STE WILLIAMS

LinkedIn Changes Default Privacy Parameters

LinkedIn has become the latest social networking site to decide that new features can be added and switched on by default, and users don’t have to be notified.

The feature allows LinkedIn to use profile information like names and photos in third-party advertising, and seems to have been first noticed by blogger Steve Woodruff here.

The feature – hidden away in the Orwellian-named “Manage Social Advertising” option – has to be switched off through a user’s account settings. Permission for this is tucked away in a new condition in LinkedIn’s Terms of Use, which makes it an opt-out feature.

Already, Radio Netherlands Worldwide has reported that the new profile setting may breach Dutch privacy law. The CBP, The Netherlands’ data protection agency, says the use of LinkedIn members’ photographs can only be used in advertising material with the users’ explicit consent.

The Radio Netherlands piece notes that the Dutch view is in line with that of the EU Data Protection Working Party, and also states that LinkedIn failed to properly notify users of the change.

SOURCE

Maryland Prison Demands Facebook Logins from Staff

In a wonderful example of how privacy rights can be casually ignored, US jailkeepers at the Maryland Division of Correction (DOC) are requiring all new members of staff, as well as those recertifying, to provide full access to their Facebook accounts for use in background checks.

The new regulations came to light with the case of Robert Collins, who was undergoing recertification last year for a position following a 4-month leave of absence, Slashdot reports. Collins, who’s now suing his employers with the help of the American Civil Liberties Union, was informed that he was required to provide full access to his Facebook account as part of the interview process and was then made to wait while the interviewer logged into his account and brazenly browsed his profile.

The reason given for this blatant invasion of privacy was to enable the government to examine Collins’ wall posts, emails, photos and friend lists to ensure that new employees within the facility were not engaged in illegal activity or affiliated with known criminals — particularly gang members.

This was not due to any suspicion of Collins in particular, but rather a blanket policy applied to all new members of staff including those — like Collins — who were undergoing recertification and had already been employed with the Maryland DOC before.

It’s no different to an employer demanding a new starter bring in their old photo albums, CD collections, text messages, letters and diaries and have everyone in the office have a good laugh at them. It violated the privacy of not only Collins, but also his friends and family, as his employer has full access to emails Collins has received, as well as sent.

While the policy is illegal under the US federal Stored Communications Act, the specific case law in Maryland is a little more vague — not because of any kind of split opinion, but purely due to the fact that such laws have never needed to be enforced before. It is also in violation of Facebook’s own terms of service, which state, “You will not solicit login information or access an account belonging to someone else.”

The American Civil Liberties Union of Maryland is currently fighting the case on behalf of Collins and all other employees of the Maryland DOC. We sincerely hope its social media policies are quickly revised, and the case gives other organisations pause for thought before imposing similar policies. Do you agree? Or do you think everything you put online is fair game, particularly if you work in a legally sensitive job?

Eben Moglen promotes Freedom in a box

In a recent interview with The H, Eben Moglen professor of law and legal history at Columbia University, and the founder, Director-Counsel and Chairman of the Software Freedom Law Center, spoke about his ideas for using simple hardware to free individuals from the tyranny of the client/server model imposed by current web services. It seems his ideas may be on the way to becoming reality in the form of the FreedomBox.

The FreedomBox is described by Moglen as a cheap, low-power, plug-top server running a Debian-Linux-based platform. Small plug-top servers such as the Pogoplug ($99 / £99) or the TonidoPlug ($99) are already on the market and as Moglen told the New York Times “They will get very cheap, very quick, … Once everyone is getting them, they will cost $29.” (more…)

Facebook U-turns on phone and address data sharing

Facebook appears to have U-turned on plans to allow external websites to see users’ addresses and mobile phone numbers.

Security experts pointed out that such a system would be ripe for exploitation from rogue app developers.

The feature has been put on “temporary hold”, the social networking firm said in its developers blog.

It said it needed to find a more robust way to make sure users know what information they are handing over.

“Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and are making changes to help ensure you only share this information when you intend to do so,” the firm said.

The updates would be launched “in the next few weeks”, it added and the feature will be suspended in the meanwhile.

Bad guys

Facebook’s volte-face is likely to be a case of ‘once bitten, twice shy’.

Facebook’s troubled privacy history

  • November 2007: Members force the site to changes its controversial advertising system Beacon, which told friends and businesses what they looked at or bought
  • Last year, wide-ranging changes to privacy settings resulted in a loud chorus of disapproval from both users and privacy experts, including the Canadian privacy commissioner, Jenny Stoddart.

    The firm was forced to radically simplify privacy settings. Ms Stoddart said at the time that the social network had “vastly improved” the sharing of personal information with third-party developers.

    Facebook founder Mark Zuckerberg has made no secret of his desire to open up the relationship between the network’s 500 million members and the wider internet.

    Having access to mobile phone numbers and physical addresses could have real benefits for users, the firm said in its blog.

    “You could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for the up-to-the-minute alerts on special deals directly to your mobile phone.”

    But Graham Cluley, a senior analyst at security firm Sophos, said it would also be very easy for rogue developers to jump on the bandwagon.

    “You can imagine, for instance, that bad guys could set up a rogue app that collects mobile phone numbers and then uses that information for the purposes of SMS spamming or sells on the data to cold-calling companies,” he said.

    Not required

    Facebook has introduced a dashboard which allows users to decide what level of access to grant various apps they sign up for.

    It also said that users would have to grant permission to any apps or sites that had wanted to access people’s home address or phone number.

    But many people still click ‘accept’ far too quickly, said Mr Cluley.

    “Facebook does alert users to the fact that this information will be shared with others, warning prompts and other pop-ups are so frequent that they are often ignored,” he said.

    “The best solution would be to permit users to provide this data, via a dropdown or checkbox, when they choose to add an application, but it should not be required,” he added.

    Facebook developers granted access to more of your information

    Facebook has added APIs for developers to access the home address and mobile numbers of users, so FarmVille can see where, as well as who, you are.

    Permission to access such data must be given through the usual notification system, but with the vast majority of users simply agreeing with everything they’re asked, the new facility is attracting privacy concerns beyond those incurred by sharing one’s details with the developers of Bejeweled Blitz or similar. (more…)

    Man nabbed nude pics from women’s email accounts

    A California man on Thursday admitted breaking into the Facebook and email accounts of hundreds of women and stealing stealing nude and seminude pictures of them.

    George Samuel Bronk, 23, of Citrus Heights, pleaded guilty to seven felony charges, including computer intrusion, false impersonation and possession of child pornography. He faces as maximum six years in prison and will have to register as a sex offender.

    When Bronk’s home was raided in September, investigators found more than 170 explicit photographs of women stored on his hard drive. The women resided in California and 16 other states as well as the UK.

    Bronk acquired the pictures by trawling Facebook for women who included their email addresses and personal information, such as their favorite food, their high school or mother’s maiden name. He then used those details to reset the passwords for their email accounts. Once in, he searched the victims’ sent folders for nude or semi nude pictures.

    In some cases, he sent the pictures to everyone in the victim’s address book. In other cases, he threatened to make the pictures public unless the women sent even more explicit images. He told one women he did it “because it was funny.”

    The investigation began after one victim notified Connecticut State Police that her account had been breached. The agency then contacted the California Highway Patrol after discovering the perp was likely located there.

    Investigators are having a hard time identifying the majority of the victims. In some cases, the investigators were able to rely on locating tags embedded in the photos. Police have emailed 3,200 questionnaires to potential victims, but so far, only 46 women have come forward.

    A press release from the California Attorney General’s office is here. ®

    Ballmer Proposed $15bn Facebook Acquisition

    Microsoft’s reported to have conceded it once tried to buy Mark Zuckerberg’s Facebook for $15bn.

    Steve Ballmer, Microsoft’s chief executive, made two trips meet Zuckerberg at the company’s HQ in Palo Alto, California, where he popped the proposal during a long walk.

    The tease Zuckerberg rebuffed Ballmer, as he wanted to keep control of Facebook according to a report here on TechCrunch.

    Microsoft instead settled for a $240m investment in Facebook in October 2007, giving it 1.6 per cent of the company and the “opportunity to further collaborate as advertising partners.” Facebook at the time was calculated to be headed towards revenue of $150m.

    Fritz Lanman, Microsoft’s senior director of corporate strategy and acquisitions, detailed the story on stage during discussion at the Le Web 2010 in Paris, France.

    Lanman is the first person from Microsoft to confirm the company had tried to buy Facebook, a tale first told in David Kirkpatrick’s book The Facebook Effect.

    Today, Microsoft has added Facebook to its Bing search engine and offered a version of web-based Word to Facebook users that’s called Docs.com.

    You can soak up the full account of what went down on the long but frustrating walk here. ®