Facebook exploring greater 'social reporting'

Facebook

Facebook is looking into upping its efforts with "social reporting" as it seeks to make the site as safe as possible, a senior figure at the social network said.

Social reporting relies on the user community to inform Facebook about threats, such as spam or phishing attacks.

Facebook recently turned seven and over the past few years has been under increasing scrutiny from the security and privacy spheres.

In celebration of Safer Internet Day, Simon Axten a manager of Facebook's Public Policy Team, outlined what the company's ethos was around security, pointing to user reporting as one of the chief tools.

"There's really this culture of community policing," Axten claimed.

"I think it's how a lot of online places work you keep your community safe and act civilly to other members of the community."

Facebook is also an advocate of responsible disclosure, promising not to report anyone who highlights a site vulnerability to law enforcement.

In a recent case, Facebook was quick to fix a flaw in the site discovered by Indiana University students.

They told Graham Cluley, senior technology consultant at Sophos, that it was possible for any website to impersonate other sites which had access to Facebook user data.

The students also found they could publish content on the visiting users' Facebook walls under the cover of a purportedly legitimate website. Through this vulnerability, user could have spread malware and phishing attacks, but Cluley applauded Facebook for the company's swift response.

Facebook is a massive target for cyber criminals, yet the number of serious offences committed on the site is very small, according to Axten.

The security team is helped by the fact the range of threats is fairly consistent, so few surprises ever turn up.

Perhaps in line with this, Axten said security spending "has stayed relatively constant," although he could not elucidate on what share of infrastructure spending goes on security tools.

"It's a fraction of a per cent who have ever experienced a security issue on the site," he claimed.

As for the recent compromise of the Mark Zuckerberg page on Facebook, Axten told IT PRO "it wasn't really a hack," as no information was taken.

The firm was quick to fix the bug, which allowed an intruder to post a message on the page.

A real-name culture'

Axten also claimed the "real-name culture" that exists within Facebook makes privacy problems less of an issue.

"It is sometimes easy to forget the internet was an anonymous place Facebook was kind of the exception to the rule," Axten said.

The social network has seen a number of cases where external sites have asked users to sign in with their Facebook account before posting any comments.

This has helped enforce "much better behaviour" as users are accountable for their comments, Axten said.

Tom Brewster

Tom Brewster is currently an associate editor at Forbes and an award-winning journalist who covers cyber security, surveillance, and privacy. Starting his career at ITPro as a staff writer and working up to a senior staff writer role, Tom has been covering the tech industry for more than ten years and is considered one of the leading journalists in his specialism.

He is a proud alum of the University of Sheffield where he secured an undergraduate degree in English Literature before undertaking a certification from General Assembly in web development.