Security Review: Facebook Privacy Setting

By duschang at 8:22 pm on February 10, 2008Comments Off on Security Review: Facebook Privacy Setting

Along with its popularity, Facebook has become the central of personal informations. It records users’ personal information along with their interaction and activities with other users. Privacy setting is used so users can decide who they would like give access to which part of their information.

Assets:

  • Users’ Personal information, such as contact information and schedule
  • User’s interaction or personal conversation with others
  • Facebook’s credibility/trustworthiness

Potential Adversaries/Threats:

  • Competitor might tries to expose Facebook member’s private information to discredit Facebook
  • Potential Stalkers / Pedifile might try to access their target’s contact information or schedule
  • Employer/School Admin/Parents might try to track their employees’/students’/children’s activities/conversation
  • Spammers/Advertisers might try to access users’ contact information
  • Facebook employees might spy on other users for personal interest

Weaknesses:

  • Facebook Applications have access more user information than needed
  • Facebook employees have non-restricted right to access other’s
  • Privacy setting only protects against direct access, not indirect access. (If A sets his profile to public and B sets his profile to friends only. Strangers can still access parts of B’s information through A, such as wall-to-wall, friends, and some pictures)

Conclusion:

Although Facebook is really convenient, we still have to be careful of what we post on it, not blindly trust the privacy setting. Especially with the recent news about a student getting expelled just because of what he posted on Facebook, we must understand that what we post online may have uncontrollable consequences

Filed under: Security ReviewsComments Off on Security Review: Facebook Privacy Setting

Comments are closed.