Privacy in social networking sites is a hot topic these days but it is my opinion that it is only among privacy professionals and a section of general public. Even though there has been a spurt in people looking for "how to delete Facebook account" in Google, most of the social networking users love the way it is setup, its ability to connect to people, the ability to share, and the sheer amount of access it provides. Needless to say that such users are putting themselves at risk by doing so but privacy by definition does not exist if the users does not seek it. A recent study by consumer reports found that about 40% users posted their date of birth on social networking sites. The study also found that the user base almost doubled from 2009. This is one of the major reasons why it is also popular with criminals, where they indulge in a variety of nefarious activities including identity theft, marketing illegal products, spreading malware, stealing credentials, etc.
While all these are going on, what are the providers of such social networking sites doing? They are most definitely coming up with new ways to setup privacy controls but sites like Facebook are bringing changes far too often, creating far too many options (Facebook has over 50 settings) confusing the users and making them not use it at all. While it is important for people to understand the privacy issues so that they can make informed choices, it is also the responsibility of the providers to help users make these choices.
There has been an increased concern on privacy primarily due to increasing privacy related incidents. The increased concern has also been due to the media coverage it is getting, the latest being the WSJ article. New York Times also got involved and had Elliot Schrage, vice president for public policy at Facebook answer some of the user's concerns regarding Facebook's privacy settings, complete coverage is available here. Time magazine also had coverage on this topic, check here.
As far as Facebook is concerned, there have been many changes to the privacy settings over the years. For example, in the beginning, user's personal information was visible only to their friends and their network, which is not the case now (with the default settings). Rather than spending time on what changed over the years, I recommend readers to head over to Matt's site, where he has a visual depiction of changes over the years, great stuff.
The recent change that further complicated the privacy settings involved their decision to partner with Microsoft Docs and Yelp and share any publicly available information with those partners. If you don't want to do this, you have to manually opt-out of this feature for each individual partners. The data shared with these partners include name, picture, friends list, city, gender, and fan pages. We are not yet sure what these companies will do with this data but they are definitely getting more data than a typical advertising companies get when users click on an ad.
In Facebook, if you want to put the privacy setting back, there are some easy methods available.
- A personal firewall vendor, Untangle announced the availability of a new bookmark utility to enable Facebook users to restore their privacy settings. Called SaveFace, it puts back the privacy settings to "friends only", it available from their site http://www3.untangle.com/
- Brian Kerbs announced in his blog yesterday, the availability of a new tool from Reclaimprivacy.org. This open source tool can help Facebook users very quickly determine what type of information they are sharing with the rest of the world.
More than privacy settings, I strongly believe that user education is equally important, especially educating kids on various privacy issues. Users should be aware of newer threats affecting social networking sites and act responsibly that will not endanger their own privacy and the privacy of the organization they represent.
We now have a recommended settings option and users need to click one button (“Everyone,” “Friends of Friends” or “Friends Only”) to restrict or open all their information to those groups.
EFF has a detailed instruction on the new settings.