This article originally appeared in TidBITS on 2010-05-14 at 1:34 p.m.
The permanent URL for this article is:
Include images: Off

How to Protect Your Privacy from Facebook

by Rich Mogull

Claiming over 400 million users, Facebook is the dominant social networking service on the Internet, uniting families, school friends past and present, and international political movements. Facebook started as a restricted social networking site for college students back in 2004, before opening up in 2006 and taking over from competitors such as MySpace. Facebook has since morphed into a behemoth of a platform with a diverse set of features, such as real-time multiplayer gaming, online chat, retail operations, event management, and thousands of small applications. From sending birthday cards to trading "flair," Facebook seems to have it all.

Facebook is the one place online I can connect with my mother, hometown friends I haven't seen in 20 years, my 15-year-old niece, professional colleagues, and random folks I've met in my international travels.

But as wonderful as Facebook may be at helping us keep in touch with both current social circles and long-lost friends, such convenience comes at a cost. Despite housing what many of us might consider extremely private communications and information - such as family photos - Facebook consistently demonstrates a complete disregard for personal privacy.

Thanks to Facebook's complex, ever-changing set of privacy-related options, protecting your privacy on - and from - Facebook is essentially impossible. But by understanding how Facebook's privacy settings currently work, and by following my Three Golden Rules of Facebook Privacy, you can both control what the world knows about you and be prepared for future privacy changes.

Concerns About Facebook's Privacy Policies -- Privacy on Facebook wasn't considered much of an issue until a major change in 2007 that led to a large amount of negative press, a massive number of user complaints, and a successful class action lawsuit (successful for the lawyers, who made millions, although the 19 plaintiffs shared only a total of $41,500).

In November 2007, Facebook launched a feature called "Beacon" [1] in cooperation with 44 external partners, including Blockbuster, Hotwire, and eBay. Beacon would update your Facebook status with your activities on these partner Web sites, such as letting everyone know you just bought movie tickets from Fandango, or reserved a hotel room using Hotwire. Beacon was activated by default for all users, and although you could opt out, one security researcher reported that the information was still being shared between the partners and Facebook. As you can imagine, more than a few users were angered at such personal information being revealed without their permission. As part of the settlement, Facebook shut Beacon down in September 2009.

Since then, Facebook has faced a myriad of privacy issues, recently making headlines for both changing their existing privacy policy and practices and launching a new program called Instant Personalization [2] to embed Facebook on any Web site or online service.

One of the most dramatic demonstrations of these changes and the erosion of privacy over time is a wonderful visualization compiled by Matt McKeon [3] that shows the changes in Facebook's default privacy settings.

Concerns about privacy on Facebook are justified for four reasons:

These aren't idle concerns; there is a demonstrable history of Facebook changing the service to reveal user information previously considered private [8], often to third parties.

Three Golden Rules of Facebook Privacy -- As someone who enjoys the value of social networking but still prefers to maintain my personal privacy, I've developed three rules I recommend for anyone using Facebook:

  1. Assume anything posted on Facebook is public. Forever. Since Facebook retains the right to change their privacy settings retroactively and has done this more than once in the past, I find it best to assume anything I do in Facebook could someday become public. And since we're talking about the Internet here, I assume any such information would stay public forever. As such, I don't put anything on Facebook I wouldn't want the world to see. This includes any profile information, photos, messages, wall posts, and all other activity. I assume this information is not only public, but is being shared privately to third parties without my knowledge or consent.
  2. Review and update your privacy settings regularly, and after every application you install. As Facebook updates their service, they may change privacy settings. I try to review these every month or so. While I don't generally install any Facebook applications (since they gain access to all of my information), for those of you who do, I suggest you check your application privacy settings (discussed below) after installing new applications.
  3. Use a dedicated Web browser for Facebook. Due to how Web browsers work, it is possible that your activities on Facebook or on another site could bleed into each other. This could be due to a security flaw, or it could happen by design, such as when advertising networks track your Internet activity with cookies, Flash, and other techniques. Using a dedicated Web browser isolates Facebook, keeping it (and third party applications) from interacting with other sites. There are lots of Web browsers for the Mac, including Firefox [9], Camino [10], OmniWeb [11], and Opera, or you could create a site-specific browser instance for Facebook using a tool like Fluid [12].

I've purposely highlighted actions you can take no matter how Facebook may change in the future. Since both Facebook's policies and features change over time, I prefer to use these general principles rather than relying on current functionality.

But if you read between the lines, you'll notice one key point:

There is no such thing as privacy on Facebook.

Managing Facebook's Privacy Settings -- Facebook's privacy settings can be difficult to navigate, and since they are currently undergoing changes, I'll concentrate on key areas to focus on rather than try to run through all the specific options.

First, you need to understand Facebook's basic access groups, which are available as options in most of the privacy settings. I'm giving these in the opposite order from Facebook; the original order (from least private to most private) discourages restricting access.

Currently, all user-manageable privacy settings are located in your Account area under Privacy Settings. These are roughly clumped together based on the different kinds of information and activities supported by Facebook. Although they change over time, the groupings are fairly stable.

[image link] [13]

As we walk through these, keep in mind that my privacy concerns may differ from yours. While much of my life is online and public, there are aspects I prefer to maintain control over. This does limit my ability to use many of the features of a service like Facebook (and most of Google). It's a personal decision you need to make for yourself, and since it's harder to control your privacy than to open it up, this article errs on the side of showing you how best to restrict access to your information.

Profile Information -- This is where you control your basic profile information (interests, birthday, religious views, family and relationship status, education, and so on), who can see and respond to your posts, post on your wall, view photo albums, and more. I tend to restrict all these areas to Friends since I use Facebook only for direct friends and family, but you might choose more liberal settings if you use Facebook as a public service along the lines of Twitter.

Keep in mind that with Facebook's new Connections feature, much of your profile information - employer, education, and so on - is public if you enable those pages. There is no way to keep this information private, so I deleted all of those pages. You manage them in the Connections page I discuss below. To be honest, I probably deleted them out of spite since all of that information is in my corporate bio on my company's Web site.

My main recommendation is to think carefully about which profile information should be public (you might want to keep your religious views private, for example), if your posts should be public, and if you want your photos to be public. These tend to be the areas people are most concerned with.

For example, I'm okay with my friends viewing the few photos I post of my young daughter, but I prefer that they not be viewed by passing strangers. Although I assume that could be possible some day (following my first rule), that awareness doesn't mean I don't make an effort to restrict access now. I also leave my profile photo public to help friends find me, not that many people share my name.

Contact Information -- This section enables you to control how people contact you, and which of your contact information is public. My recommendation here is to avoid even filling out any contact information you want to keep private, such as phone numbers or physical addresses. I use a dedicated email address for Facebook and list my company Web site, but I don't provide any other information. My work and TidBITS email addresses are totally public, but since I largely separate work from Facebook I don't see any reason to link those. This helps me keep my personal and professional communications a little separate, and isn't a privacy concern for me.

Since I want friends from the past to be able to find me, I do allow everyone to send me a message or add me as a friend (Facebook always prompts you to accept friend invitations, so that setting doesn't automatically enable anyone to be your friend without your confirmation).

Friends, Tags, and Connections -- This is a newer area containing profile information that has migrated to Facebook Connections, as well as who can see who you are friends with. It won't surprise you to know that I restrict these to my Friends, and that I deleted all of my Connections pages, since those are always public.

Applications and Websites -- This section controls how applications and partner Web sites interact with your information, and what information your friends can share about you.

The thing to remember is that, at this point, any application you use - and thus authorize - has full access to your entire profile, much of your activity information, and possibly all of your friends' profiles. Facebook has stated they plan to offer more granularity on a per-application basis, but for right now any application has full access or no access.

Think about it. Any time someone asks you to accept a piece of flair, sends you a hug, or asks to play a round of checkers, if you accept, you have just granted the developer of that application access to all of your information and that of your friends. Personally, I do not use any applications beyond the core ones built into Facebook. If you have used applications and want to cut them off to any new data, you can block them via a link inside the What You Share page.

One key area to update is "What your friends can share about you." I've seen reports suggesting that Facebook changed everyone's settings to allow access to everything, although my old settings didn't change. Unless you uncheck all these options, any application or Web site a friend accesses can gain access to your information, including status updates, all your personal information, and even whether or not you are online. Creepy, isn't it?

Facebook has also partnered with a few major Web sites, allowing them to link to your Facebook account when you visit their pages. (Worse, Facebook has shared at least some of your information with these sites already.) This allows both the site and Facebook to access your information across these boundaries and track your activity. You can disable this functionality, which is on by default, in the "Instant Personalization Pilot Program" section.

Search and Block List -- The search section controls who can see your public information in search results on Facebook or authorized search engines. I leave this open, since this is exactly the basic information I want available so old friends can find me.

The Block List allows you to block specific individuals on Facebook from ever seeing any of your information, such as an ex-spouse or that grade school bully who just won't quit.

Privacy is Personal -- In the Information Age, determining what you want others to know about you isn't always a simple decision. Aside from the potential tradeoffs of avoiding particular features or services, we all have different thresholds for what we are comfortable sharing. It's also extremely difficult to control our information even when we do make informed decisions, and often impossible to eradicate information that escaped our control before we realized the rules of the game had changed.

For example, I use both Amazon and Netflix, even though those services also collect personal information like my buying and viewing habits. I am trading my data (and money) for a combination of convenience and personalization. I'm less concerned with these services than Facebook since their privacy practices and policies are clearer, my information is compartmentalized within each service, and they have much more consistent and stable records.

On the other hand I have minimized my usage of Google services due to privacy concerns. Google's reach is incredibly expansive, and despite their addition of Google Dashboard [14] to help show some of what they record, and much clearer policies than Facebook, I'm generally uncomfortable with any single company or government having that much potential information on me. I fully understand this is a somewhat emotional response.

Facebook is building a similar Internet-wide ecosystem as they expand connections to external Web sites and services. In exchange for allowing them access to your information and activities, Facebook enables new kinds of services and personalization. The question each of us must answer is if those new services and personalization options are worth the privacy tradeoff.

Deciding where to draw your own privacy lines is a very personal, complex, and even sometimes arbitrary decision. I trust Amazon and Netflix to a certain extent based on their privacy policies, even though they sometimes make mistakes (I didn't use Amazon for years after a policy change that they later reversed). Yet I've limited my usage of both Google and Facebook due to general concerns (Google) or outright distrust (Facebook).

Facebook, to me, is a tool to keep me connected to friends and family I don't interact with on a daily basis. I restrict what information it has on me, and always assume anything I do on Facebook could be public. I'm willing to trade a little privacy for the convenience of being able to stay connected with an expanded social circle. I manage Facebook privacy by not using it for anything that's actually private.

What Kind of Facebook User Are You? After reading this far, you should have a sense of my general opinions and recommendations. But as I hope has been clear, I don't expect everyone to follow exactly what I do - if nothing else, as someone who works in the security field, I have a large electronic bullseye on my back, so I have to be more careful than most people. In my experience, people tend to fall into a few broad categories that define how they perceive and utilize Facebook, so here are my recommendations for each category:

Could There Be a Facebook Alternative? In a parallel universe, we would be having this conversation about MySpace, not Facebook. The Internet is a fickle, fast-moving place where today's winners can be tomorrow's losers. And nothing says those winners or losers need to be private corporations.

Wired's Ryan Singel has suggested [17] that instead of a single company dominating the social networking space, the tech community could create open protocols that would provide much the same capabilities as Facebook without the privacy concerns. Days later, after being mentioned in the New York Times [18], one potential Facebook alternative - Diaspora - raised over $115,000 [19] to build an open social networking platform, driven by the latest Facebook privacy concerns.

So far, social networking has been the exclusive domain of private organizations like Facebook, Twitter, and MySpace, in large part due to the massive infrastructure required to maintain them. But these systems are all closed silos, often with overlapping functionality, and that fact opens the door for open, standards-based alternatives to glue the services together, or replace them entirely. I don't mean to minimize the challenges, but the deeper Facebook mires itself in self-inflicted controversy, the greater the opportunities for upstarts.

In the end, you need to decide for yourself where you draw your own privacy lines in the sand, but remember any service's privacy policy can change over time. For Facebook, the specifics of each of the privacy areas I describe above may change, but my general recommendations will likely last for years to come.