Facebook strikes another blow against privacy

Privacy please from Heather's Flickr photostream

I know it may be hard to believe, but somehow Facebook has found another way to make your information public and make it even more difficult for you to protect yourself. I am a bit late in picking up this story, but I just arrived back from a 3-week journey that wound up last week at InfoSec Europe.

In my previous post on Facebook, I compared some of their policies to those of other social media players. I’m not the only one taking notice; German Consumer Protection Minister Ilse Aigner threatened to leave Facebook in early April.

After thousands of people and 95% of users in a Sophos survey objected to the proposed changes from the Facebook open governance group, Facebook has implemented the changes anyway.

What is the result of Facebook’s new privacy policy? To begin with, Facebook has decided to opt all users into their new data sharing agreement by default. When you use Microsoft Docs, Yelp, or Pandora, Facebook will share any publicly available information with the website without prompting. This includes your name, profile picture, friends list, city, gender and fan pages. Additionally, after the transition tool is completed, your profile will also default to publicly sharing your city, hometown, education, likes and interests.

This is not unusual behavior for Facebook, but to add to the complexity of trying to control your Facebook data, they also require you to individually block each partner through their application pages on Facebook. This means that, even if you take all the necessary steps today to disable Instant Personalization, you must keep an eye out for future Facebook partnerships and also block those applications as they are added.

The reason you must take steps in addition to turning off Instant Personalization is that your friends also have access to your information. If they do not disable this new option your data may inadvertently be shared through their choices if you have not blocked the specific application associated with that website.

Sound confusing? Protecting information you share online is difficult and Facebook is making it particularly difficult. This latest move seems to ensure the high adoption rates they need for successful partnerships. It reminds me a bit of Google’s botched attempt at the initial release of Google Buzz. The difference is that Google listened to the public outrage…

What should you do if you are still a Facebook user? If you are concerned with controlling your information you should start by following our advice on securing your Facebook profile. We will be updating this page soon with additional information, but fortunately the Electronic Frontier Foundation has posted a YouTube video detailing the steps necessary to control access to your information from third-party websites.

It is important to remember that privacy and security go hand in hand. The best way to keep your information to yourself is not to post it on the Internet at all. If you or your users choose to post information online it should always be assumed that this information is or will become public. Facebook may serve a different niche than LinkedIn or Twitter, but the assumption should remain the same. If it is online, it is available to everyone.

Creative Commons image courtesy of Heather’s Flickr photostream.

Note: I mistyped the link to the EFF. Please find them at http://www.eff.org.