Facebook is doing its privacy ‘tap dance’ again, but it seems that they still don't grasp the fundamental principle of ‘secure by default.’
The company has announced that it will temporarily disable the feature to share addresses and mobile phone numbers which it switched on only days ago, after the company received feedback that its users would like to understand when addresses and mobile phone numbers are being shared with third parties.
It makes sense that such a control should be added and it was always confusing why Facebook would not have started the new feature with this capability.
Additionally, a new feature called ‘Instant Personalisation’ is being developed. For UK Facebook users this feature could soon be sending personal data to selected partner sites, currently limited to Bing, TripAdvisor, Clicker, Rotten Tomatoes, Docs, Pandora, Yelp, and Scribd. It is already active in the US.
The control can be found under Account; Privacy Settings; Apps and websites; Edit your settings; Instant Personalisation; Edit Settings. It doesn’t appear to have been enabled in the UK yet but the chances are that when it appears it will be set as enabled by default.
Even more concerning, it is rumoured that Facebook friends will still be able to share friend information with Instant Personalisation disabled if the user has not also disabled it using the separate control found under Apps and websites. Needless to say this sharing is set by default to ‘enabled’.
Facebook professes to have its users interests at heart. ”These improvements reflect two core Facebook beliefs: first, your data belongs to you; second, it should be easy to control what you share,” read a company statement.
A third unstated belief appears to be ‘by default, we will publish your data, when you least expect it.’ While I understand that Facebook wants to monetise their users, I believe it is important that they switch to a ‘secure by default’ principle.
At the very least they need to comply with the law. Are they, I wonder, fully aware of the UK’s data privacy laws?
Adrian Seccombe, Jericho Forum board member