Friday, January 21, 2011

Facebook is Concerned about My Protection

I closed my Facebook account about a year ago.  While it had ceased to have any meaningful use or interest to me for a long time before then, it was ultimately Facebook's recurring problems with privacy that prompted me to blank all of my profile information and request deletion.

However... I've been a privacy analyst for nearly four years and Facebook shows no immediate symptoms of becoming the next MySpace... so it seemed prudent to acquire a second account, devoid of any useful personal data, purely to keep tabs on the site's policies and practices.

Today I received this: a warning in my margin that my Account Protection was inadequate. "Nice," I thought. "Perhaps they're really taking a more pro-active approach to privacy and security.  Maybe they've determined that most users aren't aware of or don't know how to access the correct panel to tweak their settings."

Honestly, no sarcasm here.  I really did hold out hope that this was a legitimate, automated protection mechanism and I was being guided to a process that would be for my benefit.

Instead, I saw this:

Question: How will providing Facebook with additional e-mail addresses (Step 1) make my account more secure?  I had assumed that this action was intended for security: after all, they presented this "protection" warning to me next to an icon of a big brass padlock. I guess this is to suggest that I may become locked out of my own account?

And if you look at Step 2, Facebook would like a phone number.  More specifically, they'd like me to give them my mobile number.  Why?  Well if you've been reading the news recently, it's because they'd like to provide that information to third parties.

Step 3: If all else fails, Facebook is willing to settle for the well-worn security questions... hopefully ones that don't rely on common information that others know, or could easily guess, as happened to Ms. Palin not long ago.

Nothing about this warning feels genuine. Honestly, it feels predatory. Facebook, if you're concerned about my account:
  • Ask me to create better security questions.
  • Prompt me to create a more complex alphanumeric password (preferably with upper and lowercase letters), and perhaps even to change it periodically.
  • Guide me to the page that shows me how my profile page is viewable by the public, or logged-in users who are not my friends.  Then, offer me a link at the bottom so I can edit it to my satisfaction.
But whatever you do, don't engage in fear-mongering as a way to extract additional contact and tracking information out of me, then try to assure me it's for my own protection.