Select your localized edition:

Close ×

More Ways to Connect

Discover one of our 28 local entrepreneurial communities »

Be the first to know as we launch in new countries and markets around the globe.

Interested in bringing MIT Technology Review to your local market?

MIT Technology ReviewMIT Technology Review - logo


Unsupported browser: Your browser does not meet modern web standards. See how it scores »

{ action.text }

Last month, Facebook finally crossed a line. The company announced that it would make certain user information–including a user’s name, hometown, education, work, and “likes” and “dislikes”–permanently public.

Facebook’s default privacy policy has gradually shifted to expose more user data to the wider Web, but the reaction to this latest change has been significant. Last week, a collection of European data-protection authorities known as the Article 29 Working Group sent Facebook a letter chastising the company for not allowing users to limit access to their social data. The letter follows a similar criticism of Facebook by several members of congress, such as Sen. Charles Schumer, D-NY, over the past month. The reaction from privacy advocacy groups, and from many of Facebook’s users, has also been vocal.

Some experts also say that the increase in information disclosure could have a serious side-effect–opening up new opportunities for hackers. Kevin Johnson, a senior researcher with security firm InGuardians, uses Facebook as a starting point for his job: testing companies’ network security. Many times, he says, the most significant vulnerabilities are not in hardware or software, but in a users’ use of social networks. The information leaked on social networking sites can be used to impersonate a legitimate person, in order to recover a password, for example; or to trick users into opening a malicious file by making it appear to come from a friend or a colleague.

“As a penetration tester–as an attacker–Facebook’s privacy settings have made my job easier,” Johnson says. “In the past, before two years ago, we had to trick people into running a [rogue] application [to collect data]. Now, the majority of people out there–the bulk of Facebook–run under default privacy settings.”

Pushed by a need to monetize the data entered by users, Facebook has increasingly loosened its privacy policies. In 2005, the company’s original policy stated that no information would be shared with people “who [do] not belong to at least one of the groups specified by you in your privacy settings.” By 2010, the policy had changed to one that focuses on sharing much more information, stating that applications and Web sites “will have access to General Information about you.” The text of the company’s privacy policy has grown nearly 500 percent and users are now required to navigate some 50 different privacy settings.

“Facebook says that they are introducing more privacy settings because they want to give users more control, but what they have done is make things more confusing,” says Fred Stutzman, a privacy researcher and PhD candidate at the University of North Carolina at Chapel Hill. “Over time they have made changes that make people’s information more open, because that is how they drive the use of the network.”

“This is something that is different from how Facebook had been operating,” says Kurt Opsahl, a senior staff attorney with the Electronic Frontier Foundation. “In the past, they encouraged sharing that information, but now they have taken information that many people consider private and made it public, and they did so in a very heavy-handed way.”

2 comments. Share your thoughts »

Tagged: Web, security, Facebook, privacy, user-generated content

Reprints and Permissions | Send feedback to the editor

From the Archives


Introducing MIT Technology Review Insider.

Already a Magazine subscriber?

You're automatically an Insider. It's easy to activate or upgrade your account.

Activate Your Account

Become an Insider

It's the new way to subscribe. Get even more of the tech news, research, and discoveries you crave.

Sign Up

Learn More

Find out why MIT Technology Review Insider is for you and explore your options.

Show Me