Comments on: Will security become Facebook's Achilles' heel?

Aaron Greenspan warns that Facebook is sacrificing user privacy on the altar of hyper growth.

[M C]

CNet again fans the flames for profit...

We should just call this the Sour Grapes Blog.

It would be nice to see a neutral third party's take - you know, actual journalism?

[john55440]

Just say No! to Facebook

"...when I refused to provide Facebook with my date of birth due to the above privacy concerns,...the company suspended my account indefinitely."

I don't have an account there, because I'm not interested in even giving them my real name. I'm not interested in voluntarily entering all of my personal information into an advertising database.

[sanenazok]

Move on with your life...

For you it might be "hard to go anywhere--to work, to the store, to the movies, really anywhere--without hearing about Facebook" That's mostly because you're hearing your own voice! Yes so they screwed you, and yes you need to promote your book. Still if Facebook users don't like the privacy policies of Facebook they can just go somewhere else. Here's a novel idea - set up accounts NOT using your real info...something people were being told in the early 1990s. A web company like Yahoo or Facebook ain't the IRS, you can put down whatever.

TO answer the article's question - NO, privacy will not be the "Achilles' heel" since companies do things to keep customers happy and that means sensible privacy policies otherwise people leave in droves.

[doublethought84]

Facebook is the most private...

I'm on facebook because it is the most private social networking site on the Internet. I've never gotten one spam message or false friend... anything like that.

Reading this article was mind blowing. How can cnet pay you to write about something you obviously know nothing about. Do you even use facebook? If you did, you'd know that the user controls the privacy. I get to chose what people know and don't know.

*shakes head*

[mlapchuk]

Yes you may be correct that the user does control the privacy settings but you are as ignorant as Aaron. When you join Facebook the security and privacy settings are set, by default, to the most relaxed settings possible. And if you do want to change your privacy settings it takes navigating through no less than 3 different pages just to get there. And seeing as the majority of Facebook users are not computer nerds, or even computer proficient, how can you expect someone like that to even begin to know where to start looking for the privacy settings? And you may have your privacy settings turned up to the max (once you find them) but that does not guarantee that your info is safe. Third party application developers are contractually obligated to not hold your information for more than 24 hours after you access their application. But here is the catch: the third party application is hosted on a third party server that is physically separate from the Facebook servers and that is also where all your personal information that is garnished by the application is stored. And even if Facebook says that they will go after anyone breaking the Terms of Service, how are they supposed to actually do that when they are NOT ALLOWED access to the third party servers? And even if you do not install an application, just by having someone in your friend list that has added the app, the app is allowed to see all of your personal information, regardless of your privacy settings. Try researching a little before you go off on a rant. Oh, and FYI nothing in the article says that you get a "spam message or false friend", it says that people can steal your personal identity and that Facebook, while the legally covered themselves, can do NOTHING about it.

[wbenton]

Authentication 101

>>>The point of authentication, after all, is to prevent people from lying about their identity<<<

That statement is a bit misleading at best.

Authentication is about ensuring the person is whom they claim to be.

And that is necessary to ensure the integrity of what ever is being said about what ever.

However on MOST internet sites... it's really hard to ensure that whom ever you think you're talking to is really whom they say they are.

And the only way to ensure that the person on the other end is in fact whom they say they are is via a very expensive method. One which would bring Facebook to a grinding halt if they ever did attempt to successfully implement an unthwartable authentication mechanism.

That said, most sites (Yahoo, Google, MSN... just to mention a few) have no 100% means to ensure that whom ever is typing is really whom they claim they are.

Even if ID or some other proof of identification is mandatory, with all the stolen identities floating around the internet today... it's virtually impossible to guarantee authentication.

Bottom Line: Could Facebook become more secure... YES... I don't know of ANY corporation which couldn't. There's always something more which could be done... some thing new which could be implemented, something to upgrade/update to thwart off the latest attacks/hacking attempts.

WISDOM POINT: Offering a half-[filtered word} solution foolishly/falsely making people believe they're any safer is WORSE than offering NO security at all!

There is much more to security than just authtication. And unless it's an un-deniable method of authentication, then it's hardly worth the paper it's written on as far as authentication and accountability are concerned.

Walt