Talk if you have a lot of Gmail contacts, you want to talk to multiple friends at once (using Google+), or you don’t want to download and open a separate program.

Skype

Skype is practically synonymous with “video chat.” This instant messenger program lets users make both video calls and regular calls straight from their desktop.

Get started: Since Skype isn’t browser-based, you have to download and install the Skype desktop client. Then you need to obtain a username, if you don’t already have one. Creating an account is pretty simple: Just click Don’t have a Skype Name? and go through the steps.

Once you have a Skype name, you can log in and start chatting right away. To start a video chat, click on the friend you want to chat with, and then click the Video Call button.

Add a contact: You can easily add a contact in Skype. Go to Contacts, New Contact and search for your friend by their email address, Skype username, or full name. You can also search your Microsoft Outlook and Yahoo email address books by going to Contacts, Import Contacts.

Adjust the video: One nice thing about Skype’s desktop client is that it allows you to adjust your webcam’s settings for a better picture. Go to Tools, Options, Video settings, and you’ll see some basic options, including a feature for taking a snapshot with your webcam. To make further tweaks, go to Webcam settings. In that window, you can adjust brightness, contrast, gamma, hue, saturation, sharpness, image quality, white balance, and flicker. You can also choose whether to mirror or flip the image, or to go black and white. These settings will carry over to the next time you use your webcam, too, so if you want to change your webcam settings for Google chat, here’s where to do it.

You should use Skype if you like tweaking your webcam settings, you want only a video-chatting service, and you plan to call landlines or cell phones on occasion.

Facebook

Recently Facebook introduced its very own in-browser video-calling service in conjunction with Skype. The service hasn’t rolled out to all users yet, however; the current status of the rollout on Facebook’s video-calling page states: “Video calling will be available soon. Please check back later.”
Get started: Facebook video calling is a lot like Google video chat. Before your first video chat, you’ll need to download and install some software, but all of your chatting will be in-browser.

To video call one of your friends, choose the person from your Facebook chat list on the right side of the browser, and open a chat window by clicking on the person’s name. In the upper-right corner of the chat window, a small video camera icon will appear; click this icon to initiate a video call.

You can also start video calls by visiting your friend’s Facebook page and clicking the Call icon that appears in the top right. Only one person needs to have a webcam for friends to use Facebook video chat.

If your friend doesn’t pick up when you call, Facebook lets you leave a “video voicemail” message: You can record a quick video that they’ll receive in their inbox the next time they log in.

Facebook video calling is supported in Firefox, Chrome, and Safari, but not in Opera. It does not work on Linux.
Add a contact: Adding a Facebook video-chat contact is the same as adding a regular Facebook contact–you have to “friend” the person (and they have to accept) before you can start chatting or video chatting with them.

You should use Facebook video chat if you have the option (it hasn’t arrived for all users yet) and if the people you want to talk to are on Facebook.

Video Chat on Your Phone

Now that you’re a video-chat connoisseur, you can take it on the road. How can you video chat while you’re mobile–say, on a cell phone? Plenty of services will let you let you do just that; Tango, for one, allows you to video chat with users on other platforms. One thing you may want to have, however, is a phone with a front-facing camera–although you can video chat using a phone’s back-facing camera, it’s a bit inconvenient.

Here are two video-chat services that you can use on your phone.

FaceTime

If you own an iPhone 4, an iPod Touch, or an iPad 2, you can use Apple’s built-in video-chat service, FaceTime.
Using FaceTime is simple: Find the person you want to video chat with in your contacts list, and tap the FaceTime button. Or, if you’re on a call with someone, tap the FaceTime button on the call screen. FaceTime by default utilizes your device’s front-facing camera, but you can also tap the switch button to use the back camera.

The only real problem with FaceTime is that you must be on Wi-Fi–not 3G–to use it. But you do have ways to get around that constraint–with a little jailbreaking.
Tango

If you don’t have an iOS device, or if you own an iOS device and you want to make video calls over 3G or 4G without having to jailbreak it, you can check out Tango. A cross-platform mobile video-chat service, Tango works on both iOS devices and Android phones.

Tango is quick and easy to set up–all you need is your name and your contact list, and you can start calling right away. For you to call someone through Tango, the other person also needs to have the app installed. You can invite friends via text or email, straight from the Tango app.

Aside from the ability to video chat over a data connection, one particularly appealing feature of Tango is the ability to switch between video and audio during the call.

See? Video chatting isn’t nearly as scary as it seems. You can do it from virtually anywhere, too. Now you have no excuse to avoid calling your mother and letting her see your face.

FRAMINGHAM – Apple’s new $1 billion dollar data center looms large on Google Earth, putting its Maiden, N.C., home on the map. From the roof to its sides, the 500,000-square-foot building is painted white to reflect the sun’s heat back into space.

It would be unfair to call Maiden, population 3,409, an unlikely place for a new data center.

Large cloud providers are building monolithic facilities in areas that offer relatively low-cost land as well as abundant and somewhat inexpensive electricity.

Western North Carolina, where Maiden is located, fits such a bill.

Google has already built a $600 million data center in Lenoir, N.C., less than an hour’s drive from Maiden. And Facebook is building a $450 million, 300,000 square foot data center in Forest City, N.C., just over an hour way.

When Google announced plans for its North Carolina data center in 2007, Scott Millar, president of the Catawba County Economic Development Corp., was hopeful that the decision would draw the curiosity and interest of other tech firms.

Now, Millar said, “I think the dynamics that brought Google are still in place for others.” The addition of an Apple data center has only increased interest in the area, he noted.

“Having the Apple brand in our community says to a lot of folks that if Apple’s investing here, then we can invest here,” said Millar.

It also has intangible benefits, particularly among young people who see the Apple logo and think, “Maybe there is a future for me here,” he said.

The region is appealing to data centers partly because it has a good electric grid. There’s a long legacy of furniture and textile manufacturing, both power-intensive industries.

Tax breaks help as well. Apple has received 10-year 50% break in real estate taxes and an 85% break in personal property taxes. The economic development effort also includes fast turnaround on permits, and for Apple, a building inspector was stationed on-site to help speed construction, said Millar.

Apple also has room to expand. Its facility is located on some 200 acres, and it is occupying only a small part of the site for now, said Millar.

Apple “brought us national attention as a player in the tech world,” said Todd Herms, Maiden’s town manager.

Apple’s data center turned up on Google Earth just recently, something Fortune may have been the first to report. But Herms said there are plenty of large buildings in the area, including an industrial park three miles south with 12 buildings of similar size. The area also has furniture, paper products and textile manufacturing facilities, he said.

Apple’s data center is creating about 50 direct jobs and 250 indirect jobs, such as contractors who will work on the site. The construction work created 2,500 to 3,000 jobs.

Herms said he isn’t expecting Apple to change the fundamental, Mayberry-type nature of the town, a place where everybody knows one another.

The town is planning to buy some iPads for next year, and it has some Apple computers as well, but Dell machines and BlackBerries are also in use. Herms uses an iPhone, “but I’ve always used an iPhone,” he noted.

SAN FRANCISCO – Once again, Facebook has messed with users’ privacy in the name of a new feature.

The latest controversy is over Facebook facial recognition, which can automatically tag friends in photos just by matching the image to a massive database of faces.

Face recognition is a useful, time-saving feature — at least when it works. But it’s also a creepy addition to Facebook that opts you in automatically. As my colleague Sarah Jacobsson Purewal reported, you can only opt out of getting automatically tagged by friends. The database can still technically match your name to your face.
Therein lies Facebook’s big dilemma, the one that comes up time after time, with each new change to the site that demands more of users’ personal information: Yes, letting users opt-in to new features would be a more respectful approach. But because Facebook is inherently social — that is, it relies on the participation of many users — opt-in is much trickier to pull off. In some cases, it’s just impractical.

Take, for example, the “instant personalization” feature introduced last year. This allows partnering Websites to use and display information from your public Facebook profile, and from your friends’ public profiles. For example, if you write user reviews on Rotten Tomatoes or Yelp, your friends can see those reviews when they visit the site, provided they’re logged into Facebook. Had Facebook made this feature opt-in instead of opt-out, most people wouldn’t have bothered. That would defeat the purpose of personalization, which relies on having lots of recommendations from people you know.

A simpler example is Facebook’s broader attitude toward public vs. private information. In late 2009, Facebook made changes to its privacy settings to put an emphasis on “everyone,” so that users would share their status updates with the entire Internet by default. In making this change, Facebook was trying to be more like Twitter — a massive, ongoing, public conversation between lots of people, regardless of whether they’re friends or strangers. I like Twitter, and I understand by Facebook would want to make this change. But again, it only works if a critical mass of people are participating. That’s why the “Everyone” option for status updates is opt-out, rather than opt-in.

With facial recognition, Facebook faces the same dilemma. Facebook could give people the choice to opt in to its photo recognition database, but then how many people would bother? The whole point of Facebook facial recognition is to tag all of your friends in a photo without any manual work. If most of your friends aren’t participating, the feature is worthless.

I’m not defending Facebook’s actions, but I understand why the site behaves the way it does. As long as Facebook introduces new features, there will be new privacy snafus. Facial recognition wasn’t the first, and won’t be the last.

FRAMINGHAM – As more people create Facebook profiles (500 million and growing), and sign on to the many social media sites available today, hiring managers are finding they have new opportunities to get background information on job candidates.

Tapping into a potential hire’s Facebook profile, or Twitter account, for information means you can learn more about a candidate’s personality than you might get with just a job interview. A Facebook profile, or collection of tweets, can offer additional insight into whether or not a person might be a good fit with a corporation’s culture. On the flip side, a thorough check of one’s social media footprint might also uncover some serious missteps, or questionable judgments, a potential hire has made in their past. Having the benefit of finding this BEFORE a hire has been made may make some organizations feel thankful they’ve dodged the bullet of a potential disastrous addition to the work ranks.

[See also: Checking job candidates' FB pages can come back to haunt you]

But in between the good and the bad information is plenty of data that is illegal to view if you are making a hiring decision. And even if a hiring manager honestly does not use off-limits material, once they have seen it on Facebook, it can become grounds for a lawsuit.

“It not about the medium,” according to Victoria Mavis, president & senior consultant at Core People Resources, a human-resource-services firm in Lewisburg, Pennsylvania.”It’s about what you do with the information you get. Whether I get it off the background information check or off of Facebook, is it information I should have access to in the first place?”

For a little guidance on navigating the new landscape of information out there on potential hires, we spoke with human resource and labor law experts on ways to be smart when using Facebook and other social media to check up on job candidates.

Tip #1: If you’re going to use Facebook to vet job applicants, make it clear, up front, in the hiring process

If you plan to take advantage of social media venues, like Facebook, to conduct background investigations, the most important first step is to have a policy, and make sure candidates are aware of it, said Mavis.

“Let candidates know you are going to do background checks so you can do it properly and get authorization,” she said.

That means disclosing all of the places you may go searching for information about a potential hire, and all of the things you may go looking for.

“Identify ahead of time the five or ten things that, if you saw them on a candidate’s profile, would concern you about them. That might be a reference to use of illegal drugs, or graphics promoting hate,” said Mavis. “Also figure out what might be some positives you would seek, such as a candidate who is active in their community, or involved in a cause, such as cancer research.”

Tip #2: But remember, once you’ve viewed it, it can put you in a legal conundrum

Using Mavis’ previous point about finding out a potential hire is involved in cancer research, brings us to a concern that goes along with discovery this kind of information. As Jon Hyman, a partner in the Labor & Employment Group at Ohio legal firm Kohrman Jackson & Krantz, notes, finding out someone is involved with a cancer-related cause also means you might discover health information you shouldn’t access as a hiring organization.

“There are a lot of EEO (Equal Employment Opportunity) issues to consider,” said Hyman. “Say you are doing a Facebook search on a potential employee, and find they have “liked” the Komen Foundation. You read through the page and find this person is a breast cancer survivor. Now the bell has rung that this person has had cancer, and you now have disability-discrimination issues, whether it’s based on the actual disability, or perceived disability. You now also have genetic-information-discrimination possibilities. And that bell can’t be un-rung. And as an employer who has to make a hiring decision, you get put in the unenviable position of having to prove a negative; of having to prove that you didnt use that information as part of the decision.”

Other obvious EEO areas you don’t want to view while looking at Facebook and other social media would include religious affiliations, race status or age.

“You would never ask on a job application what year someone graduated from college, because that could disclose how old someone is,” noted Hyman.”That is not something you want to know when making hiring decision. But if you go on Facebook, you can see what year a person graduated, and you can easily put two and two together and figure out something that is information you would never ask for otherwise.”

Tip #3: Consider a third party to do the research for you

Having an independent researcher, someone not linked to the hiring and recruiting process, look for information and report back to you may be the best way to avoid any impropriety on the part of the hiring organization, said Mavis.

“If I can access your Facebook profile, I can see your sex, your age, your race. All that is privy to me and I can’t realistically say I didn’t have access to it,” she said. “But as a researcher, I could have access to it. I just dont report it on to the hiring managers.”

An independent researcher does not always have to be someone outside the company, said Mavis. Smaller organizations that may not be able to afford to hire a third-party can recruit an employee within the company who has no influence on the hiring decision.

Whoever conducts the background check should work from a list of information the employer has predetermined that they want to find, which can be both positive and negative attributes. The researcher can then print or copy the materials they have found and bring them back to the hiring organization; omitting any information that is illegal to use in a hiring decision. This ensures hiring personnel do not have access to protected information, said Mavis.

Tip #4: Understand what you find may not be reliable or accurate

“Just because someone puts it on a blog or Twitter, doesn’t mean it’s true,” said Hyman.

While information uncovered during a background investigation using Facebook, Twitter, blogs or other online sites, may make a candidate seem like a poor fit, it’s important to follow up and let them know what you have found.

“If you decide not to hire a candidate based on something a researcher has found, present them with that information, explain why it’s a concern,” said Mavis. “There is always a chance it’s incorrect on social media. It could even be the wrong person. But the candidate deserves a chance to explain.”