Facebook proposes changes to privacy policy, affecting how users’ likenesses are attached to ads


Facebook is proposing changes to its documents that govern privacy and how data is used in ads and elsewhere throughout the site. In light of the sponsored stories lawsuit, Facebook wants it to be clear that users are granting permission for their likenesses to be used in conjunction with advertising. The updates are scheduled to take effect Sept. 5.

An important change in the statement of rights and responsibilities notes that users would be granting Facebook permission to use their information in ads.

For a redline document showing proposed changes to the statement of rights and responsibilities, click here.

For a similar document showing proposed changes to the data use policy, click here.

Under the current statement of rights and responsibilities, Facebook notes that users can tweak their privacy settings to decide if they want their likeness to be attached to ads:

You can use your privacy settings to limit how your name and profile picture may be associated with commercial, sponsored, or related content (such as a brand you like) served or enhanced by us.

Here is the proposed rewording to this statement (though Facebook claims that the site will not give away information to companies without a user’s consent):

You give us permission to use your name, and profile picture, content, and information in connection with commercial, sponsored, or related that content (such as a brand you like) served or enhanced by us, subject to the limits you place. This means, for example, that you permit a business or other entity to pay us to display your name and/or profile picture with your content or information, without any compensation to you. If you have selected a specific audience for your content or information, we will respect your choice when we use it.


After white hat researcher hacks Mark Zuckerberg’s timeline, Facebook vows to improve communication


Facebook CEO and Co-Founder Mark Zuckerberg loves building a hacker culture, but when his own timeline was hacked, things got a little serious.

White hat research Khalil Shreateh tried to get Facebook’s attention regarding a bug that would allow a hacker to post to anyone’s timeline, but didn’t get much of a response from the company. Facebook responded to Shreateh, saying that what he brought to their attention was not a bug. Feeling that his claims were falling on deaf ears, Shreateh went all out and hacked into Zuckerberg’s timeline.

Facebook responded, saying that the white hat program “failed,” in its communication with Shreateh.


Facebook’s bug bounty program has given more than $1M to researchers in 51 countries


Facebook has tapped into the power of crowdsourcing to make the site a safer place and reward researchers willing to help it out to that end.

The social network shelled out more than $1 million over the past couple years to 329 people in 51 countries who reported security problems with the site. The youngest was 13 years old. A couple of those researchers went on to work for the tech giant’s security branch.

The Bug Bounty program was launched in 2011 to reward people who report issues to the site and make it a safer place to hang out online, Facebook Security Engineer Collin Greene says in a note posted to the site’s security blog:

So far the program has been even more successful than we’d anticipated. We’ve paid out more than $1 million in bounties, and have collaborated with researchers from all around the world to stamp out bugs in our products and in our infrastructure.


Facebook sets secure browsing (HTTPS) as default


In November, Facebook started to convert its default browsing from unsecured HTTP to secured HTTPS (Hypertext Transfer Protocol Secure). The company announced in a blog post that it has now finished the job of using HTTPS for all Facebook users.

This makes for a secure connection between users and Facebook. When Facebook first started enabling HTTPS, the company found that roughly 1/3 of users opted in. Since November, Facebook worked to make the HTTPS connection faster and more efficient. THe company said Wednesday that all desktop users and 80 percent of traffic through m.facebook.com happen through a secured connection. Native apps have also been using HTTPS.


Facebook: Bug jeopardized email addresses, phone numbers of 6M users


A recent bug on Facebook exposed the phone numbers and email addresses of roughly 6 million users, the site reported late Friday on its blog. Facebook claims that they have no evidence that the bug was exploited maliciously, and has since been fixed. Affected users have been notified via email, and Facebook has notified regulators in the U.S., Canada and Europe.

Someone tipped off Facebook’s White Hat Program to the problem, and Facebook worked quickly to fix it.

Facebook described what happened:

Describing what caused the bug can get pretty technical, but we want to explain how it happened. When people upload their contact lists or address books to Facebook, we try to match that data with the contact information of other people on Facebook in order to generate friend recommendations. For example, we don’t want to recommend that people invite contacts to join Facebook if those contacts are already on Facebook; instead, we want to recommend that they invite those contacts to be their friends on Facebook.

Because of the bug, some of the information used to make friend recommendations and reduce the number of invitations we send was inadvertently stored in association with people’s contact information as part of their account on Facebook. As a result, if a person went to download an archive of their Facebook account through our Download Your Information (DYI) tool, they may have been provided with additional email addresses or telephone numbers for their contacts or people with whom they have some connection. This contact information was provided by other people on Facebook and was not necessarily accurate, but was inadvertently included with the contacts of the person using the DYI tool.

Readers: Were you affected by the bug?

Image courtesy of Shutterstock.

Facebook’s latest Android update allows users to control privacy on posted stories

Android300Facebook users have made it clear that they want more control over their privacy. The company’s investors said that repeatedly during Facebook’s first shareholders meeting, and the latest Android mobile app update shows that the site is working on more ways to get privacy controls in the users’ hands.

From the Android app, Facebook users can now change the privacy settings on any of their prior posts.

Previously, users could only control who sees posts they’re about to make from their Android app, but now people can go back to any post they’ve made and tweak the privacy settings.


‘Fan Page Verification’ scam goes after Facebook page admins

security 2A new scam going around Facebook recently begins with a message to page owners about a new “Fan Page Verification Program.” From there, users are prompted to share their Facebook email and password, which is part of a phishing scam.

Similar to another scam that targeted page admins in the past, the message purports to be from Facebook Security and is designed to trick users into sharing their Facebook login information. This latest scam, detailed by Hoax-Slayer, tells page owners that they qualify for a new security feature and must choose a 10-digit security code by May 30, otherwise their page could be suspended. The message includes a link to a site with form fields for their page URL, email address, password and a “transferring code” of their choice.

Page owners should beware of phishing attempts like these, remembering to never enter their Facebook password anywhere outside of Facebook.com and being careful about sharing any information in third-party apps and page tabs.

‘Trusted Contacts’ lets users turn to friends for help logging into Facebook

security 2Facebook today announced “Trusted Contacts,” an update to its “Trusted Friends” security feature that sends access codes to a few of a user’s close friends in order to help the person regain access to their account when needed.

Users will now be able to designate their Trusted Contacts in advance and change them if necessary through the Security Settings dashboard. Previously, users only encountered this feature when they were having trouble with their account. This meant that many users were unfamiliar with it. By making Trusted Contacts part of a user’s main settings, more people might understand what it is before they have a problem — or before they are called upon as a Trusted Contact themselves. This will help users be able to use the feature more effectively.

Facebook says it has also improved the flow for people who are their friend’s Trusted Contacts, giving them more information throughout the process of helping someone get back into the account. They’ll also be notified when they are selected, another way to help people understand the feature in advance. Some users are often wary of unfamiliar Facebook features, suspecting they might be part of a scam. We’ve heard from users who didn’t initially trust Facebook’s Offers or Gifts products because they thought they were third-party spam. Something like Trusted Friends with access codes to let another user log into their account might have seemed too suspicious to some. The changes today could help avoid that.


Malicious Chrome extension promising business version of Flash can take over users’ Facebook accounts

securitySome Facebook users have fallen victim to a new phishing scam, which takes over a user’s Facebook account, Liking pages and posting links on their behalf, according to PC World.

The scam reportedly begins with an email that prompts users to download a new “business” version of Adobe Flash Player. Users who click on the spam link are taken to the Chrome Web Store to download a browser extension. After users download the extension, the malware will check to see if a user is logged into Facebook, and if so, it will use a script to control the account.

Facebook reveals it was hacked, but says no user data compromised

securityFacebook today detailed a malware attack that occurred last month, but which has been remediated and reportedly did not result in any user data being compromised.

Facebook says the attack originated when some employees visited a mobile developer website that had been compromised and led malware to be installed on the employees’ laptops. After the company’s security team identified the malicious file, it flagged other infected laptops and removed the malware. Facebook says it informed law enforcement and is continuing an investigation along with others who were attacked. The company did not name other companies who were infiltrated this way, but it says it was not alone.

Facebook says it has “found no evidence” that user data was compromised. According to Ars Technica, which spoke to Facebook Chief Security Officer Joe Sullivan, the attackers gained “some limited visibility” into Facebook’s production systems as well as some corporate data, email and software code from the laptops themselves, but this did not lead to any extraction of user information.

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Social/PR Manager

Small, hot SoCal ad agency
CamarilloCamarillo, CA

Content Marketing / Sales

New York, NY

Marketing Manager

True North Custom
Chattanooga, TN

Press and Media Relations Manager

Americans for the Arts
Washington, DC

Social Media Manager (Pleasanton)

Avanquest North America
Pleasanton, CA

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us