Search:   
Home|World|Utah|Campus|Weather|Arts & Culture|Sports|Opinion|Religion|Police Beat|Multimedia

Beyond the Universe Blogs
  Services
   Upcoming Events
   Mission Reunions
   Features
   BYU Advertising
   BYU Housing Guide
   BYU Bridal Guide
   Our Sponsors
   Classifieds
   XML Feeds 
   Handheld Version
   Text Only
   E-mail NewsBriefs
   NewsTips
   100 Hour Board
   Brimhall East Webcam
   Daily Universe on PDF
   Online Sudoku
   Related Sites
      Communications Dept.
   BYU Home Page
   Route Y

Read The Daily Universe on PDF
NewsNet Sponsored in part by NewsNet Sponsorship








Facebook vice president guarantees safety of site

By Kevin John - 25 Jul 2006
E-mail or Print this story
 

In December 2005, two students posted a research study on the Internet arguing the Facebook Web site was "unsafe" and claiming the security policies in place were "seriously flawed."

A Facebook representative, however, thinks some of the claims made in the study were misleading, and says Facebook is safer now than it ever has been before.

José Hiram Soltren and Harvey Jones posted their 76-page survey, highlighting what they saw as potential security risks to Facebook users, while studying at Massachusetts Institute of Technology. Within the survey they claimed the safety measures in place on the Facebook Web site left users open to attacks from people wishing to mine for information (phone numbers, addresses, class schedules, etc.).

To back up their statements, Soltren and Jones pulled information from user profiles in four of their local networks, bypassing the system Facebook has in place to keep unwanted users from accessing profiles.

Neither Soltren nor Jones responded for comment, but Chris Kelly, vice president and chief privacy officer for Facebook, did - and he had responses for several of the "flaws" mentioned in the study.

"When people assess our practices, we are open to that," Kelley said. "We want to listen to legitimate criticism and question."

Kelly acknowledged some of the flaws pointed out in the article were legitimate, and said steps have been made to correct those problems where they existed.

The security systems Facebook has in place now will ensure there are no other attacks like Soltren and Jones' in the future, Kelly said. If such an attack were to take place today it could be detected and halted almost immediately, with a maximum security window of four hours.

Additionally, some of the statements made in the study weren't completely accurate, according to Kelly.

In the text of the study, Soltren and Jones state they could potentially access all of the profiles on the four networks they chose to "attack."

What they didn't mention, however, is that those four networks were the only networks they could access, due to a privacy policy Facebook has in place.

"It was glossed over in the study - the fact that not every user on Facebook can get access to every profile," Kelley said. "You only have default access in your own school, and then the privacy settings can restrict that further."

Kelly also noted the study only briefly mentioned that you first have to authenticate into the system before you can have access to any of the data stored on the Facebook Web site, which requires a valid account linked to a school e-mail address.

The fact that Facebook accounts are linked to valid school e-mail addresses reflects an attempt to ensure there is a real person tied to every account.

Kelly acknowledges there were a few points in the Facebook privacy statement that were a bit vague when it was first implemented, but the updated policy, posted in February, "tightened up" some of the vague phrases, and reflected many of the changes Facebook had made since Soltren and Jones' study was posted.

"As humans, we're people who want to share information about us with our friends, and also with people around us in the world," Kelly said. "But sharing every piece of information about us with everybody on the Internet is a little bit of a strange model. And so it is one that we've never followed. We want users to be able to have control over their data."

But do the 18,000 Facebook users on BYU campus actually feel their data is safe on Facebook?

Hillery Prestwich, a 20-year-old exercise sciences major at BYU, uses Facebook on a regular basis to stay in contact with her friends.

"I never really consider security issues when using Facebook, mostly because I'm not going to put anything on my profile that I don't want people to see," Prestwich said. "There are also settings you can use to control who sees your profile and things like that. Whether I am or not, I feel safe using Facebook."

Lauren Hillam, a 19-year-old pre-nursing major at BYU, uses Facebook to stay in contact with her old roommates and friends.

"I'm studying abroad in the fall, and my friends are studying abroad this summer, and [Facebook] is the only way we stay in touch, really," Hillam said.

She also mentioned she has never had any concerns about the privacy of her information on Facebook.

Kelly is happy with the security systems now in place on the Facebook Web site, and said they will continue to adapt to protect the information of its users.

"We've had a number of dialogs with the FTC," Kelly said. "In fact, they're excited about our privacy and security models."

More information about Facebook privacy policies can be found at www.facebook.com/policy.php



Copyright Brigham Young University 25 Jul 2006



BYU NewsNet
E-mail NewsBriefs | NewsTips | WebCast Schedule | Jobs at NewsNet
  Universe.byu.edu Sponsorships  |  Contact Us  |  Copyright, The Daily Universe