Chapter 13. Playing It Safe: Facebook Privacy
Social networking sites like Facebook depend on millions of people voluntarily divulging accurate personal information. But in a world where identity theft is a growing concern and spammers can’t wait to get their hands on your email address, how do you take advantage of what Facebook has to offer while minimizing risks to your personal info? This chapter explains Facebook’s privacy issues, and then gives you strategies for staying safe—from up-front planning to adjusting Facebook’s privacy settings to after-the-fact damage control.
Privacy and Facebook: An Overview
If you’re connected to the Internet, privacy is a concern. Surf the Web—privacy risk. Use email—privacy risk. The sad truth is that there are a lot of bad guys out there, and your personal info is worth a lot of money to some of them. Even virus protection and firewalls can’t always keep bad things from happening to you. And while Facebook promises to do all it can to protect the personal data you add to your profile, mistakes happen. In fact, Facebook’s privacy policy clearly states that anything you disclose on the site “may become publicly available,” and that all members agree to use the site “at their own risk.” Gulp.
Note
To read Facebook’s privacy policy, head to the bottom of any Facebook screen and click the Privacy link.
The trick is to balance the benefits you get from using Facebook (and the Internet in general) with the risk of losing control of your private information.
Note
If you’re like most people, your personal information is already stored in lots of databases (your bank’s, your favorite magazine’s, and so on). But what’s unique about Facebook’s cache of personal data is that it includes intimate details (like your views on politics, religion, and relationships), and that it’s tied to a picture of you (your profile picture—Adding Pictures of Yourself). This combination of identifying details with a visual image is one of the things that makes Facebook so interesting and compelling—but also so potentially dangerous. Theoretically, someone could find out what town you live in and where you plan to be next Tuesday at 8:00 p.m. (a book club meeting you RSVP’d to on Facebook, for example). Armed with your picture, that someone could show up at your book club and try to convince you he’s your long-lost cousin Al who’s down on his luck and needs a couple thousand to tide him over.
Privacy Threats
Some of the privacy threats associated with Facebook are the same that many online companies face, such as recent reports that the Facebook source code (the raw programming that powers the site) was leaked onto the Internet, potentially giving hackers access to Facebook members’ personal information. And, of course, any info you send via the Internet is vulnerable to interception. But there are other Facebook-specific threats, too:
Third-party application developers and other Facebook partners. Before you can use a Facebook application, you have to grant the person or company who created the application access to your personal data (see Applications and Privacy). Once you grant that access, control of your personal info is out of Facebook’s hands: If the application’s creator misuses your information, the beef is between you and them. Likewise, Facebook’s privacy policy lets the site share your personal details with companies who advertise or sell products on Facebook, and it’s up to those firms to keep your data safe.
People you didn’t think had access to your profile. If you think only people who live in your city, attended your alma mater, or work at your company can view your profile, you’re wrong. Hiring managers, parents, teachers, police officers, and other folks who are determined to view your Facebook profile can find a way to do so—either by asking a co-worker or friend who happens to be a member of your Facebook network to look up your information, or (in the case of cops) by getting a court order.
Anybody using a search engine. Depending on the privacy levels you set in Facebook, anybody can search your profile information using a garden-variety search engine such as Yahoo.com, even if the person’s not a Facebook member.
Note
Because many of Facebook’s privacy levels are opt out (meaning Facebook assumes you want the whole world to see your personal info until you tell it differently), your information is at risk until you adjust your settings as shown in this chapter.
Strategies for Keeping Your Info Private
So that’s the bad news. The good news is that just three simple strategies give you quite a bit of control when it comes to keeping your private data safe:
Don’t put sensitive info on Facebook. You get to choose what kind of information you share with the site, and how much. Data thieves can’t steal your Social Security number, for example, if you don’t make it available.
Customize your privacy settings. Much as keeping your front door locked dramatically reduces the chance of being robbed, customizing your privacy settings minimizes—but does not eliminate—the chance of your Facebook data falling into the wrong hands. Starting in Adjusting Your Privacy Settings, this chapter shows you which settings can help protect your privacy.
If the worst happens, fight back. If a spurned lover tracks you down on Facebook and starts harassing you, you can shut her down by blocking her access to your Facebook profile (Fighting Back) or reporting her to Facebook (Reporting Violations).
Deciding How Much to Share
How confessional you want to be when you create your Facebook profile is entirely up to you. But here are a few things to consider:
Give Facebook only enough info to get what you want out of the site. If you’re looking to connect with other early music fans, for example, limit your profile info to medieval subjects. If you plan to use Facebook to find parenting tips, don’t feel you have to share your academic and work backgrounds.
Consider keeping your public and private identities separate. If you’re planning to use Facebook primarily for networking, think twice about posting pictures of your wild weekend in Jamaica. You don’t have to forego mentions of your personal life completely, but you should limit your personal info to the kind of thing you’d feel comfortable tacking up on your cubicle wall.
Think about creating an email address just for Facebook. Companies such as Google and Yahoo let you create a free Web-based email address you can use to sign up for Facebook. Using an email address dedicated to Facebook protects your “real” work or home email address from accidental or deliberate theft (think: spammers).
If it’s sensitive and optional, leave it out. Random people viewing your profile don’t need to know your home address or phone number. If you meet people on Facebook and want to share this information with them, you can always do so in a more private way (such as a Facebook message—Sending Messages).
When in doubt, do the “mom or boss” check. If you’d be comfortable telling your mom or your boss something, go ahead and post it on your profile. Otherwise, skip it.
Note
Facebook doesn’t care how much info you put in your profile, but it does demand that what you share is accurate and truthful. Creating a “Fakebook”—an account with a bogus name and made-up profile details—can get you banned from the site.
Controlling Access to Your Account
While you need to be wary of people getting access to your account info online, don’t forget to take precautions in the real world, too: Make sure no one can log in to Facebook as you. You already know not to share your password with anyone, but there are a couple other steps you should take to protect your account. To prevent co-workers, fellow students, or family members from using your computer to access your Facebook account (either by accident or design), follow these steps:
Log in the smart way. After you type your email address and Facebook password into the login page (www.facebook.com/login.php), make sure the “Remember me” checkbox is turned off before you click the Login button.
Note
Turning on the “Remember me” checkbox tells Facebook to keep you logged in until you click the “logout” link at the top of your screen, even if you close your browser or shut down your computer. This may be a timesaver in theory, but if you’re using a computer at school, work, the library, or some other quasi-public place, chances are you’ll forget to log out occasionally (we all do) and leave your account wide open.
Log out when you’re finished using Facebook. Before you go on to the next item on your to-do list, take a second to click the “logout” link in the upper-right corner of every Facebook screen. Doing so prevents people from getting into your account if you forget to close your browser before you head out for lunch.
Adjusting Your Privacy Settings
Facebook does a lot of media chest-thumping about how strictly it protects its members’ privacy. So, it may come as a surprise that, unless you change them, your privacy settings are set to the slackest possible levels. It’s up to you to understand how Facebook’s privacy settings work, where to find them, how to adjust them—and to actually spend time battening down the hatches. That’s a lot of work! Fortunately, this book has done most of the work for you; all you have to do is read this section and adjust your settings.
Note
In a privacy study reported recently in a British newspaper, 41 percent of Facebook members chose to befriend (Responding to Friend Requests) a plastic frog, thereby granting the fictitious “Freddi Staur” (an anagram for “ID Fraudster”) access to personal details such as their home addresses, children’s names, and family photo albums. The moral? Don’t befriend indiscriminately on Facebook any more than you would offline.
Controlling Who Sees Your Profile and Contact Info
You can make your entire profile off-limits to certain groups of people, such as the people in one of your networks. You can also hide specific parts of your profile—like your contact information and which applications you’ve added—from whole groups of people, such as one of your networks or all your friends. To do so:
At the top right of any Facebook screen, click the “privacy” link.
Note
Confusingly, there’s another Privacy (big P) link at the bottom of each Facebook screen. Clicking big-P Privacy shows you Facebook’s privacy policy; clicking little-p “privacy” lets you change your privacy settings.
On the Privacy Overview page that appears, click Profile.
Note
The line graphs to the right of each category on the Privacy Overview page—Profile, Search, and so on—give you a visual cue of how private Facebook thinks your data is. (The longer the line, the less private your data is.) To edit a category’s privacy settings, click the name of the category, the Edit Settings link next to the category, or the category’s line.
On the “Privacy Settings for your Profile” page that appears, use the drop-down lists to control who can see your profile, your Friend List, your contact information, and more. It’s a big page, so there are lots of settings to adjust. But all the options are pretty much the same, and Facebook breaks down the settings into three basic categories to make it easier for you to decide which option you want for each setting:
Profile. Here’s where you grant access to your profile page. If you want long-lost friends and co-workers to be able to look you up, keep the “All my networks and all my friends” setting that Facebook starts you out with. Choose “Some of my networks,” for the Profile field, and Facebook lets you choose which network(s) you want to grant access to. Choosing “Only my friends” keeps Facebook members who aren’t on your Friend List from seeing your profile. To restrict access to specific parts of your profile (like the Friends and Wall sections), head to the fields below the Profile field and adjust each section’s setting separately.
Contact Information. This section lets you control who gets to see non-Facebook ways to contact you, like your phone number, address, and instant messaging screen name. Adjust all these settings to “Only my friends” unless you have a darn good reason not to (if, for example, you signed up with Facebook because you’re coordinating your high school reunion and want far-flung former classmates to be able to contact you). Consider choosing “No one” from the “contact emails” drop-down list (or lists, if you’ve given Facebook more than one email address) to prevent folks you don’t know from clogging your personal or work email account with spam.
Tip
You get to choose who sees your personal Web site (if you have one) in the Profile section, too; in most cases, you’ll want to select the “All my networks and all my friends” option for this setting.
Applications in your Profile. This section lets you decide who can see the applications you’ve installed. (You might want to prevent your boss from seeing that you’ve installed an application to help you find a new job, for example.) Most applications offer the same privacy options as you set for your profile and contact info, but some—including the built-in Photos and Notes applications—offer additional settings. For example, you can set different privacy levels for each of the albums you create using Photos. To control access to an application, click either the drop-down list beside the application’s name, or the application’s name beside the blue padlock icon.
When you finish adjusting your privacy settings, scroll to the bottom of the page and click the Save button.
Creating a Stripped-down Profile
In addition to controlling what profile info certain groups of people—such as network members or friends—can see (Controlling Who Sees Your Profile and Contact Info), you can create a stripped-down, limited profile to show specific Facebook members.
Note
Confusingly, Facebook lets you create a second stripped-down version of your profile to show to people you poke, message, or attempt to befriend. Hiding from Facebook and Web Searches for details.
A limited profile is useful if you know someone’s a Facebook member and you don’t want her to know certain things about you. Say you’re expecting a hiring manager to look you up on Facebook and want to hide your slightly-inappropriate notes, or you don’t want an annoyingly clinging co-worker to know which groups you’re a member of and which events you plan to attend.
Note
You can substitute your limited profile for your “real” profile for any Facebook member, whether or not she’s in one of your networks or on your Friend List.
To create and use a limited profile:
At the top right of any Facebook screen, click the “privacy” link.
On the Privacy Overview page that appears, scroll down to the Limited Profile section and click Edit Settings. Then, on the Limited Profile Settings page, turn off the checkboxes next to the profile sections you want to hide from certain individuals. Because you can’t create different limited profiles for different people, consider turning off all the checkboxes. (Hey—better safe than sorry.)
Note
You can also prevent your mini-feed and specific photo albums from appearing on your limited profile. To do so, scroll down to the bottom of the Limited Profile Settings page and turn off the checkboxes next to Mini-Feed and each photo album you want to hide.
Tell Facebook who you want to show your limited profile to (versus your full profile). On the Limited Profile Settings page, click the Person field and start typing a name. As soon as you do, Facebook displays a list of people on your Friend List who match what you’ve typed in. If you spot the name of the person you want to add, simply click the name to select it, and then click the Add button.
If you type a name that isn’t on your Friend List, Facebook changes the Add button to a Search button. Click Search to display a list of Facebook members whose names match what you typed in. When you spot the correct name in the search results, click the Limited Profile Access link to the right of the member’s picture. Bingo: The next time that person tries to access your Facebook profile, they see your limited profile instead.
Note
You can do a preemptive strike, if you like, by granting someone limited access to your profile before they get a chance to look you up on Facebook. You can do this if you want to shield details from, say, a boss, parent, or ex-spouse.
Hiding from Facebook and Web Searches
Unless you tell it otherwise, Facebook shows your name and profile picture to everyone who looks you up using Facebook’s search feature (Finding Friends)—and lets them poke, message, and befriend you—as well as to any non-Facebook member who looks you up using a search engine such as Google. Big deal, right? Letting folks find you and contact you is the reason most people join Facebook, after all.
Actually, it is a big deal. If someone pokes you and you poke back—or sends you a message and you respond to it, or sends you a friend request and you accept it—Facebook automatically grants that person temporary access to your profile, even if he’s neither a friend nor a fellow network member.
Note
Blocking someone (Fighting Back) prevents them from seeing your profile or interacting with you on Facebook in any way.
If the thought of unintentionally granting profile access to people you don’t know makes you a little nervous, you’ve got three choices:
Tell Facebook not to display your name or picture in non-friends’ search results. This is a good choice if you’re not interested in long-lost friends or potential employers looking you up, but instead joined Facebook to keep in touch with people you already know. To choose this option: At the top of any Facebook page, click the “privacy” link. On the Privacy Overview page that appears, click Search. Finally, from the “Which Facebook users can find me in search?” drop-down list, choose “Only my friends”. (When you do, the “My public search listing” setting disappears.) To confirm your changes, scroll to the bottom of the screen and click the Save button.
Note
To keep people (including non-Facebook members) from looking you up using Google or some other search engine, head to the “Create a public search listing for me and submit it for search engine indexing” checkbox and uncheck it. (Just for fun, before you turn off the checkbox, click the “see preview” link to check out the bare-bones listing that Facebook would have shown searchers based on the “What Can People Do with My Search Results” options you set. Non-Facebook members can see that you’re on Facebook, but they can’t see your full profile or contact you until they sign up for Facebook.)
Pare down the information that appears in peoples’ search results. For example, you can tell Facebook not to include your picture, or not to let people poke you or see who your friends are. This option lets you connect with long-lost friends while minimizing the risk of showing too much profile info to people you don’t know. Here’s what you do: At the top of any Facebook page, click the “privacy” link. On the Privacy Overview page that appears, click Search. On the “Privacy Settings for Search” page, scroll down until you see the What Can People Do With My Search Results section, and turn off the checkboxes next to the items you don’t want to appear in people’s search results. (Consider turning off all the checkboxes except “See your picture” and “Send you a message”.) When you finish, click Save.
Note
“Search results” applies both to people searching for you from within Facebook, and people searching for you using Yahoo or some other search engine.
Customize the profile Facebook shows to non-friend, non-fellow-network-member Facebook members you poke, message, or send friend requests to. Choose this option if you want to let people look you up out of the blue, but still want to keep some profile details private until you’ve formalized your relationship. Here’s how: At the top of any Facebook page, click the “privacy” link. On the Privacy Overview page that appears, click “Poke, Message, and Friend Request”. On the settings page that appears, scroll down to the Information section and turn off the checkboxes next to the stuff you don’t want to show casual contacts. (Consider turning off all the checkboxes except Basic Info.)
Controlling Automatic Feeds
Other Facebook members can see what you’re up to by visiting the Mini-Feed section of your profile (Mini-feeds: What You’re Doing), and by requesting automatic news feeds detailing your Facebook activities (Subscriptions). To control what kinds of information appear on those feeds:
On the Privacy Overview page that appears, click “News Feed and Mini-Feed”. On the “News Feed and Mini-Feed Privacy” page that appears, turn off the checkboxes next to categories you want to hide from friends’ news feeds and from the mini-feed that appears on your profile. (Remember: Everyone who can see your profile can read your mini-feed). When you’re finished, click the Save Changes button.
Deciding What Applications Can Access
You can’t use a third-party Facebook application without granting the application access to your profile information (see Applications and Privacy). And if you’re friends with someone who installed a Facebook application, that application has access to your profile information, too. But you do have a little bit of control over how Facebook applications use your data:
In some cases, you can limit how people can interact with the applications you’ve installed. If you put together a photo album using the Photo application (Sharing Pictures), for example, you can hide the album from certain networks. Or, if you’ve created a bunch of blog entries using the Notes application (Creating Notes (Blogs)), you can tell Facebook who gets to comment on your notes. Your ability to restrict access to an application depends on the specific application.
You can limit the profile info that Facebook routes to your friends’ applications. When your friends install applications, those apps lead straight to you. You can’t keep your friends’ applications from learning who you are (and who your friends are), but you can hide other profile details.
To limit how your friends and fellow network members can interact with the applications you’ve installed:
At the top of any Facebook page, click the “privacy” link.
On the Privacy Overview page that appears, choose Applications.
On the Added Applications tab that appears, scroll down to the application whose privacy settings you want to adjust and click the “privacy settings” link. The settings page that appears depends on the application. For example, the Notes application lets you specify who can see your notes, comment on them, and subscribe to them. The Photos application lets you adjust privacy settings for each of your photo albums individually. (If an application doesn’t have a “privacy settings” link and it’s not a built-in application whose privacy you can control via your profile settings [Controlling Who Sees Your Profile and Contact Info], you can’t adjust its settings. In that case, if you don’t like the way the application behaves, your only option is to remove it.)
To limit the amount of your personal info that Facebook supplies to your friends’ applications:
At the top of any Facebook page, click the “privacy” link.
On the Privacy Overview page that appears, choose Applications. Then click the Other Applications tab.
Turn off the checkboxes next to the things you want to hide from your friends’ applications. You probably want to turn off every single one, unless you think your friends would enjoy knowing you use a certain application. (Sometimes it’s fun to be the one who “discovers” a great application that’s so addictive that everybody you know starts using it!) When you’re finished, scroll to the bottom of the page and click Save.
Note
Another way to limit what your friends’ applications can see about you is to block an application. Blocking prevents that application from getting any information about you. To block an application: In the Application Directory (click Applications, and then click the Browse More Applications button), select the name of the application you want to block. Then, on the application page that appears, click the Block Application link.
Controlling Who Learns What You’re Up To
Facebook’s newly announced Beacon program (High-dollar Options) lets big Web sites track what you do on their sites, and then shoot out custom ads to your Facebook friends based on what you did. (“Fred just bought high-top tennis shoes from our site. Want a pair?”)
When you interact with one of Facebook’s Beacon-ized partners—say you surf to the site and buy something or sign up for a service—the site gives you the opportunity to “opt out” of letting the site announce your actions to your Facebook friends. But in addition to notifying your friends, the site may choose to display the news on your profile—and you can control that behavior through Facebook.
Note
Whether and how external Web sites should give you the ability to opt out of Beacon is currently the topic of heated discussion. The Beacon feature will probably undergo some changes in the coming months.
To control which external Web sites can package up news of your interactions with them and post it on your Facebook profile:
At the top of any Facebook page, click the “privacy” link.
On the Privacy Overview page that appears, choose External Websites.
On the “Privacy Settings for External Websites” page, choose which sites you want to let advertise your activities. If you see a list of Web sites, Facebook displays a “Don’t allow any websites to send stories to my profile” checkbox next to each one that you can use to prevent sites from announcing your activities. Simply turn on the checkbox for each site you want to restrict, and then click Save.
Fighting Back
If you’re being harassed by another Facebook member—someone fills your wall with unsavory comments, for example, or sends you threatening messages, or pokes you fifty times a day—you can take action. The first thing you want to do is stop your tormentor from contacting you on Facebook. If that doesn’t do the trick, you can take self-defense a step further and report the person to Facebook.
Blocking Individual Members
Facebook lets you prevent individual members from knowing that you’re even on the site. Blocking someone keeps him from seeing your profile, finding you with Facebook searches, or contacting you via Facebook. To block someone:
Note
To prevent people who aren’t on Facebook from using a search engine like Google to see that you’re on Facebook, you have to tell Facebook not to create a public search listing for you (see Hiding from Facebook and Web Searches).
At the top of any Facebook page, click the “privacy” link.
On the Privacy Overview page that appears, scroll down to the Block People section and, in the Person field, type the name of the member you want to block. Then click Search.
In the search results that appear, find the person you want to block and click the Block Person link next to his name.
Reporting Violations
Facebook takes violations of its privacy policy seriously. The site makes reporting potential violations easy by displaying a Report link on every Facebook application page and next to virtually every potentially offensive bit of info members add to the site, from discussion threads to wall posts.
Note
“Offensive” can mean anything from pornographic to threatening. To see a list of what Facebook considers offensive, check out the site’s Code of Conduct: www.facebook.com/codeofconduct.php.
In addition to getting upset by things other members post on walls or upload to their profiles, people sometimes find third-party applications (Facebook Applications: An Overview) offensive. Examples of potentially offensive applications include those that revolve around a tasteless pastime (seeing how many nude photos you can upload, for example), those that don’t work or work differently than advertised, or those you suspect of misusing your profile information.
To report an application:
In the Application Directory (click Applications, and then click the Browse More Applications button), find the application you want to report, and then click the application’s name.
On the application page that appears, click the Report Application link.
In the pop-up window Facebook displays, use the drop-down list to tell Facebook why you’re reporting the application. Type your comments into the text field, and then click the Report button.
To report other abuses like threatening wall or discussion posts, or links to pirated content, surf to the offending post or other item and click the Report link next to it.
Tip
Another way to report offensive content is to send an email to [email protected].
Tip
For additional ideas to keep your info safe—including strategies for protecting your kids as they venture onto Facebook—scroll to the bottom of any Facebook screen and click the Help link. On the page that appears, click the Safety tab.