The social networking site – which claims 500 million members – has just announced that they are revamping the new option for developers to gather users' addresses and mobile phone numbers.
"Prior to this step, users who did not wish to provide this information had to opt out of adding the requesting application entirely", he said in his security blog yesterday evening.
Additionally, he added, whilst Facebook did alert users through their standard dialog that the application wanted access to this data, many Facebook users simply clicked through, unaware of the import of these messages.
Sophos claims that its weekend blog on the new option generated a lot of attention from the online community and, in response to this, Wisniewski says that many Facebook users expressed their concerns, prompting Facebook to respond.
The best solution, he says, would be to permit users to provide this data, via a dropdown or checkbox, when they choose to add an application, but it should not be required.
"Users who want the convenience that Facebook is offering should be able to choose to share their information, but those of us who are more security conscious should be able to opt out and elect to type it in when necessary", he explained.
According to the Sophos senior security researcher, Facebook has been pushing the boundaries of privacy for a long time, but despite the uproar, few in the community have abandoned the service.
Against this backdrop, Wisniewski says that is good news that Facebook is responding to the outrage about this recent change, but he wonders if most users will be satisfied with their eventual solution.
"People are willing to accept the constant evolution of technology, but are not always willing to accept others' ideas of how their privacy should evolve along with it", he said.
"Whilst Facebook does alert users to the fact that this information will be shared with others, warning prompts and other pop-ups are so frequent that they are frequently ignored. Users still place a great deal of trust in Facebook, and the service has an obligation to live up to that expectation", he added.