For at least a year, Facebook has faced increasing criticism over its handling of users’ privacy. During this time, the site has steadily added new security and privacy features.

But a just-released set of privacy controls seems to have particularly impressed at least a few analysts (with qualifications, of course). When it comes to Facebook and privacy, in fact, the biggest risk could lie with vulnerabilities or weaknesses in third-party sites, one analyst says.

The new controls [1]include a dashboard that helps users better understand how third-party sites access profile data. Another function lets users create new groups in which to selectively share data.

The dashboard, in particular “goes a long way” in helping users control their privacy, says Forester Research analyst Augie Ray. It gives users far more clarity into how third-party applications, such as games, access Facebook information. This is particularly important as “I don't think many people realize how much of their data” such applications can access.

Just this week, Facebook faced criticism after a Wall Street Journal [2] report concluded that the site was sharing user data with partner companies that could help advertisers “track” users online. Facebook countered, however, that the information-sharing risks were “exaggerated.” Shared data could not reveal anything about people that was not already available online, Facebook said. Still, Facebook said the sharing did violate its privacy policy.

But Ray says concerns such as the above may be dwarfed by future privacy-related issues. The latter might stem, he says, from companies that fail to “follow Facebook’s rules.” And even if the growing number of third-party sights are conscientious about security, such firms—and the data they store—are subject to many threats ranging from malicious hackers to accidental data leaks.

Facebook appeared to acknowledge such risks during a recent House Judiciary Committee Hearing. At the hearing, on privacy, social networks, and crime, a top Facebook executive described numerous ways the site was working to enhance privacy and security. But Facebook was also beginning to step up efforts, said Joe Sullivan, company chief security officer, to work with outside partners to strengthen privacy and security safeguards. A Facebook spokesperson was not available to comment on any such joint efforts before this piece’s deadline.

Another analyst, Sophos’ Chester Wisniewski, also praised the recent privacy control changes. He was mainly critical, however, of the new group function. It does not currently let people initially control when others add them to a group, he notes. This could result in “embarrassment” or worse, for example, when people are placed in unwanted groups.

People are immediately notified when they are placed into a group, according to Facebook. Specific permission is also required to add someone after they have previously decided to leave.

The new controls may be like many social networking site additions, says Wisniewski, requiring perhaps “a little tweaking.”

♦ Photo by benstein/Flickr [3]

Thumbnail: