Does Facebook privacy stand up to rivals?

Filed Under: Facebook, Privacy, Social networks

Privacy being erased

At the end of March, Facebook announced some proposed privacy policy changes in compliance with their open governance policy. The same week, I logged into LinkedIn to discover they had also recently updated their privacy policy. I thought this might be a good opportunity to compare Facebook's attitude towards privacy with some of their social networking rivals.

First, I would like to compliment both LinkedIn and Facebook. Both have dramatically improved the readability and clarity of their descriptions of what you are sharing and with whom. Several times, LinkedIn summarizes their changes as "We changed this section to eliminate legalese and clarify the existing language." Facebook doesn't say so explicitly, but the end result is that their policy is also clearer and more readable.

Facebook's new policy may be up for discussion, and may be more straightforward than before, but I would like to draw your attention to several important items.

  1. "Name and Profile Picture. Facebook is designed to make it easy for you to find and connect with others. For this reason, your name and profile picture do not have privacy settings. If you are uncomfortable with sharing your profile picture, you should delete it (or not add one). You can also control who can find you when searching on Facebook or on public search engines using your search settings."

    Comment:While this is upfront and gives good advice, this is where the problem starts. Facebook provides a lot of data to third parties and your name and profile picture are just the beginning.

  2. "Connections. Facebook enables you to connect with virtually anyone or anything you want, from your friends and family to the city you live in to the restaurants you like to visit to the bands and movies you love. Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection."

    Comment:Another important clarification. Just because information like your friends and the pages you have connected with (previously "Become a fan") can be removed from your profile doesn't mean it's private. It's simply not visible on your profile. Friends and groups who share this information will still display it publicly.

  3. "Pre"Approved Third"Party Websites and Applications. In order to provide you with useful social experiences off of Facebook, we occasionally need to provide General Information about you to pre"approved third party websites and applications that use Platform at the time you visit them (if you are still logged in to Facebook). Similarly, when one of your friends visits a pre"approved website, it will receive General Information about you so you and your friend can be connected on that website as well (if you also have an account with that website). In these cases we require these websites and applications to go through an approval process, and to enter into separate agreements designed to protect your privacy. For example, these agreements include provisions relating to the access and deletion of your General Information, along with your ability to opt"out of the experience being offered. You can also remove any pre"approved website or application you have visited here, or block all pre-approved websites and applications from getting your General Information when you visit them here. In addition, if you log out of Facebook before visiting a pre"approved application or website, it will not be able to access your information. You can see a complete list of pre"approved websites on our About Platform page."

    Comment:While that passage may be long, it is the most controversial piece of Facebook's proposed privacy changes. The way I read this, Facebook reserves the right to share some of your details with third parties without gaining explicit consent. You must choose specifically to opt out of sharing from among the myriad of settings they provide, many of which are already ambiguous.

    Most users assume that if they choose to make something private, or, more appropriately, not public, that only their friends can view this data. If you sift through the policy it becomes clear that in fact anything you share with friends can still be public if your friends choose to publish it. Navigating this maze of setting details is difficult.

LinkedIn and Google have different approaches to their privacy. LinkedIn has a clear and understandable policy regarding privacy. When they recently updated their policy, users of the service were notified upon login and LinkedIn provided a clear statement of their changes. While not perfect, LinkedIn has a simple-to-use, centrally located interface with clear choices for controlling your information.

While it may not be fair to compare Google's offering with the others considering their stock price and large bankroll, they have responded well to the intense criticism of the launch of Google Buzz. Today I stumbled across a video explaining safe usage of Buzz for teenagers.

Facebook, I urge you to respect users' privacy by allowing them to clearly choose how their information is used. You might wish to tear a page from Google's book and create informative videos and content to ensure your customers will continue to trust you with their most intimate secrets.

Creative Commons image courtesy of Alan Cleaver's Flickr photostream

, , , ,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Chester Wisniewski is a Senior Security Advisor at Sophos Canada. He provides advice and insight into the latest threats for security and IT professionals with the goal of providing clear guidance on complex topics. You can follow Chester on Twitter as @chetwisniewski, on App.net as Chester, Chester Wisniewski on Google Plus or send him an email at chesterw@sophos.com.