The Guardian has the story of a British girl who claims her privacy was violated after photos of her breasts became an Internet meme. The girl, who was a teen at the time she took the pictures and uploaded them to the social networking website Bebo, filed a complaint with the Press Complaints Commission against the men’s magazine Loaded for featuring the pictures in an article.

The PCC, while sympathetic, rejected her complaint citing the fact that the pictures were already widely circulated through an Internet meme with the name “Epic Boobs Girl” and that the magazine could not therefore be seen as “intrusive.”

This story provides a compelling example of what can happen when content an individual posts online escapes their grasp. In hindsight, we can say that she shouldn’t have posted the somewhat provocative pictures to begin with, but she was only 15 at the time and we know that teens do not always think about the long-term consequences of their actions.

Privacy laws have yet to catch up with Internet technology, which is why individuals need to take personal control over their online reputations. Social media technology has given us an amazing opportunity to mobilize as a society in a very short period of time. In some cases, this is a very good thing, i.e. the response to the earthquake in Haiti or the Iran elections. In other cases, it leads to situations like this, where an Internet meme springs up overnight, causing embarrassment for its subject.

Today we’ve got an All Facebook Edition of Quick Hits. Check it out, and, as always, share any interesting articles or news stories you find in the comments.

–

New Facebook/Yelp Security Vulnerability Discovered

In yesterday’s Quick Hits, we mentioned a security vulnerability in Facebook from the Yelp Personalization Program. While Facebook resolved that issue, another similar security hole popped up only a little while later. Last night, TechCrunch reported on this second security hole, explaining why it’s dangerous for users.

“Using this kind of XSS hole, it would be possible for a malicious ad served by an ad network in an iFrame to surreptitiously harvest data about any Facebook user who viewed the ad. The ad could conceivably customize itself to address the user by name or show their profile photo. Likewise, unauthorized third party sites could use such an exploit to identify its users not just by IP address, but by name, current city, etc.”

Since the second security hole was discovered, Facebook has limited the amount of information users can share through the Instant Personalization Program, but I’d be willing to bet this isn’t the last time we hear of a threat like this.

Facebook’s Eliot Schrage Responds to Criticism in New York Times Q&A

In an effort to address criticism about Facebook’s privacy problems (such as the multiple Yelp flaws I mentioned above), Eliot Schrage, Facebook’s Vice President for Public Policy, held an open Q&A with the New York Times where he answered questions from Facebook users. In general, users were angry over Facebook’s extensive changes, prompting Schrage to defend the company’s decisions while explaining that their intentions were good.

From Schrage: “My biggest concern reading these comments has been the incorrect perception that we don’t care about user privacy or that we’ll sacrifice user privacy in exchange for advertising. That’s just not true. We want to be trusted partners with our users in helping manage those tensions.” Check out his answers to see if you agree with him.

Larry Magid Weighs in on “Complicated” Facebook Privacy

Tech columnist and web safety expert Larry Magid has finally weighed in on what he thinks of Facebook’s recent privacy changes. In his San Jose Mercury News column, Magid comes to the conclusion that Facebook has “created a privacy regime that’s simply too complicated for many people to understand.” In one sentence, Magid essentially encapsulated the criticism from the New York Times Q&A. Time and time again, Facebook has shown that it would rather shoot first and ask questions later. For the most part this has worked out for the company, with many users complaining but few users leaving. As I explain in the next item, that might not be the case this time.

More Tech Leaders Leaving Facebook

According to ReadWriteWeb, a number of web industry leaders are quitting Facebook. What began with guys like Engadget founder Peter Rojas, has now spread to include famed video podcaster Leo Laporte and entrepreneur Mark Calacanis. One of the alternatives these tech industry notables suggest as an option for Facebook is a new open-source social networking website. The RWW article speculates what this open-source social networking website might look like.

Going back to the days of National Lampoon’s Animal House, there has been a perception in the media that college students are irresponsible party animals who don’t think about the long-term consequences of their actions. Increasingly, however, bright and career-minded students are shaking off that stigma and showing the world that they understand the importance of maintaining a solid reputation.

A recent article in the New York Times profiles several students who are taking a proactive role in defining their digital identity and ensuring that their private lives and public lives don’t intersect online.

From the article:

The conventional wisdom suggests that everyone under 30 is comfortable revealing every facet of their lives online, from their favorite pizza to most frequent sexual partners. But many members of the tell-all generation are rethinking what it means to live out loud.

While participation in social networks is still strong, a survey released last month by the University of California, Berkeley, found that more than half the young adults questioned had become more concerned about privacy than they were five years ago — mirroring the number of people their parent’s age or older with that worry.

They are more diligent than older adults, however, in trying to protect themselves. In a new study to be released this month, the Pew Internet Project has found that people in their 20s exert more control over their digital reputations than older adults, more vigorously deleting unwanted posts and limiting information about themselves. “Social networking requires vigilance, not only in what you post, but what your friends post about you,” said Mary Madden, a senior research specialist who oversaw the study by Pew, which examines online behavior. “Now you are responsible for everything.”

One line in the above excerpt really struck me when I read it: “In a new study to be released this month, the Pew Internet Project has found that people in their 20s exert more control over their digital reputations than older adults…”. Could it be that the older generation, which frequently criticizes young adults for revealing too much online, might actually learn something from their Generation Y counterparts?

While college students are disproportionately likely to have something negative online, it’s only because they are disproportionately likely to be on social networking websites in the first place. While Facebook has expanded to include, moms, aunts, uncles, and grandparents, the site got its start with college students. These are the same people who are the first generation in history to have grown up with regular Internet access. If anyone is going to know how to navigate Facebook’s Privacy Settings, it’s them.

The reality is that everyone needs to be proactive about managing their online reputations, whether they are a college student, an executive, or a retiree. The fact that a 20 or 21-year-old is doing so, shouldn’t come as a surprise, but as standard operating procedure for any citizen living in the Internet age.

In today’s Quick hits, we discuss how Facebook’s recent changes are already leading to security problems, as well as a mea culpa from Google and some new cyberbullying legislation.

–

New York Proposes Cyberbulling Legislation

Following the example of Massachusetts, New York is considering passing cyberbullying legislation. The legislation, which was co-sponsored by Republican Senator George Winner, aims to “require school districts to include methods for discouraging acts of bullying and cyber-bullying within the required instruction in civility, citizenship, and character education; define bullying and cyber-bullying and add these acts to the list of incidents for which disciplinary measures must be taken pursuant to the school district’s code of conduct; and require all school employees to report incidents of bullying and cyber-bulling.“

Growing Number of People Want to Know How to Delete Facebook

Every time Facebook makes a privacy change, people get angry and threaten to delete their accounts. Of course, most of them never follow through with their threats. However, the overwhelmingly negative response to Facebook’s most recent privacy changes may be different. According to ReadWriteWeb, Google search queries for “How do I delete my Facebook account?” are rapidly growing.

While it’s unlikely that enough people will leave Facebook to force the company into changing its privacy policies, it is interesting to see influential figures in the tech industry, such as Google’s Matt Cutts or Gizmodo founder Peter Rojas, cutting ties with the site. If you want to delete your Facebook account permanently, check out this tutorial we created last week.

Facebook Security Hole Exploited Through Yelp Personalization Program

Web security consultant George Deglin uncovered a Facebook security hole that was made possible through the company’s new “Instant Personalization Pilot Program.” According to TechCrunch, Deglin found an exploit “that would allow a malicious site to immediately harvest a Facebook user’s name, email, and data shared with ‘everyone’ on Facebook, with no action required on the user’s part.” The TechCrunch article goes on to explain how “the exploit took advantage of Cross Site Scripting to inject malicious code into Yelp.”

“Normally such an attack wouldn’t have particularly broad implications for Facebook users, but Yelp is, of course, one of the three sites that have been deemed fit for Facebook’s highly controversial Instant Personalization feature. The feature grants Yelp immediate access to much of a user’s core Facebook data as soon as they visit the reviews site, without having to bother with logins or Connect buttons. But with that convenience comes risk — if a site with Instant Personalization is compromised, it can put almost any Facebook user in harm’s way.”

To Facebook’s credit, the company quickly resolved the issue, but it underlies a greater point about the Instant Personalization program. As Facebook expands to other websites besides Yelp, Pandora, and Microsoft Docs, will this security issue continue to arise?

Google Admits Mistakes, Promises Transparency

Stepping away from Facebook for a minute, Google is facing its own privacy issues in Europe. Last month, a coalition of privacy officials from 10 countries sent Google a letter scolding the company for its privacy missteps and asking that it do a better job explaining how it uses consumer data.

In a written response, Google representatives admitted, “we do not get everything 100% right,” but also said that “we are keenly aware of the trust that our users place in our services, and of our responsibility to protect their privacy. As part of this responsibility, we are committed to being transparent with our users about the information that we collect.”

In today’s Quick Hits, we cover a lot of Facebook news (per the norm) and have an update on a story from January. Check it out.

–

A Visual Evolution of Facebook Privacy Over Time

IBM developer Matt McKeon recently created a unique interactive graphic that displays how user privacy on Facebook has evolved over the last five years. It is a compelling reminder of how different the Facebook of 2010 is than the Facebook of 2005.

Man Arrested for Twitter Bomb Threat Joke Fined $1,500

In January, we wrote about Paul Chambers, the UK man who was arrested after jokingly tweeting about blowing up an airport over travel delays. According to the Los Angeles Times, “a judge at Doncaster Magistrates’ Court in northern England found him guilty of sending an offensive, indecent, obscene or menacing message over a public telecommunications network… [and] ordered Chambers to pay 1,000 pounds ($1,500) in a fine and costs.”

Facebook Board Member’s Account Hacked and Used in Phishing Scheme

In a bit of embarrassing news for Facebook, one of the company’s board members, Jim Breyer, recently had his Facebook account hacked. Worse still, Breyer’s account was then used by cybercriminals to send out a phishing message to thousands of Breyer’s Facebook friends. We’ve said before that phishing attacks can happen to even the most tech-savvy people, but the fact that Facebook is already facing scrutiny over privacy and safety concerns means there couldn’t be a worse time for this to happen.

Facebook Hires Ex-FTC Chair

Speaking of scrutiny over Facebook’s privacy policies, the company will soon face an FTC investigation to determine whether the company violated consumer protection law. To defend itself, Facebook has hired the former head of the Federal Trade Commission, Tim Muris. Muris was chair of the FTC from 2001-2004, during which time he helped spearhead the ‘no-call list,’ which protected consumer privacy by limiting telemarketing calls.

Is Criticizing Facebook Privacy for ‘Whiners’?

At TechCrunch, writer Paul Carr argues that people who blame Facebook for revealing private information are missing the point. According to Carr, if you want to keep photos and other things private online, “Don’t let them be uploaded to the Internet in the first place.” Interestingly, despite his snarky language, Carr’s stance is not too different from things we’ve written in the past. You must always think about what you’re sharing online and how it might affect your digital reputation. Carr even acknowledges that if someone else uploads a picture of you and refuses to take it down, “Facebook et al have an obligation to act to defend a person’s reasonable assumption of privacy.”

The thing that Carr misses is the fact that Facebook changed course so rapidly and so dramatically that the company essentially pulled a bait-and-switch on users. In its early days, Facebook branded itself as a closed community for friends to connect. People who joined the website at that time have a legitimate reason to be angry with the company. Additionally, because Facebook makes its privacy settings so complex, it is unreasonable to expect non-tech savvy users to know how to lock down their account. (For a complete guide to Facebook’s privacy settings, check out our How-To Guide to Facebook Privacy.)