Dear Facebook,
As you know, for some years we have been discussing with your security team our concerns about safety and privacy on Facebook.
Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences.
A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’
We have identified three simple steps you can take to better protect your users:
1) PRIVACY BY DEFAULT
No more sharing of information without your users’ express agreement (OPT-IN). Whenever you add a new feature to share additional information about your users, you should not assume that they want this feature turned on.
2) VETTED APP DEVELOPERS
It is far too easy to become a developer on Facebook. With over one million app developers already registered on the Facebook platform, it is hardly surprising that your service is riddled with rogue applications and viral scams. Only vetted and approved third-party developers should be allowed to publish apps on your platform.
3) HTTPS FOR EVERYTHING
We welcome you recently introducing an HTTPS option, but you left it turned off by default. Worse, you only commit to provide a secure connection “whenever possible”. Facebook should enforce a secure connection all the time, by default. Without this protection, your users are at risk of losing personal information to hackers.
Why wait until regulators force your hand on privacy? Act now for the greater good of all.
Your users tell us that these are issues they want resolved. So our question is simple: when do you plan to act?
Sincerely,
Naked Security