inapro.posthaven

Your Facebook friends, like your real-life friends, are a reflection of you. Facebook users should proceed with caution, especially as the defriending trend continues. Not to mention the fact that potential employers are asking job candidates for their Facebook passwords; the House GOP shot down a bill to prevent this from happening, essentially making it possible for employers to get away with super-stalking their potential employees. What are users to do aside from either shutting down their Facebook profiles completely, or cleaning them up significantly?

Monitoring service Secure.me seeks to help users gain more control over their Facebook information. It initially only seemed useful for parents who wanted to monitor their children's activities on Facebook. In light of the ever-changing Facebook privacy concerns, however, it has become clear that users need to monitor their own profiles as well.

Secure.me is free and easy to sign up for. I decided to test it out using my Facebook profile as the guinea pig. The Summary overview gives users three main analyses: privacy, profile and network.

The privacy analysis scoured my Facebook profile and returned information that already seemed obvious: The fact that I chose to share my hometown, location, education, work, bio, some family members and political views, could compromise the way people choose to view me. Listing family members seems like the riskiest thing to do: This exposes your biological family to Facebook and your social network. Yet this is exactly the type of information that Facebook encourages users to share. After all, it is the information that most easily groups and identifies us, and helps us connect with other users.

The profile analysis discovered that the words "art," "pelvis" and "tattoo" were cause for concern. Overall, the language that Secure.me identified on my profile was "positive," which is perhaps a better indicator of overall profile fitness than individual posts. The third option, network analysis, brought up nearly 100 questionable posts, all of which either had to do with politics or keywords like "idiot," "porn" (as in, food porn), or other types of profanity - which is not necessarily a bad thing, according to Secure.me.

On the whole, the service says that the mood of my friend network is positive. Every user knows their Facebook community, and what to expect from them. I don't care if my friends use profanity, so long as its tasteful. The most useful information gained from this analysis of nearly 10,000 posts was the fact that one of my Facebook friends has been posting a harmful link; it's from a virus that's posting spammy status updates that say "View today's photo of the day!" along with a link to a harmful app.

The Facebook Photo Paparazzi Effect

The most useful aspect of Secure.me is the biometric face-recognition tool. Google made this useful feature optional to users months ago. No such tool exists on Facebook. It does tell you if you've been tagged in a Facebook photo by a friend, and it gives you the option to approve tags manually before the images appear on your wall. But Facebook does not notify you if photos of you are uploaded by people who are not your Facebook friends. The good news is that if someone with which you are not Facebook friends uploads a photo of you, they won't be able to tag you - though they can write your name into the photo caption. Still, that image of you can float around Facebook, unbeknownst to you - and if you leave your house (as in, have a life), chances are people will recognize you in that photo.

I like to call this the Facebook Paparazzi Effect. Think about it: Are real-life celebrities notified when a trashy tabloid takes their photo? Of course not. And then the glossy hits the newsstands with incriminating text alongside a random photo of the celeb. Admit it: You've gazed at and even purchased these magazines. We love our celebrity gossip. In the social-networked era when everyone gets their 15 minutes of social media fame, we're all mini celebs in the eyes of our Facebook friends.

One thing I found odd about this: Secure.me only takes into account photos of you that are actually of your face. There's a culture on Facebook of tagging people in photos to let them know about something, to invite them out to dinner, to send a shoutout, or just to acknowledge them. When I tested out the biometric face-recognition tool, I also discovered a few photos in which I'd been tagged as inanimate objects: a pink flower, a printer, a lawn ornament.

Oftentimes it is the personality quirks and the language of Facebook subcultures that reveal more about a user's personality than the more obvious photos, activities and information shared. In the meantime, be selective about whom you befriend, and what types of slang you use within your Facebook subcultures. Your friends are a reflection of you.

Images via Shutterstock and Flickr user mtsofan.

Today we're announcing a bunch of improvements that make it easier to share posts, photos, tags and other content with exactly the people you want. You have told us that "who can see this?" could be clearer across Facebook, so we have made changes to make this more visual and straightforward. The main change is moving most of your controls from a settings page to being inline, right next to the posts, photos and tags they affect. Plus there are several other updates here that will make it easier to understand who can see your stuff (or your friends') in any context. Here's what's coming up, organized around two areas: what shows up on your profile, and what happens when you share something new.

 

On Your Profile

 

Your profile should feel like your home on the web - you should never feel like stuff appears there that you don't want, and you should never wonder who sees what's there. The profile is getting some new tools that give you clearer, more consistent controls over how photos and posts get added to it, and who can see everything that lives there.

 

Inline Profile Controls

 

Before: Most of the settings for stuff on your profile were a few clicks away on a series of settings pages.

 

Going Forward: Content on your profile, from your hometown to your latest photo album, will appear next to an icon and a drop-down menu. This inline menu lets you know who can see this part of your profile, and you can change it with one click.

 

 

A side benefit of moving most settings to inline controls is a much shorter and simpler Settings page.  A bunch of settings that were there previously have been moved directly inline, and a handful have been replaced or removed. (You can find more detail on the profile settings here: http://www.facebook.com/about/control)

 

Profile Tag Review

 

Before: Photos you were tagged in would show up on your profile as soon as you were tagged. One of the top requests we've heard is for the ability to approve these tags before they show up on your profile.

 

Going Forward: You can choose to use the new tool to approve or reject any photo or post you are tagged in before it's visible to anyone else on your profile.

 

 

Content Tag Review

 

Before: Anyone who could see your photos or posts could add tags to them.

 

Going Forward: You have the option to review and approve or reject any tag someone tries to add to your photos and posts.

 

 

View Profile As…

 

Before: We heard you wanted to know what your profile looked like to others, but the tool for doing this was behind the scenes.

 

Going Forward: This tool is now on the top of your profile where it's easier to access.

 

 

 

When You Share

 

In addition to the profile changes, it will now be more visually straightforward to understand and control who can see your posts at the time you share them. We're also broadening the functionality of the sharing tool: now if you want to make your posts more expressive, we've made it simple to add location and tag the people you're with.

 

Inline controls

 

Before: Controls for who could see your stuff on Facebook lived on a settings page a few clicks away.

 

Going Forward: The control for who can see each post will be right inline. For each audience, there is now an icon and label to help make it easier to understand and decide who you're sharing with. Also, when you tag someone, the audience label will automatically update to show that the person tagged and their friends can see the post.

 

 

This dropdown menu will be expanding over time to include smaller groups of people you may want to share with, like co-workers, Friend Lists you've created, and Groups you're a member of. These will make it easy to quickly select exactly the audience you want for any post.

 

If you're posting to Facebook from a phone or app that does not yet support inline controls, your setting will be the same as it is today. You can change this with a new setting available on your privacy settings page. (For a guided tour of these new controls, go here: http://www.facebook.com/about/sharing)

 

Word Change: "Everyone" to "Public"

 

Before: You had the option to share a post with Everyone, which meant that anyone on the internet might be able to see it.

 

Going Forward: We are changing the name of this label from Everyone to Public so that the control is more descriptive of the behavior: anyone may see it, but not everyone will see it. This is just to make the setting more clear, and it's just a language change.

 

Change Your Mind After You Post?

 

Before: Once you posted a status update, you couldn't change who could see it.

 

Going Forward: Now you'll be able to change who can see any post after the fact. If you accidentally posted something to the wrong group, or changed your mind, you can adjust it with the inline control at any time.

 

Tag Who You're With, or What You Want to Talk About

 

Before: You could only tag someone if you were friends with them, and you could only tag a Page if you had liked it. This felt broken or awkward if you had a photo album of co-workers and had to become Facebook friends to tag them in the photos.

 

Going Forward: You can add tags of your friends or anyone else on Facebook. If you are ever tagged by a non-friend, it won't appear on your profile unless you review and approve the post.

 

Tag Locations in Posts

 

Before: You could only "check in" to locations using the Places feature on a smart phone.

 

Going Forward: Now you can add location to anything. Lots of people use Facebook to talk about where they are, have been or want to go. Now you can add location from anywhere, regardless of what device you are using, or whether it is a status update, photo or Wall post. Of course, you can always choose not to add location at all.

 

 

As a part of this, we are phasing out the mobile-only Places feature. Settings associated with it are also being phased out or removed. (You can read more about how location works and settings affected here: http://www.facebook.com/about/location)

 

Remove Tags or Content from Facebook

 

Before: When we asked, people had different ideas of what removing a tag actually did, and different motivations for wanting to remove them.

 

Going Forward: Your options for removing tags or content on Facebook are presented more clearly. Your options are: removing from your profile, removing the tag itself, messaging the photo owner or tagger, and requesting the content get taken down. (More details on tagging can be found here: http://www.facebook.com/about/tagging)

 

 

These changes will start to roll out in the coming days. When they reach you, you'll see a prompt for a tour that walks you through these new features from your homepage. In the meantime, you can read more about the upcoming changes from the links throughout this post. We'll look forward to your feedback on all of this.

 

Taken together, we hope these new tools make it easier to share with exactly who you want, and that the resulting experience is a lot clearer and a lot more fun.

Facebook’s Public Policy Director, Tim Sparapani, spoke with Kojo Nnamdi today in Washington, D.C. and stated that the company would soon release simple privacy settings in the coming weeks. In addition to defending the company’s position for providing an extensive number of privacy settings (a position which is legitimate), Sparapani stated that there will be “simplistic bands of privacy that [users can choose from” in the “next couple weeks”.

Given that the company has come under significant pressure over the past couple weeks over new programs, including the highly controversial “Instant Personalization” program, it’s not surprising to hear Sparapani announce these features. What’s even more significant is that from the sounds of things, these “simple” privacy settings sounds as though they’ve most likely been in the works for a short period of time.

What I’m still wondering is why Mark Zuckerberg or any other executive haven’t made a formal announcement stating that they are listening. While representatives of the company’s communications department have stated that the company is listening and will effectively do the right thing, no formal statement has come from Mark Zuckerberg.

Perhaps this is a test of Mark’s ability to delegate some of the communication to the general public, however I’m pretty sure that most people want to hear that the company is listening from Mark’s own mouth (or at least a blog post under his name). While we are still waiting to hear from the company about the potential for making changes to the “Instant Personalization” program, just knowing that they are looking to simplify the privacy settings further is definitely reassuring.

If you want to listen to the full interview with Tim Sparapani, you can listen to it here. Do you find Facebook’s announcement of impending changes reassuring? Do you think the changes will be sufficient?

Since posting about Facebook's latest privacy rollback, we've received emails asking how users can protect themselves, and for clarification about what happened. Here, then, is a quick guide to locking down the new Facebook.

First off, one big caveat: It is simply impossible to have the old Facebook experience with the old level of privacy. If you want the old level of privacy, you're going to have to give up some functionality; if you want all the old functionality, you're going to have to give up some privacy. Below, we detail what you'd need to do to maximize privacy, so you can decide for yourself whether to go down that road.

Remove your "connections," e.g. education and work, current city, likes and interests

Facebook is in the process of rolling out a new system of "connections" that publicly shares information whose disclosure you used to be able to control through privacy settings, "including your current city, hometown, education and work, and likes and interests."

The sharing of this information will happen after Facebook prompts you—if it hasn't already—to convert data entries in your profile into "connections" to pages representing various places, groups, interests, political causes, and so on. But unlike in the past, when you could choose to shield who saw your interest in, say, pot legalization, this information will now be public, and your account would be linked from the pot legalization interest page.

In short, as the Electronic Frontier Foundation put it, "Facebook removed its users' ability to control who can see their own interests and personal information"

To keep this information private, you need to opt out of the "connections" Facebook offers you. The relevant information will then be missing from the appropriate section of your profile, so you'll need to stuff it all into your free-form "Bio."

At some point when you visit your Facebook profile, you'll see the dialog below. Click on the far left button, "Choose pages individually:"

 

Then uncheck any "connections" you don't want made public. Make a note of these connections, since they'll be removed from your profile and you may want to add them to your "Bio" later.

Once you've opted out, you can restore any information you'd like to selectively share into the "bio" section of your profile, the free-form text area of your profile under your photo. Before you enter data there, make sure you're happy with the privacy settings for that section. Click on "Account" on the top right of your profile page, select "Privacy settings" from the drop-down, then "Profile Information." "Bio" privacy settings will be listed on the first line.

Prune — or utterly nuke — your apps

Facebook recently lifted some privacy restrictions on how outside developers handle Facebook data. Previously they could only retain said data for 24 hours, now they can hold on to the data as long as they like. Facebook used to prompt users before sharing data with a partner site, but, as VentureBeat points out, it will no longer do so for "special" partners like Yelp, Pandora and Microsoft. Also, some Facebook sharing that needed two or three pop-up dialogs to authorize now require just one.

The changes are even riskier than they appear, as ReadWriteWeb said: Now that non-Facebook websites are allowed to hoard Facebook user data, said sites will become inviting targets for hackers. And it's your Facebook data the hackers will be after. Of course, you have to worry about more than just computer crackers, since there's not much enforcement over how even authorized Facebook developers use the data they collect. If they want to mislead you and misappropriate your data, they can — and given the track record of Facebook's partners, they just might. If that happens, have fun suing for your privacy back.

Prevention is better than damage control, of course, and the one security measure at your disposal is to whittle or eliminate the outside apps you choose to share data with. Lifehacker's Kevin Purdy put together a nice guide on this, which we'll crib from here:

Go to "Account" at the top-right of your profile page. Select "Application settings" from the drop-down. Then from the "Show" menu select "Authorized." Click to enlarge:

 

Click the "X" next to any app you don't use, don't trust or otherwise want to remove. After clicking "X" you'll have to click "Remove" and then "Okay." For any app you choose to keep, you should probably review its privacy settings by clicking "Edit Settings" and the "Additional permissions" tab. Uncheck any sharing feature you're not comfortable with, although be aware this could break the app's Facebook functionality.

(Pic: Facebook CEO Mark Zuckerberg at his company's F8 developers conference yesterday. Getty Images.)

Send an email to Ryan Tate, the author of this post, at ryan@gawker.com.

via gawker.com

One of the new features we’ve been hearing about is the extension of Facebook Connect and the Facebook API to allow publishers to add a “Like” button to any piece of content on their site.

Sound trivial? It isn’t. This is likely part of Facebook’s Open Graph API project that will incentivize third party sites to interact deeply with Facebook by sharing content and associated metadata.

Today you can “share” content with Facebook via a simple button (you can see our implementation at the top of this post). The new Like feature goes way beyond the Share button, we’ve heard.

Good for publishers? Yes. But it’s also very, very good for Facebook as hundreds of thousands of websites will rush to format their content to exactly Facebook’s preference and send over all their data without a second thought.

One way to think of this, says a source with knowledge of the product, is this. Google spends billions of dollars indexing the web for their search engine. Facebook will get the web to index itself, exclusively for Facebook.

Yes, it’s a big idea. Or, as MG put it, the entire Internet will be turned into a tributary system for Facebook. And it all flows from a simple Like gesture, and a few other features we’ll be writing about shortly.

 

 

While routinely searching for a person on Google, I came across a new feature in Google Search where Google is displaying Facebook friends for a particular user in the search results.

As you can see from the screenshot above, searching for my own name resulted in the following search results, the more interesting thing though is that Google is also displaying names of friends from Facebook (the above account is not mine though and belongs to another Keith D%u2019souza).

The friend list snippet is displayed for public Facebook profiles of users, it is not available for Facebook users who have disabled third party sites from accessing their information. Here is another example for a search I did for Robert Scoble.

Google did not display the Facebook Friends for Amit Agarwal, which might suggest that there are privacy settings restricting it. However, it did display the LinkedIn Profile information for the same search.

Why would Google want to display Facebook Friends in search results? The only reason I can think of right now is to allow users to see find people based on common friends. This could also mean that Google is trying to make it easier for people to find and connect with others through search results.

Unfortunately, there is nothing you can do to remove this information from the search results at Google. You will have to explicitly change the settings in Facebook and LinkedIn to make the information more private.

What do you think about the new additions to the search results? Do you think it would be helpful in finding the correct person? Or do you think that it is an invasion of your privacy?

 

 

 

a new angel came down from web 2.0 heaven this week. a new social crm plugin for gmail provides a 360 view of people with whom you correspond. but is the full monty treatment appropriate for all your contacts? and what are people seeing about you? never heard of rapportive? well, they've heard of you, and they're sharing that info with all your gmail contacts. 

rapportive, a service that integrates with gmail, got fabulous writeups. the next web was among the first to trumpet the news: "gmail gets a slick social crm tool. you're going to like this."  "stop what you are doing and install this plugin," gushed readwriteweb.com. and so on.

what is social crm? in this case, it's the ability to see what social channels one's correspondents are using, along with information collected from those social channels. rapportive adds a widget to the gmail interface (click on image to see larger):

 

naked to the world

cool beans, yes? well, kind of. let's take a closer look. rapportive found a pretty good picture of me on my linkedin profile. it found my birthdate somewhere or other and did the math. I don't much care if people know how old I am, but the placement is a little prominent. I think the work history comes from linkedin, as well. trouble is, it's not very current. to look at this, one would think I was still fighting the good fight to make a mortgage company look pretty. um, not since 2008.

the twitter handle? not me. the myspace account? not mine. hmm.

how do they know?

I tweeted my curiousity about where rapportive was getting its info and, more importantly, how I could correct it. I was impressed by how quickly rapportive's founders got back to me through twitter and by email. the information, they told me, came primarily from a site called  rapleaf.com. rapleaf appears to be some kind of scraper site on steroids. it searches up and down the lonely corridors of the interwebs looking for email address. my yahoo address was in my google profile, so apparently it looked for that, too. I secured btodd early on (a college nickname), and have been plagued since then by mail intended for every idiot in the universe with last name todd, first name starting with b, and an inability to correctly enter their email address. thus the bogus twitter and myspace. but I digress

there is no way to edit information in one's rapleaf profile. cup half full? it offers a preview of what the private eye will turn up for your divorce trial. but overall, not a good situation. the guys at rapportive tell me they are working to bring editing to profiles. that's good.

don't use gmail or rapportive? you're still in the crosshairs

the profile at right is for a professional contact. I was very surprised to see her age - she looks and acts far younger. I'm not going to visit her bebo profile or myspace page. but I could, and so could anyone who receives correspondence from her. what if the information is erroneous or incomplete, as on my profile? the millions of people who don't use gmail or keep up with social networking stuff are unknowingly providing access to personal information.

what about those who are part of the social media set? skillful personal branders and the like? how will they deal with a social profile outside their control? is this how chris brogan wants to appear? no smoking guns, to be sure, but the new media labs twitter handle is at odds with his formidable personal brand. or jeff cutler? it's no secret jeff drinks a bit, but surely he's more than just a billboard for a brewery?

could be the best rapportive profile is no profile at all - here's my dad's and another friend's (way to fly under the radar!)

especially after the  recent furor over google's buzz service, the absence of any contrary opinion about a service I see as far more intrusive and arbitrary is surprising.

what do you think? are you using rapportive?

note: research for this post was gathered by my amazing girlfriend and sleuth extraordinare  alice hanes. if you want to find out about something (or someone), hire her.

the dark side of facebook's drive to improve privacy settings for users

Facebook's New Privacy Changes: The Good, The Bad, and The Ugly

Commentary by Kevin Bankston

 

Five months after it first announced coming privacy changes this past summer, Facebook is finally rolling out a new set of revamped privacy settings for its 350 million users. The social networking site has rightly been criticized for its confusing privacy settings, most notably in a must-read report by the Canadian Privacy Commissioner issued in July and most recently by a Norwegian consumer protection agency. We're glad to see Facebook is attempting to respond to those privacy criticisms with these changes, which are going live this evening. Unfortunately, several of the claimed privacy "improvements" have created new and serious privacy problems for users of the popular social network service.

The new changes are intended to simplify Facebook's notoriously complex privacy settings and, in the words of today's privacy announcement to all Facebook users, "give you more control of your information." But do all of the changes really give Facebook users more control over their information? EFF took a close look at the changes to figure out which ones are for the better — and which ones are for the worse.

Our conclusion? These new "privacy" changes are clearly intended to push Facebook users to publicly share even more information than before. Even worse, the changes will actually reduce the amount of control that users have over some of their personal data.

Not to say that many of the changes aren't good for privacy. But other changes are bad, while a few are just plain ugly.

The Good: Simpler Privacy Settings and Per-Post Privacy Options

The new changes have definitely simplified Facebook's privacy settings, reducing the overall number of settings while making them clearer and easier for users to find and understand. The simplification of Facebook's privacy settings includes the elimination of regional networks, which sometimes would lead people to unwittingly share their Facebook profile with an entire city, or, as Facebook's founder Mark Zuckerberg explained in a recent open letter, an entire country.

Perhaps most importantly, Facebook has added a feature that we and many others have long advocated for: the ability to define the privacy of your Facebook content on a per-post basis. So, for example, if you only want your close friends to see a particular photo, or only your business colleagues to see a particular status update, you can do that — using a simple drop-down menu that lets you define who will see that piece of content.

Most important, however, is the simple fact that as part of this transition, Facebook is forcing all of its users to actually pay attention to the specifics of their privacy settings. Considering that many if not most users have previously simply adopted the defaults offered by Facebook rather than customizing their privacy settings, this is an especially good thing.

No question, these are positive developments that hopefully will lead more people to carefully review and customize their level of privacy on Facebook. Unfortunately, the new flexibility offered by per-post privacy settings, a definite "good," is being used to justify the "bad"...

The Bad: EFF Doesn't Recommend Facebook's "Recommended" Privacy Settings

Although sold as a "privacy" revamp, Facebook's new changes are obviously intended to get people to open up even more of their Facebook data to the public. The privacy "transition tool" that guides users through the configuration will "recommend" — preselect by default — the setting to share the content they post to Facebook, such as status messages and wall posts, with everyone on the Internet, even though the default privacy level that those users had accepted previously was limited to "Your Networks and Friends" on Facebook (for more details, we highly recommend the Facebook privacy resource page and blog post from our friends at the ACLU, carefully comparing the old settings to the new settings). As the folks at TechCrunch explained last week before the changes debuted:

The way Facebook makes its recommendations will have a huge impact on the site's future. Right now, most people don't share their content using the 'everyone' option that Facebook introduced last summer. If Facebook pushes users to start using that, it could have a better stream of content to go against Twitter in the real-time search race. But Facebook has something to lose by promoting ‘everyone' updates: given the long-standing private nature of Facebook, they could lead to a massive privacy fiasco as users inadvertently share more than they mean to.

At this point there's no "if" about it: the Facebook privacy transition tool is clearly designed to push users to share much more of their Facebook info with everyone, a worrisome development that will likely cause a major shift in privacy level for most of Facebook's users, whether intentionally or inadvertently. As Valleywag rightly warns in its story "Facebook's New ‘Privacy' Scheme Smells Like an Anti-Privacy Plot":

[S]miley-face posturing aside, users should never forget that Facebook remains, at heart, not a community but a Silicon Valley startup, always hungry for exponential growth and new revenue streams. So be sure to review those new privacy "options," and take Facebook's recommendations with a huge grain of salt.

Being a free speech organization, EFF is supportive of internet users who consciously choose to share more on Facebook after weighing the privacy risks; more online speech is a good thing. But to ensure that users don't accidentally share more than they intend to, we do not recommend Facebook's "recommended" settings. Facebook will justify the new push for more sharing with everyone by pointing to the new per-post privacy options — if you don't want to share a particular piece of content with everyone, Facebook will argue, then just set the privacy level for that piece of content to something else. But we think the much safer option is to do the reverse: set your general privacy default to a more restrictive level, like "Only Friends," and then set the per-post privacy to "Everyone" for those particular things that you're sure you want to share with the world.

The Ugly: Information That You Used to Control Is Now Treated as "Publicly Available," and You Can't Opt Out of The "Sharing" of Your Information with Facebook Apps

Looking even closer at the new Facebook privacy changes, things get downright ugly when it comes to controlling who gets to see personal information such as your list of friends. Under the new regime, Facebook treats that information — along with your name, profile picture, current city, gender, networks, and the pages that you are a "fan" of — as "publicly available information" or "PAI." Before, users were allowed to restrict access to much of that information. Now, however, those privacy options have been eliminated. For example, although you used to have the ability to prevent everyone but your friends from seeing your friends list, that old privacy setting — shown below — has now been removed completely from the privacy settings page.

Facebook counters that some of this "publicly available information" was previously available to the public to some degree (while admitting that some of it definitely was not, such as your gender and your current city, which you used to be able to hide). For example, Facebook points to the fact that although you could restrict who could see what pages you are a fan of when they look at your profile, your fan status was still reflected on the page that you were a fan of. But that's no justification for eliminating your control over what people see on your profile. For example, you might want to join the fan page of a controversial issue (like a page that supports or condemns the legalization of gay marriage), and let all your personal friends see this on your profile, but hide it from your officemates, relatives or the public at large. While it's true that someone could potentially look through all the thousands upon thousands of possible fan pages to find out which ones you've joined, few people would actually do this.

Facebook also counters that users can still control whether non-friends can see your Friends List by going into the hard-to-find profile editing settings on your profile page and changing the number of friends displayed on the public version of your profile to "0" unchecking the new check-box in your Friends setting that says "show my friends on my profile". However, if the goal with these changes was to clarify the privacy settings and make them easier to find and use, then Facebook has completely failed when it comes to controlling who sees who you are friends with. And even if you do have some control over whether non-friends can see your friends list — if you hunt around and can find the right setting, which is no longer under "Privacy Settings" — Facebook has made the privacy situation even worse when it comes to information sharing with the developers of Facebook apps.

The issue of privacy when it comes to Facebook apps such as those innocent-seeming quizzes has been well-publicized by our friends at the ACLU and was a major concern for the Canadian Privacy Commissioner, which concluded that app developers had far too much freedom to suck up users' personal data, including the data of Facebook users who don't use apps at all. Facebook previously offered a solution to users who didn't want their info being shared with app developers over the Facebook Platform every time a one of their friends added an app: users could select a privacy option telling Facebook to "not share any information about me through the Facebook API."

That option has disappeared, and now apps can get all of your "publicly available information" whenever a friend of yours adds an app.

Facebook defends this change by arguing that very few users actually ever selected that option — in the same breath that they talk about how complicated and hard to find the previous privacy settings were. Rather than eliminating the option, Facebook should have made it more prominent and done a better job of publicizing it. Instead, the company has sent a clear message: if you don't want to share your personal data with hundreds or even thousands of nameless, faceless Facebook app developers — some of whom are obviously far from honest — then you shouldn't use Facebook.

These changes are especially worrisome because even something as seemingly innocuous as your list of friends can reveal a great deal about you. In September, for example, an MIT study nicknamed "Gaydar" demonstrated that researchers could accurately predict a Facebook user's sexual orientation simply by examining the user's friends-list. This kind of data mining of social networks is a science still in its infancy; the amount of data that can be extrapolated from "publicly available information" will only increase with time. In addition to potentially revealing intimate facts about your sexuality — or your politics, or your religion — this change also greatly reduces Facebook's utility as a tool for political dissent. In the Iranian protests earlier this year, Facebook played a critical role in allowing dissidents to communicate and organize with relative privacy in the face of a severe government crackdown. Much of that utility and privacy has now been lost.

The creation of this new category of "publicly available information" is made all the more ugly by Facebook's failure to properly disclose it until today — the very day it is forcing the new change on users — when it added a new bullet point at the top of its privacy policy specifying this new category of public information that will not have any privacy settings. The previous versions of the policy, however, either didn't disclose this fact at all, or buried it deep in the text surrounded by broad assurances of privacy.

For example, in its previous privacy policy before it was revised in November, Facebook didn't specify any of your data as "publicly available information," and instead offered broad privacy assurances like this one:

We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. ... You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the Privacy page.

Meanwhile, the privacy policy as updated in November did specifically call out certain information as "publicly available" and without privacy settings nearly half-way down the page, surrounded by privacy promises such as these:

• "You decide how much information you feel comfortable sharing on Facebook and you control how it is distributed through your privacy settings."
• "Facebook is about sharing information with others — friends and people in your networks — while providing you with privacy settings that you can use to restrict other users from accessing your information."
• "you can control who has access to [certain information you have posted to your profile], as well as who can find you in searches, through your privacy settings."
• "You can use your privacy settings to limit which of your information is available to 'everyone.'"

These statements are at best confusing and at worst simply untrue, and didn't give sufficient notice to users of the changes that were announced today.

In conclusion, we at EFF are worried that today's changes will lead to Facebook users publishing to the world much more information about themselves than they ever intended. Back in 2008, Facebook told Canada's Privacy Commissioner that "users are given extensive and precise controls that allow them to choose who sees what among their networks and friends, as well as tools that give them the choice to make a limited set of information available to search engines and other outside entities." In its report from July, The Privacy Commissioner relied on such statements to conclude that Facebook's default settings fell within "reasonable expectations," specifically noting that the "privacy settings — and notably all those relating to profile fields — indicate information sharing with 'My Networks and Friends.'"

No longer. Major privacy settings are now set to share with everyone by default, in some cases without any user choice, and we at EFF do not think that those new defaults fall within the average Facebook user's "reasonable expectations". If you're a Facebook user and you agree, we urge you to visit the Facebook Site Governance page and leave a comment telling Facebook that you want real control over all of your data. In the meantime, those users who care about control over their privacy will have to decide for themselves whether participation in the new Facebook is worth such an extreme privacy trade-off.

Related Issues: Privacy

[Permalink]

We’ve known that a major privacy overhaul has been in the works for some time at Facebook, and last week a letter from founder and CEO Mark Zuckerberg let everyone know that changes were imminent.

Today, the company plans to start asking all 350 million of its users to review and update their settings as they roll out the new simplified privacy interface.

While Facebook’s spinning the changes largely as being about making things easier for users (which is true; the current privacy settings are enormously complex if you care to dive in), it’s also all about encouraging them to share more stuff publicly by letting them choose an “everyone” option each time they post something.

That will be key for Facebook (

) becoming as valuable as Twitter (

) in the realm of real-time search, where both are now integrated in Google. Although it has many times more users than Twitter, to date, most Facebook data remains private and, hence, inaccessible to search engines. We’ll see how that starts to change after today.

See Also: Facebook’s New Privacy Features – A Complete Guide