On Tuesday of this week, Facebook announced significant changes to their profile controls and sharing options. The roll out of these changes begins today, August 25th. You'll find an excellent summary of the changes by Jason over on our Safe and Savvy blog.

Meanwhile, we've been busy digging into the details and reading between the lines.

Last week there was an outbreak on Facebook of video spam related to Osama bin Laden's death. The previous spam was basically variations of this:

If a curious user clicked on the link in the spam, it would eventually bring them to a page which basically makes the user manually send out spam to his own Facebook contacts, under the guise of a "security check" to view the video:

Finland's parliamentary elections take place this weekend, on Sunday, April 17th. According to the Ministry of Justice's election statistics, 31.2% of Finland's eligible voters (4,159,857 people) have already cast their votes in early balloting. 2007's elections received a 67.9% overall turnout.

Passwords from over 3,000,000 user accounts were apparently set to "password" late last night in a wide-spread hack that affected hundreds of news, retail and Web 2.0 sites. Most affected users are completely unaware of the attack.

According to current statistics, 62% of affected users would not notice such a change as their password was already "password".

Our February 23rd post noted that Facebook's SSL "Secure Browsing" preferences had some issues remaining persistent.

There's been some encouraging progress since then, and this is now what happens when a non-HTTPS application is accessed:

Q: What is "social spam"?
A: Social spam is spam that uses social networking, media and news related websites to spread links.

Q: Links? You mean stuff like those links I see on Facebook saying something like "OMG! Father catches his daughter on webcam"?
A: Yes. Those links.

Q: And just how does spreading salacious links payoff for the social spammer?
A: First, let's discuss how e-mail spam works.

Q: Well… alright then, what about e-mail spam?

Here's some analysis of Facebook spam that we have been tracking today.

There are several spam runs which can be found with an "http:// omg" search:

A number of the spammers utilize bit.ly and have public timelines.

Here's the least successful of the three we tracked.

Looks like the situation hasn't improved with the Facebook spam we've been tracking since Thursday.

The "This Girl Killed Herself After Dad Posted THIS on her Wall" application, using a URL of http://apps.facebook.com/suicidegirlg, worked its way past the letter M yesterday (suicidegirlm).

And today the URL is based on "a dead girl" and is using the letter G as in /adeadgirlg.

We observed numerous spam runs on Facebook yesterday…

Here's a quick look from earlier today using the same search terms: "http:// omg".

Our first entry:

It's Thanksgiving Day in the United States and most folks are probably at home with their families right now.

But somebody at Facebook security is probably on the job, because we're observing various spam runs on the site. Spammers are probably timing their efforts in an attempt to take advantage of holiday surfers.