Comments on: Report of Findings with respect to Facebook

By: Jules

Jules — Tue, 23 Mar 2010 19:10:58 +0000

addendum: if this could happen to me, a cyber-security conscious ‘net vet who has been deliberately attempting to avoid the trap of handing over a private e-mail password, then what chance do the majority of facebook users have? This is clearly a subtle and integrated phishing mentality that has become common among many major web 2.0 giants. Information IS power!

By: Jules

Jules — Tue, 23 Mar 2010 19:07:13 +0000

I was very happy to hear of the action by the commissioner… but now very glum to see that facebook is still merrily violating privacy willy nilly.

My latest concern is that while on my facebook ‘home’ page, I saw a suggestion in the right-hand sidebar that I add as a friend someone I knew.

The only problem? The only contact info I had for the person was in my gmail account, and there was NO other way that facebook could have known about this person… they do not and never have shared a school or workplace with me, they don’t know anyone else I know – at all – and they live far away.

Also, I have been very careful not to give facebook my personal e-mail password, despite their standing attempt to phish this out of everyone. (that’s my next issue).

I wonder if this happened because I once linked some youtube videos with my facebook account. Google (gmail) owns YouTube. HOWEVER – I don’t see where I gave facebook permission to poke around my gmail account. If they have my password there, then they can read my private mail as freely as I can!

OK, has anyone seen the page where if you go to your ‘friends’ page, front and centre it brightly and confidently suggests that you provide your private and personal mail account password? Is anybody else outraged by this blatant attempt at phishing/duping the unsuspecting into divulging this info that should NEVER be divulged – to ANYONE?

I just checked the aforementioned page, and I now see that it seems to no longer require my password for facebook to retrieve contacts from my gmail account – meaning it already has that information through other means. I can only assume it was because of that one time I accidentally linked youtube and facebook using my gmail login (due to a personal data-hungry prompt from youtube, and my being tired) info instead of my exclusively youtube info. I quickly cancelled the link – wanting to keep all my accounts separate for security and privacy reasons, but I guess it didn’t respect my decision and kept the login info anyhow.

Facebook even lays the groundwork to make it seem normal to give out private password info by having your email address as a way of logging into facebook. I wonder how many people, when logging into facebook, have accidentally entered their email address, then in the ‘password’ field below, inadvertently entered their actual e-mail account password, while facebook silently stores this information?

This is pretty outrageous and blatant stuff. What kind of action will the commissioner take on these fronts?

By: Facebook vs. Privacy « Blog of Schihei

Facebook vs. Privacy « Blog of Schihei — Sun, 13 Dec 2009 20:04:01 +0000

[...] to help users to update their profiles. The ugly true is that Facebook only made this change on pressure from the Canadian privacy commissioner. Or in the words of Facebook: “New tools to control your experience.” Nevertheless, the [...]

By: Light Blue Touchpaper » Blog Archive » Facebook Tosses Graph Privacy into the Bin

Fri, 11 Dec 2009 01:41:42 +0000

[...] to help users update their settings. Ostensibly, Facebook’s changes are the result of pressure from the Canadian privacy commissioner, and in Facebook’s own words the changes are meant to be “new tools to control your [...]

By: Theoreti.ca » Blog Archive » Office of the Privacy Commissioner » Blog Archive » Report of Findings with respect to Facebook

Tue, 18 Aug 2009 00:05:26 +0000

[...] Office of the Privacy Commissioner of Canada has issued a Report of Findings with respect to Facebook. The OPC investigated Facebook after a complaint by Canadian Internet Policy and Public Interest [...]

By: Annie

Annie — Thu, 13 Aug 2009 15:07:12 +0000

Thank you for the informative post.

By: Mathew Englander

Mathew Englander — Wed, 22 Jul 2009 22:43:43 +0000

My analysis of the report is here: http://mathew5000.livejournal.com/63457.html

By: Steve

Steve — Fri, 17 Jul 2009 13:59:17 +0000

Agree, however it appears that the goal of the Priv Comm is to focus on information that could be used for identity theft in this case. The reality is that DOB, maiden names (especially in Quebec) and many other personal items are really easily available, Facebook is simply one more place to get it. The focus should really be on getting a better means to confirm an identity other than relying on these DOB type info. Banking/Government community must do more in this area and the Priv Comm should be leading the charge. Start thinking outside the box !

By: Colin McKay

Colin McKay — Thu, 16 Jul 2009 22:22:37 +0000

Hi Miguel.

Facebook collects the personal information of Canadians in the course of conducting business. They also sell advertising to Canadians, and for delivery to Canadian audiences. We found they’re subject to PIPEDA.

By: Miguel Reimer

Miguel Reimer — Thu, 16 Jul 2009 22:09:20 +0000

I’m a bit confused. While the investigation was very thorough and informative, how can Canadian law be even remotely applicable to a company that is run out of the US? Facebook, as far as I know, has no presence(not even servers) in Canada. As a Canadian Facebook member, I do understand and appreciate why Facebook would want to cooperate with our Privacy Commission and agree with most or all of the findings, but I don’t understand how there can be any legal requirement for them to do so.