I’ve wondered for some time whether it might be possible to develop a security app for Facebook, that provides protection at levels similar to Internet security suites. My research has concluded that providing a scanning, tracking and notification based AV type system is very difficult to deploy due to restrictions in the Facebook and Twitter APIs.
Twitter on the other hand uses a much more flexible API, but the data that is shared on Twitter is somewhat smaller and personal data isn’t shared so readily (apart from mobile images which can contain geo-specific data). Unlike Facebook, Twitter allows developers to scan the API, as you are given full access to any object, accept the user apps. Twitter also allows filtering on content whereby Tweets can be deleted but cannot be blocked before posting. You can see that this allows users to be alerted but unfortunately there is no blocking functionality. The blocking component is of prime importance for any type of social media security app.
There have been some interesting discussions in my security circle over the past few months concerning Twitter and Facebook developing a Microsoft style restricted API. So what could we do? The restricted API would give security vendors access to filtering, access to all the objects and blocking mechanisms along with an application digital signature which users would have to validate.
As you can see, there are limitations for third-party security vendors when it comes to protecting social media end users. Facebook and Twitter have a responsibility to protect their users and recently Facebook/Websense announced URL filtering but this is only the start. More must be done as more and more people use Facebook and Twitter for their everyday communication.
Safe surfing folks!