It seems like maybe I talk too much about Facebook security. But it’s a growing issue in the news these days. As you can see from the image next to this blog post on my website, one of the most searched terms in Google is now “How do I delete my Facebook account?” (In fact, as of today, if you type “Delete” into a Google search, the top suggestion is “Facebook account”) So, I’m debating quitting Facebook on May 31 with the others who are disgusted with the site’s disregard for privacy and security. (See http://www.quitfacebookday.com)
My reasons include:
(1) You can’t seem to depend on anything you put there to be kept private – more due to constant policy changes than hackers;
(2) Facebook is now one of the biggest sources of phishing scams on the Internet, which are causing real losses;
(3) On any given day, the privacy of your data may depend on your FRIENDS’ settings, not just yours;
(4) Very few people are able to decipher the privacy settings to choose meaningful rules, which leaves them exposed – even me;
(5) Facebook shares your data with other sites (through the Open Graph API, the Like Button or Instant Personalization) in ways that can cause embarrassment and lead to identity theft;
(6) Facebook does not appear to be abiding by its agreement with the Privacy Commissioner or Canada to improve its handling of private information.(http://www.priv.gc.ca/media/nr-c/2009/let_090827_e.cfm)
Arguments against quitting Facebook include:
(1) All the “hip” young people say “Privacy is dead. Build a bridge and get over it…”
– Chanting this may make them feel good, but doesn’t change the fact that the easiest place to be scammed or have your password stolen is through social media sites that have very weak security and authentication. People must still care about their privacy, if only to ensure that persecution and other politically motivated abuses don’t victimize innocent people – it’s a slippery slope. Privacy commissioners have a very difficult job these days. But it is an increasingly important one.
(2) How will I connect to friends and family without Facebook?
– How did you do it in 2003? It also depends on whether you use Facebook for “reading” or “writing” or “both”. If you just like to “see” what’s going on, you can use Twitter, with the caveat that you need to be careful of those short URLs that can take you to dangerous places. But tools like Brizzly.com can expand the links for you, so you’ll know where they are leading you. However, if you like to write lots of personal details of your life, and only want to share it with friends, that’s the biggest challenge right now – because even Facebook doesn’t provide assurance that your private posts won’t be shared with people you might not want to see them. There aren’t many tools that are widely used and can do this. But they are coming. So, maybe it’s better to wait.
(3) One person quitting from a group of 400 Million isn’t going to make a difference.
– It’s true that the numbers make this initiative look futile. So, for most people, quitting won’t make a difference to anyone. But if you are a person of authority, especially a security or privacy authority, your actions can show the people around you that this is a serious issue. Parents telling their kids that they are quitting – and why – may or may not have an impact (depending on whether the ear-plugs are in or not).
Public figures like Leo Laporte can have a significant effect on their followers. (Click HERE for the story which includes a link to the WikiHow page on how to quit Facebook)
As a security consultant who has been following this trend, I am asking people to take it seriously. If you are a security manager in a company, you can also have an influence on your co-workers, as long as they don’t see you as being heavy-handed, or crying “wolf” – which may be unavoidable in some cases.
(4) If all the security and privacy advocates quit Facebook, who will counsel those who still use it to let them know about the risks in their own “element”? Good question. I don’t have an answer to that one. I may leave a Facebook page up (which is different from a personal profile). That way, people can still reach me and see what I have to say, publicly, and maybe understand why I no longer have a personal profile… and maybe they shouldn’t either.
What will the future of social networking look like?
I believe something will come along that is more secure than Facebook, and will provide the connections we need – without as much risk. But it may take a while. There is an initiative called Diaspora (http://www.joindiaspora.com/), which has this very intent. While its initial incarnation seems to have a few serious weaknesses of its own, this is the kind of thing that needs to happen to combine a great vision for social networking with a level of trust that can be sustained.
So, what do you think?
(1) Should I quit Facebook on May 31? or sooner?
(2) Will you quit Facebook?
Feel free to comment below. (NOTE: If all you plan to say is “Privacy is Dead”, get ready for a flaming arrow!)
Here’s how to delete your facebook account – http://www.wikihow.com/Permanently-Delete-a-Facebook-Account
I am now offering monthly briefings, tailored to organizations that want to build and sustain security awareness for staff. Just because your security team is too busy to do its own training and awareness doesn’t mean you can’t have an economical way to address human security risks. Please call or email me at the coordinates below…
The Streetwise Security Coach
Join the Streetwise Security Zone at:
Twitter ID: http://www.twitter.com/streetsec
To receive weekly security tips and other notices about helpful content available on this site, please make sure you are on my list by clicking HERE, and entering your name and email address.
Share with your friends!