Wake Up Call: Facebook Isn't A Safe Haven

Jason Kincaid
Sunday, February 8, 2009; 5:08 PM

Facebook just turned 5 years old. But a week that should have been filled with reflection and good times was instead marred by a series of breaking news reports detailing sex scandals, phishing, and other malicious activity on the world's largest social network.

In his blog post announcing the 5-year milestone, founder and CEO Mark Zuckerberg wrote that "Facebook has offered a safe and trusted environment for people to interact online, which has made millions of people comfortable expressing more about themselves." But is Facebook really as safe as everyone seems to think?

It's Been A Long Week

On Tuesday, February 3rd, we reported that thousands of sex offenders (many of whom were previously booted from MySpace) were lurking on Facebook (they've since been removed). As CNET's Caroline McCarthy pointed out, these might not have necessarily been MySpace 'refugees' in the sense that they migrated en masse from MySpace to Facebook - they likely maintain profiles on multiple social networks. But the fact remains that there were thousands of convicted sexual offenders on a social network that is generally perceived as safe.

On Wednesday, news broke of an elaborate and disturbing sex ring involving at least 31 high school students. An 18 year-old man named Anthony Stancl has allegedly been masquerading as high-school girls on Facebook, flirting with underaged male classmates and convincing them to send him nude photographs. He would then use the photographs to blackmail the boys into performing sexual acts with him, which he took pictures of using a cell phone. Stancl has been charged with 12 felony counts and up to 300 years of jail time. (In a somewhat bizarre twist, Facebook responded to news of the sex ring by stating that fewer than 1% of its 150 million users are affected by impersonation schemes. So, around 1.5 million people. Not exactly a confidence-inspiring statistic.)

The same day, Facebook updated its Terms of Service, rewording many of its rules to make them easier to understand and explicitly prohibiting some common transgressions, like including false information in profiles or creating fake accounts. But there was one far more timely addition: "If you are required to register as a sex offender in any jurisdiction, you may not use the Facebook Service." Facebook spokesman Barry Schnitt says that sex offenders had previously been banned through a number of other more general statements in the Terms of Service, but that the company wanted to make it more explicit.

On Friday, CNN reported on an increasing number of phishing attacks seen on Facebook, using a technique we first heard about in January. After gaining access to compromised accounts, scammers are now using Facebook to ask the victims' "friends" for cash. The attacks can be particularly effective because the scammers can easily look up personal details of the people they're contacting.

Finally, Maryland banned both Facebook and MySpace from its General Assembly Computers, as they had been the primary sources of numerous malware attacks (though we should note that the rumored ban of Facebook in Apple stores was overblown).

Had each of these stories broken on their own, they probably would have been met with little more than raised eyebrows. After all, with over 150 million users, it's inevitable that some bad things are going to happen (and they have before). But taken together, it's clear that Facebook isn't quite the safe haven we might perceive.

How We Got Here

Since launching in 2004, Facebook has benefited from its public perception as a safe, clean site - especially compared to its biggest competitor, MySpace. Whereas MySpace allows users to customize their profile pages with graphics and audio (sometimes to the point of making them obnoxious), Facebook has maintained a more pristine environment, which certainly helps bestow a feeling of safety.

Facebook is also theoretically more secure. When it first launched, only users with valid university (.edu) Email addresses could sign up. Over the years the site expanded to allow high school students, and eventually opened up to everyone. But each group of students or coworkers is still segmented into different 'networks' - you can't browse through anyone's profile unless you belong to their university or company network, usually verified through Email. These roadblocks add up to make creating fake profiles more of a challenge, but as we've seen in the last week, they can be overcome.

CONTINUED     1        >

© 2009 TechCrunch