On Wednesday, December 9th Facebook announced a new privacy transition tool that it will require all of its members to use to change their privacy settings. For Facebook users who have never thought about their privacy this is an excellent opportunity to better understand who can access what information, and to change your settings to better reflect your own privacy preferences.
However, a user who simply accepts the new transition tool’s suggestions may end up disclosing far more information than a user who signed up for Facebook in the week prior to the tool’s implementation. For example, a user's relationship status (single, dating, engaged, married, etc) and the gender of partner they are interested in now appear to default to an “Everyone” setting, meaning that all users on Facebook have access to them and they may potentially be available to the internet at large.
In order to help Facebook users better understand the effect of the changes and the available settings to protect their personal information, we have assembled a comparison of the privacy recommendations displayed in the new privacy transition tool with the default privacy settings a new user would have had in the week before the rollout. The pre-rollout screenshots are taken from an account created on Friday, December 4th. The privacy settings for that account were not customized.
For most types of information on your profile, Facebook lets you select a level of disclosure. The following table summarizes the effects of each available option.
*: For privacy purporses, persons in your regional network are not considered part of your networks, and thus would not be able to view this content.
**: By default, this information is available. However, users can change their search privacy settings and application privacy settings to change the availability of this information.
***: See below for a description of the custom setting.
Most of the privacy options are self-explanatory; however, a few merit special mention:
Unlike the other privacy settings, "publicly available information" is not an option. This is the category of information in your profile that Facebook has decided must be publicly available. This means that there are no privacy settings that can prevent disclosure of information in this category, and anyone who finds and visits your profile page can see this information, as can any application that you or your friends use. Facebook search and Internet search engines can also see this information if you do not adjust your search privacy settings.
"Publicly available information" includes your name, profile photo, list of friends, pages you are a fan of, gender, networks to which you belong, and current city.
The existence and consequences of PAI are new. Before the current changes, from our experience it was possible to control the disclosure of everything but your name and the networks you belong to through the search privacy settings and through the profile option on the Profile: Basic Info privacy settings page. This option is no longer available to Facebook users.
If you select the Everyone option, you are voluntarily making the information affected publicly available. It will be treated exactly the same as "publicly available information." Any user (or application) on the site can potentially see it, and search engines can access it unless you change your search settings. This means that, even if you later change the setting to a more restrictive privacy option, the information may be preserved by other web sites or applications that have already accessed it.
If you select the Custom option, you can choose to share this information with specific groups of friends. These friends--and any app that they run, unless you adjust your application settings--will have access to this information, but your other friends will not.
The privacy transition tool displays eight categories of information. A user can either select Facebook's recommended setting or select to keep their old privacy settings. For many users, these options amount to either retaining or loosening existing privacy settings, with no way for a user to tighten their privacy settings using the tool.
Here is a screen capture of some of the default privacy settings for a user who signed up with Facebook on December 4th, 2009:
READ ON FOR MUCH MORE FACEFUCKING AFTER THE BUMP
The following chart compares Facebook's recommended setting to the default setting for a user who signed up on December 4th, 2009.
* These are based on our first examination of the privacy transition tool. We will update our descriptions as necessary after a more detailed analysis.
** The previous default is based on the privacy settings a user who signed up on December 4th, 2009 was given (see screenshot above).
As you can see, most of the recommended settings represent a decrease in the privacy protection for the information affected. A user who signed up last week and accepts Facebook's recommended settings in the privacy transition tool will find that their relationship status and the gender of partner they prefer has gone from something that only their friends could see to something potentially viewable by all of Facebook's more than 350 million users and by the internet at large.
The Profile page controls others access to the different elements that make up your Facebook Profile, including information about your work, relationships, the photos you post, and the things others post on your Wall.
Here's a photo of what the page looked like prior to the new privacy changes. All the fields are set to the defaults for a user who signed up on December 4th, 2009.
Here's the new Profile Settings page for the same user. The settings reflect the result of accepting the transition tool's recommendations.
The following two tables analyze the controls that have been removed from the new page and the changes that have been made to the remaining controls, both in terms of what they control and of their default privacy level.
Here is a lost of the controls that have been removed from the Profile settings page, and a brief analysis of the impact of these removals:
Removed Control
What it did
Impact
Profile
This controlled what groups of people could see your profile page. Anyone outside your permitted groups could only see your “limited profile” which included only your name, networks, and other information as set by your search privacy settings.
Removing this control means that you must use the other privacy controls to specify exactly who can see what pieces of information on your profile.
Friends
This controlled who could see your friends list.
You can still remove your friends list from your profile (see below), but the list itself has been declared PAI, so it may be available to everyone on the internet.
**Friend List Update**
A lot of people seem to be wondering how to hide their friend lists on their profile pages. This is no longer a privacy setting because friend lists have been declared publicly available information. However you can still hide the list on your profile page by clicking the pencil icon in the top right corner of the friends box and unchecking "Show my friends on my profile." After a little experimentation it seems like this will remove your friends list from your public profile. Friends who view your profile will see only your mutual friends. There doesn't seem to be a way to allow only friends to see your full friends list or to filter which of your friends see your friends list.
Further Update: Facebook has announced that unchecking this box will hide your friends list from people logged into Facebook and from non-Facebook users. This is a good step, but their update on the Facebook blog also notes that "[t]his information is still publicly available, however, and can be accessed by applications." A step in the right direction perhaps, but definitely not a complete solution.
The following table analyzes what the new controls do, and how they are different from the old settings:
Allows you to edit the access level for any of your existing photo albums
This setting is new. Previously, access to albums was controlled from the photo album pages.
No recommended setting. But the recommended setting for new albums is "Everyone"
None
Posts by Me
This is the default privacy setting for the new publisher tool. All posts and photo albums (!) will default to this setting unless you specify otherwise when you post.
This is new, but it most closely corresponds to the old Status and Links setting.
One of the things many people don't realize is that when one of your friends runs an application on Facebook, be it a quiz or a game, that application can access data from your profile. To learn more about this, you can take our Facebook privacy quiz, or read our information page.
The settings on the the Application Privacy Page are intended to give you some control over how much information applications that your friends run can access from your profile. The new privacy changes significantly reduce your ability to deny these applications access to your information.
Here's a picture of the old applications privacy page (click for full size image):
Here's a picture of the new page (click for full size image):
What's Different?
There are a couple of major differences between the two pages.
First, you no longer have the option to opt out of applications entirely. On the old page, the radio button "Do not share any information about me through the Facebook API" could be selected as long as you had not installed any applications yourself.
This option no longer exists. You are forced to share information with the applications that your friends run.
Second, Facebook has also increased the amount of Publicly Available Information. Previously, even if you opted into sharing data with applications, you could uncheck all of the boxes on the page and the only information you would still be sharing was your name, your networks and your list of friends. Now, even if you uncheck all the boxes, an application one of your friends runs will be able to access your name, your profile picture, your gender, your current city, your networks, your friend list and the pages you are a fan of.
Third, it appears that privacy settings elsewhere override the check boxes on this page. The page says that applications will always be able to access information that is set as available to "Everyone." Even if the box is unchecked on the applications page, your preference will be ignored and the data will be shared with any application one of your friends runs. This has serious consequences. For example, the Family and Relationship category includes data such as your current relationship status and the gender of partner you are interested in. Even Facebook seems to recognize that people might not be excited about sharing these kinds of intimate details with random quizes that their friends run, and the box for this category is by default unchecked on the Applications page. The new transition tool however, recommends that this category of information be set to "Everyone." Anyone who follows this recommendation will override the setting on the applications page and share their relationship information with applications that their friends run.
Fourth, the Beacon and Facebook Connect settings no longer exist. In response to user demands, Facebook discontinued the Beacon program, and therefore the option is no longer needed. The Facebook Connect option allowed you to opt out of allowing Friends who visited sites using Facebook Connect to check whether you also belonged to those sites. Presumably, the elimination of this option means that you can no longer stop Facebook Connect websites from telling your friends that you are a member there.
As a result of the new privacy changes, Facebook users have lost the ability to control some of the information that appears when someone searches for them on Facebook or on a search engine like Google.
Screenshot of the old default settings:
Screenshot of the new default settings:
As you can see, both the Facebook search and public search privacy options remain essentially unchanged. You can still control who can find you by searching on Facebook (Everyone, Friends of Friends or Only Friends) through the "Facebook Search Results" field (previously "Search Discovery"). And you can still select whether you want your public profile to be indexed by search engines through the "Public Search Results" field (previously "Public Search Listing"). If you select "Allow Indexing" (the default option) your public profile will be available to anyone who searches for your name on a search engine such as Google or Bing.
Contrary to some rumors, Google indexing public Facebook profiles is not a new development. It has been happening for the last two years. What is relatively new is the indexing of public wall posts and status updates. Bing and Facebook announced that public posts would be appearing in Bing search results in late October, 2009. And Google announced that it's results would also include real-time Facebook results in the beginning of December, 2009.
What's Different?
The main difference between the old and the new settings is that you can no longer customize your search results by choosing whether your profile picture, fan page membership, or friends list appear in search results. Your profile picture, friends list, and the pages you are a fan of have been classified as Publicly Available Information. As a result of public pressure, Facebook has allowed some control over your friends list (see here for a more detailed discussion) but your profile picture and fan pages will appear on your search listing no matter what you do.
For example, here is a picture of my profile page before the update (with profile picture, fan pages, and friends list unchecked):
And here is my profile now:
The only way to prevent this information from becoming available publicly is to delist yourself from the search results. Even then, it will still be available to applications that you or your friends run (read more here).