Facebook Shocker: New Privacy Controls Sort of Naive

Chris Soghoian reports on Facebook’s new privacy controls, which feature the ability to classify what kinds of people can view particular elements of their profiles:

“This sounds like a great idea, and should be a significant benefit to those students who find that their Facebook-advertised parties were busted by police who found out about the events through the social-networking site.

“The primary problem is that Facebook has no way of determining what someone’s university status is. The company is only able to verify that the user has a valid .edu e-mail address, which could mean that the person is a student, staff member, professor, or alumni. As a result, Facebook asks users to self-report this information.

“Given an example situation where a student doesn't wish for the Facebook-using professors at their university to be able to view their profile, it would be trivially easy for a professor to log in, and change his or her own status to that of an undergrad.”


“This new system provides little in the way of real additional protection, yet may give users a false sense of security, leading the millions of users to post even more stupid and embarrassing things to the site than they currently do.”

Which gets us into the territory of encouraging people to just not put stuff up on Facebook that they wouldn’t want to put up on billboards all over town.

Source: http://www.opennetworkstoday.com/2008/03/facebook-shocke.html

Related link: http://www.cnet.com/8301-13739_1-9898098-46.html