Security firm Sophos has called on social networking business Facebook to implement a three-point plan to address top security issues.
"Facebook is no stranger to making headlines for all the wrong reasons when it comes to security and privacy," says Graham Cluley, senior technology consultant at Sophos.
The three-point plan would turn Facebook into the good guys and also be a real safety step-up for its 500 million users, he says.
Facebook is popular and successful and is not going away. Therefore it is essential that it takes proper care of its users by making their security and privacy a top priority, says Cluley.
"Our question to Facebook is why wait until regulators force your hand on privacy? Act now for the greater good of all," he said.
According to Sophos, whenever Facebook adds a new feature to share additional information about users, it should not assume that every user wants this feature turned on.
Sophos notes that with more than one million app developers already registered on the Facebook platform, it is hardly surprising that Facebook's service is riddled with rogue applications and viral scams.
Facebook only commits to provide a secure connection "whenever possible", but Sophos believes the company should enforce a secure connection all the time, by default, to reduce the risk of users losing personal information to hackers.
Three-point plan for Facebook
1) Privacy by default - No more sharing of information without users' express agreement (OPT-IN).
2) Vetted app developers - Only vetted and approved third-party developers should be allowed to publish apps on the Facebook platform.
3) https for everything - Facebook recently introduced an 'https' option, which should be turned on by default.