Facebook privacy bathroom settings joke reveals a serious security message

Filed Under: Facebook, Privacy, Social networks, Spam

There's a joke chain letter spreading between Facebook users right now.

Facebook post shared publicly

Here's what it says:

NEW PRIVACY ISSUE WITH FACEBOOK. As of tomorrow, Facebook will creep into your bathroom when you're in the shower, smack your bottom, and then steal your clothes and towel. To change this option, go to Privacy Settings > Personal Settings > Bathroom Settings > Smacking and Stealing Settings, and uncheck the Shenanigans box. Facebook kept this one quiet. Copy and Paste on your status to alert the unaware.

It may not be rip-roaringly side-splittingly hilarious, but I guess it's kind of amusing - and it mimics many of the genuine warnings that Facebook users have shared between themselves (and some hoaxes!) in the past.

But there's a serious side to this chain letter.

Because ask yourself this - how was I able to get the above screenshot? None of my Facebook friends have posted the joke as a status message. I was able to visit a complete stranger's wall to grab it.

And that's because she had shared the post publicly.

Facebook post shared publicly

See the small globe icon? That means you're sharing the post with the world - not just with your Facebook friends.

Maybe it doesn't matter that this woman has shared this particular post publicly, but a quick perusal discovers that her whole profile is pretty much wide open to the world.

For instance, I know that this woman strained herself at the swimming pool on Sunday, and had been depressed the day before, but she and her young son Josh enjoyed a recent trip to Legoland.

I'm also able to retrieve a list of all 185 of her Facebook friends, view hundreds of photographs, find out who she works for, where she went to university, and the full names of all four of her children.

So, yes, the joke is kind of amusing. But it turns out that the joke is actually not just on the poor woman I've singled out, but also a lot of the other people who spread the joke - as many of them do need to look again at their privacy settings and ensure that they are not sharing too much information with the entire internet.

Every time you post something on Facebook, you should check who you are actually sharing it with - and whether that's appropriate.

Facebook privacy inline control

Furthermore, you should have privacy settings configured appropriately for your personal information and your photo albums.

If you're a Facebook user and want to keep up on the latest threats and security news I would recommend you join the Sophos Facebook page - where more than 100,000 people regularly discuss the latest issues.

Hat-tip: Thanks to Naked Security reader Mark for first letting us know about this chain letter.

, , , , , , ,

You might like

10 Responses to Facebook privacy bathroom settings joke reveals a serious security message

  1. Big Al · 5254 days ago

    Just another in the long list of reasons NOT to use FB, MySpace, or any other social networking sites. If I wanted to broadcast my life to the world, well, I'd be a loser.

    I do use twitter, but only for news feeds. I never post tweets, and there is no info of mine on there.

    The world turned, and life went on, for millenia without everybody needing to be connected to everybody else. I'm fine with remaining "unplugged."

  2. raj · 955 days ago

    a joke no longer!

  3. Michael · 955 days ago

    People should get used to the idea nothing's private on those social networks. Yes, there are 'privacy settings', but everything's still being traded and replicated between an unknown number of marketing firms. FaceBook's security is rather dodgy anyway, which is inevitable given the amount of data it stores, the fact it's been scaled up so quickly, and God only knows what else is accessing the profiles. Add to that the way FaceBook makes things public by default every time changes are made, and that's become a regular occurence.
    The idea/illusion of 'privacy' on FaceBook is very misleading.

  4. Ash · 955 days ago

    When I came to the Sophos open day I can remember you mentioning something similar to this.

    I have since locked down my profile. Facebook just doesn't make it clear to you what security is what. There are no defaults when posting.

  5. Machin Shin · 955 days ago

    The sad part is I can almost see the facebook team sitting around mad that they did not actually come up with and implement this idea first. Now they will have to scramble there engineers to come up with something to top this. They can have anyone coming up with more outlandish ideas than them!

  6. Guest · 947 days ago

    Like so many other tools, "just make it work" is the developers battlecry.

    Oh, we'll add some security crap later. Later never comes.

    Just like, TCP/IP stacks, WIndows O/S, SCADA, etc, etc.

  7. Hue Hall · 862 days ago

    It's not too late: There's a "Limit Past Posts" options in the privacy settings that will reduce all your public posts back to only your friends. Not saying that's the end all be all... but it's a start in trying to "clean up."

  8. Grizz · 839 days ago

    Here's a crazy idea. Don't upload data that you don't want to share with everyone.

    Facebook is going to use whatever information you share with them, they will share it with the government whenever asked, and they will share it with other companies (and the public) whenever possible/legal. A surveillance partnership between You, Facebook, the US Government, and Wall Street/Madison Ave. Same thing with Google, Yahoo, and the like.

    Do we really think that corporations are interested in privacy and freedom? Corporations are not people (despite what governor Romney may say), they don't have empathy, their sole function and moral compass point is to make money. Hell, even Zuck has to do what the money tells him to do now, it will be even moreso after the IPO.

    Is it strange that we go to a website that was built to share information with the public and freak out because it invades our privacy ?

    Those people that you are trying to impress on Facebook aren't really your friends anyway (lol). If you really gotta share party pictures use email instead.

  9. Never U Mind · 839 days ago

    Or... you could just stop being so totally paranoid. Who cares if the "whole world" knows you strained a muscle or your kid took a trip? I'm so tired of the tinfoil hatters, honestly. If you're that worried, just don't use social networking sites!

    • Tony · 644 days ago

      The thought that people are being tinfoil hat paranoid about FB should be the other way around in that they are not paranoid enough? When your FB page displays your image, your name, where you live, work and play, children's names, ages and schools it would probably be safer to be slightly paranoid.

      Everyone should have learned by now that a private FB page is a fantasy. It used to be that crazy people wore tinfoil hats to minimize their vulnerability to mind reading Z rays, nowadays the people who believe the FB information they share is private are the vulnerable ones who should be wearing tinfoil hats.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Graham Cluley is an award-winning security blogger, and veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.