Taming the Beast: Facebook and Our Privacy

Taming the Beast: Facebook and Our Privacy

Facebook is at it again. It’s changing things around, and a few people are noticing. I’ve been thinking about this post for a long time. Facebook is a very popular service, and privacy is a hot topic (especially for many librarians I know), it’s bound to strike several different chords. I’ve heard Facebook criticized as being both too constricting (aka the “walled garden”) and too open with our information. After mulling about this post for a while (maybe even since Facebook has been around), I’ve decided that the problem is not necessarily with Facebook, it’s with us, and our lack of understanding of a service we invest so much time and throw so much information into.

When I started writing this I decided what I did not want it to be was a “why and how we need to turn off all privacy settings in Facebook” sort of thing. I am not advocating that. Facebook is here to stay, like it or not. What I think the essence of Facebook is illustrating to us, though, is where I’ve felt this privacy discussion has been heading for a long while… whose responsibility is it to protect our own privacy? It is ours. I may not agree to all the options in Facebook’s convoluted privacy settings, but it’s because I took the time to understand them that I feel better about what the world sees of me through Facebook. So what this is instead, is an approach to taking back what is yours, and to understanding what part of your soul Facebook actually owns (it might not as bad as you think.)

The Very Brief Background

What is the big deal anyway? Well, recently Facebook announced some big changes at their f8 conference. These changes are taking down some of the walls that Facebook has been criticized of keeping up before. I think it is good of all of us to understand what that means for our privacy when it comes to applications and third parties. Essentially, Facebook wants to be the center of everything on the internet. Though putting Facebook’s intentions with our data aside, what I hope to do is show people that we do have some control over our Facebook profiles.

I will warn you, if you’ve never looked at the privacy settings on your Facebook profile this will not be a quick and easy task. If you’ve looked at them now and again then you might be familiar with some of these settings, but I also recommend regularly checking your settings (whenever Facebook makes changes is always a good time to do this). Things do change and new settings are added (or subtracted) all the time.

Lists and Limited Profile

If there is one thing I try to recommend to people when it comes to their Facebook account, it’s that they should use lists, or at least one list called a Limited Profile. The Limited Profile was around before Facebook introduced Lists, and was a way for you to keep certain friends from seeing information you deem more personal. When Facebook gave us the ability to add our friends to lists, it moved the Limited Profile over as another list option for those of us who had created one. Many lists with different privacy settings can become tedious, especially if you are constantly adding a lot of new content to your profile. If you do not have time to prune obsessively on your profile every time you add a new application then start off first with one list for a limited profile.

Image: Facebook Account OptionsTo gain access to, or create your lists then go to Account and Edit Friends (currently in the top right corner of your Facebook home page). Your lists will appear on the left side of the page. If you have not created any lists yet then click on ‘Friends’ and create a new list at the top. You can call your lists anything and customize them any number of ways (or not at all), but I like the idea of having at least one list with greater privacy that I do not have to guess at trying to remember the privacy settings I applied.

When you accept a new friend you can also specify a list for them immediately. My limited profile list generally restricts certain people from knowing my contact information, so when I add a new friend I might decide then if they should know that or not; if not then they get added to that Limited Profile list. I recommend using lists for new friends you do not want to reject completely, but you do not think they deserve to see certain areas of your profile. You can accept friendship requests and add them to your limited profile list, and you can always decide to move them off that list later if you like.

Though, a Limited Profile is no good if you do not limit it. This process may take some thought on your part. As a rule, your Limited Profile should only include things you are ok with everybody on your friend list seeing. If that is everything then that is good for you, you probably do not need lists.

Lists and Limited Profiles are optional, you can still have sensible profile without them, but with Lists you can customize Facebook to specific groups of people. Do you only want friends in a certain group to see certain applications or updates? Do you want to add your boss to Facebook, but maybe you would rather not they see your photos from the weekend’s party? If you are concerned about privacy across groups, like co-workers or professional contacts, you can set up lists and limit access to parts of your profile. These changes do take thought and pruning (for example each new application you add will default access to all friends if you decide to display it on your profile), but it is absolutely possible to maintain different and customized profiles on Facebook.

I will go through each section in a little more detail so you can see how to build your profile up or down, but be thinking about your public versus private profile as you move through each privacy setting.

What is actually public anyway?

So let’s say that you have the tightest controls possible on your Facebook profile, and everything is locked down. What is it that can be seen or shared?

  • Name
  • Profile Picture
  • Gender
  • Current City
  • Networks
  • Friend List
  • Pages

If you are uncomfortable with any of this information being added to your profile with no controls or restriction, then I recommend not adding it (though, there is nothing you can really do about Name or Friend List, unless you change your name or have no friends). If you are uncomfortable with all these things showing, then I recommend deleting your Facebook account and leaving the internet.

Yes, Pages are considered “public” information according to Facebook! This shocked me too. Keep this in mind when you decide to “like” or “fan” a page (which Facebook has decided to make much easier with a new “universal like” widget for website owners). I will add more about Pages later though.

Account Settings

The account settings area is where you can change basic information about yourself, and manage notifications. The one tab I want to point out is Facebook Ads. The advertising platform is how Facebook makes its money; it wants you to share information so it can improve this platform. The more information you give it, the more targeted the ads can be, the more money Facebook is going to make from its advertisers. I have nothing against Facebook making money… but I do have a problem when them doing it at the expense of my privacy. Maybe you do not mind so much though, you are free to opt in or out as you desire

The first setting in this tab is interesting, however:

Ads shown by third party applications. Facebook does not give third party applications or ad networks the right to use your name or picture in ads. If this is allowed in the future, this setting will govern the usage of your information.

Your options are “only my friends” and “no one.” Oooh, sneaky Facebook, very sneaky. What this is saying is that they are currently not giving third-party applications the right to use our name or picture in their ads, but we can go ahead and allow this for the future if we would like. This option was marked “only my friends” for me when I checked my settings. Facebook had added this “in the future” feature and defaulted it so my friends can see my name and photo on ads for third party applications that I like (which I actually would never do anyway). This is a good example of why Facebook settings should be checked regularly; features are added all the time and Facebook’s de
fault settings might not match what you think they should be.

The second option is active though:

Ads shown by Facebook. Facebook strives to create relevant and interesting advertisements to you and your friends. Here are the facts about Facebook Ads:

  • Facebook Ads are sometimes paired with social actions (e.g., liking a Page) that your friends have taken.
  • You only applicationear in Facebook Ads to your confirmed friends. If a photo is used, it is your profile photo and not from your photo albums.
  • Facebook doesn’t sell your information to advertisers.
  • Facebook actively enforces policies that help protect your experience with thirdparty applications and ad networks.

The screenshot here give examples of what this option looks like.

Image: Facebook Sample Ad

You may have already seen examples of this from your homepage. You may or may not like having your name or picture next to adverting on Facebook. If it does make you feel uncomfortable though, choose “no one” and this will not happen.

Privacy Settings – Profile Information and Contact Information

The next two areas are the biggies. With Privacy Settings, we can start building up, or down our profile based on a wide variety of privacy options.

Who gets to see what? I hope you already have a good idea of this. Here are the options you have available to you for each of the areas on your profile page or contact information.

Image: Facebook Privacy OptionsEveryone. Are you comfortable with that section being public information on your profile? Sharing with everyone is not always a bad thing. Maybe there is one area you do not mind people seeing. For example, I kept my Education and Work settings public because I figured that would be an easy way for people to find me. It’s also information that is available elsewhere, either on my website, or through LinkedIn. I also want my website to be public, I prefer people read about me there than Facebook. One thing to consider when choosing this option, though, is you are also giving Facebook permission to share that information with third parties through applications, authentication, or page likes. This will become more apparent when you go through other privacy options later on.

Friends and Networks. If you are a member of any networks then other members of those networks can view the profile section shown. These are mostly school networks, but companies can have networks too. If your company or school is on Facebook and you are on their network and have information viewable to friends or networks, anybody in that network (friend or not) can see that part of your profile. Do not want those embarrassing drunken photos shared with everybody at work? Then do not make them available to your networks.

Why would you want to share with networks then? Well, let’s say you work for a large company and you want your company contact information to be available to everybody regardless of friendship status. Or maybe you want your university contact information available to the entire university but not the entire world. You can also share photos of the company picnic to everybody in the company, but leave out the ones from Friday’s pub crawl.

Friends of Friends. I really hope you trust your Friends’ Friends if you have this option selected. Actually I cannot think of a good reason to use this setting… but here you go, it is an option.

Only Friends. I really hope you trust your own friends if you have this option selected. It goes without saying though, any of your listed friends can see this part of your profile.

Image: Custom Privacy SettingsCustomize. Here’s where it gets fun! Let’s say you do not trust your friends, or at least the ones in any of your lists or your limited profile… select customize and we can now filter them out. As you will see though, you can even hide content from individuals. The limited profile and the lists make it easy to hide entire groups, but your filtering can get very granular here. No need to feel badly about adding mom as a Facebook friend… you still do not have to tell her everything you are up to if you do not want.

Preview My Profile. Want to see what the new restricted profile looks like? Facebook’s profile preview is actually really handy. The previewed profile will show you exactly what it looks like to “most people.” This is to say everything I listed as Facebook’s default “public” above, plus any option you have made available to “Everyone.” Neat huh? It gets better though! Want to see how your profile looks to mom? Type in her name, or anybody’s name on your limited profile and the preview will change to what that person will see.

You can do this for both your contact information and your profile information. I really recommend spending some time with these two sections and determining what it is you want people to see or understand you.

Also, do not forget to go through each of your photo albums and check the privacy settings there. Albums like ‘Profile Pictures’ and ‘Mobile Uploads’ might be set to Everyone by default by Facebook. You can do the same type of granular privacy for each one of your photo albums as I mentioned above.

Privacy Settings – Applications and Websites

I will go into applications in a little more detail later, but you can control some general privacy of applications via these settings. “What you share” is the main part of the applications section, so I am skipping it for now.

What your friends can share about you?

Image: What Your Friends Can Share

This setting concerns me a little bit. Make sure you are comfortable with the settings here… I know when I visited this section nearly every box had been checked… others have said none or a few have been checked.

When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card.

If your friend uses an application that you do not use, you can control what types of information the application can access. Please note that applications will always be able to have access your publicly available information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages) and information that is visible to Everyone.

So what does all this mean? Your friend allows an application on their profile, that application can have access to certain information concerning their friends (you), even if that friend (or you) does not have the application authorized on their profile. Things you’ve already allowed visible to Everyone in the previous settings will be available here by default… plus the information I mentioned before. You may add other information if you would like via the checkboxes below the statement. Though let’s think this through… that is a lot of information made available to an application or website you have not even installed on your own profile, is it not? It’s confusing. I think it is kind of icky too.

If you’ve already thought through what is visible to Everyone and the settings above, just uncheck all the boxes… unless you like feeding the many-headed beast with data you’ve already deemed private. Remember, it is still up to you what is shared.

Activity on applications and Games Dashboard

Do you want your boss or co-workers to know that you’ve been playing Farmville instead of working? You will show up in recent activity to whoever you have chosen (or excluded) here. Might be wise a wise one to evaluate.

Instant Personalization

Image: Instant Personalization

This option is brand new… most members were probably already greeted with the personalization box when they recently opened their profile.

You’ll find a personal and social experience the moment you arrive on our select partner sites –Docs.com, Pandora, and Yelp. We’re working closely with these partners so you can quickly connect with your friends and see relevant content on their sites. These sites personalize your experience using your public Facebook information.

It’s up to you if you opt in here; personalization can be easier for many people, but keep this in mind… it is personalizing with your public information. If you are happy with your privacy options so far maybe that is ok. If you are not, you might be handing a lot of data over to other websites. Also, there is this:

Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application.

You cannot opt out of this, you can only block those applications. Also, remember the “What your friends can share about you” section?? If you have a lot of check boxes you might as well throw your new finely tuned privacy settings out the window. Be careful here. If you have good privacy controls on your profile already then there is probably not a lot of need to worry. If you do not… well, let’s hope you trust your friends and the sites they visit while logged into Facebook.

Privacy Settings – Search

There are two levels here; who can see your search results in Facebook and who can see your search results in search engines, like Google. These are personal preferences, though. Again, if you’ve thought about the privacy settings of your profile up to this point (and actually carried through with them), you may be ok allowing others to search for you or showing up in Google.

Application Settings

These are a beast, especially if you are really concerned about privacy. If you want to review the settings of all your applications, choose “Authorized” in the drop down box of the ‘Edit Applications’ area. If you want to do an all out clean sweep, start by deleting any applications you do not use anymore. ReadWriteWeb published a good post on how and why you should delete Facebook applications, that is worth a look. External websites are any website you’ve used Facebook to log into. You can also control desktop applications here as well.

Then you can systematically go through each one and edit the settings. Boxes that can show up on your profile will let you filter for your limited profile (keeping in mind though that any new application will always default to “Everyone” by Facebook). Bookmarking an application just gives you easy access to it on your homepage. Some applications let you add them as a box in a new tab, or a box on your profile (or even take it off your profile completely if you like)… that is all your own preference.

Each application should also have additional permissions. As I was going through each one I noticed that for many, “Access my data when I am not using the application” was checked. I actually did not know why in most situations… though unchecking that option made it disappear completely from the options. Are there instances where I would want this checked? Yes, one application, Backupify, needs to have access to my data to run periodic backups. So it is good to think about how that application is using your data before disabling everything.

You can also control if that application adds content to your wall individually. My status updates are actually piped through the Twitter application, so in my situation I want to make sure Twitter is publishing to my Facebook wall.

Besides viewing all authorized applications you can view them by how you’ve granted additional permissions. If you are concerned about applications that post to your status or directly to your wall, you can see these categorized here a little easier in this view.

One thing to keep in mind with Facebook applications is that they are not vetted by Facebook. Anybody can create an application with any number of settings. You could be unknowingly giving away your personal information with the wrong checkbox. This is not to imply that all application developers are going to take your data and do bad things with it… it’s just a warning to only install applications that you trust and understand how that application is going to use your information or post to your profile.

A Note About Pages and Likes

I see Pages as the sort of wildcard in all these privacy settings. You cannot turn them off. Facebook is rolling out a “universal like” feature and tying those likes into what used to be known as “fan” (aka Pages). If you do not want your Pages to show on your profile the only way to turn them off is to unlike them all. Otherwise you have to be more choosy about what you like or dislike on the internet while signed in to Facebook. The easiest way to edit the Pages listed on your profile is to go back to “Edit Friends,” there will be an option for Pages on the left side of your profile. You can delete any Page you do not want to have associations with by clicking on the ‘x’.

Here’s the absolutely weird thing though; you can add Pages to lists. Why? I am not exactly sure. No clue if it makes a difference, but I’ve added every page I am on to my Limited Profile as a precautionary measure. I am not sure what data those page owners have access to, but it’s scary to think page owners can see as much as my normal friends. Frightening really.

So there you have it… and for the quick summary of how to look after your Facebook profile:

  • Add Friends to a Limited Profile (or Lists)
  • Opt in or out of Facebook’s Ad Platform
  • Limit who sees what on your Profile Information or Contact Information
  • Limit what friends share with you on other websites
  • Limit what friends can see of your online activity
  • Opt in or out of Instant Personalization
  • Opt in or out of Search Listings
  • Edit Privacy Settings for Individual applications
  • Delete Pages from your profile

Though, you could always just delete your profile too… but if you choose to stay on or get off, it’s always going to be up to you.

There has been a lot of internet chatter about Facebook the past few weeks, if you are interested in reading more about it here are a few other sources I have found (not already mentioned):

**Update 04.20.10**

Last night, Donato (@BostinBloke) alerted me to this ReadWriteWeb aritlce on Facebook’s new Connected Profiles option. Many users are seeing blank profile areas if they don’t connect up. I haven’t noticed this one mine though, or even got the messages mentioned in the post forcing me to connect. Anybody else have this option turned on yet? I also don’t have interests listed in my profile, I deleted them some time ago… not so much because of privacy, but because interests seem to change and I get tired of updating profile boxes all the time.

Neil (@rasga) has a timely post about privacy concerning Facebook and Spotify. I posted a lengthy comment there. I think Neil raises some excellent points and questions and I know he would enjoy a few more opinions.

**Update 04.30.10**

A follow up to the link that Donato gave me… I had the option to turn connect pages this evening and I accepted, though I still got the blank info pages that everybody else is seeing.

I did a quick check on privacy settings, the good news is you now have more controlled privacy over some things that Facebook was saying was public before (things like friend lists and interests).  There’s a new section called “Friends, Tags, and Connections” in your privacy settings now (joy, more sections to update).  Check these settings because many of them are defaulted to “Everyone”!!

As for the blank pages, I think Facebook is just borked. Though judging by when users started seeing the blank pages (several days ago) and when some of us are now seeing the same issues, it doesn’t seem like Facebook has a good handle on fixing their bugs.

2 thoughts on “Taming the Beast: Facebook and Our Privacy

  1. Glad it was helpful Natalie. You know I do have a lot of different lists, it could be an obsessive librarian thing though, it’s just the only one I have different privacy settings on is the Limited Profile one.
    I’ve found the other lists good for emailing a group of people through Facebook though… and some of my other ones help me remember how I know somebody, like old school friends that have changed their names.

Comments are closed.