Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
Facebook & You: is Your Privacy at Risk?
By Alvin Soon - on 07 May 2010, 12:31pm

Facebook & You: is Your Privacy at Risk?

15 years ago, as a shy teenager in the late 1990s, it was hard to get a girlfriend. And when I did, I remember asking for a quaint, but popular, expression of affection: a photograph of her.

It was such a different world then. Back when photos were still rolls of film physically developed onto paper, a photograph was a limited commodity. To give someone a portrait of yourself they could keep was to say you trusted them to hold on to a window into your world.

How things have changed. From Friendster to MySpace and now Facebook, we share photos of ourselves, our likes and dislikes, our thoughts and statuses more freely than any time in history. But still, it's not like we're sharing everything about ourselves with the rest of the world. We trust companies like Facebook to honour our privacy and keep what we share secure.

But does it?

Less Privacy Through the Years

Facebook has changed quite a bit through the years, not just in the way it looks and works, but in the policies that govern it. The Electronic Frontier Foundation has helpfully tracked the changes Facebook's made to its privacy policy from 2005 to the present day. This was the privacy policy circa 2006:

We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. Our default privacy settings limit the information displayed in your profile to your school, your specified local area, and other reasonable community limitations that we tell you about.

Contrast it with the latest policy:

When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.

Looking through the changes, it's clear that Facebook has favored less and less privacy for users through the years, and we've seen these changes not just in policies but also in Facebook's actions.

The Beacon Controversy

In November 2007, Facebook launched the now infamous Beacon. As part of the Facebook Ads platform, Beacon sent data from participating websites to Facebook, reporting on and broadcasting users' activities; like what they'd just bought from a website. The biggest problem with Beacon was that it was an opt-in feature by default, so that if someone forgot to decline to share something, it was shared anyhow.

You can imagine the fallout when Facebook realized not every one of its millions of members wanted to expose their web-surfing habits to all their friends.

A month after Beacon was launched, Mark Zuckerberg, CEO of Facebook apologized in a blog post about the way Beacon had been implemented, and Beacon was changed to an opt-in instead of an opt-out feature, with the ability to turn it off completely. That didn't stop a class action suit from being filed against Facebook which alleged that the release of information via Beacon had been a violation of privacy. In September 2009, Facebook announced that it would shut down Beacon, and settled the suit with a $9.5 million settlement fund.

Your Profile is Now Publically Available Information

The next big privacy change Facebook made was in December of 2009, when it declared that parts of your profile were now "publically available information." This included lists of friends, your user name, main profile photo and fan pages. It may not sound like a big deal, until you realize that there are people who don't want their friends knowing who they have in their friends' list. Facebook introduced these changes with a privacy transition tool, which paradoxically recommended many privacy settings be set to be visible to "Everyone" by default.

To Facebook's credit, some of these privacy settings have since been made available again in May 2010.

Facebook's Open Graph: You and the Rest of the Web

Facebook introduced its latest Open Graph feature not too long ago in late April 2010. Essentially, it's Facebook all over the web, when you're logged onto Facebook and visit a participating website like CNN; you see a 'Like' button for recommending pages that you like. Click on that button and your recommendation will be published to your Facebook Wall and News Feed.

It's Zuckerberg's vision of the social and personalized web come to life; a giant word-of-mouth engine fueled by Facebook. Instead of popular posts highlighted by bots or the votes of strangers, you'd get a personalized list of web recommendations from friends and acquaintances you know and trust.

Does Open Graph compromise user privacy? It's still too early to tell, but some people have voiced concerns, including American senators.

The Disturbing Nature of Facebook Opt-In

The introduction of Open Graph was one thing, but the way it was introduced was another. Open Graph is an opt-out feature, just like Beacon was, which means it's enabled, not disabled by default.

Another new feature also introduced in April 2010 is Connections, which replaces previously static personal information like education, work history and interests into active links to Facebook pages. If you refuse to link your info, Facebook deletes all of it – you have no choice (Connections also fall under "publicly available information"). Unfortunately, that means that users who don't want to link their info or had customized text that couldn't be linked found their personal information forcibly deleted off their profiles.

With the way that Beacon, Open Graph and Connections have been introduced, we see that Facebook prefers to switch on services for you automatically by default and sees turning it off as an additional choice, and isn't beyond heavy-handed moves like deleting your personal data if it doesn't fit in.

The Danger of Applications

While Facebook's actions may be questionable, there's a larger risk at hand from third-party developers, and it has to do with all those games and quizzes that Facebook users seem to love.

At the same Facebook f8 conference that launched Open Graph and Connections, CEO Mark Zuckerberg announced Facebook was removing restrictions on user data retention for Facebook applications. Previously, Facebook apps couldn't store users' information for more than 24 hours, but now apps can store your personal data indefinitely.

What you may not know however is the extent to which apps can already access your personal data. A quiz app created by the American Civil Liberties Union (ACLU) reveals that when you take one of the many quiz apps available on Facebook, almost everything on your profile, like photos, links and comments, even if set to private, is made available to the quiz.

Shockingly, you don't even have to take the quiz yourself to expose your private info, when a friend of yours takes the quiz everything on your profile is also made available. This is because Facebook's default privacy settings do not prevent application developers from scouring your information, nor does Facebook screen developers to ensure that they are trustworthy and comply with a privacy policy.

Besides privacy concerns, some game apps have also been alleged to be the target of scam operators. Popular games like Farmville and Mafia Wars allow you to buy in-game upgrades with real cash, but if you don't want to spend any money, advertisers in the game offer virtual money if you'd just take one of their quizzes. Once completed, they ask you to enter a mobile number, and once you do they've signed you up to a service you will be billed for. Apps can also install spyware on your computer, like app Secret Crush was found to do.

Should You Care?

There's one overriding reason why privacy is so important in Facebook – Facebook accounts, unlike accounts for email, forums, Twitter or even other social networking sites, tend to be linked to real-world identities. It's the very nature of Facebook to link your real person to your Facebook avatar, allowing you to connect to the real people in your life. Identities on Facebook are also policed, fake names and fictional characters are not allowed.

Facebook is also more pervasive than any other social networking site has ever been. Facebook today has over 400 million active users around the world, compared to Friendster's 110 million and MySpace's 113 million. Just 2 years ago a Facebook engineer announced that over 10 billion photos have been uploaded to the website. That's a lot of personal information in Facebook's servers.

But looking beyond the numbers, there's one singular truth that we all have to face. Facebook doesn't share your personal information; you share your personal information. This bears repeating. For all the privacy glitches, hacks and incriminating photos, nothing on Facebook can be shared without you posting it first (to be sure, photos of you can be uploaded and shared by other friends, but that's possible on any site).

While Facebook may be keener than before to have you share more of yourself, it hasn't done any majorly evil moves like exposing all your private photos without your permission. To paint it as an evil corporation would be misleading. To think of Facebook as an altruistic champion for personal privacy would also be misleading however, a private company is first and foremost concerned with profit, something Facebook has to make to keep offering its free services to its millions of users.

Short of deleting your Facebook account, the onus on personal privacy is then placed on us, as it always has. That means using Facebook with awareness, taking the time to review our privacy settings, don't use third-party apps, reading about new Facebook changes and thinking about what we want to share with the world and what we don't. Just like we used to hand over physical photos of ourselves only to those we trusted, we can still do the same today with our digital selves.

Alvin Soon

Alvin Soon / Deputy Editor

I like coffee and cameras, but not together.