As previously reported by Infosecurity, Facebook will now automatically share personal information with certain ‘pre-approved’ sites, as the social networking site has embarked on yet another change to its privacy policy.
Although the number of sites that Facebook will share this information with is limited, according to a company statement, users of the social networking service will need to opt-out to disable the feature if they do not want certain information shared with third parties. Information Facebook will share with these third-party sites includes:
- Name
- Profile picture
- Gender
- Friends and connections
- User ID
- Content shared using the “everyone” privacy setting
Sophos polled 680 readers of its website and Facebook page, evaluating their opinions on the new privacy settings. Not surprisingly, the feedback was overwhelmingly negative, as 95% of the respondents said they did not support the changes.
Facebook issued a response to mounting backlash over the new policy, saying that the site would only provide the information to “carefully selected partners.” But Graham Cluley, senior technology consultant with Sophos, is not buying into the assurances.
“Most users still don't know how to set their Facebook privacy options safely, finding the whole system confusing”, Cluley commented on his blog. “The onus should not be on Facebook users having to ‘opt-out’ of this new feature, but instead on users having to ‘opt-in’.”
“Once again, it feels like online privacy is being eroded by stealth. Too many websites are chipping away at their members' privacy and security, potentially exposing their personal data to third parties that were never in the equation when they first signed-up for the service”, he added.
The new Facebook privacy changes also prompted a response from the German government. Ilse Aigner, Germany’s Minister of Consumer Protection, issued an open letter to Facebook CEO Mark Zuckerberg in which she called for an immediate revision of the site’s privacy policy, especially its opt-out feature.
"Personal data is not allowed to be automatically passed on to third parties for commercial purposes without consent”, said the minister in her letter. “Private data may only be passed on and used for commercial purposes with the consent of the persons involved. Enterprises such as Facebook bear a particular responsibility due to the fact that users, in particular young users, are not aware that their personal profiles are to be used for commercial purposes.”
Aigner then concluded the letter by threatening to close out her own personal Facebook account if the privacy policy was not revised to meet her concerns.