From Facebook’s help page on the privacy/security settings update:
Some settings are changing with the recent updates to Facebook privacy, but Facebook’s commitment to providing you control over your information is not. Here’s a summary of what’s changing:
Providing me control over my info…Well, let’s just see, shall we?
- The Privacy page has been simplified, and in that process, some settings have been consolidated. For security reasons, you will now be required to enter your password if you’d like to update your privacy settings.
Huh. Simplified & consolidated – nice way to say “we rearranged the screen and got rid of some of those peskier settings.” And what security reason could justify entering my password to update my privacy settings? If someone has hacked my account that shouldn’t be messing with those settings, then they already have my password! Entering my password a second time does nothing to enhance my security or privacy – and it’s arguably worse without strong encryption being used.
- A privacy control has been added to the publisher at the top of your home and profile page. This allows you to set privacy on individual posts. For example, you could post a status to Everyone or only to Friends. Learn more on the Publisher help page.
OK, even this curmudgeon has to admit this is a good thing.
- Instead of having networks for regions (eg., Australia or New York City), people’s locations are now listed in the “Current City” or “Current Region” field of their profiles. This means if you use the “Friends and Networks” privacy setting, the networks part only applies to work and school networks.
What’s this have to do with security or privacy? Read on…
- A basic set of information is publicly available, meaning it’s visible to anyone that’s able to navigate to your profile, applications you use on Facebook, and websites you connect with via Facebook. This information includes your name, profile picture, gender, current city, networks, friend list, and Pages. Any additional information (eg., photos or videos) will only be exposed if your privacy settings allow it.
This is where facebook is screwing the pooch. By providing all this information publicly, a hell of a profile can be built about any given person. This is a paradise for spammers, scammers, stalkers, and sickos. It’s a tyrannical government’s new tool. It’s a pedophile’s wet dream. And it’s a nightmare for anyone who desires or needs privacy.
Keep in mind that anyone who navigates to your profile will be able to view your publicly available information and information you’ve made visible to Everyone. While you do have the option to hide your Friend List from being visible on your profile, it will be available to applications you use and websites you connect with using Facebook. In addition, your profile picture appears in places you make comments and posts. You can always change your current profile picture or lower your search visibility if you choose.
Oh, yeah, the application gap. It amazes me the amount of info an application can get not just about me, but about my friends. Yes, the API documentation mentions what personal information you’re not supposed to retain about your users, but there’s no system security behind that API to enforce it. Oh, sure, there are the various agreements for facebook developers – but the honor system does no good when facebook does nothing to enforce those agreements. In reality, the more money an application makes, the more ad revenue facebook is getting a cut of – and the less likely they are to do anything about it. So the worst offenders (Zynga, for example) make millions scamming people. It’s only a matter of time before someone sells all the info they’ve mined out of facebook profiles. Maybe that’s why zynga is using iesnare, and maybe that’s why I haven’t heard a peep from facebook since I filed a privacy violation about that issue.
The pages and friendlist are the two most egregious violations of privacy. You can build a fairly good picture of, for example, a person’s political affiliations, religious beliefs, and sexual tendencies, by examining their pages. Why does this need to be public? I used to be able to selectively show that to whoever I wanted or to nobody at all. Same deal with the friendlist – I could customize who would see that (and had it set to only the people I really knew in real life and trusted) – now it’s an all-or-nothing setting. The setting to hide your friendlist from your profile doesn’t even do a thing to ensure the privacy of that. For example, if you’re logged onto facebook, take a look at Mark Zuckerberg’s profile, and you’ll see he has hidden his friendlist from his public profile. However, by appending anybody’s facebook account id or account name to the end of www.facebook.com/friends/?id=, you can see their entire friend’s list, regardless of their privacy settings – this is Zuckerberg’s friend list, which I’m sure he won’t mind being shared like this since that base url is hardly a secret, and the same info can be gotten by platform applications and Connect sites.
Publicly available information includes your name, profile picture, gender, current city, networks, friend list, and Pages. This information makes it easier for friends, family, and other people you know to connect with you.
No, it makes facebook more like twitter, publicizes more of everyone’s info – especially when the search engines start crawling publicly enhanced profiles and putting together their own social graphs – and frankly only makes it easier for more people to connect with me who I don’t want to hear from at all. In reality, despite the way this change has been spun by facebook, I have less control over my information with this change.
Tags: Facebook, Privacy, Security, Social networking
