Aiming to appease security specialists and its users, Facebook rolled out security and privacy updates this week, some of which were promised during a recent White House conference on bullying prevention. The changes also came on the heels of an open letter to Facebook written by Sophos consultant Graham Cluley. Cluley advised Facebook to act now on three things: privacy by default, vetted app developers and HTTPS for everything.
https://o1.qnsr.com/log/p.gif?;n=203;c=204663295;s=11915;x=7936;f=201904081034270;u=j;z=TIMESTAMP;a=20410779;e=iIn addition to tweaks that will allow Facebook users to tag photos, wall posts and other entries as spam or inappropriate, PCWorld.com reports users can now alert friends or a trusted adult if they are the victim of online bullying. Moreover, the company has added more material to its "Family Safety Center," and is planning a similar guide for teachers. Facebook has also improved its HTTPS encryption options.
According to eWEEK, however, the changes aren't enough for Cluley. In an email he told writer Fahmida Rashid:
It's not enough. Facebook has got a longer road ahead of it if it's really serious about protecting its users.
For instance, even the improved HTTPS has to be manually turned on by users. Cluley says it should be enabled all the time, by default.
It's admirable that Sophos is calling for proactive movement on Facebook's part, but I'm not optimistic that we'll see it happen before regulators force it. In the past, Mark Zuckerberg has consistently taken more of an "it's easier to ask forgiveness than permission" approach to user privacy issues.