Poor Facebook. It’s been such a hot topic lately. From its changes to the privacy policies on a system-wide scale to the Zynga kerfuffle and now the idea to scan users’ computers with anti-virus software before allowing access, it’s the target of a lot of speculation, FUD, and intense debate among technology enthusiasts and from news organizations looking to do what they do best – incite panic among the general populace. Remember swine flu? We should all be dead by now. But I digress.
With a network as enormous and valuable as the one Facebook maintains, any miniscule change to the way users interact with the site won’t simply fly under the radar. And due to the platform created for applications focusing on connection and ease-of-use within the massive user base, it’s become a natural point of interest for hackers, spammers, and otherwise nefarious individuals.
The anti-virus story is the one with which I’m concerned. On one hand, it’s perfectly understandable that FB wants to keep intrusions and infections to a minimum. Nasty things can propagate extremely quickly throughout the community, since people have been totally de-conditioned to be suspicious of activities on Facebook that would ordinarily raise a million red flags on their own machines. Oh, someone from high school that I don’t really talk to but felt obligated to reciprocally add as a friend wants to see what movies I’m watching? Sure, why not. Someone has a funny video of me from a party I never attended and I “have to see it!”? Might as well click that link and see what’s so funny! In cases like this, comfort breeds bad behaviors.
These are things most people would avoid had they come from anywhere other than Facebook, but since it’s all part of this lovely blue-and-white gated community we all joined, it seems safer. Which is why they’ve partnered with McAfee to try to stop any extra garbage from entering the neighborhood from our dirty, filthy machines. So they might give us a quick checkup before we walk in from now on. That’s cool, it seems like killing two birds with one stone, and gosh darn it – isn’t that thoughtful of them to be looking out for us?
Problem is, I keep a lot of information on my computer that appears nowhere online, and is completely private – financial data, personal correspondence, business contact information and conversations, and so on. The thought of an entity like Facebook poking its (admittedly) vulnerable nose around my hard drive’s innards just so I can log in and hide a bunch of crap updates from people who have entirely too much free time on their hands and for whom actual agricultural work is an abhorrent idea is NOT one that sits well with me.
First of all, there’s a lucrative financial arrangement with McAfee. Assume there’s a truckload of money getting dumped daily at Facebook HQ for the opportunity to be the safety chief over there. Assume also that since the AV market is generally more reactionary than proactive (hey there, TSA!) that even if something bad happens, no one’s taking credit for dropping the ball. In fact, you, the user, will probably get blamed somehow. McAfee is doing well here too – think about how many eyeballs see those ads every day.
Secondly, knowing what we do about Facebook’s penchant for nebulous privacy policies – even in spite of efforts to clarify their own statements – I’m not exactly comfortable with anyone, let alone someone whose intentions for my data are not completely transparent, go peeking at EVERYTHING I have on my computer! I use a Mac, so I’m in a smaller subset of users who are at slightly reduced risk for infection (I’m not going to make hyperbolic, ill-conceived statements about safety right now), but if I have to submit to a search every time I need to log in to do something, I might be leaving.
Which is not what I want to do at all. I’m not interested in leaving. I like Facebook – really. I’ve reconnected with long-lost friends, made new ones, stayed in touch while abroad and generally enjoyed my time using the service. I’ve placed only things I feel comfortable sharing online within its walls, and my experience has been a very positive one. But that’s going to change if I have to let this overreaching marketing experiment into the confines of my personal machine. It’s only being talked about for some users right now, who’ve been previously compromised, and I’m assuming ones running various flavors of Windows, but if it becomes a service-wide standard for all users, it’s going to be an issue for me.
I know, I know. Complaining without offering a solution is a waste of everyone’s time. So, let’s start with this.
A better solution (for users, not the marketing department) would be to scan the chosen PC for the presence of an AV package, and check the definition updates. If it’s been more than a predetermined period of time since the last scan, then the user must update and run THEIR OWN software before gaining admission to Facebook. This way the door to the network is closed, but personal data remains that way. It seems simple enough, and I’m not a security expert, but it feels like a better compromise than forcing yourself into a machine that’s not yours. Then again, we’re talking about users who probably don’t pay much attention to what’s going into their machines as it is.
There needs to be an implicit trust between the two parties, based on the knowledge of the situation, and some level of gatekeeping is involved, but it’s specific to the needs of both parties, and not invasive to an extreme.
I know this is far more complicated with network security, but like I said, it’s a start. Facebook’s growth makes it a perfect target. But forcing users to an electronic strip-search before coming in is not the solution.