Facebook is not the real privacy threat

Facebook is certainly a good example of a bad approach to privacy policy, but the dangers of Facebook depend entirely on our own failures.

Facebook is regularly raked over the coals by privacy advocates and security experts for the company's policies and the site's functionality. One common complaint relates to the way users' privacy configurations have tended to get reset to non-private settings whenever there is a major change to the site. Another is the fact that Facebook sells private information to advertisers. Several articles here at TechRepublic have addressed these problems, including two of them by me:

Perhaps this will be surprising news, especially given those earlier articles, but Facebook is not the real threat. We are.

The Onion, a satirical news network that from humble beginnings grew to include online video "reporting", an actual dead-tree format newspaper publication, and television "news" programs, offers an amusing take on the way Facebook represents a danger to privacy:

CIA's 'Facebook' Program Dramatically Cut Agency's Costs

This satirical "report" -- brought to my attention by TR editor Selena Frye, in relation to a privacy article of mine -- points out the often overlooked fact that the biggest threat to our privacy is our own behavior. It does not matter how much security software is made available to us, how carefully corporations like Facebook and Google may guard our data in their possession, or even how carefully agents of government might avoid violating the US Constitution's Fourth Amendment prohibition against unreasonable searches and seizures, if we give away everything they might learn without anyone having to ask.

Some of us, of course, do try to guard our privacy. For us, those violations do matter, even if they do not matter so much for those who do not realized the damage they do to their own security by posting addresses, birthdays, their childrens' photographs and names, GPS location data, love letters, financial information, and every other detail of their lives to the Web. For those of us who know enough to care about privacy, security software such as OpenPGP utilities, packet filtering firewalls, and SSH proxies are a huge benefit; for those who do not, these tools are never even used. In fact, many who cannot be bothered to think about their own security -- and measure security only by how slow their computers get -- do not ever take the time to maintain subscriptions for antivirus updates. Those of us who care, though, may go so far as to select an operating system that does not even need AV software, per se.

Aside from those of us who care, and pay attention, and do something to try to protect our private lives from malicious attackers of every kind, the rest of the world desperately needs some kind of wake-up call. Given that someone else's poor security practices can affect the security-conscious, it seems obvious that the most important thing we can do to improve security is to ensure that others get that wake-up call.

Smart security experts resist the siren call of the broken Windows fallacy. They realize that they not only serve their clients' well-being when they choose to help others avoid security compromises as much as possible, but also serve their own well-being as well. They operate according to a maxim that has been foremost among my concerns as an IT professional for a long time:

The true professional works toward the day his or her services are no longer needed.