IT Security & Network Security News & Reviews: Facebook Needs to Secure Privacy and Security: 10 Ways to Do It
Privacy by Default
HTTPS by Default
Users who have turned on the HTTPS option on their accounts are secure knowing that their user data is encrypted, making it difficult for malicious individuals to steal personal information. Facebook buries the option on the setti
Mixed. Possibly for mobile, but unlikely for the main pages.
There has to be a middle ground between Apple's App Store and Facebook's current free-for-all. While it would make the platform less open if Facebook vetted applications, the vast majority of malicious applications w
Vetting Application Developers
If not the applications themselves, then the developers should be vetted. Right now, anyone can become a Facebook developer. Security experts say developers should have to meet some basic criteria to qualify to post
Two-factor authentication secures the login process by forcing users to use something they have (a token, a code-generator program or mobile device) with something they know (the password). It can be expensive. So the sec
High, as Facebook is in the process of rolling this out.
Apparently delete doesn't really mean delete permanently in Facebook's world. There were reports of how, despite deleting images, users could access the photos using a direct link up to two years after the deletion.?
Moderate. A fix was supposed to be in place, but Facebook did not respond as to whether that fix has finally been implemented.
Controls for Photo Tagging
Currently, users can opt out of letting friends check them into Facebook Places. The ability to tag photos should also be an option that users can control. Giving users a way to restrict how they are tagged in photos wou
Secure Facebook Connect
More and more sites are turning on Facebook Connect and users are becoming more comfortable handing over their Facebook login credentials to third-party sites. This opens up the possibility of a rogue Website harvesting log
Deciding What Apps Can Do
Instead of a blanket Allow on letting applications have access to user data, it should be customizable. Users can choose to add an application that can post to their wall, but not collect their mobile phone nu
Real-Time Web Application Protection
There have been a number of cross-site scripting attacks detected in the Facebook API recently, which exposed users to malicious attacks. Facebook could implement proactive real-time Web-application protection