Monday, May 3, 2010

Facebook privacy UPDATE

A few weeks ago, I wrote a post detailing how to set all of the various Facebook privacy settings. It was a long post, but I think it covered everything and I got some good feedback about it. However, as with all things in the technology world, things changed quickly and Facebook now has updated their settings and changed some things that everyone needs to be aware of.

Most notably is the addition of a Like button that website owners can place on their pages. This button is already visible on hundreds of thousands of websites (including this one) and will only become more popular. As a website owner myself, the appeal of the Like button is irresistible. For every person that clicks Like, a link to my page gets posted for all of their Facebook friends to see. The potential for exposure is massive.

Dangers of the Like button
However, the Like button isn't without its downsides...big downsides. Before we get into the updated privacy settings, let's go over the new changes and the risks they bring. First, the Like button. Website owners can place this button on their site using what's called an iframe. This allows them to add it with almost no effort, which is always nice. So when you visit The Dastardly Report, for example, those little Like buttons are loaded from Facebook's servers. The Facebook code checks to see if you're logged in and then presents you with how many of your friends have clicked Like already.

What this means is that whether you actually click Like or not, the button still loads and still checks to see if you're logged in. And since the Like button has a URL attached (the address of the page you're visiting), the privacy implications are pretty huge. Ready? For every website that has a Like button, Facebook logs that you visited the site, whether you click Like or not. They don't publish that info, of course, but nobody really knows what they're doing with the data. Given Facebook's track record with privacy, do you really want them keeping a log of the websites you visit?

The only way to combat this is to logout. It's a bit of a pain, especially if you're a big Facebook user, but you can always set your browser to remember your password to make logging back in easier. Just remember that unless you're actively viewing Facebook itself, you should logout. Otherwise, they will get a record of every Like enabled website you visit, whether you click the button or not.

Friend sharing
In addition to the like button, Facebook is also pilot testing a program called Instant Personalization (which is turned ON for everyone by have to opt out). For now, this program is limited to only three partner sites,, Pandora, and Yelp. We'll look at Pandora as an example. Unless you opt out (we'll get to that in a minute), when you visit Pandora, it will see that you're logged into Facebook and immediately personalize the page for you, playing music that you have listed in your profile, displaying what friends like the same music, etc.

It sounds like a good idea, but do you really want Pandora knowing all of this information about you? If not, you can opt out, of course, but here's the kicker: even if you opt out, your friends can still share information about you. We covered the settings to turn this off in the previous Facebook privacy post, but now that the Instant Personalization program is active, it becomes even more important.

Change privacy settings
First, let's opt out of Instant Personalization. From the Facebook homepage, click Account in the top right, then Privacy Settings. First, click on Edit Settings next to Instant Personalization Pilot Program. Uncheck the box at the bottom and then click the Applications and Websites button to go back. 

Next, click Edit Settings next to What your friends can share about you. Uncheck everything that you don't want friends sharing. Remember that these settings control all friend sharing, even with other websites. So if you have "About Me" checked, then if one of your friends visits Pandora or Yelp, that site will be able to see all of your info.

Concerning changes
Facebook has a long tradition of changing privacy settings without warning. And they always turn the new features on by default, forcing people who don't want it to opt out. This leaves millions of people exposed to potential privacy risks without even knowing it. These recent changes, while very cool in theory, prove that privacy is not much of a concern to Facebook. To be very honest, if it weren't for the websites that I manage and want to promote, I would have deleted my account after these recent changes.

I have already edited my profile to remove any info I don't want public, and I no longer add any content to Facebook. I only use it for promotion purposes for Dastardly Report and Overheard on the Scanner. If privacy concerns you, and you're tired of Facebook changing this for the worse, you should also consider deleting or deactivating your account.

Deactivating is an option that most people don't know exists. It's a way for you to keep your account but temporarily shut it down. It removes all of your data from view, but doesn't actually delete anything. And you can easily reactivate it later if you want. To deactivate your account, click My Account, then Account Settings. Click Deactivate at the bottom. The next page will show you all of your friends who will miss you (cute, eh?) and ask you to give a reason for deactivating. Pick whatever reason you want. :-)

Additionally, if you want to delete your Facebook account entirely, you have to click here. There's no link to deleting from your account settings, you have to hunt through the help pages to find it, but that's the link.

Facebook's continued march toward privacy exposure is a little bit scary. Don't kid yourself, they're making boatloads of money off of these changes. But it's their general mindset that concerns me most. By making it nearly impossible for users to leave or remove their data, and by making the privacy settings as convoluted as possible, Facebook is effectively locking users into their way of doing things.

Contrast this to Google (which is also making huge amounts of money off of Gmail, Picasa, Calendar, Docs, etc). All of Google's services have very easy ways to export your data and close your account. If you wanted to export all of your Facebook pictures before closing your account, you'd be pretty much out of luck. Sure, there are third party sites for it, but those are far from easy, especially for average users.

So, the love/hate relationship with Facebook continues. It remains the easiest and fastest way to connect and share info with friends, not to mention one of the best ways to share photos. And yet the privacy concerns continue to get worse. It is up to individual users to make sure their information is safe. Unfortunately, the majority of them either don't know how, or don't care enough to make these changes. Hopefully this post helps a few of you keep your information in your control.