Protecting your privacy on Facebook
What could possibly go wrong?
The eighth rule of Facebook is, verbatim: if you don’t need to use Facebook for work then walk away soldier, and don’t look back, even for a second. For everyone else, here are some tips for protecting your privacy and information security on The Social Network.
First up is some background information in the form of a rant, with more movie references. If you just want the “how to” details, then skip to Global Privacy Settings.
Facebook wants you to over-share
Over the past five years Facebook has gradually changed it’s default privacy settings for both new users and new features. If you join in 2010 and do not change your default privacy settings then your activity can be observed by a lot more people than if you had done the same thing in 2005. Here is a nice set of pie charts that illustrates the story.
Similarly, if you joined in 2005 and have never changed your privacy settings then your activity has gradually become available to a larger number of people because Facebook has added new features that don’t respect or relate to your existing privacy settings. Places, discussed below, is a good example of this.
Two levels of concern
Given the creeping exposure of all manner of personal data over time, there are two levels of concern with Facebook. The first is that your activity may be observed by undesirables (employers, children, parents, stalkers, etc.): the privacy problem. You want to be sure that you configure and use your Facebook account in such a way that your disclosed data can only be observed by the people you choose. The easiest way to deal with this is to treat everything you do on Facebook as potentially a public statement. Another way is to use friend lists.
The second level of concern is that even with good privacy controls that protect you from other individuals on Facebook, your activity over time may generate a behavioural profile that can be used to identify you even if your name never appears in the data comprising that profile. This is exacerbated by factoring in your activity on other social networks. Facebook, its advertising partners or, potentially, law enforcement or hackers have access to aggregate data that could be used to de-anonymise you: the information security problem.
Just like the evil space fireball in The Fifth Element, that only grows bigger when General Staedert orders his crew to fire at it, Facebook gobbles data and the more active you are, the more it knows about you. Example: deleting a photo you don’t like equals more data about you (she didn’t want that photo to be seen by her friends). Deletions, by the way, are recorded. The data that is deleted remains recorded, etc. Everything is saved. Evil fireball.
Of course, jerks who see the world in black and white because it suits their agenda will tell you that if you have done nothing wrong ever in your entire life, and know that you never will, then you have absolutely nothing to hide from the fireball. They do not care about your privacy and liberty, they just want you to get out of their way. Nevertheless: the best way to deal with these problems is not to join Facebook. The second best way is to treat everything as public even if you have taken measures to control who sees it.
Global privacy settings
On May 26 Facebook replaced it’s convoluted privacy controls with a unified and simplified global settings panel. Nick O’Neill, who has written many useful articles on Facebook privacy, provides and overview in his post “Ten things about today’s privacy changes.” This is easiest way to start protecting your privacy.
Go to Account → Privacy Settings and choose something other than “Everyone” or “Recommended”. Facebook’s “Recommended” settings are, naturally, not very private. If you want my advice, choose “Friends Only” and lock that in first, then customise it further to restrict some of the settings to either a list, a specific group of names, or “Only Me.”
Note that at the top of the settings page there is a section called “Basic Directory Information”. Click on the unassuming little link that says “View settings” to both view and change your default directory settings. This is basically the information that people can find out about you through Facebook’s various search features.
At the bottom of the settings page there is also a section called “Applications and Websites”. Click on “Edit your settings” to set limits to the kinds of data that Facebook applications can access about you by default should you choose to install them (something that I recommend you avoid as much as possible).
Settings for ‘Places’
Following the popularity of location-based social networks like Foursquare and Gowalla, Facebook in August launched a location “check in” feature called Places that allows you to send your geographic coordinates to the system to let people know where you are. With all of their usual charm and tact they set up this feature to allow, by default, other people to check you in to places. (Bruce Schneier, whom I linked to a couple of times above, calls this type of information about you incidental data.)
Nick O’Neill again provides a good overview and some advice in “Places privacy settings.” The most important thing is probably to prevent other people from being able to check you in to places so be sure to set “Friends can check me in to Places” to “Disabled.”
Customising your settings
If you plan to use Facebook to say things that really do need to be restricted to a smaller group of people then you should customise your privacy settings. O’Neill’s post “Five privacy tips,” written before the privacy simplification changes in May, is still very useful in this regard, especially for the details it provides on using fine-grained Custom permissions, which is what you need to use if you want to restrict a data type to yourself or a short list of specific indiviuals.
Related to this is a change to the Publisher that went into effect this week, and relates to your everyday use of Facebook. The Publisher is the open text box at the top of your Wall and News Feed screens that invited you to start typing something (“What’s on your mind?”) has now been replaced with a Share bar that presents the following options: Status, Question, Photo, Link and Video.
When you one of these you get either a text box for typing, or a set of upload options, as well as a Permissions drop-down that allows you to limit who can see what you type or upload. Use the permissions feature to restrict your status updates to trusted friends if you are planning on sharing sensitive information.
Or, better yet, don’t share sensitive information on Facebook.