IT Security & Network Security News & Reviews: Facebook Needs to Secure Privacy and Security: 10 Ways to Do It

 
 
By Fahmida Y. Rashid  |  Posted 2011-04-25
 
 
 

Privacy by Default

Unlikely.

Privacy by Default

HTTPS by Default
Users who have turned on the HTTPS option on their accounts are secure knowing that their user data is encrypted, making it difficult for malicious individuals to steal personal information. Facebook buries the option on the setti

Mixed. Possibly for mobile, but unlikely for the main pages.

HTTPS by Default</b><br/>Users who have turned on the HTTPS option on their accounts are secure knowing that their user data is encrypted, making it difficult for malicious individuals to steal personal information. Facebook buries the option on the setti

Vetting Applications
There has to be a middle ground between Apple's App Store and Facebook's current free-for-all. While it would make the platform less open if Facebook vetted applications, the vast majority of malicious applications w

Unlikely

Vetting Applications</b><br/>There has to be a middle ground between Apple's App Store and Facebook's current free-for-all. While it would make the platform less open if Facebook vetted applications, the vast majority of malicious applications w

Vetting Application Developers
If not the applications themselves, then the developers should be vetted. Right now, anyone can become a Facebook developer. Security experts say developers should have to meet some basic criteria to qualify to post

Low  

Vetting Application Developers</b><br/>If not the applications themselves, then the developers should be vetted. Right now, anyone can become a Facebook developer. Security experts say developers should have to meet some basic criteria to qualify to post

Two-Factor Authentication
Two-factor authentication secures the login process by forcing users to use something they have (a token, a code-generator program or mobile device) with something they know (the password). It can be expensive. So the sec

High, as Facebook is in the process of rolling this out.

Two-Factor Authentication</b><br/>Two-factor authentication secures the login process by forcing users to use something they have (a token, a code-generator program or mobile device) with something they know (the password). It can be expensive. So the sec

Delete Forever
Apparently delete doesn't really mean delete permanently in Facebook's world. There were reports of how, despite deleting images, users could access the photos using a direct link up to two years after the deletion.?

Moderate. A fix was supposed to be in place, but Facebook did not respond as to whether that fix has finally been implemented.

Delete Forever</b><br/>Apparently delete doesn't really mean delete permanently in Facebook's world. There were reports of how, despite deleting images, users could access the photos using a direct link up to two years after the deletion.?

Controls for Photo Tagging
Currently, users can opt out of letting friends check them into Facebook Places. The ability to tag photos should also be an option that users can control. Giving users a way to restrict how they are tagged in photos wou

Unlikely

Controls for Photo Tagging</b><br/>Currently, users can opt out of letting friends check them into Facebook Places. The ability to tag photos should also be an option that users can control. Giving users a way to restrict how they are tagged in photos wou

Secure Facebook Connect
More and more sites are turning on Facebook Connect and users are becoming more comfortable handing over their Facebook login credentials to third-party sites. This opens up the possibility of a rogue Website harvesting log

Moderate

Secure Facebook Connect</b><br/>More and more sites are turning on Facebook Connect and users are becoming more comfortable handing over their Facebook login credentials to third-party sites. This opens up the possibility of a rogue Website harvesting log

Deciding What Apps Can Do
Instead of a blanket Allow on letting applications have access to user data, it should be customizable. Users can choose to add an application that can post to their wall, but not collect their mobile phone nu

Low  

Deciding What Apps Can Do</b><br/>Instead of a blanket Allow on letting applications have access to user data, it should be customizable. Users can choose to add an application that can post to their wall, but not collect their mobile phone nu

Real-Time Web Application Protection
There have been a number of cross-site scripting attacks detected in the Facebook API recently, which exposed users to malicious attacks. Facebook could implement proactive real-time Web-application protection

Unlikely

Real-Time Web Application Protection</b><br/>There have been a number of cross-site scripting attacks detected in the Facebook API recently, which exposed users to malicious attacks. Facebook could implement proactive real-time Web-application protection

Rocket Fuel