• United States



Some say Facebook Timeline is a privacy threat. I disagree

Jan 30, 20124 mins
PrivacySecuritySocial Engineering

Sophos Senior Security Consultant Graham Cluley has helped me out on many a story over the years, and he remains one of my favorite go-to security pros. But sometimes I think he misses the mark. Take his views over the new Facebook Timeline, for example.

He suggests in a recent Naked Security blog post that identity thieves will have a party with this new format, and that may be true to an extent. But Cluley misses a major point.

Before I go further, let’s look at Cluley’s post, which includes the results of a poll Sophos put out there:

So, Facebook is encouraging users to enter even more personal details about themselves and their life experiences, and making it simpler for others to view the information.

But might this not also make it even easier for identity thieves to put together a profile about an individual, discover the name of their first pet, and so forth? That’s all information which could be put to a nefarious use.

We asked over 4000 Facebook users what they thought of the new Timeline feature, and the response was overwhelming negative.

Now, we can’t claim that the poll was scientific – and the kind of people who participate in our polls might be more conscious of privacy and security-related issues than the average man in the street.

Nevertheless, it does seem to me that there are some genuine reasons to pause before embracing the Facebook Timeline as an entirely positive thing.

My thoughts:

There is indeed a lot to dislike about Timeline. Personally, I like the new cover photo feature and the tighter integration with Spotify, a music-sharing program that I absolutely love.

But the timeline itself — with updates hanging off both sides of the page like snow-laden branches — is too busy and sloppy.

But I see it as no more of a privacy danger than what we had before.

Like all the other versions before it — and users tend to complain any time Facebook makes a format change — the problem isn’t the format or the apps. It’s how much privacy people freely give away in their profiles. When identity thieves go fishing, they find that users often leave a line long enough to hang themselves with.

Users always have a choice to give people a lot of their information or a little. I’m as guilty of oversharing as anyone else. Local police recently informed me that someone has been trying to take out prescription drugs in my name. The only info they’ve gotten right about me is the month and day of my birth. I had it listed in my Facebook profile. I didn’t have the year, and the would-be identity thief got the year wrong. 

I’ve since removed all birthday information from view.

The lesson is that this wasn’t Facebook’s fault. It had nothing to do with the timeline or any of those apps they offer for sharing.

This was my fault, because I shared too much detail.

I did a story a couple years ago about how people in the digital world freely give up their privacy because getting attention is more important.

Around the same time, I wrote one about the “7 Deadly Sins of Social Networking,” which touched on similar points.

My colleague, Joan Goodchild, also wrote one about “10 security reasons to quit Facebook (and one reason to stay on.” Of the one reason to stay on, she wrote, “Of course, if you’re the parent and you’re concerned about kids revealing too much on social networks, this is the promised reason you might want to STAY on Facebook—it might make your kids quit.”

I can think of many more reasons to stay on Facebook (reconnecting with old friends, attracting a broader audience to the content I create, etc.). But I can also think of many more reasons to keep the profile lean.

In the final analysis, I think Facebook Timeline is only as big of a threat as we make it.