Addressing the latest Facebook privacy issue

(This is a non-work post, but Disclaimer: I work for Symantec and regularly talk publicly about security issues)

There’s been lots of talk today online about the latest Facebook privacy debacle whereby they have all your cell phone contacts listed on your “Contacts” page.

Here’s the CAUCE page about it (disclaimer, I’m a director at CAUCE), and here’s Sophos’ take on it (which is inaccurate).

Facebook have been trying to quiet the storm, as people are posting to their status updates for people to disable this.

First, to combat some FUD: Facebook is not sharing this information from you with your friends. Your buddies aren’t going to be able to call up your Grandma.

But what Facebook have entirely ignored, and why this is again an issue, is the question of permission.

I have two phones. One is a work phone (BlackBerry), and one is my personal iPhone. The only phone the contacts I had listed on Facebook came from is my BlackBerry, which is good, because I have a lot of random old numbers in my iPhone (don’t ask!).

So what happened here? I believe that the latest BlackBerry Facebook app (which recently underwent a major upgrade) automatically set the preference to sync contacts with Facebook. Now it may very well have been in the multi-page user agreement that I accepted, but yes I admit, I don’t read those things. And those agreements don’t even appear on the iPhone version, because, and here’s the fundamental difference I guess: the iPhone version doesn’t transparently change your preferences.

Facebook needs to stop that. I don’t care if it’s useful, or if you’re not sharing it with anyone else. I don’t want you uploading my contacts to your servers without ASKING me first.

It’s that simple. And this is why there are laws against what they have done in various countries, and why this will probably result in yet another lawsuit against them.

Rant over.


One thought on “Addressing the latest Facebook privacy issue

  1. Moses says:

    It is really bad that facebook does not put their clients security as theis no. 1 priority, esp. When you can do nothing about it

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s