Back when I first heard about Facebook I was working for a private university known for its “dry” campus. I was asked to consult on the case of a student who was being disciplined for violating the no-alcohol policy because a picture had been discovered of them buying booze at a nearby supermarket. It had been uploaded by the student’s friend to a hot new website called Facebook. I distinctly remember discussing this with staff and faculty at the time, predicting, “This is going to get a lot of kids in trouble.” There was discussion of banning access to the site, but filtering internet content back then wasn’t as straightforward as it is now, and the discussion was tabled with a promise to review the issue at a later time. Fast-forward to the present, where Facebook is still getting a lot of people in trouble, and themselves as well.
From the frying pan, to the fire, to…incinerator?
It might be hard to believe, but it was only June when we had to air out the latest load of dirty laundry from Facebook. Prior to that, they have been blog subjects seven times this year alone, and none of them were for something good! I’d say this month’s two-fer entry might be their pièce de résistance of colossal cock-ups, but there are still 90 days left in the year, and Facebook seems bent on setting some sort of record for destroying themselves.
First, they were caught red-handed letting advertisers use phone numbers provided by users for authentication purposes, something they had previously denied. To add insult to injury, it’s also come to light that they will also target individuals through contact information uploaded by their friends through the Facebook app, even if the individual never provided any sort of consent for such use.
If that isn’t enough to get your blood boiling, how about 50M Facebook users having their accounts compromised? Rather than the old-fashioned password hack, attackers exploited a bug in Facebook’s “View as” feature which allowed them to essentially steal the authentication token used to provide continued access after you’ve initially logged in. Think of this token as a VIP wristband you might wear at an event that also gets you access to the backstage. This token not only provides you a quick login to Facebook but to dozens of other connected services, such as Instagram and WhatsApp, that allow users to authenticate through Facebook instead of creating a unique login and password. Just like the wristband, Facebook only looks at the token and not the person using it, to determine what they are allowed to access, so you might get an inkling of why it being stolen is kind of a bad thing. The investigation is still ongoing, but according to Facebook, no passwords or credit cards were stolen, and it doesn’t look like the perpetrators of the September breach used their “wristbands” get into the various third-party platforms it could have granted access to, but I’d put even money on Facebook having yet another, “Wait, hold my beer,” moment, so don’t put the pitchforks too far out of reach.
Unfortunately for the two billion humans who are still trying to get some sort enjoyment (or livelihood) out of Facebook, there really isn’t any platform that comes close to being able to replace it. Your choices are “deal with it” or go cold turkey, the latter of which I don’t see any of my Facebook-hooked friends doing any time soon. If you’ve tied your various other online services to Facebook’s login in the pursuit of convenience, it only makes giving up Facebook that much harder and further illustrates just how dangerous this type of practice can be – Facebook login gave everyone a shovel, and quite a few people dug a hole that they have no idea how to get out of. Sadly, not climbing out of that hole and permanently putting the shovel aside essentially rewards Facebook for their negligent security practices, something that we should not do if we ever want the service to be something more than a way for advertisers and hackers (and Facebook!) to exploit for their own profit.
After four years of research and debate, the Federal Trade Commission has updated the Children’s Online Privacy Prevention Act with much stricter rules that hit internet advertisers right in the moneymaker. Written originally in 1998, COPPA was enacted to protect minors under the age of 13 by requiring any company collecting data on that demographic to adhere to strict privacy protection guidelines as well as putting well defined limits on advertising and marketing targeting minors. Since 2000, when it first went into effect, the internet and online advertising has changed significantly, and the FTC has amended COPPA, over the strenous objections from the industries affected.
What this means for you:
Whether you are a parent or an organization who markets to this particular demographic, you should take a moment to understand how COPPA may impact you. The new rules have been expanded in the following ways:
- The guidelines now include a wide range of digital media and devices, including smartphones, tablets, mobile gaming devices and mobile apps.
- The definition of “Personal Information” (previously only protected was the child’s name, address and email) has been expanded to cover a larger variety of data types including: geolocation, photos, videos, recordings, screen names and cookies. Just about anything that could be used to identify or track a child has been included.
- In the case of any organization collecting information without consent, parents and guardians have a right to receive a full description of what was collected on their child and also the right to have that info be deleted immediately.
- Targeted advertising that is based on a minor’s online data profile are no longer permitted without parental/guardian consent.
The trick, of course, is paying attention to what your child is doing online, and especially to what they are seeing onscreen. Advertisers are extremely clever, and this segment of the market is extremely valuable to them. The howls of protest will soon subside as they devise even more subtle ways to get parents to open up their wallets. Caveat Emptor!
Image courtesy of Stuart Miles / FreeDigitalPhotos.net