Facebook's Privacy Erosion

Facebook is the world's most popular social networking website and has attracted over 400 million active users in only 6 years. For quite a while it appeared to be a very safe place to put information to share with friends, without having to worry about the general public seeing it, unlike Myspace which has dropped it's members significantly since 2007. In the last 9 months though, the sugar coating has started to drop off and more and more people are leaving the service. In the last week, high profile tech broadcaster Leo Laporte deleted his Facebook account live on air during his 'This Week in Google' show to make a point that he did not wish to encourage people to use the service. A Sydney teenager was allegedly murdered after she met a stranger who she met on, you guessed it Facebook. So why has Facebook lost its popularity over the last 18 months? The key here is privacy!

When Facebook was first made fully public to people outside of universities, it was marketed as the safe place to share photos, videos, and other communications online with your friends and family. Myspace, which was king of the social networks at the time generally made your profile public by default and was full of nasty HTML comments and hacks and spam and therefore people moved to Facebook because they believed it was generally safer, cleaner and private. This business model was chugging along nicely until Twitter came along. Twitter offered a way for people to spread small bite size chunks of information to a large group of people in real time and because it was publicly searchable, it was able to be indexed by search engines including Google and Bing and this eventually leads to Twitter making more money. Facebook was not able to achieve this because of the private nature of the content, Google and Bing were not able to index it and that monetising opportunity was lost. Facebook originally introduced Fan Pages, a place which was publicly available to search engines, where businesses could set up their presence on Facebook to connect with their users and feed them information. Throughout 2008, Twitter continued to become popular and so to combat the people who were moving to Twitter in 2009, Facebook updated their news stream to become a live stream which works almost identically to Twitter, except it can contain application updates, page and group announcements and photos/videos too rather than just 140 characters of text. This, although it was a massive rip off of Twitter and annoyed many Facebook people who were now getting updates about who was becoming friends with who and who was joining which groups didn't actually affect the privacy of anyone's profile information.

How Facebook's Privacy Has Eroded Over The Years

In 2007, the erosion of privacy within the Facebook network started to occur. It started off slowly, but by 2009, had increased quite rapidly. First, in June 2007 Facebook introduced Applications which are all those games and other applications that you often see all over people's walls like Farmville and Vampires etc. The privacy issue with these applications is that the developer of these applications can actually see information from your profile and use it in your application if you add that add to your profile (adding an application gives the application permission to view certain aspects of your profile). While this is quite concerning, it's very much opt-in, because if you do not add any applications, you'd think you would be secure from this problem. The privacy issue here, is that by default, if your friends decide to join an application (even if you've never added it or plan to use it), then the following information is shared with that application: Your Name, Profile Picture, Gender, Connections (Likes and Interests), Status Updates, Online Presence, Website, Family and Relationship Status, Videos, Links, Notes, Pictures, Photos You're Tagged In, About Me Section, Birthday and any other sections on your profile you've made public. All of this is made available to that application without you signing up for it to be shared, simply because your friend uses an application. You do have the ability to block access to some of this information, but not by default! So already you have a large amount of application developers with access to your personal information which you planned to only share with your friends and family. Lets continue to see who else was slowly allowed access to your information throughout 2007.

Facebook Beacon was launched in November 2007 and was a part of Facebook's advertisement system which allowed you to visit "partner" websites such as Blockbuster.com, NYTimes.com and eBay.com and actions which you performed on that website would be published to your Facebook profile. Personally this sounds quite creepy and for the first month, this system worked without having to ask for user permission to post to your wall and also forced upon users without a way to opt-out. So your friends could see every purchase you made on eBay or every article you commented on from the New York Times and you didn't have a choice about it. By the end of November, Facebook was forced to ask users for permission to post their activities from these partner websites and on December 5 2007, they were forced to provide a way to turn the system off completely. Facebook Beacon would continue to become a source of controversy and also paved the way for a class action lawsuit against Facebook and some of it's "partners" in 2008. Facebook Beacon was shut down in October 2009. So a win for privacy, but don't worry, Facebook hasn't given up so easily - let us continue to 2009 and the introduction of Posts by Everyone!

Between June and August 2009, Facebook updated it's Publisher and search facilities. While the Publisher (the control you use to update your status and attach, photos, videos and links to your wall) used to publish everything either privately or publicly (depending on your profile settings), it could now allow you to alternate between private or public information. Facebook was leaning towards users to make as many of their wall posts as public as possible so they would appear in the newly launched search feature. The new Facebook search which was launched roughly around the same time as the updated Publisher allowed users to search Facebook for content which had been posted publicly. So Facebook had created a Twitter like ecosystem where users were posting information publicly, so that it could be searched in real time by other Facebook users, and eventually Google and Bing. This still was fairly useless because the majority of people still had their profile as private by default (as it should be) and ignored the option to make content public. So in December 2009, Facebook upped the ante and made a very misleading change to their default privacy settings and pushed these new defaults upon millions of unsuspecting people.

While Facebook was moving towards more public "Twitter like" profiles, it hadn't yet, until now. In December 2009, every Facebook user got a message similar to this pop up on their screen.

Privacy Update December 2009 Welcome Screen

It is worded cleverly to make it sound like your profile will be more secure, but if we continue to the next screen. This is where the damage was done. If a Facebook user had never touched their privacy settings in the past, then ALL of the choices, defaulted to the left option. This meant your Name, Profile Picture, About Me section, Family & Relationships, Work and Education and Your Wall was made available to the public, every person on Facebook and search engines including Google and Bing. Photos and Videos you're tagged in, your Birthday and Religious and Political Views were made available to your friends, and all of their friends too. If you had changed any of these settings in the past, then the slider defaulted to the Old Settings choice (which meant nothing would change), but because the majority of people didn't realise what was going on, had ever changed their privacy settings and just clicked through to get to what they wanted to do on Facebook - they didn't realise they had opened their profile out significantly. School children now had their school publicly displayed, everyone had their relationship status publicly displayed and most importantly, any items which made it onto your wall, were now publically searchable and available, even for people who were not your friends!! This is the default setting for new Facebook profiles to this day - and it's just messed up!

Facebook Privacy 2009 Default Settings

In April 2009 Facebook made some more changes, which ended up being the final straw to many tech experts, who just said - enough is enough, this openness is just getting stupid. As I mentioned before, Facebook created Fan Pages for businesses, celebrities, musicians and other public figures and brands to have a presence on Facebook. Many people made fan pages for topics such as 'I have texted lying down and dropped my phone on my face', ' No Microsoft word, i am pretty sure i know how to spell my name' and 'Ooooooooh, That sounds a bit harsh, I better put "lol" on the end of it'. Facebook decided to start to distinguish these from the official brand pages and thus the concept of community pages was created. This wasn't the only intention though, because Facebook had three more intentions for these new community pages. Firstly, they want to become the new wikipedia, except not anonymous. Most community pages currently contain the text which appears on Wikipedia as a major part of the page. Secondly, if you have a public profile/wall (which the majority of people did after the December 2009 update), if you mention that topic in your status, then it will appear on that community page. So if I was to mention the word Brisbane, in my public status update, then if I went to the community page for Brisbane, my post would probably appear there. Thirdly Facebook wished to turn Facebook into the place where anything you do on the internet is listed (kinda like the Facebook Beacon). So if you visited a website, you can click on that website's Like button and it would be added to your profile. With this change, Facebook made liking pages the means you use to enter your likes and interests, music tastes, favourite TV shows, school, employer and your location to your profile, and then made this information public by default.

At the same time they introduced a related feature called Instant Personalisation. This feature allows websites to personalise the content on their site depending on what you and your friends are doing on Facebook using your publicly available information (which as we know is quite a lot of it). At the moment Pandora, Yelp and Docs.com are pilots in this feature. If you visit Pandora it will suggest songs similar to those on your Facebook profile and what your friends enjoy, as well as adding artists you Like on Pandora into your Facebook profile. Currently it's off by default, but you can bet your bottom dollar that this feature, when the pilot is complete, will be turned on by default for everyone. The problem again is, if your friends use these services, even if you don't, some of your public information is still shared with them unless you specifically block the applications yourself. It was this feature which caused tech experts to start to warn people to delete their Facebook account and currently if you type 'how do I' into Google, the number one suggestion is 'how do I delete my facebook account'. It was becoming apparently that Facebook wanted to take over the internet and privacy wasn't going to get in the way of this plan. This is the reason Leo Laporte closed his account, not because Facebook didn't offer enough privacy settings - they offer a bunchful of them. It's because they're confusing for the majority of people to understand, and because the defaults (which the majority of the public never change) are very dangerous and open your information to companies and the general public!

Lastly, Facebook allows parts of your information to be used in certain types of ads which it uses to get your friends to join pages and applications. The most common type is that Facebook will say, become a fan of "McDonalds" because so and so is a fan. This is using your profile as an endorsement to try and get other friends to join in.

After researching the history of Facebook, I decided the best way to show you exactly how much information you are likely to be sharing, was to create a Facebook account, start to use it and then publish here exactly how much information was available. So here's what I found!

The Facebook Defaults Experiment - Johnny Technophobe

I decided to create a new account to see what would happen if you were to sign up for Facebook today, because my own account is so locked down that I've forgotten the defaults for it. So Johnny Technophobe was born. Johnny Technophobe is normal, Facebook user and he doesn't know anything about the privacy settings, and therefore has left them at the defaults that Facebook sets them to. This is the amount of information you can view from my own personal profile if you to visit it.

Public Information of Andrew

This is the information you can view by default from Johnny Technophobe's account by default.

Default Public Information of Johnny

As you can see, the majority of Johnny's profile is open to the public. You can see Johnny's Gender, his children, his relationship status, his orientation and relationship intentions, his current location, his biography, his employment details, where he went to school and university, and all of his likes and interests. That's a lot of information for a complete stranger to know about you. Why is 90% of that information shared with the general public?

Let's continue onto Johnny's Wall. By default I can see nearly everything that is posted on here! I can see all the information that was entered in the info tab, but I can also see any photos that Johnny posted to his wall (and nearly every photo album end up on the wall after you finish uploading photos) and any statuses Johnny wrote. So as you can see, about 90% of your information is shared by default! Stalker Paradise really......

Default Wall of Johnny

Now I'm going to add Johnny as a friend and see how much information I can see to compare to what the public can see. I really don't get much more being a friend than if I had just stayed looking at his public profile. I get access to his contact details, a photos tab (although I can see any photos he posts to his wall anyone, his birthday, his friends list and his political and religious views.

Johnny's Profile As It Appears To Friends

When it comes to Johnny's wall, other than adding the extra profile information as discussed above and the ability to interact with the wall (add content or comment) it's identical to what the public can see. Quite scary really. Now what can Applications see about you by default, if your friend uses an application that you don't?

Johnny's Wall As What Appears To Friends

Johnny's Photos As Of What Appears To Friends

There is now a website called Openbook, which uses the official Facebook Search API to display results based on Keyboards. You don't have to be a member on Facebook to join, and typing in interesting topics including "cheating", "one night stand" and others can produce very interesting results. So many people's statuses appear, and they wouldn't even realise it. You can check this out for yourself at www.youropenbook.org.

Openbook

An In Depth Look At The Current Privacy Settings

So, the number one argument Facebook uses for this behaviour is that they have very granular privacy settings and that you can change them if you wish. Problem is, that the settings are spread out, not always clear and there's a lot of them to change. So in this section, I'm going to look at each setting, what it does, what the default setting is, and what you should set it to for Maximum privacy.

If you click on the Account Menu and click Privacy Settings from the drop down menu, you'll be presented with a screen listing 6 sections. We'll look at the first one called Personal Information and Posts. In this section you set what can be seen on your Info Tab and Wall (Minus Contact Information).

Personal Information & Posts

Bio and Favourite Quotations - Default Setting: Everyone, Recommended Setting: Friends Only

This is that section on your profile which you can write a small paragraph about yourself and also your favourite quote.

Birthday - Default Setting: Friends of Friends, Recommended Setting: Friends Only

Your Birthdate. This is something that definitely shouldn't be public to strangers

Interested In & Looking For - Default Setting: Everyone, Recommended Setting: Friends Only

Which gender you're interested in on Facebook and what you're on Facebook for, whether it be dating, a relationship, friendship or professional networking. Not public information

Religious & Political Views - Default Setting: Friends of Friends, Recommended Setting: Friends Only

Which Political Party you side with and what your religion is. This is private stuff, doesn't need to be public.

Photo Albums - This one is slightly different. Unfortunately, Facebook only lets you change the privacy of each individual photo album seperately, there's no blanket setting to hide all photos. So by default each photo album is set to Everyone. This should be changed to Friends Only for every album!

Photo Albums

Posts By Me - Default Setting: Everyone, Recommended Setting: Friends Only

This is anything you post on your wall. This one should definitely be changed to Friends Only!

Allow Friends To Post On My Wall - Default Setting: ON, Recommended Setting: ON

This is fine, this let's your friend post on your wall, unless you don't want this, then turn it off and only you can post on your wall.

Posts by Friends - Default Settings: Friends of Friends, Recommended: Only Friends

This is anything that your friends post on your wall, again - you don't want nosy friends of friends checking out your wall, so should be switched to Friends Only.

Comments on Posts - Default Settings: Friends Only, Recommended: Friends Only

This setting sets who is allowed to make comments on items on your wall, this is set at an appropriate default.

If you set all of these items to friends only, your wall should disappear from the public. Awesome stuff! Ok - now click on the Back to Privacy button and then click the next link in the list - Contact Information.

The Contact Information page is the only page where I agree with all the defaults set by Facebook!

Contact Information

IM Screen Name - Default & Recommended Setting: Friends Only

This is your Windows Live (MSN), Yahoo, Skype, AIM etc address that you can enter into Facebook.

Mobile Phone - Default & Recommended Setting: Friends Only

This is the mobile number you set for Facebook. It's good Facebook doesn't make this available to the public, they would be hung, drawn and quartered if they did.

Other Phone - Default & Recommended Setting: Friends Only

This is most likely your home or office number that you set.

Address - Default & Recommended Setting: Friends Only

The Address of where you live. Another case where it's an absolute must that Facebook never make this public.

Website - Default & Recommended Setting: Everyone

Personally, this is probably one of the only settings which can stay public. You might like to leave your website visible, so that if someone comes along, they can visit your website instead of adding you.

Add Me As A Friend - Default & Recommended Setting: Everyone

This allows people to attempt to add you as a friend. If you're extremely paranoid then you can change this to only Friends of Friends, but it means that unless you're mutual friends with someone, they cannot attempt to ask permission to add you.

Send Me A Message - Default & Recommended Setting: Everyone

This one allows people to send you a private message. This can be left to everyone because it allows people to have a brief discussion with you before you decide to add them. Should probably be turned off for children though to avoid grooming by predators.

Your E-Mail Address: Default & Recommended Setting: Friends Only

This is obvious - keep it private to friends only to avoid spamming!

Now while that page got a thumbs up from me for defaults, the next page called Friends, Tags and Connections doesn't!

Friends, Tags and Connections

Friends - Default Settings: Everyone, Recommended Settings: Friends Only

The Public doesn't need to see who you are friends with, hide this one. I'm sure your friends will appreciate you hiding this too.

Family - Default Settings: Everyone, Recommended Settings: Friends Only

Again, why this is public information astounds me. The public doesn't need to know who your parents and siblings are. This should be friends only!

Relationships - Default Settings: Everyone, Recommended Settings: Friends Only

Yet Again, why do people from the general public need to know if you're in a relationship and when your anniversary is. Change this to Friends Only

Photos & Videos Of Me - Default Settings: Friends Of Friends, Recommended Settings: Friends Only

This is any photos or videos that you've been tagged in. Probably a good idea to tighten this up to friends only to prevent those Nosy friends of your friends from peeking through photos of you.

Current City - Default Settings: Everyone, Recommended Settings: Friends Only

The city you're currently living in. Should probably set this to friends only, to prevent people from tracking you down.

Hometown - Default Settings: Everyone, Recommended Settings: Friends Only

The city/town that you grew up in. Should probably set this to friends only, to prevent people from tracking you down through where you grew up.

Education & Work - Default Settings: Everyone, Recommended Settings: Friends Only

I know why they make this public, but it's not really a good idea, because kids school's can be identified (I know Facebook is supposed to hide this, but kids don't always set their correct birthdate).

Activities - Default Settings: Everyone, Recommended Settings: Friends Only

The public doesn't need to know what you do in your private time, don't tell them - set this to Friends Only

Interests - Default Settings: Everyone, Recommended Settings: Friends Only

The public doesn't need to know what you do in your private time, don't tell them - set this to Friends Only. This is a crucial one for kids to hide, because it gives online stalkers less information to groom children with.

Things I Like - Default Settings: Everyone, Recommended Settings: Friends Only

The next page sets what Facebook is allowed to provide about you to search engines. These should be set to private.

Facebook Search Results - Default Settings: Everyone, Recommended Settings: Friends Only

Unless you wish to be searchable on the Facebook Search Engine - then you should probably change this to noone!

Public Search Results - Default Settings: ALLOW, Recommended Settings: Untick The Box

Unticking the box prevents Facebook from creating a listing of your profile on Google, Yahoo and Bing!

Now that we've got all your content sorted out, we need to tighten up the Facebook Application security a bit.

Applications and Websites

Firstly, every application you accept to use on Facebook can use a certain amount of your information for use within the application. You have to accept this when using the application, so I don't have too much of an issue with that, if you don't like the application knowing info about you, don't use it. You can see what does get shared by opening the Applications and Websites section of the privacy settings and clicking on Learn More under What You Share. What I'm more concerned about, as I've mentioned a few times, is what is shared from applications your 'Friends' Use. So you can disable access to the majority of your information here.

What your friends can share about you

Click the Edit Settings button under What Your Friends Can Share About You, untick every single box and save those settings. Lastly we need to disable the Instant Personalisation Program if you don't wish to use it. To do this, click the Edit Setting button and untick the box saying 'Select Partner Websites May Use Information I'm Sharing With Everyone To Automatically Personalise My Experience'.

Instant Personalisation

Lastly there's one more settings I think you should disable. It's called Facebook Ads and it allows your profile picture and name to be used in Facebook Ads to endorse products you use to your Facebook Friends. I think this is unethical and so you should delete it. It's not located under Privacy Settings though, so you'll need to click Account, Account Settings and head over to the Facebook Ads tab and change both of the drop downs from Only My Friends to No One. Remember to do this on both, there's a second one tucked at the bottom along with the Save Settings icon. Once you do this, your profile should be very locked down.

Facebook Ads

Summing Up

A couple more things I should probably mention before I finish up this incredibly long article. Facebook do say that profiles of persons under 18 years of age will not display content set to 'Everyone' to the public, but I haven't seen this always working, plus lots of kids set their age to over 18 on Facebook. Also during the writing of this article, Facebook has announced, new simplfied privacy settings soon, which will probably include preset controls which allow you to hide or show all content publicly using the click of a button. This is exactly what I've been calling for, along with a change to the defaults.

In Conclusion, Facebook - you have been very very sneaky, deceptive and just plain wrong with your privacy settings over the last 2-3 years. The public came in their masses to Facebook because it promised a safe and private environment for sharing between friends and family, and by changing these defaults like this, you are deceiving the majority of the public. Saying all this though, I won't be quitting Facebook, I do find it too valuable to dispose of it completely like Leo Laporte and others, but I do have my person profile locked down completely. That's my solution to this problem, change the defaults to private, you have the power (and now the knowledge too). Also, make sure you help those who will not know how to change these defaults. Supervise your kids on Facebook too, and monitor who is speaking to them. Lastly and most importantly, don't post anything confidential on Facebook - those photos of you drunk, probably shouldn't be posted even if your photos are private. You have to assume all content on Facebook could have the possibility of going public at some point, and that's the mentality you should have when using the service. So to Facebook - clean your damm act up, fix the privacy settings and stop deceiving those who trust you the most, and to those who can help, please do!