On October 26, 2009, I wrote “Managing Facebook Privacy Settings” in response to a reader’s query: “Could ProfHacker do a piece on how to manage Facebook accounts so that I could remember how to keep my privacy settings up to date? I keep losing track of how to shield chat and newsfeed.” In that post, I noted the number of times Facebook has made a significant change to their service, and that you can usually tell when Facebook changes something because a) it will be big news and b) some people will be ticked off about it.
It has happened again, and the response was no different—Facebook once again announced a change to their service, this time asking all 350 million of its users to personalize their privacy settings.
In the previous post on this topic, I said that Facebook does give you the tools to manage the security of your profile. That is still true. However, the extent to which your data is ever secure is now questionable, and the way in which Facebook has gone about the transition to their new security settings is, to put it mildly, frustrating some users.
As Facebook races to get in on real-time search (and Twitterfication), it is pushing its users to participate more openly producing the content that makes real-time search relevant. In other words, Facebook wants your status messages, comments, and conversations to be part of the real-time search, and it has stripped away prior privacy barriers on its way to making privacy defaults the opposite of private.
If you’re not paying attention, your information is now more likely to be consumed by strangers.
If you have logged into Facebook since December 9th, you face the Transition Tool—an interface to the Facebook privacy settings. According to the Facebook press release, “Users will be presented with two options: preserving their old settings or accepting recommendations from Facebook.” For me, the defaults selection for all settings that existed before was “old settings.” I have always kept a close eye on privacy settings and had a custom set of settings that I used. I kept “old settings” for everything, and chose very restrictive settings for anything that was new. At some point I might go back into the Settings and loosen those up.
Many users were confused as to what “old settings” meant in the first place. Apparently if you moused over the radio button in the form, it explained what your old settings were (I didn’t do this because I knew what my old settings were, because I set them). I can see where this would cause confusion if users had never explicitly set privacy settings before (thus “old settings” would have been “old recommendations by Facebook”). If a user had not customized their settings before, the “old settings” option wasn’t the default selection—Facebook recommendations were the default, and that default is now more open than before. Users who have not worked with their privacy settings before, and are not concerned with looking into what the new privacy settings mean (instead, accepting the Facebook recommendations because hey! it’s Facebook! why would they do anything bad to me?) will find their information in further corners of the Internet than before.
While I still hold firm in my belief that you should take an active role in managing your own identity and information online, and if you don’t want the world to see/read something, don’t put it on the Internet in the first place, Facebook is making some pretty bold moves that are bordering on irresponsible. The ever-shifting definitions of “privacy” and “everyone” and changes to the tools and methods used to manage personal information on Facebook are enough to drive people away simply because managing information about Facebook managing your information is too much for people to deal with; is playing MafiaWars and FarmVille worth the hassle?
The security firm Sophos has said “These could be the most important clicks you ever make on Facebook,” and have made a screencast for the benefit of all. It’s an illuminating 4.5 minutes:
Still, for many (many many many) others, these privacy issues are of little concern. It is incredibly troubling for me to know just how few of my own students even know what a privacy setting is, let alone how to use it, or how Facebook uses their information. In the ReadWriteWeb article on this topic, “The Day Has Come: Facebook Pushes People to Go Public,” Facebook spokesman Barry Schnitt is quoted as saying that the privacy changes (to an “open” recommendation) reflects “the way the world is moving.” RWW counters that by asking isn’t Facebook, as the largest social network in the world, the entity that effects these kinds of changes? Sure, if you can get 300 million of the 350 million Facebook users to ignore or blindly accept recommendations for information sharing, the world is going to move that way because that’s a pretty big chunk of the world. That doesn’t make it right.
The Electronic Frontier Foundation has come out with a detailed response to the new Facebook privacy changes, concluding
These new “privacy” changes are clearly intended to push Facebook users to publicly share even more information than before. Even worse, the changes will actually reduce the amount of control that users have over some of their personal data.
Not to say that many of the changes aren’t good for privacy. But other changes are bad, while a few are just plain ugly.
The entire article is an important read; if you’re reading this and therefore are even remotely interested in matters of privacy and Facebook, you should immediately read the EFF commentary, “Facebook’s New Privacy Changes: The Good, The Bad, and The Ugly”. The main points:
- The Good: Simpler Privacy Settings and Per-Post Privacy Options
- The Bad: EFF Doesn’t Recommend Facebook’s “Recommended” Privacy Settings
- The Ugly: Information That You Used to Control Is Now Treated as “Publicly Available,” and You Can’t Opt Out of The “Sharing” of Your Information with Facebook Apps
Chew on the last one for a moment. It’s a doozy.
As I was writing this post, Brian McNely asked on Twitter, “Do the new FB privacy settings mean I can actually see public profiles, walls, and posts without being a member?”
I responded that potentially yes—if a user has elected for openness, the information is shareable and that wall between Facebook member and non-member could crumble just as easily as the wall between Facebook friend and non-friend (in which both are members of Facebook but not friends with each other). I haven’t seen anything that says that real-time information made available to everyone will still be limited by the Facebook login cookie. In fact, the Facebook Privacy Policy is pretty clear on the definition of “everyone”:
“Everyone” Privacy Setting. Information set to “everyone” is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations. The default privacy setting for certain types of information you post on Facebook is set to “everyone.” You can review and change the default settings in your privacy settings. If you delete “everyone” content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook.
Spend some time considering how you want your information protected, and whether or not you can achieve that level of protection with Facebook. I also recommend spending some time reading the information in “How to Cross-Check Your Facebook Privacy Settings” at the popular (and trustworthy) Digital Inspiration blog.
Good luck to you.
Updated to add: After Criticism, Facebook Tweaks Friends List Privacy Options. Apparently the Facebook beta tester group is 350M large.
[Image at the beginning of this post from Flickr user JPDaigle. Creative Commons license.]
Follow Profhacker through your favorite RSS reader: 
15 Responses to Managing Facebook Privacy Settings (round 2)
Julie - December 14, 2009 at 5:23 am
No. These settings are permanently gone. As part of the change, FB has decided that certain elements of everyone’s profile (including your name, picture, gender, and some other basic information) is public information, no matter whether you had blocked it previously. (In other words, if you want to be on FB, you are now required to share this information.)
I don’t like it either. And I think it stinks that they bragged about ‘new privacy tools’, without also advertising the fact that certain privacy options were completely dropped.
Julie Meloni - December 14, 2009 at 9:18 am
Kayla – to avoid being publicly searchable, go to Privacy Settings -> Search -> Public Search Results. To ensure that only friends can search for you while in Facebook, go to Privacy Settings -> Search ->Facebook Search Results. If you mean that not even your friends can search for you, that’s not possible. To control viewing of your profile, go to Privacy Settings -> Profile Information and check everything to be “only friends,” then go into the other Privacy Settings subgroups and check every possible thing you can to be “only friends.” Then use the “How to Cross-Check Your Facebook Privacy Settings” tool to see how close to locked down it is. I think that as long as you have a Facebook account, there will at least always be a page that has your name on it.
Hopefully the tenor of my post was clear to everyone: Facebook has fundamentally shifted any notions of privacy, such to the extent that people are now calling this Facebook’s Microsoft Moment or the the moment public perception moves from benign to evil. It’s the time people need to decide for themselves whether or not Facebook is worth it for them.
Kayla - December 14, 2009 at 12:03 am
I used to have my profile set to private, like no one could search for me, no one could add me as a friend unless I sent the request, and no one was able to view anything on my profile unless they were my friend, and now these settings are gone. Is there any way to make these settings come back? Please help!!
Leslie M-B - December 11, 2009 at 2:54 pm
Thanks, Julie. I had already unchecked “Photos and videos of me” at the time you tagged me in the rabbit photo, so I guess Facebook isn’t allowing that kind of privacy setting.
And now, thanks to you, I shall forever be considered a bunny. :D
Julie Meloni - December 11, 2009 at 2:56 pm
Ha ha! Well, now I kind of want to go back and keep you tagged. The next test would have been to see if, while tagged, anyone besides you (subject) and me (tagger) could see the tag of you in my photo stream. Although I tagged you, it did not show in your FB photo albums, so at least that held.
Julie - December 11, 2009 at 9:46 pm
Perhaps I have missed something during the change, but it appears that FB users have lost a certain amount of privacy, for those who had the strictest privacy settings. Previously, I had my account set in such a way my profile and all its content was only viewable by friends. Furthermore, I had set my privacy options so that I did not appear in Facebook searches at all. (In other words, the only way someone could become my friend was if I found them and initiated the request; they couldn’t find me. Or, if they saw one of my posts on one of my friend’s pages, they could reply to the post on that friend’s page, but there was no way for them to contact me directly.) It looks like all of these options are gone now. It appears that every FB user is now included in the FB search. Also, previously, you could exclude your picture and certain details from the search results, but now there is a minimal amount of information from every user’s profile that is in the search results, whether you want it there or not (including your picture, name, and some very basic data).
Am I wrong in thinking that those levels of privacy are no longer available? I’ve been looking in the new settings, but can’t seem to find a way to set them to be as stringent as they were before.
Tria Wood - December 12, 2009 at 9:16 pm
You’re right on, Julie. I am experiencing the same problem as you, which is distressing since I had my privacy levels set so high for a reason.
Julie - December 12, 2009 at 9:24 pm
Yes, further digging has shown that Facebook has decided that certain parts of every user’s profile are now included in the search results, including the user’s picture and some basic information.
I am not pleased that they decided to hide this change. They bragged about increasing user privacy control, without mentioning that control over the search is now kaput. They should have explained this fact more clearly, because I am sure that some users do not realize that they are now included in the search, and they may have kept their profiles hidden for very good reasons. I am sure that once they know, many users will have to consider deleting their accounts.
Nels P. Highberg - December 11, 2009 at 1:34 pm
Oh, okay. See, I thought all those people had access to all of that all along, so I guess that’s why I’ve been confused about what’s changed since I never apparently understood what was happening before.
Tria Wood - December 11, 2009 at 1:55 pm
One thing I found out with the new settings is that most of my photos had been changed to where “Everyone” could see them, when previously I’d selected the option that “Only Friends” could see them. That means that images of me, my family, and my friends were suddenly available for use by others that I did not authorize–which to me is an issue both of privacy and intelletual property (e.g., I consider it problematic if someone creates an ad using a photo of me, my child, or even a photo I took, without my permission for its use). I’m now considering removing most of my photos, which is sad because Facebook had been a way to keep faraway friends and family in the loop as my son grows up.
Julie Meloni - December 11, 2009 at 2:48 pm
I don’t think there’s a way to ensure that your name is not in the friends list for tagging; Facebook notoriously does not carry their thought processes out when programming their user actions. Something you might try is to go to your Privacy Settings -> Applications and Websites -> What your friends can share about you -> [edit settings] and uncheck “Photos and videos of me”. I doubt that means “do not allow people to tag me,” but it sure should. It would be in no way difficult for FB to add a flag to the user record to disallow that user’s name in the pre-populated list of friends available for tagging. Feel free to try it, let me know, and I’ll try to tag you. We can do a little test.
Leslie M-B - December 11, 2009 at 12:24 pm
Hi Julie,
Thanks for another great post!
I have another question: I’ve changed my privacy settings under “Photos and Videos of Me — Photos and Videos you’ve been tagged in” to “Only me” because I don’t like it when I’m tagged in photos and videos, and I don’t want even my friends to know I’ve been tagged in a photo. Do you know if there’s any way to prevent Facebook from allowing people to tag me in photos and videos in the first place? I don’t think there are embarrassing or incriminating photos of me out there, but there definitely are some unflattering ones that don’t need to be circulated or advertised as including me.
Thanks!
Billie - December 11, 2009 at 1:28 pm
I could have this confused/conflated with other privacy issues, but when I logged onto FB yesterday to check on the privacy settings, I found that I had been “exposed” to groups of people that I didn’t choose. For example, I am a “fan” of my department’s FB page, but I am not “friends” with them (I don’t want students accessing my profile). Suddenly, yesterday, they could . . . until I went in and reset my privacy settings.
But what I found out by reading Julie’s column is that FB has made some decisions about user privacy that I’m not happy with: application developers now have access to our accounts (and all demographic info in our accounts). In other words, applications (like Farmville or quizzes or whatever) can now see my age (which is not listed online, by the way), where I work, who my friends are, etc. In the past when asked if others could have access to my account, I opted “no.” I no longer have that option.
As others have stated, and as I have argued for years, I don’t put info online that I don’t want online, but access to that info is my decision– not FBs.
Brian Croxall - December 11, 2009 at 12:46 pm
Thanks for this, Julie. I found the transition tool to be a bit deceptive since it didn’t make clear that the “Old settings” were indeed my settings until I did the mouse-over. Although all the radio buttons were set there, my initial thought was that it referred to Facebook’s old defaults. The tool seems pretty obviously designed to be confusing and push as many people toward the NEW! and IMPROVED! settings, which are only the former.
Nels P. Highberg - December 11, 2009 at 12:55 pm
I’m going to ask a really stupid question, but it’s been in my head for a few months now. Why would I want to worry about Facebook privacy settings? Is the only information that can go out information I’ve already posted? Or is there something I need to know but have been too naive or ignorant to worry about? I ask because I see a lot of stress online about Facebook and privacy, and I’m not understanding why the stress exists. I’ve always just kept things at the default on FB and Twitter and everywhere else. Maybe it’s because I have some switch in my head that makes me only concerned about sites I pay to use, and since I don’t pay to use FB, I haven’t really cared a whole lot about what they do. But I seem to be in the minority on that, so I’m clearly missing something. And I’m feeling stupider and stupider as I type this, but I’m really not getting it.