Skip to main content

Sophos: Facebook conspiracy of silence on privacy

Security vendor Sophos has accused Facebook of a "conspiracy of silence" after it failed to respond to an appeal for the social network to address privacy and security concerns.

In the open letter, which was published yesterday on the firm's Naked Security blog, senior technology consultant Graham Cluley reported that Sophos had been in contact with Facebook for a number of years over its "concerns about safety and privacy" - saying that many customers approach Sophos asking: "Why doesn't Facebook do more to protect us?"

The letter offered three key suggestions. First, ditch Facebook's default 'opt in', which allows the social network to share all sorts of personal information without the user's express agreement. Second, more careful vetting of application developers for the platform.

Lastly, while Sophos welcomed Facebook's introduction of an option to allow encrypted https:// communication for the entire duration of a user's time on the site - rather than simply to secure their password at login - it questioned why the social network hadn't enabled this by default. The security firm also criticised Facebook's commitment to provide a secure connection "wherever possible", saying:

"Facebook should enforce a secure connection all the time, by default. Without this protection, your users are at risk of losing personal information to hackers."

thinq_ caught up with Cluley to find out if any response had been forthcoming from Facebook. The answer was a resounding "No".

"A lot of people say that users need to take responsibility, and to an extent that's true," said Cluley. "Users do need to exercise some care about what they post on social networking sites like Facebook. But they also need a safety net - and I think software vendors and web sites owe them a duty of care.

"We hear a lot from Facebook about their user numbers, that they're the size of a large country," he added. "But countries have social security systems - and Facebook needs to look after its people."

Turning to the social networking giant's apparent lack of response, Cluley sounded doubtful of any swift solution to Facebook's security issues:

"The conspiracy of silence speaks louder than words. I think they just want this problem to go away."