FTC’s consent order has been accepted and Facebook is embarking on a new stage of privacy protection improvement. Express user consent is now the rule when it comes to sharing user info with third parties (apparently not the case so far, as users’initial choice of info visibility could be overridden). In addition, the appointment of two corporate officers to take care of all privacy related issues, at policy and product level, counts as a promise that considerable efforts will be invested in user control, privacy and transparency.
The lengthy monitoring process the company is to undergo is likely to add salience and fuel to the process. To put it simply, many changes for the better have been made, and more are to come.
As pointed out by Chris Conley, a tech and civil liberties attorney at the ACLU’S Northern California affiliate, use of the “Like”button as covert tracking tool still lingers. The “to do”list continues with some account settings that are still enabled by default.
First off, there’s tagging. Though Mark Zuckerberg pointed out that this feature’s recently been tweaked and now includes “the ability to review tags made by others before they appear on your profile”, the fact is that users should expressly opt for activation of this feature rather than having it on by default. Aside from the privacy concerns, tagging has been proven to be illicitly used in tagjacking schemes. We believe that users would be less exposed to this kind of risks if tagging were only enabled when they decide it should.
The second element that would best be used only if the platform member expressly enabled it is the location tracker. The Facebook chat application, for instance, shares users’location by default. As most mobile devices now accurately determine a user’s position on the map (not just the city, but the neighborhood as well), online socialites' exposure is higher.
Just think how important it is for a thief to know you’re not home at a certain point in time.
We’ve seen important steps in improving the granularity of privacy settings for Facebook. However, until the 'automatic opt-in' is revised at least for essential features like tag and location sharing, many users can still be exposed to dangerous or embarrassing situations. Also, in order to ensure confidentiality and protect users from session hijacking, Facebook should enable SSL by default.
It’s difficult to anticipate the next steps for Facebook in the privacy vs transparency battle, but it’s clear that heated debate regarding privacy issues had a positive effect for users.