NetHosting has closely followed the social networking colossus Facebook for some time now. Facebook is no stranger to making headlines, being the subject of both good and bad news. Now that 2012 has begun, the year in which Facebook hinted going public, these headlines have become even more relevant.
Facebook’s Bug Battle
On July 29, 2011, Facebook founded a program in which researchers were paid to search and report any bugs or security holes within its site. These bug bounty hunters are called “White Hats.” Facebook currently employs 86 of these online watchdogs, most of which are ordinary, technologically savvy individuals who had reported a bug they’d found on Facebook and then were offered a job.
According to the Facebook White Hat policy page, the agreement between Facebook and these virtual watchmen is: “If you give us a reasonable time to respond to your report before making any information public and make a good faith effort to avoid privacy violations, destruction of data and interruption or degradation of our service during your research, we will not bring any lawsuit against you or ask law enforcement to investigate you.”
Essentially, the bottom line is: if you keep us safe, we’ll keep you safe.
This isn’t the first time a company has started a program like this. Many companies hire intelligent and experienced researchers to find security leaks and bugs within their system. Google, Mozilla, even the United States Government hire these individuals.
This program has been fairly successful. Within one month of starting the program, Facebook reported to have already handed out US$40,000 in rewards. Facebook offers a minimum $500 bounty if a confirmed bug is reported and the maximum reward is not listed. Several times, Facebook has paid White Hats $5,000 for a single bug reported.
Recently, Facebook started distributing personalized debit cards as a reward to researchers with access to personalized accounts containing the earned bounty. Using Visa Debit Cards, Facebook created the “White Hat Bug Bounty Program” debit card. For all the bugs White Hats find, Facebook will deposit the earned amount onto these cards. These cards have now become a badge of honor for the White Hats. This little black card can identify them as the defenders of Facebook at conferences and is used as a ticket of entrance into Facebook special events.
With Facebook on the offensive against security threats on one front, it is, yet again, on the defensive on a second front. That’s right: privacy issues.
Facebook’s Privacy Problems
The Electronic Privacy Information Center (EPIC) appealed to the Federal Trade Commission (FTC) for an investigation into the most recent privacy violations of the Facebook Timeline.
EPIC accuses Facebook of, “…changing the privacy settings of its users in a way that gives the company far greater ability to disclose their personal information than in the past. With Timeline, Facebook has once again taken control over the user’s data from the user, and now made information that was essentially archived and inaccessible widely available without the consent of the user.”
This isn’t the first time Facebook has been approached with this sort of accusation. EPIC blew the whistle on the social networking giant in 2009 on the same call, leading into a pitched legal battle lasting two years, which finally ended in November when Facebook and the FTC settled. Most of the complaints came when Facebook was discovered sharing some personal information of subscribers to online advertising companies.
Facebook Timeline, publicly released on December 6, morphs Facebook’s appearance completely. Additionally, Facebook Timeline allows users to publish even more information—theoretically a lifetime’s worth of information—on its profile than was originally possible. This information could become even more valuable to advertising companies.
EPIC claims that this recent modification violates Facebook’s settlement, which prohibits Facebook from altering privacy settings without the consent of consumers. Facebook is also banned from distributing more consumer information than the user allows. Although the investigation hasn’t started, the first FTC mandated audit will happen in May.
So as Facebook fights on the battlefront of network security, commissioning a large team of bug bounty hunters to stitch up the seams of its social network, it’s also fighting a battle on a very different front, to defend its new Timeline profile, which, according to the FTC, will expose its users to even more privacy violations. The very nature of Timeline purportedly violates its previous privacy settlement with the FTC. Confused yet?
It seems, like the online social IPOs before it, that Facebook will have to overcome its fair share of obstacles as well as it works up to its own IPO, the least of which will be figuring out its true stand on privacy.