In today’s Quick hits, we discuss how Facebook’s recent changes are already leading to security problems, as well as a mea culpa from Google and some new cyberbullying legislation.

–

New York Proposes Cyberbulling Legislation

Following the example of Massachusetts, New York is considering passing cyberbullying legislation. The legislation, which was co-sponsored by Republican Senator George Winner, aims to “require school districts to include methods for discouraging acts of bullying and cyber-bullying within the required instruction in civility, citizenship, and character education; define bullying and cyber-bullying and add these acts to the list of incidents for which disciplinary measures must be taken pursuant to the school district’s code of conduct; and require all school employees to report incidents of bullying and cyber-bulling.“

Growing Number of People Want to Know How to Delete Facebook

Every time Facebook makes a privacy change, people get angry and threaten to delete their accounts. Of course, most of them never follow through with their threats. However, the overwhelmingly negative response to Facebook’s most recent privacy changes may be different. According to ReadWriteWeb, Google search queries for “How do I delete my Facebook account?” are rapidly growing.

While it’s unlikely that enough people will leave Facebook to force the company into changing its privacy policies, it is interesting to see influential figures in the tech industry, such as Google’s Matt Cutts or Gizmodo founder Peter Rojas, cutting ties with the site. If you want to delete your Facebook account permanently, check out this tutorial we created last week.

Facebook Security Hole Exploited Through Yelp Personalization Program

Web security consultant George Deglin uncovered a Facebook security hole that was made possible through the company’s new “Instant Personalization Pilot Program.” According to TechCrunch, Deglin found an exploit “that would allow a malicious site to immediately harvest a Facebook user’s name, email, and data shared with ‘everyone’ on Facebook, with no action required on the user’s part.” The TechCrunch article goes on to explain how “the exploit took advantage of Cross Site Scripting to inject malicious code into Yelp.”

“Normally such an attack wouldn’t have particularly broad implications for Facebook users, but Yelp is, of course, one of the three sites that have been deemed fit for Facebook’s highly controversial Instant Personalization feature. The feature grants Yelp immediate access to much of a user’s core Facebook data as soon as they visit the reviews site, without having to bother with logins or Connect buttons. But with that convenience comes risk — if a site with Instant Personalization is compromised, it can put almost any Facebook user in harm’s way.”

To Facebook’s credit, the company quickly resolved the issue, but it underlies a greater point about the Instant Personalization program. As Facebook expands to other websites besides Yelp, Pandora, and Microsoft Docs, will this security issue continue to arise?

Google Admits Mistakes, Promises Transparency

Stepping away from Facebook for a minute, Google is facing its own privacy issues in Europe. Last month, a coalition of privacy officials from 10 countries sent Google a letter scolding the company for its privacy missteps and asking that it do a better job explaining how it uses consumer data.

In a written response, Google representatives admitted, “we do not get everything 100% right,” but also said that “we are keenly aware of the trust that our users place in our services, and of our responsibility to protect their privacy. As part of this responsibility, we are committed to being transparent with our users about the information that we collect.”