Congressman Steps Up Pressure On Google, Facebook 120
crimeandpunishment and other readers noted the US government's increasing pressure on Facebook and Google. On Friday the head of the House Judiciary Committee, John Conyers, sent the two companies a letter asking them to cooperate with any government inquiries. It's not clear exactly what purpose the letter served, other than to make Google's and Facebook's lawyers squirm a bit more than they already were, with Germany and courts and the FTC looking hard in their direction; Conyers did not say his committee will be holding hearings. The FTC just asked Google to hold onto the Wi-Fi data that it says it accidentally collected while snapping Street View photos. And in response to the growing outcry since its F8 conference last month, Facebook offered some simplified privacy controls — though opinions vary on how much the new controls simplify things for users.
No unreasonable search and seizure (Score:3, Interesting)
should go beyond people granting their permission. Especially with people who hold your data. As far as I see, ISPs and webmail and other such entities hold as many of people's secrets as a lawyer/doctor and should be almost treated as such. Not quite perhaps, but close to it.
I don't see blind fishing expeditions of thousands of people at a time isn't unreasonable search.
Re:A new privacy issue I saw today: (Score:3, Interesting)
Have you tried with a clean browser? Maybe it only does this if you have a facebook cookie for a previous login.
Facebook (Score:5, Interesting)
I'm sick of Facebook's attitude to privacy. Their settings page is designed to be confusing and time-consuming.
As far as I'm aware I have everything set to "friends only" and no apps or third-parties are allowed to see my data. Yet just this evening I went to a photo hosting site that I'd never been to before, and it prompted me to post a comment -- with me logged in using my Facebook account and my profile photo.
It's maddening.
Re:A new privacy issue I saw today: (Score:2, Interesting)
I'd like to see Facebook offer some serious authentication options. Not just emailing if someone gains access with a new machine, which provides zero real protection, other than notifying the account owner that they are fscked.
1: Contract with Vasco or RSA and have a rebranded ID token. PayPal does this. eBay does this. Blizzard does this. Even AOL used to offer this for users.
2: Offer an app, not just for the iPhone, but for Android, Java (for the low end phones), Windows Mobile, Symbian, BlackberryOS, and all major platforms as a secondary platform.
Second, have the ability to authorize devices so they can stay logged in without needing two factor. When the FB app installs on a device (phone, PDA, tablet), it should generate a unique 256-bit nonce [1], pass it to FB's auth servers. Then, subsequent logins after the device is allowed, access can be done automatically. This way, if the device is lost or stolen, its authorization can be removed quickly.
Yes, this may be considered overkill for some, but in all honesty, usernames and passwords are not real security these days when push comes to shove. Additional authentication is needed, because even though FB may not be thought of to contain sensitive data, someone can cause someone a lot of damage by sending stuff out as that user.
[1]: Take a SHA-256 of the timestamp to the millisecond with a 256 bit random number appended onto it. This ensure that even if the RNG is faulty, nobody will have the exact same nonce, and it also protects against someone guessing nonces by looking at the time installed.
Re:There is something deeper going on (Score:2, Interesting)
Both Messrs Page/Brin and Zuckerberg have made statements in recent memory that can only be called tactless. Statements like "the age of privacy is over" or "people should not expect privacy" etc...etc...
When you run one of the world's largest social network and search engine, I am surprised that these gentlemen bandy about making such statements in such a callous manner. They certainly may be geniuses in their respective fields, but making such statements was a public relations disaster. It may be so that what they said was completely true, but when speaking to a group you always need to adhere to diplomacy.
It is like the oil companies saying - "Yeah, we are in this for oil/money/our investors interest only. People/Environment be damned." -- That is usually the unspoken part and it is hara-kiri to be an executive of the company and actually put this so candidly. In fact you are acting against your company's interest.
So, I think both Google and Facebook executives alarmed people greatly. Because they are in the business of our privacy. This combined with their latest faux-pas, Google's WiFi data collection, and Facebook's privacy control. Both of these situations could have been mitigated if their Public Relations had acted quickly, reassured people. However, in both cases, the companies inordinately delayed their response, in fact at first not even owning up to their mistake but blaming it on inadvertent situations and naysayers.
The only way out of this is for them to quickly own up their mistakes (even if they think none was made). Sincerely apologize (or at least make such public gestures, regardless of their personal feelings) and calm some frayed nerves. Trust me -- if tomorrow both Facebook and Google - ran ad campaigns saying "We're sorry. There is nothing more important to us than our user's privacy and we will defend it to death" -- They will be America's sweethearts back again.
Personally, both their PR firms need to be fired.