Security Issues Could Force Facebook to Slow Down Product Development

A rash of security bugs seem to have hit Facebook within the last several weeks, while a lot of debate continues over changes the company has made to user privacy features. So what’s going on? Is Facebook coincidentally just falling apart, all of a sudden?

Most recently, the Wall Street Journal reported on a way that Facebook and other social networks have accidentally shared identifiable user data with third-party advertising networks. Earlier this week, a researcher spotted a way to do a cross-site request forgery; and recently, a less damaging problem emerged, in that users “Favorite Quotations” sections could be accessed by anyone, regardless of privacy settings, albeit only via the iPhone app.

Some bugs are new, due the company’s many product launches and changes at the end of April. Bugs often come with new software, and so it’s no surprise to see the number of bugs have gone up with the number of changes.

But Facebook’s processes may be hurting it here. While bugs can be minimized in product launches through rigorous testing, and while Facebook does try to spot security problems, it has historically optimized for launching products early and often. The company has had various security-related problems for years, yet overall it does not appear to have a measurably worse record than other big and fast-growing web properties — especially considering its larger size, faster growth, the inherent complexity of its service, and the massive amount of private data it holds.

There may be another reason why all these new bugs are popping up: People are looking for them more than ever. Facebook’s size alone makes it an attractive place for security analysts and reporters to closely examine. Because nearly 500 million people use the service, there’s a good chance that web users will want to read a story about private information like their instant messages suddenly becoming public.

Privacy issues also makes Facebook more of a target — given how Facebook recently directed users to make more profile information public, it’s easier for people to conflate a purposeful change with an accidental security mistake (which we’ve seen starting to happen already). Perhaps the best example of this is Instant Personalization. Launched at f8, it lets a limited number of partner sites access “General Information” about users, including their profile photos and friend lists, without first asking for permission. Pandora lets you see songs that your friends like, for example.

That particular concept is controversial in and of itself. Some people don’t want Facebook sharing data without prior consent in this way, whether or not Facebook and its partners think it might be something they want. But Instant Personalization highlights the how the issues of privacy and security mix together. A researcher spotted two bugs in Yelp’s implementation recently, ways for a malicious site to harvest users email addresses and other personal information. The result is that people who don’t understand how Instant Personalization is supposed to work while maintaining security instead get the impression that the feature is fundamentally flawed.

Facebook already has many security challenges, but now more experts are trying to find problems, and more journalists are viewing any error on Facebook’s part as just more evidence of its lack of concern for user privacy.

So far, none of the bugs have resulted in widespread damage to users — the damage is instead to Facebook’s reputation as a safe place to share information. Whether or not Facebook’s existing MO has been the best approach for its users, the only way for it to ensure that it will not have any more problems would be to stop changing its products.

But many rivals are building social products, and user behavior is constantly evolving. It cannot stand still.

The choice for Facebook, now, is to innovate while not having any security problems. That’s a paradox it will likely have to solve by forcing itself to slow down on product development while increasing security testing. This move opens it up more to competitors, but the alternative looks even riskier.

Social Media 101

Mediabistro Course

Social Media 101

Get hands-on social media training for beginners in our online boot camp, Social Media 101! Starting September 4, social media and marketing experts will teach you the best practices to be successful on social. Hurry, this boot camp starts next week! Register now!

 

Leave a Reply

3 Responses to “Security Issues Could Force Facebook to Slow Down Product Development”

  1. The Braindead Techcast Ep. 67: There’s no donuts - SeanPAune.com says:

    [...] privacy settings – CNET News Sayonara, iPhone: Why I’m Switching to Android – Daniel Lyons Security Issues Could Force Facebook to Slow Down Product Development – Inside Facebook Y Combinator Closes New $8.25 Million Fund, Sequoia Is Lead Investor – [...]

  2. SearchCap: The Day In Search, May 24, 2010 says:

    [...] Security Issues Could Force Facebook to Slow Down Product Development, Inside Facebook [...]

  3. Social Media for Business Continuity | AmalfiCORE Blog says:

    [...] social media, Facebook in particular, is fraught with privacy and security issues. Twitter has yet to prove itself valuable as a mainstream tool. However, both have been considered [...]

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Assistant Social Media Editor

The Daily Dot
New York, NY

Social Media Manager

JDRF
New York, NY

Senior Associate,Digital(Social Media/Newsletters)

The Pew Charitable Trusts
Washington, DC

Manager, Social Media

ASME
New York, NY

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More
 

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us