Sophos Slams Facebook Security In Open Letter

An anonymous reader writes "Security experts are calling on Facebook to implement a three-point plan to improve safety online. Sophos says it receives reports every day of crime and fraud on Facebook, and that victims are desperate for advice on how to clean up their profiles and undo the consequences. In an open letter to Facebook, the firm calls upon the social networking giant to adopt three principles: privacy by default (opt-in sharing), vetted app developers, and use of https whenever possible. 'Our question to Facebook is this — why wait until regulators force your hand on privacy? Act now for the greater good of all.'"

Clean up your own back yard

[syousef]

Instead of telling another business what to do, and jumping on the ever popular Facebook bashing bandwagon, how about you fix your anti-virus software so it doesn't freeze, crash, block access to portable drives silently while it scans them, and leak memory like a sieve. While your at it no anti-virus is perfect so clean up your heuristics. This is nothing more than a shoddy publicity stunt.

I agree with 2 out of 3 of the points though. I think they could make a dog's breakfast out of forcing HTTPS use and block out too many users. Of course if they did it right with a clearly visible link to the HTTPS address it would work (though take a huge toll on their servers). But the other 2 Facebook likely won't do because it would cost them money and increase their responsibility - probably not the best of reasons to ignore security. Vetting app developers costs money and if something gets through probably increases their legal exposure. Making everything private by default decreases Facebook's value which is all about what information is shared. If you don't want something on Facebook, forget privacy options, just don't put it there in the first place. They'd sell your grandmother if they had the right motiviation.