- Make privacy the default option. It should not be assumed that users are interested in sharing additional information.
- App developers should be vetted. Because it is so easy to become a developer on Facebook, "it is hardly surprising that your service is riddled with rogue applications and viral scams," reads the letter.
- HTTPS should be turned on by default, not just "whenever possible."
Sophos encourages Facebook to "act now," rather than wait for regulators to force its hand on privacy. Facebook has yet to respond to the suggestions, notes THINQ.co.uk, which elicited this response from Sophos Senior Technology Consultant Graham Cluley:
The conspiracy of silence speaks louder than words. I think they just want this problem to go away.