Network News

X My Profile
View More Activity

Check your Facebook 'privacy' settings now

If you use Facebook and care about your privacy, take a moment to read this blog entry. Facebook has made some major changes that may allow a great deal more people to see your personal photos and videos, date of birth, family relationships, and other sensitive information.

While logged in to Facebook, click the "Settings" link and you should see a box that looks like the one pictured below. You may see that Facebook has reset your privacy settings, so that the everyone can now see the information on your "About Me" page, as well as your "Family and Relationships" data; "Work and Education"; and most importantly "Posts I Create," which includes status updates, links, photos, videos and notes. Below is a screen shot of what my privacy settings looked like when I recently logged in.

facebookprivacy.JPG

The new privacy settings instituted across the Facebook network may also expose your birthday, religious and political views, and "photos and videos of me" to your "Friends of friends," meaning that any one of your friend's friends can now view this information.

This "Friends of friends" setting may be perhaps the most important, as it has the potential to dramatically expand the number of people who now have access to this data.

If you do not wish to accept these new privacy settings, change all or some of the relevant radio buttons to the "Old Settings" selection, and then click the "Save Settings" button at the bottom of the page.

The changes may have even caught Facebook.com Chief Executive Mark Zuckerberg by surprise: Valleywag features a story Friday noting that the new privacy settings exposed a cache of more than 290 photos of Zuckerberg that were uploaded by people who had tagged him in their pictures but that were previously hidden (the photos don't appear to be accessible at the moment).

Sophos' Graham Cluley has published a short video explaining in a bit more detail what these privacy changes mean. For example, Cluley examines Facebook's privacy policy, and finds a rather interesting explanation of what Facebook means when it says "everyone". For example (my emphasis added in the direct quote from the privacy policy, below:

"Information set to 'everyone' is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations."

"The default privacy setting for certain types of information you post on Facebook is set to 'everyone.' You can review and change the default settings in your privacy settings. If you delete 'everyone' content that you posted on Facebook, we will remove it from your Facebook profile, but have no control over its use outside of Facebook."

Judging from the user comments posted to the Facebook Site Governance page, these changes have not been well received by the Facebook community overall.

Update, 1:54 p.m. ET: Added link to Sophos video and additional information about Facebook's privacy policy.

By Brian Krebs  |  December 11, 2009; 1:30 PM ET
Categories:  Latest Warnings , Safety Tips  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Paper-based data breaches on the rise
Next: Hackers target unpatched Adobe Reader, Acrobat flaw

Comments

this policy in essenses turns Facebook into the MySpace of 3 yrs ago. The only difference is now everything on the site is being indexed by search engines.

Knowing the guys at Facebook, Im sure the security sreamed and yelled to make the new defualt "friends only" but that got overruled by someone with no understanding of the implications.

Lets leave identity theft out of this and focus on the child predator issue of the past few years. All of my kids images on my Facebook page have just been opened to the world because of this new default. My wife was amazed last night to see not only her pictures but all of mine and other familes as well showing up on her profile because of this new policy.

Facebook- Listen to security guys next time.

Posted by: Hilbert | December 11, 2009 2:27 PM | Report abuse

Hmm, Brian, when I click on settings, it doesn't look like that at all.

Posted by: rlalumiere | December 11, 2009 6:43 PM | Report abuse

This is the risk of dealing with arrogant 20-somethings who think a few extra dollars in their pocket trumps everything else in this world.

Posted by: naud | December 11, 2009 7:11 PM | Report abuse


Well, I never bothered to sign up for Facebook or Myspace, so this is one less thing that I need to worry about I guess..

Posted by: jackrussell252521 | December 11, 2009 7:22 PM | Report abuse

@rlalumiere -- it appears that Facebook is taking a guess at what privacy settings you would like. They obviously guessed completely wrong for me, because they suggested that all of the radio buttons be on the left in every category.

Posted by: BTKrebs | December 11, 2009 8:40 PM | Report abuse

I don't do Facebook (thank goodness) but I can report that one of my daughter's college friends has already been approached by a male stranger because of this. This sets a new record in the Pantheon of corporate irresponsibility.

Posted by: chernobill | December 12, 2009 8:11 PM | Report abuse

My privacy settings for my profile were all saved and carried over. I had them all set to custom settings. I wonder if that made a difference?

Posted by: jamesmac1 | December 12, 2009 10:32 PM | Report abuse

I knew this would happen somewhere -- it was just a matter of time.

In Chitose, Japan at Kuma Station, our entire intercept facility one evening tuned into a 'very private' overseas telephone conversation between a GI in Vietnam & his stateside girlfriend, who had called him because she was pregnant, but NO ONE KNEW ---- RIGHT.

Tiger Woods learned about expecting privacy in public the hard way.

Restrict what you share. It was, after all, Judas who betrayed Christ.

Posted by: brucerealtor@gmail.com | December 14, 2009 12:38 AM | Report abuse

http://yro.slashdot.org/story/09/12/13/2028219/Facebook-Founders-Pictures-Go-Public?art_pos=9

"In a not-uncommon development for the social-networking leader, Facebook's recently released privacy controls are leaving the company a bit red-faced. As a result of a new policy that by default makes users' profiles, photos, and friends lists available on the Web, almost 300 personal photos of founder Mark Zuckerberg became publicly available, a development that had gossip sites like Gawker yukking it up."

Posted by: jackrussell252521 | December 14, 2009 8:45 AM | Report abuse

This all would have seemed less sleazy if the dialog box identified what the "old settings" were, so the user would know if things were getting more or less restrictive. As it is, the user is being asked to make a very important set of decisions with no data--never a good thing.

Posted by: SecurityLuddite | December 14, 2009 9:49 AM | Report abuse

"The changes may have even caught Facebook.com Chief Executive Mark Zuckerberg by surprise: Valleywag features a story Friday noting that the new privacy settings exposed a cache of more than 290 photos of Zuckerberg that were uploaded by people who had tagged him in their pictures but that were previously hidden (the photos don't appear to be accessible at the moment)."

If there is one thing that may help change this situation, it's if one of the company's executives (?) gets hit in the face with a bunch of potentially embarrassing photos out in the public domain.

If that happened, my bet is that the privacy changes will be quickly undone.

Never used Facebook or Myspace, never will.

Posted by: blasher | December 14, 2009 10:53 AM | Report abuse

Just another reason to avoid using this silly site. I do not have an account there and never will so this problem is a moot point for me. Facebook & Twitter serve no purpose. What ever happened to writing a letter or making a phone call? Everything is to impersonal now.

Posted by: mmcgrane | December 14, 2009 11:03 AM | Report abuse

Brian,
Apparently, Facebook has not been forth coming in terms of instructing Facebook users on how to disable search engines' access to your profile. After changing all of my Privacy Settings like the example above, yesterday a friend sends me a message via Facebook with the "real" instructions. This is how you disable the indexing capability of Google: to disable the Google Search. Go to Settings, Privacy Settings, Search, then unclick "Allow Indexing"

Posted by: Kaynice | December 15, 2009 9:43 AM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company