Facebook Makes Security Changes Amid Privacy Concerns

Amid a controversy about privacy, Facebook unveiled new security features designed to protect user accounts.

“Over the last few weeks, we’ve been testing a new feature that allows you to approve the devices you commonly use to log in and then to be notified whenever your account is accessed from a device you haven’t approved,” Lev Popov, a software engineer on Facebook’s site integrity team, wrote on Facebook’s blog. To try out the feature, users can go to the Account Settings page and select the option to receive notifications for log-ins from new devices. “When you log in, you’ll be asked to name and save the various devices you use to access Facebook.

“For example, you can save your home computer, your school or work computer, and your mobile phone. Once you’ve done this, whenever someone logs in to your account from a device not on this list, we’ll ask the person to name the device,” Popov wrote.

Blocking suspicious log-ins

“When we see that someone is trying to access your account from an unusual device, we’ll ask the person to answer an additional verification question to prove his or her identity as the real account owner,” Popov said. “For example, we might ask the person to enter a birth date, identify a friend in a photo or answer a security question if you’ve previously provided one. These questions are designed to be easy for you and hard for a bad guy, and we’ve already seen some great results.

“Once you’ve confirmed your identity, you’ll have the opportunity to review recent log-ins on your account and reset your password if you see log-ins that you don’t recognise,” he added.

Facebook is still dealing with controversy over its privacy policies. A European group of data protection authorities sent a letter to Facebook on 13 May about changes the site made late in 2009 that “fundamentally changed the default settings on its social networking platform to the detriment of a user,” the group charged.

“Social networks don’t have to be at odds with protecting privacy,” said Jeff Chester, executive director of the Center for Digital Democracy. “The problem is when companies like Facebook become obsessed with monetising every bit of their members’ data, and throw caring about privacy out the digital window. A responsible social network can balance generating profits with also protecting privacy.”

Facebook open culture

Earlier on 13 May, Facebook had a meeting where employees asked executives questions about privacy. Facebook officials would not comment on exactly what was said.

“We have an open culture and it should come as no surprise that we’re providing a forum for employees to ask questions on a topic that has received a lot of outside interest,” a spokesperson said.

In the past three weeks, that outside interest has included letters from US senators and complaints to the Federal Trade Commission. Facebook has stood by the changes, and pointed to the security mechanisms the site has in place.

“We’ve always devoted significant time and effort to security,” Popov wrote. “We’ve built technical systems that operate behind the scenes to quickly detect and block suspicious behavior, delete phony posts and messages, and return compromised accounts to their rightful owners. Most of these systems are invisible to the average person who uses Facebook.”

Still, Facebook has a long way to go to appease its critics regarding privacy, and Chester told eWEEK the company must evolve if it wants the scrutiny to end.

“Facebook needs to immediately create a simplified privacy policy that allows a user—through five [or] six clicks—[to] control access to all their data,” he said. “They also need to ensure [that] their members control how their information is used for targeted marketing and by third-party applications and outside sites … they can’t afford [to have] their advertisers come under the scrutiny of US, EU and other regulators. Facebook will have to change if it is to survive.”