Facebook’s new privacy controls are really about publicity

Facebook recently published a new privacy policy which, on the whole, is an improvement over previous versions largely because it is easier to understand and gives users a better idea what Facebook does with users’ personal information. In her blog post about the new privacy controls, Ruchi Sanghvi, Facebook’s product manager for privacy, emphasizes simplicity and control over what and how much of your personal information is shared with other users and the greater Web.

Facebook has always provided extensive and granular settings that allow you to control access to your information as you see fit. Over time, however, as the site has evolved and new features have been added, these settings have become increasingly complicated. That’s why today we’re launching a new, simpler Privacy Settings page.

After completing the transition tool, you’ll be able to access this new page any time and the same way you access your privacy settings today—from the “Settings” link at the top right of every Facebook page. The new Privacy Settings page will include sections for profile information, contact information, applications and websites, and search. As always, you can block specific users, which prevents them from seeing any of your information or contacting you on Facebook.

Even the explanatory video suggests privacy controls that give you better control over the personal information you publish to your profile.

While the settings are simpler than they were before, there are two troubling developments which potentially expose users’ personal information in unexpected and unintended ways. For starters, many of the recommended privacy settings in the transition tool users are faced with when first reviewing their privacy settings are set to “Everyone” which exposes that content to all users and the greater Web. You can’t modify the settings in the recommended tool and have to edit those settings in the privacy settings page afterwards. This presents an immediate challenge because this process assumes that users will either not accept the recommended settings and/or follow up and make changes to their settings once they have completed the transition. We all know what “they” say about assumptions …

Perhaps one of the scariest aspects of the new privacy settings and controls is a category of personal information called “publicly available information”. This is personal information which is shared openly and which you have no real control over once it is in the Facebook ecosystem. The first time you really come across this category of personal information is roughly halfway through the privacy policy:

“Everyone” Privacy Setting. Information set to “everyone” is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations. The default privacy setting for certain types of information you post on Facebook is set to “everyone.” You can review and change the default settings in your privacy settings. If you delete “everyone” content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook.

Facebook Platform. As mentioned above, we do not own or operate Facebook-enhanced applications or websites. That means that when you visit Facebook-enhanced applications and websites you are making your Facebook information available to someone other than Facebook. To help those applications and sites operate, they receive publicly available information automatically when you visit them, and additional information when you formally authorize or connect your Facebook account with them. You can learn more details about which information the operators of those applications and websites can access on our About Platform page. Prior to allowing them to access any information about you, we require them to agree to terms that limit their use of your information (which you can read about in Section 9 of our Statement of Rights and Responsibilities) and we use technical measures to ensure that they only obtain authorized information. We also give you tools to control how your information is shared with them …

Facebook then lists the ways you can control disclosure of this publicly available information but, as the EFF points out in its blog post about this, these “statements are at best confusing and at worst simply untrue, and didn’t give sufficient notice to users of the changes that were announced”. What users generally don’t realise is that all profile information, regardless of their privacy settings, is made available on the Facebook Platform to developers either directly from the user’s profile or from their friends’ profiles. This means that applications you are not using in Facebook may be passing along previously hidden personal information simply because one of your friends is using the application and is connected to you.

Facebook’s general push for more publicly available personal information marks a departure from its previous emphasis on closed profiles by default. You will probably start to see reports of profiles and personal information that is suddenly exposed to the public unintentionally simply because a user completed the transition process and didn’t pay enough attention to the settings he or she is agreeing to.

Facebook has made more of an effort to educate users about their privacy through its guide but given how users tend to be oblivious of these sorts of settings and how intimidating this may well be for the average user, Facebook should not have set many of the defaults to “Everyone”.

I tend to change my position on Facebook as a good citizen on the Web from time to time but one that doesn’t really change is a degree of anxiety about how Facebook approaches personal information. It makes all the right noises about how it is protecting personal information but I am concerned that it is sacrificing meaningful control over users’ personal information in its battle with the likes of Twitter (almost certainly the catalyst for its emphasis on publicly shared posts by default). This approach to personal information also emphasizes the point that once your personal information is published onto the Web, you should regard it as out of your control and exposed to the greater public Web. That certainly seems to be the risk with personal information published to Facebook.

There are a couple excellent commentaries and posts about Facebook’s new privacy controls. I have bookmarked a couple of them on Delicious. The highlights, for me at least, are the post by the EFF and the guide by the ACLU below:

I highly recommend you read these commentaries if you are concerned about your privacy on Facebook.

Update: Here is an interesting perspective on privacy in the context of Google and Facebook. Worth reading.

Published by Paul Jacobson

Enthusiast, writer, Happiness Engineer at @automattic. I take photos too. Passionate about my wife, Gina and #proudDad.

%d bloggers like this: