Claiming over 400 million users, Facebook is the dominant social networking service on the Internet, uniting families, school friends past and present, and international political movements. Facebook started as a restricted social networking site for college students back in 2004, before opening up in 2006 and taking over from competitors such as MySpace. Facebook has since morphed into a behemoth of a platform with a diverse set of features, such as real-time multiplayer gaming, online chat, retail operations, event management, and thousands of small applications. From sending birthday cards to trading "flair," Facebook seems to have it all.

Facebook is the one place online I can connect with my mother, hometown friends I haven't seen in 20 years, my 15-year-old niece, professional colleagues, and random folks I've met in my international travels.

But as wonderful as Facebook may be at helping us keep in touch with both current social circles and long-lost friends, such convenience comes at a cost. Despite housing what many of us might consider extremely private communications and information - such as family photos - Facebook consistently demonstrates a complete disregard for personal privacy.

Thanks to Facebook's complex, ever-changing set of privacy-related options, protecting your privacy on - and from - Facebook is essentially impossible. But by understanding how Facebook's privacy settings currently work, and by following my Three Golden Rules of Facebook Privacy, you can both control what the world knows about you and be prepared for future privacy changes.

Concerns About Facebook's Privacy Policies -- Privacy on Facebook wasn't considered much of an issue until a major change in 2007 that led to a large amount of negative press, a massive number of user complaints, and a successful class action lawsuit (successful for the lawyers, who made millions, although the 19 plaintiffs shared only a total of $41,500).

In November 2007, Facebook launched a feature called "Beacon" [1] in cooperation with 44 external partners, including Blockbuster, Hotwire, and eBay. Beacon would update your Facebook status with your activities on these partner Web sites, such as letting everyone know you just bought movie tickets from Fandango, or reserved a hotel room using Hotwire. Beacon was activated by default for all users, and although you could opt out, one security researcher reported that the information was still being shared between the partners and Facebook. As you can imagine, more than a few users were angered at such personal information being revealed without their permission. As part of the settlement, Facebook shut Beacon down in September 2009.

Since then, Facebook has faced a myriad of privacy issues, recently making headlines for both changing their existing privacy policy and practices and launching a new program called Instant Personalization [2] to embed Facebook on any Web site or online service.

One of the most dramatic demonstrations of these changes and the erosion of privacy over time is a wonderful visualization compiled by Matt McKeon [3] that shows the changes in Facebook's default privacy settings.

Concerns about privacy on Facebook are justified for four reasons:

• Facebook's privacy policy allows the company to make changes at any time, and to apply such changes retroactively to your existing data on the service. Technically, Facebook only needs to post these changes on the privacy policy [4] and governance [5] pages, which few people ever see. This isn't uncommon with online services, although organizations that are more privacy conscious won't apply changes retroactively.
• Facebook has a history of changing privacy policies and practices, during which they change user privacy settings and often reveal information previously considered private. For example, in recently launching their Connections [6] feature, Facebook made it impossible to control who sees your profile information.
• Facebook's privacy options are difficult to navigate, confusing many users who don't realize what information they are sharing. The settings also tend to default to sharing information instead of protecting it. For example, any Facebook application you install, even those simple ones that do little more than send a friend an animated message, technically may gain ongoing access to all of your profile, activity, and friend information.
• Facebook's CEO, Mark Zuckerberg, has stated publicly that he believes social norms around privacy have changed and people prefer more information to be public. In a controversial Twitter post by a New York Times reporter [7], an anonymous Facebook employee claimed Zuckerberg "doesn't care about privacy".

These aren't idle concerns; there is a demonstrable history of Facebook changing the service to reveal user information previously considered private [8], often to third parties.

Three Golden Rules of Facebook Privacy -- As someone who enjoys the value of social networking but still prefers to maintain my personal privacy, I've developed three rules I recommend for anyone using Facebook:

1. Assume anything posted on Facebook is public. Forever. Since Facebook retains the right to change their privacy settings retroactively and has done this more than once in the past, I find it best to assume anything I do in Facebook could someday become public. And since we're talking about the Internet here, I assume any such information would stay public forever. As such, I don't put anything on Facebook I wouldn't want the world to see. This includes any profile information, photos, messages, wall posts, and all other activity. I assume this information is not only public, but is being shared privately to third parties without my knowledge or consent.
2. Review and update your privacy settings regularly, and after every application you install. As Facebook updates their service, they may change privacy settings. I try to review these every month or so. While I don't generally install any Facebook applications (since they gain access to all of my information), for those of you who do, I suggest you check your application privacy settings (discussed below) after installing new applications.
3. Use a dedicated Web browser for Facebook. Due to how Web browsers work, it is possible that your activities on Facebook or on another site could bleed into each other. This could be due to a security flaw, or it could happen by design, such as when advertising networks track your Internet activity with cookies, Flash, and other techniques. Using a dedicated Web browser isolates Facebook, keeping it (and third party applications) from interacting with other sites. There are lots of Web browsers for the Mac, including Firefox [9], Camino [10], OmniWeb [11], and Opera, or you could create a site-specific browser instance for Facebook using a tool like Fluid [12].

I've purposely highlighted actions you can take no matter how Facebook may change in the future. Since both Facebook's policies and features change over time, I prefer to use these general principles rather than relying on current functionality.

But if you read between the lines, you'll notice one key point:

There is no such thing as privacy on Facebook.

Managing Facebook's Privacy Settings -- Facebook's privacy settings can be difficult to navigate, and since they are currently undergoing changes, I'll concentrate on key areas to focus on rather than try to run through all the specific options.

First, you need to understand Facebook's basic access groups, which are available as options in most of the privacy settings. I'm giving these in the opposite order from Facebook; the original order (from least private to most private) discourages restricting access.

• Custom: Enables you to restrict information so only you can see it, or to build a list of people who can see your information. This is the most restrictive option, but requires the most effort.
• Friends: Only your Facebook friends. Remember that you probably don't know many of the people you are "friends" with on Facebook very well, so even this setting may reveal more than you want.
• Friends of Friends: All of your friends, plus any of their immediate friends. This is restricted to one degree of separation, although some of you may still find yourself connected to Kevin Bacon.
• Friends and Networks: Both your Facebook friends and anyone else who is in the same networks you're in. Since networks are generally related to institutions like schools, this setting reveals information to a lot of people you don't know.
• Everyone: Open to the entire Internet. This includes all Facebook users, and may include Facebook partners and search engines (although Facebook tends to restrict search engines for competitive reasons).

Currently, all user-manageable privacy settings are located in your Account area under Privacy Settings. These are roughly clumped together based on the different kinds of information and activities supported by Facebook. Although they change over time, the groupings are fairly stable.

[image link] [13]

As we walk through these, keep in mind that my privacy concerns may differ from yours. While much of my life is online and public, there are aspects I prefer to maintain control over. This does limit my ability to use many of the features of a service like Facebook (and most of Google). It's a personal decision you need to make for yourself, and since it's harder to control your privacy than to open it up, this article errs on the side of showing you how best to restrict access to your information.

Profile Information -- This is where you control your basic profile information (interests, birthday, religious views, family and relationship status, education, and so on), who can see and respond to your posts, post on your wall, view photo albums, and more. I tend to restrict all these areas to Friends since I use Facebook only for direct friends and family, but you might choose more liberal settings if you use Facebook as a public service along the lines of Twitter.

Keep in mind that with Facebook's new Connections feature, much of your profile information - employer, education, and so on - is public if you enable those pages. There is no way to keep this information private, so I deleted all of those pages. You manage them in the Connections page I discuss below. To be honest, I probably deleted them out of spite since all of that information is in my corporate bio on my company's Web site.

My main recommendation is to think carefully about which profile information should be public (you might want to keep your religious views private, for example), if your posts should be public, and if you want your photos to be public. These tend to be the areas people are most concerned with.

For example, I'm okay with my friends viewing the few photos I post of my young daughter, but I prefer that they not be viewed by passing strangers. Although I assume that could be possible some day (following my first rule), that awareness doesn't mean I don't make an effort to restrict access now. I also leave my profile photo public to help friends find me, not that many people share my name.

Contact Information -- This section enables you to control how people contact you, and which of your contact information is public. My recommendation here is to avoid even filling out any contact information you want to keep private, such as phone numbers or physical addresses. I use a dedicated email address for Facebook and list my company Web site, but I don't provide any other information. My work and TidBITS email addresses are totally public, but since I largely separate work from Facebook I don't see any reason to link those. This helps me keep my personal and professional communications a little separate, and isn't a privacy concern for me.

Since I want friends from the past to be able to find me, I do allow everyone to send me a message or add me as a friend (Facebook always prompts you to accept friend invitations, so that setting doesn't automatically enable anyone to be your friend without your confirmation).

Friends, Tags, and Connections -- This is a newer area containing profile information that has migrated to Facebook Connections, as well as who can see who you are friends with. It won't surprise you to know that I restrict these to my Friends, and that I deleted all of my Connections pages, since those are always public.

Applications and Websites -- This section controls how applications and partner Web sites interact with your information, and what information your friends can share about you.

The thing to remember is that, at this point, any application you use - and thus authorize - has full access to your entire profile, much of your activity information, and possibly all of your friends' profiles. Facebook has stated they plan to offer more granularity on a per-application basis, but for right now any application has full access or no access.

Think about it. Any time someone asks you to accept a piece of flair, sends you a hug, or asks to play a round of checkers, if you accept, you have just granted the developer of that application access to all of your information and that of your friends. Personally, I do not use any applications beyond the core ones built into Facebook. If you have used applications and want to cut them off to any new data, you can block them via a link inside the What You Share page.

One key area to update is "What your friends can share about you." I've seen reports suggesting that Facebook changed everyone's settings to allow access to everything, although my old settings didn't change. Unless you uncheck all these options, any application or Web site a friend accesses can gain access to your information, including status updates, all your personal information, and even whether or not you are online. Creepy, isn't it?

Facebook has also partnered with a few major Web sites, allowing them to link to your Facebook account when you visit their pages. (Worse, Facebook has shared at least some of your information with these sites already.) This allows both the site and Facebook to access your information across these boundaries and track your activity. You can disable this functionality, which is on by default, in the "Instant Personalization Pilot Program" section.

Search and Block List -- The search section controls who can see your public information in search results on Facebook or authorized search engines. I leave this open, since this is exactly the basic information I want available so old friends can find me.

The Block List allows you to block specific individuals on Facebook from ever seeing any of your information, such as an ex-spouse or that grade school bully who just won't quit.

Privacy is Personal -- In the Information Age, determining what you want others to know about you isn't always a simple decision. Aside from the potential tradeoffs of avoiding particular features or services, we all have different thresholds for what we are comfortable sharing. It's also extremely difficult to control our information even when we do make informed decisions, and often impossible to eradicate information that escaped our control before we realized the rules of the game had changed.

For example, I use both Amazon and Netflix, even though those services also collect personal information like my buying and viewing habits. I am trading my data (and money) for a combination of convenience and personalization. I'm less concerned with these services than Facebook since their privacy practices and policies are clearer, my information is compartmentalized within each service, and they have much more consistent and stable records.

On the other hand I have minimized my usage of Google services due to privacy concerns. Google's reach is incredibly expansive, and despite their addition of Google Dashboard [14] to help show some of what they record, and much clearer policies than Facebook, I'm generally uncomfortable with any single company or government having that much potential information on me. I fully understand this is a somewhat emotional response.

Facebook is building a similar Internet-wide ecosystem as they expand connections to external Web sites and services. In exchange for allowing them access to your information and activities, Facebook enables new kinds of services and personalization. The question each of us must answer is if those new services and personalization options are worth the privacy tradeoff.

Deciding where to draw your own privacy lines is a very personal, complex, and even sometimes arbitrary decision. I trust Amazon and Netflix to a certain extent based on their privacy policies, even though they sometimes make mistakes (I didn't use Amazon for years after a policy change that they later reversed). Yet I've limited my usage of both Google and Facebook due to general concerns (Google) or outright distrust (Facebook).

Facebook, to me, is a tool to keep me connected to friends and family I don't interact with on a daily basis. I restrict what information it has on me, and always assume anything I do on Facebook could be public. I'm willing to trade a little privacy for the convenience of being able to stay connected with an expanded social circle. I manage Facebook privacy by not using it for anything that's actually private.

What Kind of Facebook User Are You? After reading this far, you should have a sense of my general opinions and recommendations. But as I hope has been clear, I don't expect everyone to follow exactly what I do - if nothing else, as someone who works in the security field, I have a large electronic bullseye on my back, so I have to be more careful than most people. In my experience, people tend to fall into a few broad categories that define how they perceive and utilize Facebook, so here are my recommendations for each category:

• Facebook-involved: If you check Facebook multiple times per day, use numerous Facebook apps, and use Facebook for more communication than email, you fall into this category. I suspect you're unlikely to reduce your Facebook usage or tighten privacy options based on privacy concerns, so all I'd recommend is that you think about what you're posting and try to avoid posting messages, photos, and videos that could prove embarrassing or even damaging were they to be exposed to the outside world.
• Facebook-dabbler: Perhaps you just want to read what a few friends are up to and participate in the occasional chat or game, but don't spend much time on Facebook overall. For people in this category, I recommend dedicating a specific Web browser to Facebook, and restricting most privacy settings to friends only. Some information may leak, but as long as you assume posts might become public anyway, the damage should be limited. Using a dedicated browser or application (such as the Facebook [15] iPhone app) will limit Facebook's ability to track you as you visit partner sites.
• Facebook-presence: Many people, me included, use Facebook because we want to have a presence there as a way of remaining connected with other Facebook-using friends, family members, and acquaintances. People in this category mostly tend to lurk on Facebook, reading what others post, although there are some, like TidBITS Publisher Adam Engst, who treat Facebook as a publishing medium, reading little but posting regularly. For people in this category, I recommend avoiding Facebook applications and treating Facebook as an entirely public forum.
• Privacy concerned: If, upon reading this article, you're shocked to learn about Facebook's sketchy privacy record and you can't imagine ever using Facebook again, I recommend deleting your account. Note that this is different from just "deactivating" your account (which is done from the Account > Settings screen). To delete your account, you must, while logged in, visit a special link, and then avoid logging in to check if the deletion worked for 14 days. See the full instructions on wikiHow [16]. Deleting your account removes nearly all of your data, although some remnants (like comments), marked as anonymous, may still linger in your friends accounts.

Could There Be a Facebook Alternative? In a parallel universe, we would be having this conversation about MySpace, not Facebook. The Internet is a fickle, fast-moving place where today's winners can be tomorrow's losers. And nothing says those winners or losers need to be private corporations.

Wired's Ryan Singel has suggested [17] that instead of a single company dominating the social networking space, the tech community could create open protocols that would provide much the same capabilities as Facebook without the privacy concerns. Days later, after being mentioned in the New York Times [18], one potential Facebook alternative - Diaspora - raised over $115,000 [19] to build an open social networking platform, driven by the latest Facebook privacy concerns.

So far, social networking has been the exclusive domain of private organizations like Facebook, Twitter, and MySpace, in large part due to the massive infrastructure required to maintain them. But these systems are all closed silos, often with overlapping functionality, and that fact opens the door for open, standards-based alternatives to glue the services together, or replace them entirely. I don't mean to minimize the challenges, but the deeper Facebook mires itself in self-inflicted controversy, the greater the opportunities for upstarts.

In the end, you need to decide for yourself where you draw your own privacy lines in the sand, but remember any service's privacy policy can change over time. For Facebook, the specifics of each of the privacy areas I describe above may change, but my general recommendations will likely last for years to come.

[1]: http://en.wikipedia.org/wiki/Facebook_Beacon
[2]: http://www.facebook.com/help/?faq=17099
[3]: http://mattmckeon.com/facebook-privacy/
[4]: http://www.facebook.com/policy.php
[5]: http://www.facebook.com/fbsitegovernance
[6]: http://blog.facebook.com/blog.php?post=382978412130
[7]: http://www.wired.com/epicenter/2010/04/report-facebook-ceo-mark-zuckerberg-doesnt-believe-in-privacy/
[8]: http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook
[9]: http://www.mozilla.com/en-US/firefox/personal.html
[10]: http://caminobrowser.org/
[11]: http://www.omnigroup.com/products/omniweb/
[12]: http://fluidapp.com/
[13]: http://db.tidbits.com/resources/2010-05/Facebook-Privacy-Settings1.png
[14]: https://www.google.com/dashboard/
[15]: http://click.linksynergy.com/deeplink?id=ExkrLhhvFQQ&mid=13508&murl=http%3A%2F%2Fitunes%2Eapple%2Ecom%2Fus%2Fapp%2Ffacebook%2Fid284882215%3Fmt%3D8
[16]: http://www.wikihow.com/Permanently-Delete-a-Facebook-Account
[17]: http://www.wired.com/epicenter/2010/05/facebook-rogue/
[18]: http://www.nytimes.com/2010/05/12/nyregion/12about.html
[19]: http://www.wired.com/epicenter/2010/05/facebook-open-alternative

Permanent article URL: http://db.tidbits.com/article/11282
This is a specially formatted version of this TidBITS article that removes colors, and optionally removes images; it's designed to minimize the use of ink and paper.
Unless otherwise noted, this article is copyright © 2010 TidBITS Publishing, Inc.. TidBITS is copyright © 2008 TidBITS Publishing Inc. Reuse governed by this Creative Commons License: http://www.tidbits.com/terms/.