Press Here
SUNDAYS @ 9 AM
NBC BAY AREA

Sophos Scoffs at Facebook Security

Email
|
Print

    NEWSLETTERS

    Getty Images
    Facebook CEO Mark Zuckerberg is one of the targets of a Pakistani criminal investigation under a law that makes criticizing the Prophet Muhammad punishable by death.

    After Facebook unveiled its lackluster security measures on Monday, online security company Sophos decided to use the opportunity to present the social network with an open letter about online privacy and security -- and asking why it isn't doing more to protect its users.

    "Every day, victims report to us numerous incidents of crime and fraud on Facebook. They have been personally affected and are desperate for advice on how to deal with the consequences," writes Graham Cluely on Sophos'  Naked Security blog. "A frequent refrain from users who contact us is, ‘Why doesn’t Facebook do more to protect us?’"

    Cluely then wrote out a three-step process to better protect Facebook users:

    1. Privacy by Default

    No more opt-in privacy controls, and Facebook should assume users want the highest level of privacy unless they opt-out.

    2. Vetted App Developers 

    There are already 1 million registered app developers on Facebook, and Cluely says it isn't a coincidence that viral scams and malware have infiltrated the system. He would like a better process for vetting and approving third-party developers.

    3. HTTPS for Everything

    "You left it turned off by default. Worse, you only commit to provide a secure connection 'whenever possible'" Cluely writes. He states that. Facebook should enforce a secure connection all the time including when users are playing games or using apps, to make sure they are safe from hacking. 

    Cluely pretty much covered it all, with much of his emphasis on Facebook's seemingly uncaring attitude to user safety and security. He's actually asking Facebook to take some responsibility for the site instead of pushing if all off onto users -- who can't vet third-party developers or create a secure connection. Let's hope this leads to less malware and information harvesting.