Earlier today Facebook went down for what was reported as an upgrade. For about an hour or so the site showed a “We’re upgrading†message to all the users who attempted to access the main site. If you attempted to access your schools site (for example mun.facebook.com) then you would have eventually timed out and seen no page.
According to CNet.com’s coverage of the outage Facebook had to address a problem that allowed some users to access what should have been inaccessible information. Some examples of that are other peoples inboxes and profile information. This was due to some of their proxy servers caching information and serving it up to other users. This problem brings into question the security behind massive user based sites like Facebook.
While this seems to be an isolated incident for Facebook, the idea that a large portion of our information may have been accessible to others is quite disturbing. For most, the information we store on Facebook or other sites is accessible though other means for those determined enough to get it. That said breaches in security though bad code or a hackers genius can potentially open up a massive database of information to spammers and identity thieves. Imagine a spammer gaining not only access to your email address but you list of preferences, information you messaged to others, and worse where you live! For those who trade in personal information Facebook is a goldmine. The results of them gaining access to your information is endless and starts with simple spamming and runs the gambit to identity theft.
This is just small mishap for the site and hopefully future breaches will be non-existent. No system is perfect though and as such, users of social networking sites like Facebook have to be aware of a few simple things.
- First thing: Remember the site if 100% voluntary. You do not have to share everything or anything for that matter. It does go against the idea of the site to have a blank profile, but to each their own. So be picky about what you do share. If you do not want people to know your read Harry Potter, do not share that information.
- Second thing: Learn how to use the privacy settings. Most social networking sites like: Hi5, Facebook, and Linkedin have privacy setting so you can restrict who can see and can not see your information. Facebook in particular even allows you set a limited profile so people on your friends list can see some but not all of your information, and even a block feature so a person cannot see anything you do on the site. Including posting to discussion groups, other people’s profiles etc.
- Thirdly: Unlike Email where a recent court decision in the US states that you have a reasonable expectation to privacy (more about this another time), you do not have that in these sites. Do not send personal information through these sites and I would go further to say even be careful with doing it in email unless you are using security technologies like PGP.
Follow these simple suggestions and for the most part, you should not have any trouble. Even if the site has a security failure and someone you do not want to have access to your information gains it you will not have much to worry about.
Succinct, well-thought-out, and clever. Another good bout of advice, Christopher.