Skip to content
Thoughtful, detailed coverage of everything Apple for 34 years
and the TidBITS Content Network for Apple professionals
Show excerpts


We have two feature articles for you this week: security expert Rich Mogull’s extensive look at how to protect your privacy from Facebook, and guest contributor Robyn Weisman’s discussions about iPhone apps with executives from some of the largest news and entertainment companies. Also this week, Doug McLean examines Google’s search results page makeover, Adam relays the news that Apple has acknowledged iPad Wi-Fi problems, and Glenn Fleishman shares details about how our TidBITS Commenting System avoids the sort of problems that have afflicted other comment systems. Notable software releases this week include Waveboard 1.0, ShareTool 2.0, and Keyboard Maestro 4.3.

Adam Engst 7 comments

Apple Acknowledges iPad Wi-Fi Issues, Sort Of

As Glenn wrote in “Some iPad Users Suffer Wi-Fi Woes” (6 April 2010), some iPad users (including me!) have experienced problems with Wi-Fi connectivity. These problems generally revolve around unexpectedly poor Wi-Fi signal strength, frequent Wi-Fi network dropoffs, widely varying network throughput, and repeated requests for Wi-Fi network passwords for remembered networks.

Apple has quietly updated a Knowledge Base article about issues that iPads have when connecting to Wi-Fi networks. Initially, the article offered only basic suggestions, like making sure your Wi-Fi router’s firmware was up to date, and using WPA or WPA2 instead of WEP. While I’m sure using current firmware and modern encryption approaches are a good idea, they really weren’t related to most of the problems.

In the updated article, Apple now suggests that having the screen brightness at its lowest setting could be related, which sounds truly weird. However, commenter Eugen notes that common methods of dimming LEDs could result in oscillations that could interfere with other radiation, such as Wi-Fi signals. And I’ve heard from a reader that raising the screen brightness on his iPad did indeed solve his particular Wi-Fi connection problem.

Apple has also lumped the iPad DHCP flaw into this article about Wi-Fi connectivity issues, even though the two problems are almost certainly unrelated (see “Princeton University Identifies iPad DHCP Flaw,” 15 April 2010). Apple suggests renewing the DHCP lease manually, or toggling Wi-Fi off and on again, both of which should help if the iPad itself isn’t working properly, but which won’t solve the general problem of duplicate IP addresses for other devices. Princeton’s workaround is more general, and should prevent the problem from occurring.

In fact, the most heartening change to the Knowledge Base article is this sentence at the top.

"Apple will also address remaining Wi-Fi connectivity issues with a future iPad software update."

That’s exactly what we thought would be necessary, and here’s hoping that we see iPhone OS 3.2.1 for the iPad soon, complete with fixes for both the Wi-Fi connectivity problems and the DHCP flaw.

Doug McLean 4 comments

Google Search Results Receives Makeover

Google VP Marissa Mayer has posted a note on Google’s official blog explaining the recent facelift to the search engine giant’s results pages. The most notable change is the addition of a left-hand sidebar that combines three of Google’s longstanding search technologies: Universal Search, which displays multiple kinds of search results such as Web pages, images, and videos on a single page; the Search Options sidebar, which enables users to filter search
results with refined criteria; and Google Squared, which synthesizes information scattered across multiple sites into an accessible spreadsheet-like format.

Now, every Google search is framed as a starting point from which the features in the new sidebar can then help you zero in on what you’re looking for. Google’s standard search experience, the Universal Search “Everything” view, remains the default, presenting a page of mixed results types. But you can now easily restrict results to one of the available categories, including books, images, videos, maps, news, shopping, blogs, updates, and discussions. Plus, the more-accessible Search Options make it easy to restrict even those results further, for example, by date, video length, image size, and more. Then there are different views – Related Searches, Wonder Wheel, and Timeline – and additional options that let you do things like prefer
sites with images, ask for more or fewer shopping sites, display page previews, and get translated results.

Mayer also notes that Google has slightly tweaked the logo and color palette to the effect of, “keeping our page minimalist and whimsical, but make our overall look more modern.” I can’t say that I would have noticed any color or logo change on my own, but there is something fresh about the page’s look. It should be mentioned, however, that Google’s main splash page maintains its basic look and gives no hint as to the changes made on the search results page.

Now, if you’re thinking that some of these features sound similar to those on Microsoft’s Bing search engine, you’re not alone. A brief search for Tchaikovsky (I wrote this on the composer’s birthday!) highlights the similarities between the two search results pages.

Microsoft’s 2009 foray into Internet search garnered attention largely due to its sidebar (one of Bing’s early ad campaigns suggested the service could cure users of “Search Overload Syndrome” – alluding to the undifferentiated mass of search results you might get by using Google). And given Bing’s impact on the search market, it’s not all that surprising to see Google taking some of the same approaches (just as, to be fair, Bing did with Google to start).

According to the analytics site Hitwise, in April 2010, Bing’s search market share stood at 9.43 percent; Google’s was 71.4 percent. Yet while Google dominates the overall search statistics (and in fact gained 2 percent in April, while Bing fell by 2 percent), Bing has made gains over the past year in searches in particular vertical markets such as Automotive (a 95-percent year-over-year increase), Health (105-percent increase), Shopping (100-percent increase), and Travel (71-percent increase). So although Bing’s share of the traffic remains much smaller than Google’s, Microsoft’s search engine is gaining more in these vertical markets than in the
overall search market, perhaps due to Bing’s filtering options.

Despite the similarities, plenty of differences between the search engine interfaces remain. While both choose appropriate filter categories according to your search terms, Google is more flexible in its methodology. Even though it initially prioritizes one kind of result over another (say shopping over video for the search term “Nike shoes”), it still allows you access to the other categories via the More link.

On the other hand, Bing’s sidebar suggests more specific filter categories (such as tickets, coupons, or posters) and doesn’t enable you to choose or change those categories (though basic broader options for customizing your search remain at the top of the browser window). Bing also lacks time-based filters that let you narrow down searches by creation time.

Overall, Google’s changes are incremental improvements that will make going beyond basic searches a little faster and easier for most users. It’s hard to know if these changes will have any effect on market share, since I imagine most people don’t switch search engines often, and both do basically what’s required.

Glenn Fleishman 13 comments

Trust, But Verify: TidBITS Commenting System Succeeds

At TidBITS, we tend to talk for a long, long time about site changes before we do the work. This can be agonizing. Why can’t we just do X already, whatever X is? But there’s a big upside: we often have the whole conceptual framework in place, and it’s just a matter of a little – okay, sometime a lot of – script programming and database manipulation to bring our ideas to fruition.

That’s how we created the TidBITS Commenting System, which enables anyone to append comments to one of our articles. Adam Engst wrote about how we designed the system and how it works in “Introducing the TidBITS Commenting System” (3 July 2009).

Ten months in, we’re rather pleased about how well the TidBITS Commenting System has worked. I chose this point to take a look at comments because of a debate that’s been broiling about anonymous comments and their place on news sites.

Most notably, we require that each commenter verify himself or herself for each browser used by following a URL in an email that’s sent. That email links to a page that sets a browser cookie. (In the future, we’ll have full-fledged accounts. We’re testing the Take Control account management system now, which will eventually be extended to TidBITS readers; see “Reading Take Control Ebooks on an iPad (or iPhone or iPod touch),” 7 April 2010.)

This is in line with a general direction by media sites to require some sort of external verification, instead of allowing commenters to post without any outside-the-system check. The New York Times recently reported on this general trend, as the idea of purely anonymous commenters might be on its way out. Facebook Connect and Twitter verification have been part of that trend, too, enabling people to use a single identity to comment across multiple sites. And a change at Gawker Media blogs that instituted a stricter
commenting system caused a quick drop in comments but ended up generating more and better comments over the long run.

Some sites, of course, simply don’t allow readers to post comments at all. Our dear colleague, John Gruber, has never allowed comments on Daring Fireball, prompting a short-lived joke site called “Daring Fireball with Comments” that revealed the true horror of what could have been. (I won’t link to the site, because it’s now just a mock-up of an iPhone with a note to John thanking him for taking the joke well – and a thousand junk comments promoting exciting drugs.)

For our part, we wondered if asking people to enter and verify an email address would be too high a bar, as low as that might seem. We don’t benefit financially from additional page views of posts with comments (perhaps a few dollars per month at best), so we neither wanted to pump up comments to inflate page views artificially, nor to discourage readers.

The results have exceeded our expectations. We’re nearing 4,000 comments made across 440 articles by nearly 1,900 people – about half the articles and links we’ve published in that period. And while we certainly have our regulars, we also see that many people are willing to register in order to leave a single comment.

Some of our more popular articles have had dozens of comments, and have provoked terrific discussion that extended the articles in directions we couldn’t have imagined. For instance, Adam’s “Have We Entered a Post-Literate Technological Age?” (18 August 2009), generated 91 comments, many extremely thoughtful. But we’re happy if an article attracts only a comment or two with useful information.

We are also totally cool with being corrected when appropriate. If we misspell a word, use clunky language, cite a fact incorrectly, or rely on tortured logic, we hear about it in the comments, and we often update the article to address the problem. (Thanks for keeping the tone polite and helpful in such criticisms!)

The response to the 1,000-character limit (about 150 words) hasn’t been bad. Most people stay within the limit, and only occasionally does someone need to post a second comment to finish their thought. We’re not Twitter, but neither do we wish to encourage epics.

As administrators, we gave ourselves a few simple commands to edit or delete comments, and to ban users. A banned user could, of course, register again with a new email address, but we’ve had to ban only 30 people, or about 1.5 percent of our commenters. Most were for egregious spam, and just a couple for over-the-top inappropriate behavior. We delete comments only occasionally, and mostly when they’re no longer relevant after an update to an article (no one needs to read about a spelling mistake that was fixed), and we use an extremely light hand when editing, fixing typos if we can, or removing excess quoted material.

I’ve been running mailing lists and forums since 1990, when I had a desktop-publishing list with a staggering 1,000 worldwide subscribers (mostly in academia, but also through Internet gateways such as The WELL). In that time, I’ve never designed nor participated in any discussion or commenting system that required so little handholding.

Sure, we know that TidBITS readers are the best – you really are – but we also expected to get griefers and trolls who like to find systems to exploit. The email verification loop isn’t a big deal for people who want to make other people unhappy, but apparently that, plus some AJAX elements we built for posting, have prevented any real abuse. So far. (We also have virtual tripwires set to alert us to attacks, so hopefully we’ll be able to shut down any that do occur.)

We’re happy with what we built, although we’re still thinking about what else we can add, beyond the near-future addition of identifying messages from staff members. Once we have our account management system in place, a variety of possibilities present themselves, and we’re pondering what to do first.

So what would you like to see? As you know, your comments are welcome.

Robyn Weisman 4 comments

Talking with Giants in the iPhone App Space

Two years ago mobile phone apps were just not in my consciousness. Sure, I knew that BlackBerries could send email and that you could do that and look at photos, YouTube videos, and maps on an iPhone. But I almost couldn’t imagine having a program that could let you do anything from finding rest stops on Interstate 40 to playing Peggle on the go, let alone check Facebook and Twitter feeds.

But back when I was still pecking out the occasional text on my Motorola RAZR, many large news and entertainment companies were anticipating and developing apps for the iPhone OS. I realize TidBITS tends to focus more on small developers, so why should we care about what these corporate behemoths are doing? Apart from the sheer reach of these companies, they have a very different mindset from the small developer. With that in mind, I spoke to a number of executives at large content companies to find out what they thought about the iPhone.

What I found interesting – even surprising – about these companies is that they typically aren’t interested in devices or platforms per se, but in getting their content out to as many people as possible and making a profit in a quick yet sustainable fashion. If their market research departments were to provide statistics that, say, Windows Mobile 6.5 would provide them the best traction in the mobile space, you would see a plethora of apps for that operating system. They care about content, not technology.

That said, while many of the people I spoke with said they are selling and developing apps for other mobile platforms like Android and BlackBerry OS, all seemed to view iPhone OS apps as a crucial part of their mobile strategies. And they consider debates over open versus closed environments as mostly minutiae.

Innovation or Continuation? Videogame giants like Electronic Arts (EA) and Gameloft, networks like ESPN, CNN, and NBA Digital, and studios like Disney, Fox, and Paramount all seem to have anticipated the groundswell that was about to occur in the iPhone app space. In most cases, however, iPhone and other smartphone apps were just the latest permutation of ongoing mobile strategies that had been put in place years earlier.

For example, Gameloft released its first mobile games for Java-enabled phones almost a decade ago. According to Gonzague de Vallois, senior vice president at Gameloft, the average game back then took up a mere 300 KB. In contrast, the iPhone app version of the card game UNO weighs in at 72.5 MB and the racing simulator Driver is a hefty 405 MB. Similarly, Disney began its efforts in mobile content as a launch partner of
Japanese mobile provider NTT DoCoMo in 1999 and soon after expanded its development and publishing of games, ringtones, and graphics to mobile carriers worldwide, explained Stephen Saiz, director of marketing – digital publishing at Disney Interactive Studios.

And at ESPN mobile apps have been in the company’s DNA since the days of the Newton, when the network sent game scores to pagers via its Sportstrack application, said John Zehr, senior vice president and general manager at ESPN Mobile. “Getting scores is a fundamental function for sports fans to be able to do wherever they are, so that’s been our primary motivation. We’ve been doing mobile phone content since 1999 on some of the first data-enabled cell phones and [PDAs] like the Palm VII.”

Transforming the Mobile Marketplace — Despite this long history, the App Store has transformed app delivery because it has made it easy to discover new applications, Zehr added. “Irrespective of the iPhone, we’d be developing [mobile apps], but until now the biggest challenge was always getting people to figure out how to get them,” he said. “And it cuts both ways. People can review your apps and give feedback right in the App Store, which helps drive our product roadmap and helps us develop products that appeal to their needs.”

Louis Gump, vice president of CNN Mobile, concurred that the App Store has broken down obstacles to app adoption on smartphones in general by providing a central place for customers to browse and buy apps, and by simplifying the process of searching for and buying apps. “The App Store addressed all of these things at the same time. It wasn’t iterative. It was revolutionary,” Gump said.

As a result, the iPhone as a device and the App Store as a marketplace for mobile devices have collectively transformed consumer expectations. “People now expect wireless data. You used to run into a lot of people who’d say, ‘All I want is a phone I can make a phone call on.’ Now if I walk into a room of professionals and ask how many have browsed the mobile Web in the last 30 days, it’s almost everybody. If you ask how many have a smartphone, it’s almost everybody as well,” Gump observed. “So it isn’t just about the iPhone and App Store users, although there are millions of those. It’s about fundamentally changing the marketplace, and what that means is that consumers are going to get a lot of content they never could before.”

The New Gaming Platform — Game makers like Gameloft and EA recognized the iPhone’s (and iPod touch’s) potential as a gaming device early on. Adam Sussman, EA vice president of publishing, said, “We recognized that the iPhone had key factors that we knew would make it successful: a great device, robust platform, and intuitive merchandising experience. We also saw that the iPhone had properties that lent themselves to amazing gameplay, including the multi-touch screen, the accelerometer, and easy discovery process of apps. So our strategy was simply to make games that took advantage of the features of the iPhone, and reach wider audiences as a result”.

Gameloft’s de Vallois noted the iPhone has enabled his company to deliver types of games that weren’t previously possible due to device limitations. “It’s the difference between being given a piece of paper or a massive canvas to paint on. The scope of what you can create is unlimited given the right device to deliver it on. The iPhone has pushed the wireless space into a whole other level. It’s great for publishers because we are able to create beautiful-looking games and the consumers get a rich gaming experience that is becoming more competitive with console games,” he said.

de Vallois acknowledged that many console gamers have the perception that hardcore games and mobile devices don’t mix, but doesn’t think it has to be that way. “This may have been true in the past, but is no longer the case,” he said, citing N.O.V.A., Gameloft’s late-2009 first person shooter game that has garnered acclaim from general gaming Web sites, including IGN and Kotaku.

Both Gameloft and EA have done well since the launch of the App Store. According to de Vallois, iPhone games accounted for about 14 percent of Gameloft’s sales in 2009 – about $17 million. At this writing, 6 of the 50 top-grossing apps in the App Store were EA games. Interestingly, among the highest ranked of these 6 apps were evergreen brands that EA has licensed from Hasbro, like Monopoly, Scrabble, and The Game of Life, all of which are digital versions of old-fashioned board games. EA’s Sussman mentioned that EA and Hasbro entered into a multi-year licensing agreement in 2007 to create digital games based on Hasbro’s intellectual property.

de Vallois said that licensed games accounted for 37 percent of Gameloft’s revenues during the first nine months of 2009. “It’s a decent chunk, so these partnerships play a key role. We are fortunate to have a great relationship with Ubisoft and continue to have the first right of refusal to their licenses. We also have partnered with every major film studio and have proven that the mobile game can complement a film and bring added value to the studio’s overall marketing strategy,” he pointed out. These partnerships have led to games like Tom Clancy’s
(a Ubisoft property) and James Cameron’s Avatar, among others.

Evolving Price and Business Models — The greatest challenge for large developers (or any developer hoping to profit from iPhone apps) may be pricing. Go to the iTunes page of most any paid app, and you’ll read at least one review complaining the price is too high. And developers have responded. Back in 2008, EA charged notably higher prices for games like Scrabble and Tetris, as did Gameloft for Brain Challenge, among other examples.

When Disney Interactive Studios started developing apps for the iPhone, its initial strategy was to expand and test the new platform to evaluate the opportunity. “In the beginning, we applied some resources to bring a few premium games to market, along with a Safari-optimized mobile Web site,” Saiz explained. “The majority of our product is premium or has premium components, [but] our Disney app is free. Since we offer a wide array of quality entertainment within the Disney app, we have attracted a significant user base that we can now cross promote our premium apps

According to EA’s Sussman, the game itself determines its pricing. “Such criteria as genre, game structure, gameplay, and marketplace conditions are just a few considerations that we take into account when pricing games. We also take into consideration whether the game offers additional content to purchase within the game, such as more episodes, more songs, or game enhancements,” he said. “Many of our games are well known, such as Madden NFL, Monopoly, and Rock Band, although we use free versions to generate awareness for titles that lack immediate brand recognition.”

ESPN’s Zehr said its ESPN ScoreCenter iPhone app is free because the network is monetized primarily through advertising sales. “It’s important to have that reach and have our brand in front of people’s eyes via push notifications and alerts via SMS, to drive people to watch our TV product, which is by far our biggest source of revenue and biggest part of our business,” Zehr said. “In other words, if someone gets a scoring alert that tells [him or her] a game is close or in overtime, [he or she] is more likely to watch the [rest of the] game on one of our stations.”

In contrast, CNN views mobile content as a business first and foremost, said CNN’s Gump. “Mobile is a great business opportunity to reach millions of consumers. We think that if you look out over the next five to ten years, the companies that do not build sustainable mobile business models will not be able to invest in their news gathering in the future.”

According to Gump, advertising plays an important role in CNN’s mobile revenue mix, but the company believes a dual-revenue stream, where users pay a modest price for its CNN Mobile app in addition to the advertising, will carry it. CNN’s decision to go with a paid app does increase pressure on the company to build a great app. “If it’s a ‘me-too’ app, people aren’t going to pay, but if you differentiate it, people will find it valuable and say, ‘I spend more than [$1.99] on a cup of coffee; of course, I’ll buy it,'” Gump said.

At the same time, Gump surmised experimentation will continue among competing news organizations to find the right balance, such as the Wall Street Journal’s model of offering the free WSJ app while requiring users to pay to subscribe for its content. “I wouldn’t be surprised if a lot of these models converged,” he said. However, Gump noted that many of his counterparts offering free applications aren’t getting the revenues that they had hoped for, and he expects to see more paid apps in the future.

The iPad and Beyond — This move toward an increased emphasis on paid apps seems to be accelerating with the release of the iPad. EA and Gameloft, among other gaming developers, have released iPad versions of several games that are priced higher than their iPhone versions. For example, Scrabble for iPad costs $9.99, double the price of its iPhone version (and, incidentally, the same amount that EA charged for the iPhone version back in 2008). ScoreCenter XL, ESPN’s iPad version of its free ScoreCenter app, is priced at $4.99. And the iPad version of PopCap’s Plants vs. Zombies HD for iPad will set you back $9.99, $7 more than the iPhone version (although it’s so addictive it should be registered as a controlled substance).

It’s not yet clear if higher iPad prices will take hold across the board. Distimo, a Dutch analytics firm, put out a report stating that, on average, iPad apps cost only about a dollar more ($4.67 versus $3.82) than iPhone apps – although these are averages for all apps in either category, rather than a comparison of iPhone and iPad versions of the same app.

Given that Apple sold over 1 million iPads in the first month, the iPad stands to impact the mobile app space even more than the iPhone did, especially if it does indeed herald a fundamental change in how we use computers. And it will be interesting to see how prices evolve as the iPad continues to gain traction. Will iPad customers agree that the iPad’s larger screen justifies a higher price, or will we see iPad app prices drop down to iPhone app levels as time goes on?

Either way, it’s a safe bet that the major news and entertainment companies will have apps for us to buy, and one way or another, they’ll be making money on them.

Rich Mogull 27 comments

How to Protect Your Privacy from Facebook

Claiming over 400 million users, Facebook is the dominant social networking service on the Internet, uniting families, school friends past and present, and international political movements. Facebook started as a restricted social networking site for college students back in 2004, before opening up in 2006 and taking over from competitors such as MySpace. Facebook has since morphed into a behemoth of a platform with a diverse set of features, such as real-time multiplayer gaming, online chat, retail operations, event management, and thousands of small applications. From sending birthday cards to trading “flair,” Facebook seems to have it all.

Facebook is the one place online I can connect with my mother, hometown friends I haven’t seen in 20 years, my 15-year-old niece, professional colleagues, and random folks I’ve met in my international travels.

But as wonderful as Facebook may be at helping us keep in touch with both current social circles and long-lost friends, such convenience comes at a cost. Despite housing what many of us might consider extremely private communications and information – such as family photos – Facebook consistently demonstrates a complete disregard for personal privacy.

Thanks to Facebook’s complex, ever-changing set of privacy-related options, protecting your privacy on – and from – Facebook is essentially impossible. But by understanding how Facebook’s privacy settings currently work, and by following my Three Golden Rules of Facebook Privacy, you can both control what the world knows about you and be prepared for future privacy changes.

Concerns About Facebook’s Privacy Policies — Privacy on Facebook wasn’t considered much of an issue until a major change in 2007 that led to a large amount of negative press, a massive number of user complaints, and a successful class action lawsuit (successful for the lawyers, who made millions, although the 19 plaintiffs shared only a total of $41,500).

In November 2007, Facebook launched a feature called “Beacon” in cooperation with 44 external partners, including Blockbuster, Hotwire, and eBay. Beacon would update your Facebook status with your activities on these partner Web sites, such as letting everyone know you just bought movie tickets from Fandango, or reserved a hotel room using Hotwire. Beacon was activated by default for all users, and although you could opt out, one security researcher reported that the information was still being shared between the partners and Facebook. As you can imagine, more than a few users were angered at such personal information being revealed without their permission. As part of the
settlement, Facebook shut Beacon down in September 2009.

Since then, Facebook has faced a myriad of privacy issues, recently making headlines for both changing their existing privacy policy and practices and launching a new program called Instant Personalization to embed Facebook on any Web site or online service.

One of the most dramatic demonstrations of these changes and the erosion of privacy over time is a wonderful visualization compiled by Matt McKeon that shows the changes in Facebook’s default privacy settings.

Concerns about privacy on Facebook are justified for four reasons:

  • Facebook’s privacy policy allows the company to make changes at any time, and to apply such changes retroactively to your existing data on the service. Technically, Facebook only needs to post these changes on the privacy policy and governance pages, which few people ever see. This isn’t uncommon with online services, although organizations that are more privacy conscious won’t apply changes retroactively.
  • Facebook has a history of changing privacy policies and practices, during which they change user privacy settings and often reveal information previously considered private. For example, in recently launching their Connections feature, Facebook made it impossible to control who sees your profile information.
  • Facebook’s privacy options are difficult to navigate, confusing many users who don’t realize what information they are sharing. The settings also tend to default to sharing information instead of protecting it. For example, any Facebook application you install, even those simple ones that do little more than send a friend an animated message, technically may gain ongoing access to all of your profile, activity, and friend information.
  • Facebook’s CEO, Mark Zuckerberg, has stated publicly that he believes social norms around privacy have changed and people prefer more information to be public. In a controversial Twitter post by a New York Times reporter, an anonymous Facebook employee claimed Zuckerberg “doesn’t care about privacy”.

These aren’t idle concerns; there is a demonstrable history of Facebook changing the service to reveal user information previously considered private, often to third parties.

Three Golden Rules of Facebook Privacy — As someone who enjoys the value of social networking but still prefers to maintain my personal privacy, I’ve developed three rules I recommend for anyone using Facebook:

  1. Assume anything posted on Facebook is public. Forever. Since Facebook retains the right to change their privacy settings retroactively and has done this more than once in the past, I find it best to assume anything I do in Facebook could someday become public. And since we’re talking about the Internet here, I assume any such information would stay public forever. As such, I don’t put anything on Facebook I wouldn’t want the world to see. This includes any profile information, photos, messages, wall posts, and all other activity. I assume this information is not only public, but is being shared privately to third parties without my knowledge or consent.
  2. Review and update your privacy settings regularly, and after every application you install. As Facebook updates their service, they may change privacy settings. I try to review these every month or so. While I don’t generally install any Facebook applications (since they gain access to all of my information), for those of you who do, I suggest you check your application privacy settings (discussed below) after installing new applications.
  3. Use a dedicated Web browser for Facebook. Due to how Web browsers work, it is possible that your activities on Facebook or on another site could bleed into each other. This could be due to a security flaw, or it could happen by design, such as when advertising networks track your Internet activity with cookies, Flash, and other techniques. Using a dedicated Web browser isolates Facebook, keeping it (and third party applications) from interacting with other sites. There are lots of Web browsers for the Mac, including Firefox, Camino, OmniWeb, and Opera, or you could create a site-specific browser instance for Facebook using a tool like Fluid.

I’ve purposely highlighted actions you can take no matter how Facebook may change in the future. Since both Facebook’s policies and features change over time, I prefer to use these general principles rather than relying on current functionality.

But if you read between the lines, you’ll notice one key point:

There is no such thing as privacy on Facebook.

Managing Facebook’s Privacy Settings — Facebook’s privacy settings can be difficult to navigate, and since they are currently undergoing changes, I’ll concentrate on key areas to focus on rather than try to run through all the specific options.

First, you need to understand Facebook’s basic access groups, which are available as options in most of the privacy settings. I’m giving these in the opposite order from Facebook; the original order (from least private to most private) discourages restricting access.

  • Custom: Enables you to restrict information so only you can see it, or to build a list of people who can see your information. This is the most restrictive option, but requires the most effort.
  • Friends: Only your Facebook friends. Remember that you probably don’t know many of the people you are “friends” with on Facebook very well, so even this setting may reveal more than you want.
  • Friends of Friends: All of your friends, plus any of their immediate friends. This is restricted to one degree of separation, although some of you may still find yourself connected to Kevin Bacon.
  • Friends and Networks: Both your Facebook friends and anyone else who is in the same networks you’re in. Since networks are generally related to institutions like schools, this setting reveals information to a lot of people you don’t know.
  • Everyone: Open to the entire Internet. This includes all Facebook users, and may include Facebook partners and search engines (although Facebook tends to restrict search engines for competitive reasons).

Currently, all user-manageable privacy settings are located in your Account area under Privacy Settings. These are roughly clumped together based on the different kinds of information and activities supported by Facebook. Although they change over time, the groupings are fairly stable.

As we walk through these, keep in mind that my privacy concerns may differ from yours. While much of my life is online and public, there are aspects I prefer to maintain control over. This does limit my ability to use many of the features of a service like Facebook (and most of Google). It’s a personal decision you need to make for yourself, and since it’s harder to control your privacy than to open it up, this article errs on the side of showing you how best to restrict access to your information.

Profile Information — This is where you control your basic profile information (interests, birthday, religious views, family and relationship status, education, and so on), who can see and respond to your posts, post on your wall, view photo albums, and more. I tend to restrict all these areas to Friends since I use Facebook only for direct friends and family, but you might choose more liberal settings if you use Facebook as a public service along the lines of Twitter.

Keep in mind that with Facebook’s new Connections feature, much of your profile information – employer, education, and so on – is public if you enable those pages. There is no way to keep this information private, so I deleted all of those pages. You manage them in the Connections page I discuss below. To be honest, I probably deleted them out of spite since all of that information is in my corporate bio on my company’s Web site.

My main recommendation is to think carefully about which profile information should be public (you might want to keep your religious views private, for example), if your posts should be public, and if you want your photos to be public. These tend to be the areas people are most concerned with.

For example, I’m okay with my friends viewing the few photos I post of my young daughter, but I prefer that they not be viewed by passing strangers. Although I assume that could be possible some day (following my first rule), that awareness doesn’t mean I don’t make an effort to restrict access now. I also leave my profile photo public to help friends find me, not that many people share my name.

Contact Information — This section enables you to control how people contact you, and which of your contact information is public. My recommendation here is to avoid even filling out any contact information you want to keep private, such as phone numbers or physical addresses. I use a dedicated email address for Facebook and list my company Web site, but I don’t provide any other information. My work and TidBITS email addresses are totally public, but since I largely separate work from Facebook I don’t see any reason to link those. This helps me keep my personal and professional communications a little separate, and isn’t a privacy concern for me.

Since I want friends from the past to be able to find me, I do allow everyone to send me a message or add me as a friend (Facebook always prompts you to accept friend invitations, so that setting doesn’t automatically enable anyone to be your friend without your confirmation).

Friends, Tags, and Connections — This is a newer area containing profile information that has migrated to Facebook Connections, as well as who can see who you are friends with. It won’t surprise you to know that I restrict these to my Friends, and that I deleted all of my Connections pages, since those are always public.

Applications and Websites — This section controls how applications and partner Web sites interact with your information, and what information your friends can share about you.

The thing to remember is that, at this point, any application you use – and thus authorize – has full access to your entire profile, much of your activity information, and possibly all of your friends’ profiles. Facebook has stated they plan to offer more granularity on a per-application basis, but for right now any application has full access or no access.

Think about it. Any time someone asks you to accept a piece of flair, sends you a hug, or asks to play a round of checkers, if you accept, you have just granted the developer of that application access to all of your information and that of your friends. Personally, I do not use any applications beyond the core ones built into Facebook. If you have used applications and want to cut them off to any new data, you can block them via a link inside the What You Share page.

One key area to update is “What your friends can share about you.” I’ve seen reports suggesting that Facebook changed everyone’s settings to allow access to everything, although my old settings didn’t change. Unless you uncheck all these options, any application or Web site a friend accesses can gain access to your information, including status updates, all your personal information, and even whether or not you are online. Creepy, isn’t it?

Facebook has also partnered with a few major Web sites, allowing them to link to your Facebook account when you visit their pages. (Worse, Facebook has shared at least some of your information with these sites already.) This allows both the site and Facebook to access your information across these boundaries and track your activity. You can disable this functionality, which is on by default, in the “Instant Personalization Pilot Program” section.

Search and Block List — The search section controls who can see your public information in search results on Facebook or authorized search engines. I leave this open, since this is exactly the basic information I want available so old friends can find me.

The Block List allows you to block specific individuals on Facebook from ever seeing any of your information, such as an ex-spouse or that grade school bully who just won’t quit.

Privacy is Personal — In the Information Age, determining what you want others to know about you isn’t always a simple decision. Aside from the potential tradeoffs of avoiding particular features or services, we all have different thresholds for what we are comfortable sharing. It’s also extremely difficult to control our information even when we do make informed decisions, and often impossible to eradicate information that escaped our control before we realized the rules of the game had changed.

For example, I use both Amazon and Netflix, even though those services also collect personal information like my buying and viewing habits. I am trading my data (and money) for a combination of convenience and personalization. I’m less concerned with these services than Facebook since their privacy practices and policies are clearer, my information is compartmentalized within each service, and they have much more consistent and stable records.

On the other hand I have minimized my usage of Google services due to privacy concerns. Google’s reach is incredibly expansive, and despite their addition of Google Dashboard to help show some of what they record, and much clearer policies than Facebook, I’m generally uncomfortable with any single company or government having that much potential information on me. I fully understand this is a somewhat emotional response.

Facebook is building a similar Internet-wide ecosystem as they expand connections to external Web sites and services. In exchange for allowing them access to your information and activities, Facebook enables new kinds of services and personalization. The question each of us must answer is if those new services and personalization options are worth the privacy tradeoff.

Deciding where to draw your own privacy lines is a very personal, complex, and even sometimes arbitrary decision. I trust Amazon and Netflix to a certain extent based on their privacy policies, even though they sometimes make mistakes (I didn’t use Amazon for years after a policy change that they later reversed). Yet I’ve limited my usage of both Google and Facebook due to general concerns (Google) or outright distrust (Facebook).

Facebook, to me, is a tool to keep me connected to friends and family I don’t interact with on a daily basis. I restrict what information it has on me, and always assume anything I do on Facebook could be public. I’m willing to trade a little privacy for the convenience of being able to stay connected with an expanded social circle. I manage Facebook privacy by not using it for anything that’s actually private.

What Kind of Facebook User Are You? After reading this far, you should have a sense of my general opinions and recommendations. But as I hope has been clear, I don’t expect everyone to follow exactly what I do – if nothing else, as someone who works in the security field, I have a large electronic bullseye on my back, so I have to be more careful than most people. In my experience, people tend to fall into a few broad categories that define how they perceive and utilize Facebook, so here are my recommendations for each category:

  • Facebook-involved: If you check Facebook multiple times per day, use numerous Facebook apps, and use Facebook for more communication than email, you fall into this category. I suspect you’re unlikely to reduce your Facebook usage or tighten privacy options based on privacy concerns, so all I’d recommend is that you think about what you’re posting and try to avoid posting messages, photos, and videos that could prove embarrassing or even damaging were they to be exposed to the outside world.
  • Facebook-dabbler: Perhaps you just want to read what a few friends are up to and participate in the occasional chat or game, but don’t spend much time on Facebook overall. For people in this category, I recommend dedicating a specific Web browser to Facebook, and restricting most privacy settings to friends only. Some information may leak, but as long as you assume posts might become public anyway, the damage should be limited. Using a dedicated browser or application (such as the Facebook iPhone app) will limit Facebook’s ability to track you as you visit partner sites.
  • Facebook-presence: Many people, me included, use Facebook because we want to have a presence there as a way of remaining connected with other Facebook-using friends, family members, and acquaintances. People in this category mostly tend to lurk on Facebook, reading what others post, although there are some, like TidBITS Publisher Adam Engst, who treat Facebook as a publishing medium, reading little but posting regularly. For people in this category, I recommend avoiding Facebook applications and treating Facebook as an entirely public forum.
  • Privacy concerned: If, upon reading this article, you’re shocked to learn about Facebook’s sketchy privacy record and you can’t imagine ever using Facebook again, I recommend deleting your account. Note that this is different from just “deactivating” your account (which is done from the Account > Settings screen). To delete your account, you must, while logged in, visit a special link, and then avoid logging in to check if the deletion worked for 14 days. See the full instructions on wikiHow. Deleting your account removes nearly all of your data, although some remnants (like comments), marked as anonymous, may still linger in your friends accounts.

Could There Be a Facebook Alternative? In a parallel universe, we would be having this conversation about MySpace, not Facebook. The Internet is a fickle, fast-moving place where today’s winners can be tomorrow’s losers. And nothing says those winners or losers need to be private corporations.

Wired’s Ryan Singel has suggested that instead of a single company dominating the social networking space, the tech community could create open protocols that would provide much the same capabilities as Facebook without the privacy concerns. Days later, after being mentioned in the New York Times, one potential Facebook alternative – Diaspora – raised over $115,000 to build an open social networking platform, driven by the latest Facebook privacy concerns.

So far, social networking has been the exclusive domain of private organizations like Facebook, Twitter, and MySpace, in large part due to the massive infrastructure required to maintain them. But these systems are all closed silos, often with overlapping functionality, and that fact opens the door for open, standards-based alternatives to glue the services together, or replace them entirely. I don’t mean to minimize the challenges, but the deeper Facebook mires itself in self-inflicted controversy, the greater the opportunities for upstarts.

In the end, you need to decide for yourself where you draw your own privacy lines in the sand, but remember any service’s privacy policy can change over time. For Facebook, the specifics of each of the privacy areas I describe above may change, but my general recommendations will likely last for years to come.

TidBITS Staff No comments

TidBITS Watchlist: Notable Software Updates for 17 May 2010

Waveboard 1.0 — Although we’ve stopped using Google Wave (see “Why Google Wave Needs a Major Overhaul,” 11 March 2010), those who haven’t given up on Google’s flawed next-generation Internet communication and collaboration service would do well to check out the first official release of Dirk Holtwick’s Google Wave client Waveboard. Based on WebKit, Waveboard is essentially an enhanced Web browser that’s dedicated to Google Wave. Useful enhancements include various notification methods that alert you to changes in your waves, integration with Google Gears for drag-and-drop file uploads, Mac-like keyboard shortcuts,
and more. The base version of Waveboard is free, but the €12 Waveboard Pro adds more-detailed notifications and the capability to save and print waves. For a description of Waveboard’s capabilities, see “Catch a Google Wave with Waveboard,” 30 October 2009. (Free/€12 new, 4.9 MB)

Read/post comments about Waveboard 1.0.

ShareTool 2.0 — Yazsoft has released a major upgrade to its secure Bonjour remote networking utility ShareTool, which enables users to access local resources over the Internet. While similar to Apple’s Back to My Mac service, ShareTool also enables users to print to local printers and use iTunes Music Sharing, iPhoto Sharing, and SFTP, in addition to basic file and screen sharing. (And, of course, it doesn’t require a MobileMe account.) Major changes in ShareTool 2.0 include support for connecting to multiple networks simultaneously, the capability to save login information to the Keychain, and improved security, performance, and reliability. The
latest version also adds transparent SOCKS/HTTPS proxy support, doesn’t require users to remember IP addresses or port numbers, introduces on-the-fly compression for improved performance, and ensures secure Wi-Fi hotspot Web browsing. ($15 new per computer, free upgrade for users who have purchased in the past month, 9.3 MB)

Read/post comments about ShareTool 2.0.

Keyboard Maestro 4.3 — Stairways Software has released Keyboard Maestro 4.3, a notable update to the company’s essential macro software. New in 4.3 are “device triggers” that can activate macros based on actions from modifier keys, mouse buttons, and programmable keyboards. Other changes enhance Keyboard Maestro’s AppleScript integration, so results of AppleScript (and shell) scripts can now be typed or pasted into the current selection. Plus, although AppleScript scripts no longer lock up the Keyboard Maestro engine while executing, they also no longer allow user interaction without help from another application (like System Events). The update also fixes a few
obscure bugs, such as one that could cause a crash if you deleted a named clipboard while editing the clipboard’s name. Full release notes are available. ($36 new, free update, 9.1 MB)

Read/post comments about Keyboard Maestro 4.3.

TidBITS Staff No comments

ExtraBITS for 17 May 2010

This week’s reading was eclectic, including news of Google Voice being opened up to students, Apple starting a MobileMe Mail beta, the lost iPhone prototype story getting ever weirder, Apple confirming (through court documents) AT&T’s iPhone exclusivity, an explanation of why the C4 programmer’s conference won’t be held this year, and advice on how to reduce iPad 3G data usage.

Google Voice for Every Student — Google has announced it is extending the availability of its Google Voice telephony service to anyone in possession of a .edu email address (previously, Google Voice was available only through elusive invitations). Google Voice offers features such perks as free text messaging, low international calling rates, SMS-to-email, and voicemail-to-text transcriptions, all of which could be particularly useful to peripatetic students. To sign up, simply send a request to Google from the linked page using your educational email address, and an invitation will be sent to you within 24 hours. Google Voice is currently
available only to people in the United States.

Read/post comments

Apple Unveils MobileMe Mail Beta — Apple has announced a beta update to its Web-based mail service, MobileMe Mail. The beta offers widescreen and compact views, single-click archiving, a message formatting toolbar, increased security via SSL, server-based rules, and overall improved performance. The beta is open to all MobileMe users and you can switch back at any time. To sign up, log in to MobileMe and click the “Request An Invitation” link in the lower-left corner of the page.

Read/post comments

Lost iPhone Prototype Story Turns Into Soap Opera — The story of the lost iPhone prototype purchased by Gizmodo for $5,000 (with more promised, it turns out!) just keeps getting weirder. Wired reports on how the police recovered some of the evidence in the case after Apple’s director of information security received a tip from a roommate of the guy who found the phone and claimed he wasn’t able to contact Apple. Most amusing is that Gizmodo may have generated vast traffic based on its scoop, but the subsequent story has bolstered the traffic of every other publication reporting on the case.

Read/post comments

Five Year Apple-AT&T iPhone Deal Confirmed — Engadget explains how documents revealed in an ongoing class-action lawsuit against Apple confirm that Apple and AT&T signed an exclusive five-year deal for AT&T to act as the U.S. carrier for the iPhone, starting in 2007. But contracts are easily broken or renegotiated – is the deal still in place?

Read/post comments

C4 Programmers Conference Falls to Apple Tool Monoculture — Jonathan “Wolf” Rentzsch has announced that he won’t be organizing the C4 conference for independent Mac developers this year, citing both the change in Apple’s iPhone Developer Program License Agreement that bans apps built with third-party tools and the fact that the change didn’t elicit much complaint from the developer community. The latter reason indicated that his interests overlapped less with those of the Apple developer community than he had hoped, eliminating his enthusiasm for organizing the conference.

Read/post comments

Strategies for Using Less Data on a 3G iPad — TidBITS editor Glenn Fleishman offers strategies over at Macworld for how to cope with just 250 MB of cellular data a month on a 3G iPad when using AT&T’s less expensive service plan. The advice is also worthwhile for non-U.S. plans that either have monthly usage caps or throttle to a lower speed after a preset monthly limit is passed.

Read/post comments