Facebook revamps privacy settings - but misses opportunity to do so much more

Filed Under: Data loss, Facebook, Featured, Privacy, Social networks

Facebook privacy settingFacebook has announced that it is rolling out what appears to be a major redesign of its privacy settings.

Although they make privacy settings easier to access, and may encourage users to be more careful with how they share information online, it feels as if Facebook may be reacting more to Google+ rather than making a fundamental shift in its attitude to users' privacy.

In a blog post published today, Facebook VP of Product at Facebook Chris Cox announced what he described as "a bunch of improvements that make it easier to share posts, photos, tags and other content with exactly the people you want."

Redesigned privacy controls

The changes will begin to roll out to Facebook users in the coming days, but here's a summary of what's new:

* Inline controls - Previously the privacy settings for your Facebook content were buried away in a labyrinth of different pages. In the future, each post will have a privacy control alongside it, making it more obvious who you are sharing information with.

Facebook privacy inline control

This is a little like how Google+ operates, with users being able to choose at the time of post exactly which individuals or groups of friends (known as "circles") they wish to share information with.

(Update: Thanks to the commenters below who pointed out that Facebook has actually had this functionality for sometime, albeit presented in a less visual fashion. What appears to be new is that you can now change a status entry's privacy setting after it has been published).

* Inline profile controls - Previously if you wanted to choose who could see your phone number, your school, your date of birth, your photo albums and other personal information on your Facebook profile you had to navigate Facebook's maze of privacy setting pages.

Now, content on your profile will be accompanied by a privacy control, making it simpler to see who you are sharing the information with and making it easy to change with one click.

Facebook inline profile controls

* Profile tag review - In the past, if someone tagged you in an embarrassing photograph (remember you were drunk at the company BBQ?) it would show up instantly on your profile. You will now be able to approve or reject any photo or post you are tagged in before it is visible on your profile.

Facebook photo tag approval

Note, that doesn't mean that people can't tag you in a photograph without your approval - it sounds like they still can, it's just that it won't then be visible on your profile without your permission.

Photo-tagging is, in the feedback Naked Security has received from Facebook users, one of the most unpopular elements of the site. It's our belief that many Facebook users would like the ability to block anyone from tagging them in photographs without their express permission, rather than simply blocking the photo from appearing on their profile.

Instead, you'll probably find yourself continuing to request that people untag you from photographs, and kindly learn not to do it anymore in future.

Remove tag

* Content tag review - In the past, anyone who had permission to see your photos or posts could add tags to them. You will now be able to choose whether you want to approve or reject any tag someone tries to add to your photos and posts.

* View profile as.. - You've always had the ability to see what your profile looks like from a different user's perspective, but now Facebook will be making the facility much easier to access.

View profile as..

Google+ offers similar functionality for its social networking users.

* "Everyone" becomes "Public" - A terminology change by Facebook. In the past, users may not have been aware that if they chose to share information with "everyone" that actually meant "everyone, everywhere on the internet, forever".

Is "Public" an improvement? Probably, but I suspect many folks still won't realise its true implications.

Because even if you change your mind, it's too late - and although Facebook say they will remove information from your profile if you choose to zap it, you and they have no control about how it is used outside of Facebook.

In fairness, Google+ uses the same terminology.


A step in the right direction, with possible inspiration from Google+


So, there's lots of good stuff here. It sounds like Facebook has made efforts to simplify the way its privacy settings work, and make it more obvious to its users how their information is being shared.

Although they've denied it, there can't be any doubt that the launch of Google+ may have influenced some of the design decisions here. Amusingly, some Google+ users are already having fun commenting on the similar look.

Google+ users comment on Facebook privacy settings

We'll have to wait until the controls are live on Facebook users' accounts before we can give them a gold star, but from the sound of things Facebook deserves some credit for the revamp.

However, Facebook doesn't seem to have really addressed the more fundamental privacy issues on the site.

What's missing?


Four months ago, Naked Security published its open letter to Facebook about safety and privacy, calling it - amongst other things - to adopt "privacy by default".

By that we meant that Facebook should no longer share any more information without its users' express agreement (OPT-IN).

Facebook and padlockFacebook, unfortunately, has time and time again eroded privacy introducing new features which share additional information about their users, assuming they want the features turned on.

In other words, the onus has been on users to keep a close eye on what Facebook is up to, and OPT-OUT when the firm introduces something they may not want to happen to their personal information.

Although I'm pleased to see what appears to be Facebook simplifying its privacy settings, and making them more visible, it has missed an opportunity to lead the way on privacy.

Facebook should become truly opt-in. Not just on the basis that a new user opts in altogether by joining Facebook in the first place, but on the basis that everything is locked down until a new user opens up each feature.

Facebook should not wait until the regulators in the world's developed economies start legislating to make it do a better job. If they took the lead, people would love them all the more in the end.

Make sure that you stay informed about security and privacy issues on Facebook by joining the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest news.

, , , , ,

You might like

16 Responses to Facebook revamps privacy settings - but misses opportunity to do so much more

  1. VforVendetta · 974 days ago

    More proof that facebook sell user information by not applying a opt out option.

  2. Collectonian · 974 days ago

    "Going forward, each post will have a privacy control alongside it" - Facebook has had this for at least a year, if not two. The only difference I can see is that it now has text beside it instead of just the icon, and some new icons on the left side.

    • I believe another difference is that you should now be able to return to an old post and change its privacy settings.

      We'll probably have to wait until the roll-out to see exactly how that works.

  3. spike · 974 days ago

    So they sell user info. All you have to do is lie about everything and you're good to go (as well as stickin' it to The Man.)

    • Richard · 973 days ago

      Except that they then ban you for providing false information, and demand a copy of your passport or driver's licence before you can reactivate your account.

      Also, doesn't lying kind of defeat the purpose of a social networking site?

  4. cassandratoday · 974 days ago

    I also wonder if they'll add photo-level privacy, rather than the current album privacy.

    Speaking of opt-in, it would be nice if FB didn't create a world-wide public URL for every photo by default. If you want one that allows access from outside FB, you should have to ask for it explicitly.

  5. Guest · 974 days ago

    I have been very disturbed at previous status updates ( from up to 2 years ago) and all comments relating to it have started showing up on the right hand side of the page for anyone on my friend list to view. I don't appear to have any control over who views these and I had no idea that Facebook was going to introduce this..

  6. James · 974 days ago

    The easy solution is to just QUIT FACEBOOK. Yes believe it or not a whole Internet exists with all the tools you need to not need Facebook. Apparently people are willing to endure anything to be noticed so if they want to be Facebook's toy fine.

  7. Would like to see Facebook allow people to edit their posts after it's published (a'la Google+).

  8. Alex · 974 days ago

    +1

  9. Isn't "view as" an existing option? Problem is that if they "dumb it down," it could result in the removal of advanced privacy options. For example, I have several groups and customize each aspect of my profile to tell if they can view my profile or not.

    For example, I have a "groups" group where I place all the groups that I join and my "restricted" group where I place "friends" that I have met on the net and don't know personally. These two groups are in complete lockdown and can't see my profile such as my email, telephone number, and photos I've been tagged in.

  10. On the other hand, I have a "friends" group which can see a moderate amount of my profile, such as photos I've been tagged in and my "Facebook"/spam email.

    On the other hand, every body can see my post sharing this Naked security blog (Using dlvr.it) as well as my personal blog (no personal info).

    Also, some of my facebook comments can be seen by all (like reminders to update PC, etc) while my regular Facebook comments can only be seen by my "friends" group and not the "restricted" or "group" group.

    Sounds complicated huh! :P

  11. Has anyone else noticed that these changes are quite similar to the way Google+ operates

  12. Eric · 973 days ago

    Facebook is still not listening and while some of these changes bring encouragement to the security community Facebook still needs to do a lot more. What about location based tracking? Well, Places gets dropped, but still the location feature is still there?

    I still think in my opinion Facebook should've done a lot more.

  13. Donald · 956 days ago

    Just found out from a friend that when she posted a status message before, there were “Like”, “Comment”, and “Share” links underneath. Now the “Share” link is missing no matter how she played around with settings. I just went through my newsfeed, I do find that "Share" is also missing from some others, not just hers. Hope someone has an explanation for this.

  14. Nigel · 951 days ago

    I previously deactivated my Facebook account because of their unacceptable privacy policies. Then they made some significant improvements, so I reactivated my account.

    The problem is that they keep coming up with an interminable string of new "features" that continually erode one's privacy. For that reason, it's not possible to do a "set it and forget it" configuration that ensures your privacy (...er, I mean, RELATIVE privacy...within the inherently UNprivate world of Facebook).

    I finally had my gutful of it, and deactivated my account again a few weeks ago. This time, I won't reactivate it unless Facebook changes to a 100% opt-in policy...and I told them so. Nevertheless, I suspect that the probability of that happening is pretty close to zero.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.