How to Protect Your Privacy from Facebook
Claiming over 400 million users, Facebook is the dominant social networking service on the Internet, uniting families, school friends past and present, and international political movements. Facebook started as a restricted social networking site for college students back in 2004, before opening up in 2006 and taking over from competitors such as MySpace. Facebook has since morphed into a behemoth of a platform with a diverse set of features, such as real-time multiplayer gaming, online chat, retail operations, event management, and thousands of small applications. From sending birthday cards to trading “flair,” Facebook seems to have it all.
Facebook is the one place online I can connect with my mother, hometown friends I haven’t seen in 20 years, my 15-year-old niece, professional colleagues, and random folks I’ve met in my international travels.
But as wonderful as Facebook may be at helping us keep in touch with both current social circles and long-lost friends, such convenience comes at a cost. Despite housing what many of us might consider extremely private communications and information – such as family photos – Facebook consistently demonstrates a complete disregard for personal privacy.
Thanks to Facebook’s complex, ever-changing set of privacy-related options, protecting your privacy on – and from – Facebook is essentially impossible. But by understanding how Facebook’s privacy settings currently work, and by following my Three Golden Rules of Facebook Privacy, you can both control what the world knows about you and be prepared for future privacy changes.
Concerns About Facebook’s Privacy Policies — Privacy on Facebook wasn’t considered much of an issue until a major change in 2007 that led to a large amount of negative press, a massive number of user complaints, and a successful class action lawsuit (successful for the lawyers, who made millions, although the 19 plaintiffs shared only a total of $41,500).
In November 2007, Facebook launched a feature called “Beacon” in cooperation with 44 external partners, including Blockbuster, Hotwire, and eBay. Beacon would update your Facebook status with your activities on these partner Web sites, such as letting everyone know you just bought movie tickets from Fandango, or reserved a hotel room using Hotwire. Beacon was activated by default for all users, and although you could opt out, one security researcher reported that the information was still being shared between the partners and Facebook. As you can imagine, more than a few users were angered at such personal information being revealed without their permission. As part of the
settlement, Facebook shut Beacon down in September 2009.
One of the most dramatic demonstrations of these changes and the erosion of privacy over time is a wonderful visualization compiled by Matt McKeon that shows the changes in Facebook’s default privacy settings.
Concerns about privacy on Facebook are justified for four reasons:
- Facebook has a history of changing privacy policies and practices, during which they change user privacy settings and often reveal information previously considered private. For example, in recently launching their Connections feature, Facebook made it impossible to control who sees your profile information.
- Facebook’s privacy options are difficult to navigate, confusing many users who don’t realize what information they are sharing. The settings also tend to default to sharing information instead of protecting it. For example, any Facebook application you install, even those simple ones that do little more than send a friend an animated message, technically may gain ongoing access to all of your profile, activity, and friend information.
- Facebook’s CEO, Mark Zuckerberg, has stated publicly that he believes social norms around privacy have changed and people prefer more information to be public. In a controversial Twitter post by a New York Times reporter, an anonymous Facebook employee claimed Zuckerberg “doesn’t care about privacy”.
These aren’t idle concerns; there is a demonstrable history of Facebook changing the service to reveal user information previously considered private, often to third parties.
Three Golden Rules of Facebook Privacy — As someone who enjoys the value of social networking but still prefers to maintain my personal privacy, I’ve developed three rules I recommend for anyone using Facebook:
- Assume anything posted on Facebook is public. Forever. Since Facebook retains the right to change their privacy settings retroactively and has done this more than once in the past, I find it best to assume anything I do in Facebook could someday become public. And since we’re talking about the Internet here, I assume any such information would stay public forever. As such, I don’t put anything on Facebook I wouldn’t want the world to see. This includes any profile information, photos, messages, wall posts, and all other activity. I assume this information is not only public, but is being shared privately to third parties without my knowledge or consent.
- Review and update your privacy settings regularly, and after every application you install. As Facebook updates their service, they may change privacy settings. I try to review these every month or so. While I don’t generally install any Facebook applications (since they gain access to all of my information), for those of you who do, I suggest you check your application privacy settings (discussed below) after installing new applications.
- Use a dedicated Web browser for Facebook. Due to how Web browsers work, it is possible that your activities on Facebook or on another site could bleed into each other. This could be due to a security flaw, or it could happen by design, such as when advertising networks track your Internet activity with cookies, Flash, and other techniques. Using a dedicated Web browser isolates Facebook, keeping it (and third party applications) from interacting with other sites. There are lots of Web browsers for the Mac, including Firefox, Camino, OmniWeb, and Opera, or you could create a site-specific browser instance for Facebook using a tool like Fluid.
I’ve purposely highlighted actions you can take no matter how Facebook may change in the future. Since both Facebook’s policies and features change over time, I prefer to use these general principles rather than relying on current functionality.
But if you read between the lines, you’ll notice one key point:
There is no such thing as privacy on Facebook.
Managing Facebook’s Privacy Settings — Facebook’s privacy settings can be difficult to navigate, and since they are currently undergoing changes, I’ll concentrate on key areas to focus on rather than try to run through all the specific options.
First, you need to understand Facebook’s basic access groups, which are available as options in most of the privacy settings. I’m giving these in the opposite order from Facebook; the original order (from least private to most private) discourages restricting access.
- Custom: Enables you to restrict information so only you can see it, or to build a list of people who can see your information. This is the most restrictive option, but requires the most effort.
- Friends: Only your Facebook friends. Remember that you probably don’t know many of the people you are “friends” with on Facebook very well, so even this setting may reveal more than you want.
- Friends of Friends: All of your friends, plus any of their immediate friends. This is restricted to one degree of separation, although some of you may still find yourself connected to Kevin Bacon.
- Friends and Networks: Both your Facebook friends and anyone else who is in the same networks you’re in. Since networks are generally related to institutions like schools, this setting reveals information to a lot of people you don’t know.
- Everyone: Open to the entire Internet. This includes all Facebook users, and may include Facebook partners and search engines (although Facebook tends to restrict search engines for competitive reasons).
Currently, all user-manageable privacy settings are located in your Account area under Privacy Settings. These are roughly clumped together based on the different kinds of information and activities supported by Facebook. Although they change over time, the groupings are fairly stable.
As we walk through these, keep in mind that my privacy concerns may differ from yours. While much of my life is online and public, there are aspects I prefer to maintain control over. This does limit my ability to use many of the features of a service like Facebook (and most of Google). It’s a personal decision you need to make for yourself, and since it’s harder to control your privacy than to open it up, this article errs on the side of showing you how best to restrict access to your information.
Profile Information — This is where you control your basic profile information (interests, birthday, religious views, family and relationship status, education, and so on), who can see and respond to your posts, post on your wall, view photo albums, and more. I tend to restrict all these areas to Friends since I use Facebook only for direct friends and family, but you might choose more liberal settings if you use Facebook as a public service along the lines of Twitter.
Keep in mind that with Facebook’s new Connections feature, much of your profile information – employer, education, and so on – is public if you enable those pages. There is no way to keep this information private, so I deleted all of those pages. You manage them in the Connections page I discuss below. To be honest, I probably deleted them out of spite since all of that information is in my corporate bio on my company’s Web site.
My main recommendation is to think carefully about which profile information should be public (you might want to keep your religious views private, for example), if your posts should be public, and if you want your photos to be public. These tend to be the areas people are most concerned with.
For example, I’m okay with my friends viewing the few photos I post of my young daughter, but I prefer that they not be viewed by passing strangers. Although I assume that could be possible some day (following my first rule), that awareness doesn’t mean I don’t make an effort to restrict access now. I also leave my profile photo public to help friends find me, not that many people share my name.
Contact Information — This section enables you to control how people contact you, and which of your contact information is public. My recommendation here is to avoid even filling out any contact information you want to keep private, such as phone numbers or physical addresses. I use a dedicated email address for Facebook and list my company Web site, but I don’t provide any other information. My work and TidBITS email addresses are totally public, but since I largely separate work from Facebook I don’t see any reason to link those. This helps me keep my personal and professional communications a little separate, and isn’t a privacy concern for me.
Since I want friends from the past to be able to find me, I do allow everyone to send me a message or add me as a friend (Facebook always prompts you to accept friend invitations, so that setting doesn’t automatically enable anyone to be your friend without your confirmation).
Friends, Tags, and Connections — This is a newer area containing profile information that has migrated to Facebook Connections, as well as who can see who you are friends with. It won’t surprise you to know that I restrict these to my Friends, and that I deleted all of my Connections pages, since those are always public.
Applications and Websites — This section controls how applications and partner Web sites interact with your information, and what information your friends can share about you.
The thing to remember is that, at this point, any application you use – and thus authorize – has full access to your entire profile, much of your activity information, and possibly all of your friends’ profiles. Facebook has stated they plan to offer more granularity on a per-application basis, but for right now any application has full access or no access.
Think about it. Any time someone asks you to accept a piece of flair, sends you a hug, or asks to play a round of checkers, if you accept, you have just granted the developer of that application access to all of your information and that of your friends. Personally, I do not use any applications beyond the core ones built into Facebook. If you have used applications and want to cut them off to any new data, you can block them via a link inside the What You Share page.
One key area to update is “What your friends can share about you.” I’ve seen reports suggesting that Facebook changed everyone’s settings to allow access to everything, although my old settings didn’t change. Unless you uncheck all these options, any application or Web site a friend accesses can gain access to your information, including status updates, all your personal information, and even whether or not you are online. Creepy, isn’t it?
Facebook has also partnered with a few major Web sites, allowing them to link to your Facebook account when you visit their pages. (Worse, Facebook has shared at least some of your information with these sites already.) This allows both the site and Facebook to access your information across these boundaries and track your activity. You can disable this functionality, which is on by default, in the “Instant Personalization Pilot Program” section.
Search and Block List — The search section controls who can see your public information in search results on Facebook or authorized search engines. I leave this open, since this is exactly the basic information I want available so old friends can find me.
The Block List allows you to block specific individuals on Facebook from ever seeing any of your information, such as an ex-spouse or that grade school bully who just won’t quit.
Privacy is Personal — In the Information Age, determining what you want others to know about you isn’t always a simple decision. Aside from the potential tradeoffs of avoiding particular features or services, we all have different thresholds for what we are comfortable sharing. It’s also extremely difficult to control our information even when we do make informed decisions, and often impossible to eradicate information that escaped our control before we realized the rules of the game had changed.
For example, I use both Amazon and Netflix, even though those services also collect personal information like my buying and viewing habits. I am trading my data (and money) for a combination of convenience and personalization. I’m less concerned with these services than Facebook since their privacy practices and policies are clearer, my information is compartmentalized within each service, and they have much more consistent and stable records.
On the other hand I have minimized my usage of Google services due to privacy concerns. Google’s reach is incredibly expansive, and despite their addition of Google Dashboard to help show some of what they record, and much clearer policies than Facebook, I’m generally uncomfortable with any single company or government having that much potential information on me. I fully understand this is a somewhat emotional response.
Facebook is building a similar Internet-wide ecosystem as they expand connections to external Web sites and services. In exchange for allowing them access to your information and activities, Facebook enables new kinds of services and personalization. The question each of us must answer is if those new services and personalization options are worth the privacy tradeoff.
Deciding where to draw your own privacy lines is a very personal, complex, and even sometimes arbitrary decision. I trust Amazon and Netflix to a certain extent based on their privacy policies, even though they sometimes make mistakes (I didn’t use Amazon for years after a policy change that they later reversed). Yet I’ve limited my usage of both Google and Facebook due to general concerns (Google) or outright distrust (Facebook).
Facebook, to me, is a tool to keep me connected to friends and family I don’t interact with on a daily basis. I restrict what information it has on me, and always assume anything I do on Facebook could be public. I’m willing to trade a little privacy for the convenience of being able to stay connected with an expanded social circle. I manage Facebook privacy by not using it for anything that’s actually private.
What Kind of Facebook User Are You? After reading this far, you should have a sense of my general opinions and recommendations. But as I hope has been clear, I don’t expect everyone to follow exactly what I do – if nothing else, as someone who works in the security field, I have a large electronic bullseye on my back, so I have to be more careful than most people. In my experience, people tend to fall into a few broad categories that define how they perceive and utilize Facebook, so here are my recommendations for each category:
- Facebook-involved: If you check Facebook multiple times per day, use numerous Facebook apps, and use Facebook for more communication than email, you fall into this category. I suspect you’re unlikely to reduce your Facebook usage or tighten privacy options based on privacy concerns, so all I’d recommend is that you think about what you’re posting and try to avoid posting messages, photos, and videos that could prove embarrassing or even damaging were they to be exposed to the outside world.
- Facebook-dabbler: Perhaps you just want to read what a few friends are up to and participate in the occasional chat or game, but don’t spend much time on Facebook overall. For people in this category, I recommend dedicating a specific Web browser to Facebook, and restricting most privacy settings to friends only. Some information may leak, but as long as you assume posts might become public anyway, the damage should be limited. Using a dedicated browser or application (such as the Facebook iPhone app) will limit Facebook’s ability to track you as you visit partner sites.
- Facebook-presence: Many people, me included, use Facebook because we want to have a presence there as a way of remaining connected with other Facebook-using friends, family members, and acquaintances. People in this category mostly tend to lurk on Facebook, reading what others post, although there are some, like TidBITS Publisher Adam Engst, who treat Facebook as a publishing medium, reading little but posting regularly. For people in this category, I recommend avoiding Facebook applications and treating Facebook as an entirely public forum.
- Privacy concerned: If, upon reading this article, you’re shocked to learn about Facebook’s sketchy privacy record and you can’t imagine ever using Facebook again, I recommend deleting your account. Note that this is different from just “deactivating” your account (which is done from the Account > Settings screen). To delete your account, you must, while logged in, visit a special link, and then avoid logging in to check if the deletion worked for 14 days. See the full instructions on wikiHow. Deleting your account removes nearly all of your data, although some remnants (like comments), marked as anonymous, may still linger in your friends accounts.
Could There Be a Facebook Alternative? In a parallel universe, we would be having this conversation about MySpace, not Facebook. The Internet is a fickle, fast-moving place where today’s winners can be tomorrow’s losers. And nothing says those winners or losers need to be private corporations.
Wired’s Ryan Singel has suggested that instead of a single company dominating the social networking space, the tech community could create open protocols that would provide much the same capabilities as Facebook without the privacy concerns. Days later, after being mentioned in the New York Times, one potential Facebook alternative – Diaspora – raised over $115,000 to build an open social networking platform, driven by the latest Facebook privacy concerns.
So far, social networking has been the exclusive domain of private organizations like Facebook, Twitter, and MySpace, in large part due to the massive infrastructure required to maintain them. But these systems are all closed silos, often with overlapping functionality, and that fact opens the door for open, standards-based alternatives to glue the services together, or replace them entirely. I don’t mean to minimize the challenges, but the deeper Facebook mires itself in self-inflicted controversy, the greater the opportunities for upstarts.
This is the most comprehensive guide I've seen so far. Fantastic work people.
Rich, I'm not sure I agree with your expectations or (lack of) recommendations for the "Facebook-involved". There is no reason you cannot send LOLcats and surveys to Googols of friends without putting your Facebook profile sanitized of deeply personal information. Think positive! ;)
Huh? The grammar in this comment make it hard to understand! Care to elaborate??
Chris is making a series of in-jokes.
I think you should flesh out the "publisher" category. For the last couple years, I have treated FB as WORN: Write Once, Read Never. I had my Twitter and blog posts go to Facebook automatically, and generally only visited when Amy told me about something interesting (mostly pictures) a friend had posted, or to accept friend requests.
After their latest spasm of privacy and trust violations, I disabled those feeds -- I don't want Facebook to get any more of my content, even stuff that's already public elsewhere. Photos from parties I now put on Flickr, rather than Facebook.
This afternoon I advised a writer friend to do the same -- Facebook is an important marketing avenue for her, but not somewhere she wants to spend time.
I'm not sure I understand - if Facebook is an important marketing avenue for your friend, why would you recommend she delete her account, rather than treat it as WORN (cute abbreviation)?
If you intend something to be public, and particularly if you're intending for it to be used for marketing purposes, I can't see anything really wrong with posting on Facebook, as long as it's useful for the intended goal.
Damned if I can figure out (a) how CNN found out I hav a Facebook account and (b) how to de-link them.
Trying to click on the CNN disassociate link has produced No Effect. Ain't that illegal?
Nothing on Facebook is illegal.
Thanks for the informative post Rich.
This is another useful page on blocking the Facebook applications Yelp, Pandora, and Docs--all of which can access your information unless you follow the convoluted path to block them.
This is the first article I have seen that takes one step by step through the process of checking personal settings on Facebook, and what the consequences for each choice are. The only way to improve it would be to add an easy e-mail link at the top so I can send this to all my friends with little effort!
We used to have a way to share an article through email and many other methods - and found that they were essentially never used! You'll have to copy and paste the URL.
I am off right now to copy-and-paste this... to my Facebook wall! Oh, but first I have to make s site-specific browser for FB... great tip, that!
The only real way to protect yourself on Facebook is not to use it. I hate to say it, but that is the fact. Facebook has made so many changes to their privacy settings and policies just in the last couple of years that it takes someone like Rich to trawl the settings and tell people "well, yeah, it can be safe if you navigate the 597 different settings just right."
My profile still exists because FB is the only contact I have with some people, but there is *nothing* there.
The New York Times has a wonderful graphic that illustrates this complexity.
A new tool to help in managing Facebook privacy settings : http://www.reclaimprivacy.org/
Both Rich and I tried this tool yesterday while we were doing final editing on the article, and although it seems like a good thing, it didn't really perform very reliably, so we decided not to mention it. For instance, I set all my Contact Info settings to Everyone and re-ran the scanner, and it still claimed everything was good. So if it warns you about a problem, I'd look into it, but I wouldn't necessarily trust that its good rating is accurate.
FWIW, looks like page reload fixes some of these problems. Could be a Safari interaction?
It's still reporting incorrectly when I have lots of contact information set to Everyone here, even after a page reload and waiting some time. This is in Firefox, not Safari.
For those having trouble imagining how others could act differently than you do on Facebook, I'd encourage you to read this article I wrote years ago on "threat models" - basically, the individual pie charts we all have of things we worry about.
I've always avoided Facebook because I was suspicious of the 'privacy' aspect but this was more of a gut feeling than factual knowledge. Now I know my gut feelings were spot on. Thanks!
Great article, thanks! I have kept away from FB for the exact same reasons as everybody else but lately started using it exclusively to run a fan-page, which make sense seen from a marketing perspective.
However, I wanted to download Fluid. But the downloaded archive doesn't work for me, I tried downloading from various locations with various browsers. I get an OS-error when trying to expand after what seems to be a too abruptly ended download procedure.
About dedicated browsers---when I first started using Fluid, I realized that if I was logged in via a Fluid SSB, I was also logged in to it in NetNewsWire, because apparently all WebKit browsers share the same cookies? (The Fluid dev has a good explanation somewhere).
Anyhow, I think that would affect FB, right? I feel safe, because I use Fluid for FB and Firefox for general browsing, and mostly visit small sites in NNW, but am not sure using Safari and Fluid would be as disassociated.
Off-topic but tangentially related: the TidBits remember-my-email feature isn't very convenient for people who like to keep these things separated. I think TB just saved my email cookie on my phone where I check the email I use for public online activity, not in NNW where I comment, and I'm going to have to approve it again. Maybe I'm wrong.
Sorry--testing--I just verified self in Safari, so unless I post again to retract, Safari 4.0.4 does share cookies with NNW, because this comment showed up immediately. If someone could explain how that works and whether it affects FB privacy, it'd be appreciated. And I forgot to say thanks for the excellent article!
For now, we're using a browser cookie to store not email but identity. We're moving towards a subscription system in which you can opt to log in to be verified, too.
I received this link today and it helps to get to your privacy into one place for examination.
Please look at this and add feedback please!
I'd have to test again, but initially their tool didn't seem very accurate. See previous comments...