Wednesday, September 16, 2009

Facebook


Issues during 2007

In August 2007, the code used to dynamically generate Facebook's home and search page as visitors browse the site was accidentally made public, according to leading internet news sites.[1][2] A configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure private data on the site was. A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served legal notice by Facebook.[3] Facebook's response was quoted by the site that broke the story:[4]

“A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released powers only Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further.”

In November 2007, Facebook launched Beacon, a system where third-party websites can include a script by Facebook on their sites, and use it to send information about the actions of Facebook users on their site to Facebook, prompting serious privacy concerns. Information such as purchases made and games played are published in the user's news feed. An informative notice about this action appears on the third party site and gives the user the opportunity to cancel it, and the user can also cancel it on Facebook. Originally if no action was taken, the information was automatically published. On November 29 this was changed to require confirmation from the user before publishing each story gathered by Beacon. However, there is still no option to prevent Facebook from storing and using information sent by Beacon. [5]

On Dec. 1, 2007 Facebook's credibility in regard to the Beacon program was further tested when it was reported that the New York Times "essentially accuses" Mark Zuckerberg of lying to the paper and leaving Coca-Cola, which is reversing course on the program, a similar impression.[6] A security engineer at CA, Inc. also claimed that Facebook is collecting data from affiliate sites even when the consumer opts out and even when not logged into the Facebook site, a contradiction of Facebook public claims and email correspondence.[7]

News Feed and Mini-Feed

On September 5, 2006, Facebook introduced two new features called "News Feed" and "Mini-Feed". The first of the new features, News Feed, appears on every Facebook member's home page, displaying recent Facebook activities of the member's friends. The second feature, Mini-Feed, keeps a log of similar events on each member's profile page.[8] Members can manually delete items from their Mini-Feeds if they wish to do so, and through privacy settings can control what is actually published in their respective Mini-Feeds.

Some Facebook members still feel that the ability to opt out of the entire News Feed and Mini-Feed system is necessary, as evidenced by a statement from the Students Against Facebook News Feed group, which peaked at over 740,000 members.[9] However, according to recent news articles, members have widely regarded the additional privacy options as an acceptable compromise.[10]

In September 2008, the news feed and "Wall" were retroactively combined, reigniting privacy concerns over the "news feed" feature by publicly posting previously hidden actions.[citation needed] However, this criticism comes mainly from those who never learned the privacy controls for Mini-Feed in the first place, since for those who have had their controls set to prevent Mini-Feed stories, the combining of Mini-Feed with the Wall is basically no different than the Wall alone.

Complaint from CIPPIC

The Canadian Internet Policy and Public Interest Clinic, per Director Phillipa Lawson, filed a 35-page complaint with the Office of the Privacy Commissioner against Facebook on May 31, 2008, based on 22 breaches of the Canadian Personal Information Protection and Electronic Documents Act (Pipeda). Facebook's Chris Kelly contradicted the claims, saying that: "We've reviewed the complaint and found it has serious factual errors — most notably its neglect of the fact that almost all Facebook data is willingly shared by users."[11] University of Ottawa law students, Lisa Feinberg, Harley Finkelstein and Jordan Plener, initiated the "minefield of privacy invasion" suit which was investigated by Canadian Privacy Commissioner, Jennifer Stoddart, who will submit the report and recommendations within a year. She will utilize negotiation to resolve privacy disputes, but can ask for court injunctions.[12]

Datamining

There have been some concerns expressed regarding the use of Facebook as a means of surveillance and data mining. Theories have been written about the possible misuse of Facebook[13] and privacy proponents have criticised the site's current privacy agreement.[14] According to the policy, "We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services and other users of Facebook, to supplement your profile." However, some features—such as AIM away-message harvesting and campus newspaper monitoring—have been dropped, even though the clause still remains in the policy as of November 26, 2008. The possibility of data mining by private individuals unaffiliated with Facebook remains open, as evidenced by the fact that two MIT students were able to download, using an automated script, over 70,000 Facebook profiles from four schools (MIT, NYU, the University of Oklahoma, and Harvard) as part of a research project on Facebook privacy published on December 14, 2005.[15]

A second clause that warranted criticism from some users reserved the right to sell users' data to private companies, stating "We may share your information with third parties, including responsible companies with which we have a relationship." This concern was addressed by spokesman Chris Hughes who said "Simply put, we have never provided our users' information to third party companies, nor do we intend to."[16] Facebook eventually removed this clause from their privacy policy when it was updated on November 26, 2008.

Third party applications have access to almost all user information and "Facebook does not screen or approve Platform Developers and cannot control how such Platform Developers use any personal information."[14]
In the UK, the Trades Union Congress (TUC) has encouraged employers to allow their staff to access Facebook and other social networking sites from work, provided they proceed with caution.[17]

In September 2007, Facebook drew a fresh round of criticism after it began allowing non-members to search for users, with the intent of opening limited "public profiles" up to search engines such as Google in the following months.[18] This criticism is meaningless, since privacy settings allow users to block their profiles from search engines.

In November 2007, Facebook launched a new part of its Ads system named Beacon that published Facebook users' activities on partner websites such as eBay, Fandango, Travelocity, and Blockbuster to their friends. Moveon.org created an online petition due to privacy concerns,[citation needed] and Facebook modified the service to some extent. However, privacy concerns have continued in the wake of a report by a security researcher at Computer Associates that noted that data on users' activities is often still sent to Facebook, even if a user has opted-out on the partner site and logged out of Facebook.[citation needed]

Concerns were also raised on the BBC's Watchdog programme in October 2007 when Facebook was shown to be an easy way in which to collect an individual's personal information in order to facilitate identity theft.[19] However, there is barely any personal information presented to non-friends - if users leave the privacy controls on their default settings, the only personal information visible to a non-friend is a name, profile picture, list of networks, and a list of friends.

In addition, a New York Times article in February 2008 pointed out that Facebook does not actually provide a mechanism for users to close their accounts, and thus raises the concern that private user data will remain indefinitely on Facebook's servers.[20] This college forum took it further and promoted a video which took an in depth look at the amount of data Facebook stores on its users, and who is able to view it. Whether or not that was true in February 2008, the truth now (as of August 2009) is that a Facebook user can search the help section and they will find an option that allows a user to permanently close their account. See http://www.facebook.com/help/search.php?hq=i%20want%20to%20permanently%20delete%20my%20account

Inability to voluntarily terminate accounts

Facebook has historically allowed users to deactivate their accounts but not actually remove account content from its servers. A Facebook representative explained to a student from the University of British Columbia that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups. The considerable effort dissuaded people from doing so.[21] A New York Times article noted the issue, and also raised a concern that emails and other private user data remain indefinitely on Facebook's servers.[22] Facebook subsequently began permanently deleting accounts on special request.[23]

Memorials

A notable ancillary effect of social networking websites, particularly Facebook, is the ability for participants to mourn publicly for a deceased individual. On Facebook, students often leave messages of sadness, grief, or hope on the individual's page, transforming it into a sort of public book of condolences. This particular phenomenon has been documented at a number of schools. Previously, Facebook had stated that its official policy on the matter was to remove the profile of the deceased one month after he or she has died,[34] preventing the profile from being used for communal mourning, citing privacy concerns. Due to user response, Facebook amended its policy. Its new policy is to place deceased members' profiles in a "memorialization state".[35]

Additional usage of Facebook as a tool of remembrance is expressed in group memberships on the site. Now that groups are community-wide and available among all networks, many users create Facebook groups not only to remember a deceased friend or individual but also as a source of support in response to an occurrence such as the September 11, 2001 attacks or the Virginia Tech massacre in April 2007.

Such memorial groups have also raised legal issues. Notably, on January 1, 2008, one such memorial group posted the identities of murdered Toronto teenager Stefanie Rengel, whose family had not yet given the Toronto Police Service their consent to release her name to the media, and her accused killers, in defiance of Canada's Youth Criminal Justice Act which prohibits publishing the names of under-age criminals.[36] While police and Facebook staff attempted to comply with the privacy regulations by deleting such posts, they noted that it was difficult to effectively police the individual users who repeatedly republished the deleted information.[37]

Customization and security

Facebook is often compared to MySpace but one significant difference between the two sites is the level of customization. MySpace allows users to decorate their profiles using HTML and CSS while Facebook allows only plain text. However, a number of users have tweaked their profiles by using "hacks." On February 24, 2006, a pair of users exploited a cross-site scripting (XSS) hole on the profile page and created a fast-spreading worm, loading a custom CSS file on infected profiles that made them look like MySpace profiles.[38] On April 19, 2006, a user was able to embed an iframe into his profile and load a custom off-site page featuring a streaming video and a flash game from Drawball. He has since been banned from Facebook.[39] On March 26, 2006, a user was able to embed JavaScript in the "Hometown" field of his profile which imported his custom CSS.[40] In each case, Facebook quickly patched the holes, typically within hours of their discovery. In July 2007, Adrienne Felt, an undergraduate student at the University of Virginia, discovered a cross-site scripting (XSS) hole in the Facebook Platform that could inject JavaScript into profiles, which was used to import custom CSS and demonstrate how the platform could be used to violate privacy rules or create a worm.[41] This hole took Facebook two and a half weeks to fix.[42]

New Facebook

September 2008 upgrade

In September 2008, Facebook permanently moved its users to what they termed the "New Facebook" or Facebook 3.0[43] This version contained several different features and a complete layout redesign. Users had had the option to use the new Facebook in place of the original design since July,[44] but had also had the option to return to the old design.

Facebook's decision to migrate their users was met with some controversy in their community. Several groups were started opposing the decision, some with over a million users.[45]

Content controversies

Anorexia and bulimia

Facebook has received criticism from users and from people outside the Facebook community about hosting pro-anorexia and pro-bulimia information.[46] British eating disorder charity B-EAT called on all social networking sites to curb "pro-ana" (anorexia) and "pro-mia" (bulimia) pages and groups, naming MySpace and Facebook specifically.[47]

Advertiser concerns

On 3 August 2007, British companies including First Direct, Vodafone, Virgin Media, The Automobile Association, Halifax and the Prudential removed their advertisements from Facebook. A Virgin Media spokeswoman said "We want to advertise on social networks but we have to protect our brand". The companies found that their services were being advertised on pages of the British National Party, a far-right political party in the UK. New Media Age magazine was first to alert the companies that their ads were coming up on BNP's Facebook page. The AA also pulled its advertising from YouTube when a BBC documentary showed that videos of school children fighting were available on that site.[48]

Holocaust denial

In 2009, Facebook received criticism for including Holocaust denial groups.[49] Barry Schnitt, a spokesman for Facebook, said, "We want Facebook to be a place where ideas, even controversial ideas, can be discussed." While Facebook's terms of use include the warning that users may "be banned if they post 'any content that we deem to be harmful, threatening, unlawful, defamatory, infringing, abusive, inflammatory, harassing, vulgar, obscene, fraudulent, invasive of privacy or publicity rights, hateful, or racially, ethnically or otherwise objectionable,'" Schnitt said, "We can't guarantee that there isn't any content that violates our policies."

Cyberbullying and Stalking

Many critics, including Archbishop of Westminster Vincent Nichols, have criticised Facebook as a possible tool for cyberbullying, with the possibilities of anonymous profiles and the creation of groups allowing bullies to target individuals online[50]. In 2009, an Oceanside teenager sued Facebook, as well as four of her former classmates for $3 million after the individuals created a password-protected Facebook group "calculated to hold the plaintiff up to public hatred, ridicule and disgrace".

A Facebook spokesperson stated "we see no merit to this suit and we will fight it vigorously"[51]. On 21 August 2009, Keeley Houghton, 18, of Malvern, Worcestershire, was sentenced to three months in a young offenders' institution after being found guilty of bullying one of her classmates on Facebook, making her the first person in Britain to be jailed for bullying on a social networking site[52].

Facebook's privacy settings, combined with the sheer volume of personal information individuals put on their profiles has also lead to claims that Facebook could encourage cyberstalking[50][53].

One particular aspect of cyberstalking that is of concern to insurance companies is the use of Facebook as a research tool for burglars. A report published in 2009 by Legal & General called ‘The Digital Criminal', revealed that 38% of social network users post status updates with details of their holiday plans, which can be an "open invitation to burglars" as many users also posted their home address on their profile[54]. In August 2009, a burglar in Hove accessed his victim's Facebook profile to taunt her over the theft of her laptop by posting comments on her profile. A spokesperson for Sussex Police said: "Being burgled is traumatic enough for any family but for the culprit to apparently use their stolen possessions to publicly gloat over the crime is a sinister twist."[55]

Source from : http://en.wikipedia.org/wiki/Criticism_of_Facebook

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...