Demystifying Facebook Privacy (Part 1)

Facebook is not only a social phenomenon, it is also one of the most successful companies in the world.  Founded in 2004 by Mark Zuckerberg in a college dorm room, Facebook has proven to be immensely popular, 400 million members strong, using the site daily and searching for friends, past classmates, childhood friends, potential dates, and many other people.  Facebook also features games, created by outside developers, the results of which can be shared with your friends.  Along with all of this social activity comes a price:  privacy.  Facebook has had its share problems regarding its lackadaisical approach to privacy, including recent FTC filings against it, and numerous articles in the popular and computing press and privacy watchdog websites, all of them bemoaning the terrible things Facebook is doing to our private information.  There is no reason to abandon Facebook because of this, however.  Facebook can be made into a reasonably safe and private social network experience, as long as Facebook members take proper care to modify and continually monitor their privacy settings, fully understand what these settings do, and understand exactly how their information is used.

Few Facebook users know what the website does with your private information and personal content.  Private information is all of the data a member enters in their user profile including their real name, current and hometown locations, birthday, relationship status, the names of spouses and children, current and past employers, and even numerous lists of member “likes” including favorite movies and music.  Personal content includes a member’s wall posts, photos a member has posted, results of games and quizzes a member may have played, and a list of all of the member’s Facebook friends.

Until recent privacy changes were made, there were actually two ways to receive information about a member’s profile.  The first was by visitors accessing a member’s profile directly.  The second was through the sending of a link to a member’s private information, using their profile ID number or username, to third-party advertising networks such as DoubleClick (owned by Google) and Right Media (owned by Yahoo).  That was the issue which had the media taking a closer look at Facebook and other social networking services, discovering flaws that could lead other interested parties back to an individual member’s profile.  “Advertising companies are receiving information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person’s real name, age, hometown and occupation”(Steel and Vascellaro).

When a visitor clicks on an advertisement located on a page they are visiting, the advertiser indirectly receives information about the page the visitor was viewing when they clicked on that ad.  The advertisers don’t get the information from that page, but they do get a direct Web address (or URL) link back to that page, which could theoretically allow them to visit that page and scan it for any personally identifying information.  In addition to the address of the page, this Web address could contain additional information, such as the user ID of the person whose page a visitor is viewing, and also the user ID of the visitor.  It is not like advertisers are doing anything malicious—their main reason for gathering personal information is for demographics, so they can future target ads directly to that particular visitor.  They do this because they are part of an advertising network, where their ads may also appear on thousands or even millions of other pages on the World Wide Web.  As you visit those other pages, their network has a profile of your usage and can target ads accordingly.

The real fear was that some advertising networks, or other interested parties, would return to a Facebook member’s page and cultivate all of their personal information.  A recent article in the Wall Street Journal outlined the problem:  “… Facebook went further than other sites, in some cases signaling which user name or ID was clicking on the ad as well as the user name or ID of the page being viewed. By seeing what ads a user clicked on, an advertiser could tell something about a user’s interests” (Steel and Vascellaro).  The computing media also was abuzz with editorials about the implications of what they discovered.  In PC Magazine’s online edition, PCMag.com, columnist Dan Costa offers a helpful hint to see exactly what information in your profile is publicly exposed.  “If you want to know what you are sharing, go to graph.facebook.com/markzuckerberg, but replace Zuck’s name with yours. Or try your friend’s username, just for kicks.”  Without a username for the account, members can use a URL similar to http://graph.facebook.com/?id=0000000000, replacing the zeros with that member’s own Facebook user ID number, often visible in the Web address in a Web browsing program when a member profile is viewed.

Fortunately, the major ad networks have no plans to use this personally identifiable information.  “’We prohibit clients from sending personally identifiably information to us,’ said Anne Toth, Yahoo’s head of privacy. ‘We have told them. “’We don’t want it. You shouldn’t be sending it to us. If it happens to be there, we are not looking for it.”’ (qtd. in Steel and Vascellaro)  Google’s response was similar—they also have no plans to make use of that type of information.

Due to the backlash, Facebook began making immediate changes to the way it encodes user IDs in the Web addresses it sends back to advertisers.  In an op-ed column for the Washington Post, Facebook founder Mark Zuckerberg reassures his membership of the following:

We have also heard that some people don’t understand how their personal information is used and worry that it is shared in ways they don’t want. I’d like to clear that up now. Many people choose to make some of their information visible to everyone so people they know can find them on Facebook. We already offer controls to limit the visibility of that information and we intend to make them even stronger.

Here are the principles under which Facebook operates:

— You have control over how your information is shared.

— We do not share your personal information with people or services you don’t want.

— We do not give advertisers access to your personal information.

This type of access to personal information went unacknowledged by most of Facebook’s membership, as this type of data exchange is hidden behind the mechanical functions of a Web browser.  But what about private information that we know we may be sharing with others?  The information in a member’s Facebook profile can, for the most part, be tailored to show as much or as little as a member desires.  The easiest method is to simply accept the default privacy settings that Facebook recommends when first becoming a member, and that is where the danger lies.  Facebook’s privacy settings revolve around the idea of sharing information with everybody, friends of friends, only friends, and custom settings (where members choose subsets of friends, or to display items only to themselves via an “Only Me” choice).  “But the truth is no one really understands their own privacy settings now. When Facebook changed its settings six months ago, 65 percent of users chose to keep their profiles public. Or, more likely, they just thought they should click “yes” to everything. (Costa)“  Facebook’s default is to allow a good portion of your profile information to be publicly available to the Internet at large (“everyone”), or to friends of friends, including photos or intimate details a member may share among friends.  “From vacation photos to employment history on social networks and other Web sites, users had been sharing freely about intimate personal details with comfort in the masses. And now they are feeling burned and blindsided by changes that have exposed them more greatly then they initially envisioned, privacy advocates and security experts say. (Kang)”

Fortunately, as part of Facebook’s recent change in policy regarding data passed to advertisers, they have also begun working on revising privacy controls.  “In the coming weeks, we will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services. We are working hard to make these changes available as soon as possible. (Zuckerberg) “  Facebook’s new settings have fallen under some scrutiny as they always have, but overall, Facebook appears to be working toward making privacy settings more understandable and easy to use.

The easiest way to secure a Facebook account is to go to the “Account” menu choice at the top of the screen, choose “Privacy Settings,” find the link on the page to “Customize settings,” and continue from that point.  Choices should be based on a person’s own comfort zone, selecting those items that can be safely shared with friends, or others if appropriate.  One very important privacy setting is buried in the profile settings, however.  On the main Security Settings security page, look for a heading in the lower left corner of the page labeled “Applications and Websites,” and click on the “Edit settings” link beneath it.  On the resulting page, another set of privacy selections can be found.  Edit all of the settings shown.  Most important is the final choice on the page:  “Public Search.”  By allowing public searches, Facebook will share the entire public part of a member profile with the Internet search engines.  Unless a member is a well-known public figure or celebrity, there is no reason a private citizen’s profile should be broadcast to the entire Internet.  Don’t forget to review each individual photo album: these also have privacy settings to control who can view photos in a member profile.

One final step to safety and security is to practice safe browsing, even while on Facebook.  Avoid clicking on advertisements, games or other applications that do not look trustworthy.  Facebook’s official privacy policy warns: “As mentioned above, we do not own or operate the applications or websites that use Facebook Platform. That means that when you use those applications and websites you are making your Facebook information available to someone other than Facebook. “  Never give out personal information to any third party application, and be certain when following a link that the browser remains within the “facebook.com” domain.  Third parties will often redirect the browser to their own site, including the malicious ones.  Most advertisements and third party applications will pass limited information back to the originating site, so a wise Facebook user should examine the privacy policies of each individual site before utilizing its resources.

No public website, including social networking sites like Facebook, can ever be totally private or secure.  This is a risk a person takes when utilizing any type of social networking site where personal information is shared.  However, by staying informed of current and upcoming changes to policy, understanding security settings and their effect, and frequently reviewing the security settings in their profiles, Facebook users can enjoy a relatively safe and private environment.  There is no reason to fear an invasion of privacy as long as a member knows exactly what they are sharing with their friends, or the entire internet.  The media likes to play up the dangers of the internet, but on a day-to-day basis, Internet users can safely enjoy their pastime as long as they use common sense and take the proper precautions.

In Part 2, we will cover individual privacy and security settings in depth.


“Privacy Policy.” Facebook. N.p., n.d. Web. 19 Aug. 2010. <http://www.facebook.com/settings/?tab=privacy#!/policy.php>.

Zuckerberg, Mark. “From Facebook, Answering Privacy Concerns with New Settings.” Editorial. The Washington Post 24 May 2004. Web. 15 Aug. 2010. <http://www.washingtonpost.com/wp-dyn/content/article/2010/05/23/AR2010052303828.html>.

Costa, Dan. “Facebook: Privacy Enemy Number One?” PC Magazine 22 Apr. 2010. Web. 19 Aug. 2010. <http://www.pcmag.com/article2/0,2817,2362967,00.asp>.

Kang, Cecilia. “Internet Privacy Comes to Head; Facebook to Change Tools, Google Accused of Wiretapping.” The Washington Post 24 May 2010. Web. 19 Aug. 2010. <http://voices.washingtonpost.com/posttech/2010/05/internet_privacy_is_having_its.html>.

Steel, Emily, and Jessica E. Vascellaro. “Facebook, MySpace Confront Privacy Loophole.” The Wall Street Journal 21 May 2010. Web. 15 Aug. 2010. <http://online.wsj.com/article/SB10001424052748704513104575256701215465596.html>.

On The InternetPermalink

Comments are closed.