Even diligent privacy control may not protect Facebook security
December 6, 2013

Staying in touch with friends, organizing get-togethers and playing games are all great benefits of Facebook. The network has numerous advantages going for it, and as a social website, it's hard to beat. 

However, Facebook is not without its problems, with privacy issues some of the most prominent. The constantly changing settings and online agreements make it difficult to track just what your options have defaulted to at any particular time. 

Private information isn't always so private
But you might be particularly careful about what you allow Facebook to do and not to do. This can potentially spare you from a lot of grief, regardless of whether it's keeping cyberbullies away or minimizing the chance that a fraudster will use your personal information to hack your account and potentially steal your identity. However, your due diligence may not be enough to protect you from an invasion of your privacy. Reporting on a recent AppSec USA 2013 presentation from Irene Abezgauz, vice president of product management at Quotium, VentureBeat revealed that just because you hide your friends list doesn't mean that strangers can't see it

If hackers want to know who your friends are, all they need to do is send you a friend request. Once that happens, the "People You May Know" feature will cover the details from there. Not everyone will be listed, but when potentially 80 percent of a list is detailed, the remaining 20 percent don't matter as much. Especially when a particularly devoted fraudster can just use the visible friend's list to fill in the gaps. 

Abezgauz also pointed out a few other reasons to be concerned with how Facebook handles privacy issues. She noted that mutual friends will still show up between two users, while "Likes" and other actions on more public profiles can be revealed to the Facebook user base at large. Simply, when Facebook has a contradiction between two users' settings, the social network will err on the side of the more visible account. 

Something to watch for in the chat box
One new change to Facebook has also reduced the privacy of its users, with the site now revealing whether someone on the service is accessing it from a mobile device or through the Web through the chat interface, GeekWire recently reported. This is slightly more easy to recognize than realizing that a contact list might become available with a friend request, but it's still subtle enough to be problematic. The change seems innocent enough on the surface. After all, if someone's on a smartphone, chatting may be slow or problematic. However, the change also might leave users more at risk of theft or a break in, as the status hints at whether someone is home or not. 

The feature doesn't appear to be universal yet, GeekWire noted, but it's yet another problem that some privacy advocates – or even everyday users – might take issue with. Site members can still set their chat status to invisible, but that limits the utility of the feature. By that same token, Facebook's account holders could quit using the service altogether, but many people don't consider that much of an option at all. 

When even pruning your own social profile and trying to make sure that private information stays private may come to no avail, the answer to a more secure online identity becomes just as much a responsibility of the organizations entrusted with authentication details as it is your own – arguably even more so. The public and private sector both need to apply more stringent controls over identity management, since users won't always have complete control over their information, even if they try.