Tag Archives: facebook privacy

How to check your Facebook privacy settings

Facebook is a social giant that holds huge amounts of personal information about each of us.

Facebook is also renowned for changing its privacy policies frequently and not necessarily advertising this fact, so it pays to check at regular intervals that you’re only sharing what you post (as well as what you have posted and will post in the future) with the audience you expect.

So, how can you check what your current settings are? Partly in response to criticisms that it wasn’t open enough about what info was being shared, Facebook has a new tool called Privacy Check-up.

Accessed from the padlock dropdown at the top right of the page, the privacy shortcuts panel that opens up gives you options for a quick check of who can see your stuff, who can contact you and what you can do is someone is bothering you.

While these options are helpful, the top option is to open the Privacy Check-up, which then takes you through your privacy basics in three quick and easy sections.

The first looks at your Posts,  explaining that this setting controls who can see what you post from the top of your news feed or profile, as well as showing what your current setting is, and giving an obvious drop-down if you want to make changes for future posts.

The next step is Apps, with a list of what you’ve logged in to with Facebook. It explains that you can edit who sees each app you use and any future posts the app creates for you, or delete the apps you no longer use. It also gives you a link to the App Settings with a reminder that you can edit them at any time.

The third page covers your profile and personal information – so who can see the likes of your mobile number, email and date of birth if you have shared them with Facebook. It also reminds you that you may have shared more information about yourself and recommends you check your About page to see that is up to date as well.

Then you’re finished, safe in the knowledge that you’re only sharing what you post on Facebook with the people that you want to see it.

And, of course, once you’re done, don’t forget to download digi.me for free to back-up your posts and pictures forever, giving you ongoing access to them even if you decide to delete your account in the future.

Research Insights: One in Five has Left Social Media Services

A recent report from Open Xchange has found that one in five people have tried and then shut down one or more of their social media accounts. The research was commissioned due to the CEO of Open Xchange regularly finding people that are quite rightly worried about the data being collected on them. Some of those people have even gone so far as to stop using certain online services and apps as well as closing accounts down completely.

The research itself looks to identify the point at which people believe the benefits no longer outweigh the risks and therefore switch off from a particular online service.  This worrying trend was also picked up by Sir Tim Berners-Lee at Le Web earlier today.  Interestingly he suggested like we have here at Digi.Me, that your data should belong to you and you should be in control of that data.

The research from Open Xchange is fascinating as it delves into exactly what drives people to cancel or just stop using an online account, app or service. Take a look at the graphs below to find out more about what drives this behaviour.

This slideshow requires JavaScript.

The other question is what happens to your data when you stop using a service? Well in most cases unless you delete your account your data is still there for the app or service in question to use as they wish.  What is of additional concern is that if you don’t keep track of updates to terms of service you could find your data is being used for all sorts of different things and being sold to third parties without you being aware.

How do you capture your data so that you still have those important pictures, images and comments that you shared on these services… Well you could always back up your data using Digi.Me (formerly SocialSafe) and store it wherever you choose. You may just want to back up your social media data just to have it all in one place. It’s amazing what you find out when you have it all in one place.

Let us know if you agree with the research and your views on data privacy in the comments or on Twitter, Google Plus or Facebook.

Bonus: Look out for Digi.Me Version 7! It’s coming out soon!

Changes To Facebook Privacy Settings – Are Your Posts Public?

Today saw a long-awaited change to the Facebook default privacy settings. For a long time users’ status updates were set to ‘Public’ visibility by default, with users having to adjust their privacy settings to restrict them to only their friends or to custom groups going forward.

However, some five years after the Facebook default sharing setting for new users was set to Public, the social network has finally reacted to user sentiment by changing this. Anyone joining Facebook from now on will have their posts automatically set to ‘Friends’. New users will also see a reminder when they make their first post that they can change the default privacy settings.

For all current users, it might be worth double-checking the visibility of your current settings just to make sure you’re not unintentionally sharing your posts with a wider audience than intended. To do this, simply click in the text box where you’d go to write a status, and then click on the drop-down to view/edit the settings:

facebook privacy settings

Here at SocialSafe we believe that sharing is a wonderful thing, but we also recognise that everyone has a right to privacy. We do our best to keep you up to date with any changes to the privacy settings of the major social networks that our backup application supports, but if you have any hot tips or discover any privacy flaws on these social networks that might result in people over-sharing, then please feel free to let us know and we’ll help spread the word.

Facebook Blog About Privacy Re. 3rd Party Apps

In a blog post last Friday, Facebook went into quite some depth about the privacy of your data when it comes to connecting with third-party apps, and when users you are friends with connect with them. You can read the whole entry on the Facebook Privacy blog, but we’ll just cover a couple of points here.

Somewhat worryingly, it appears that even if you remove an app from your profile, they will still have all the data that you initially granted them access to, and they will only delete it if you contact them directly and explicitly ask them to do so. While Facebook can’t help you with this by asking them to delete it for you, they do ensure that apps are contractually obliged to delete data when requested.

However, it’s not just your own actions that you might want to be mindful of, as the Facebook Privacy blog explains:

“Your friend might also want to share the music you “like” on Facebook. If you have made that information public, then the application can access it just like anyone else. But if you’ve shared your likes with just your friends, the application could ask your friend for permission to share them.”

So essentially any information on your own profile that a friend can view is also accessible to any third-party apps that they use. Even though we’ve made this point recently, we’d just like to remind you that while SocialSafe allows you to backup your Facebook, Twitter, Google+ and other social media accounts, we never actually see nor store any of your data. There’s more about this in a separate blog that you can read here.

Facebook profile access ‘leaked’, claim security firm

Facebook’s security, particularly in relation to third-party apps, has been brough into question again this week. It was discovered by security firm Symantec that some programs were inadvertently sharing access tokens, which could in theory be used by advertisers. As of last month, up to 100,000 applications were still enabling leaks.

The access tokens are essentially ‘spare keys’ to a Facebook user’s account. These ‘keys’ will typically be given out, with the user’s permission, to aid applications on the Facebook platform junction. Normally, applications with the keys could access a user’s profile and photographs, as well as posting messages on their wall – for example when you complete a quiz or get a high score on a game which is a Facebook app, it will post on your wall with the results.

However, the newly-discovered weakness in the old authentication method would allow millions of access tokens to be passed to further third-parties – likely to include advertisers – through referral data. However Symantec’s Nishant Doshi downplayed the risk, adding: “Fortunately, these third-parties may not have realised their ability to access this information.”

Kevin Purdy, Facebook’s director of developer relations disputed the findings. He said: “We’ve conducted a thorough investigation which revealed no evidence of this issue resulting in a user’s private information being shared with unauthorised third parties.”

To further ease user anxiety, Paul Mutton, a security analyst at Netcraft, said that while the vulnerability could potentially be used for malicious purposes, no secure data such as passwords has been taken.

Facebook Privacy Changes – a step forward?

Over the last few weeks there has been mounting criticism of Facebook’s privacy rules and changes.  I have been one of those – my point being that Facebook is so easy to use, yet the privacy controls so complex that I felt this was a deliberate policy to effectively trick users into greater openness than they realised.  Today Facebook announced changes in their privacy settings through their blog and with an updated privacy explanation page. So have Facebook done enough to counter the criticism?

My first reaction, and with only the two references to go on, is that they have moved to a simpler system which is good – though it is not as simple as it could be.  First the good bits:  It appears we do now have a one click ‘Master Control’ to set “your commonly used items” such as posts, photos, etc to Friends only, Friends of Friends, or Everyone – this is much, much better and is to be applauded.  Also in his post Mark Zuckerberg states “this control will also apply to settings in new products we launch going forward” – what this means is that if I set the ‘Master Control’ to ‘Friends only’, then future Facebook privacy control settings changes won’t override this – this is also a very good change (albeit one that should have been there before).  Finally, on the positive side Facebook now state that Friends Lists and Pages no longer HAVE to be public – I can set them to be Friends only – another long overdue change.  So in summary on the good parts, Facebook have listened and have moved to a simpler system.

Despite these very positive changes, I still have some reservations.  Facebook have listened (they had to!), but if you look just a little at the detail you can see that Facebook’s desire for you to make all your data open to the world and to lull you into ignoring privacy, is still as strong as it was.  This is most clear if you look at the “Recommended” settings in the diagram at the top of the privacy explanation page.

Why should it be recommended that all my posts and photos and family and relationships be open to “Everyone” on the internet?  Clearly most people will just click the recommended settings, which will also no doubt be applied by default for users, thereby giving up their privacy.  My issue here is that for the non-tech savvy they are being pushed in a direction which causes them to be more open than they are aware – I think this is not following the duty of care for their users that I would expect of a truly ethical company.  Nonetheless I can’t argue that it isn’t clear(ish) so, as Mark says in his post that this is the last change they are going to make to the privacy settings, it is now a case of if you like the constraints then use Facebook and if you don’t then quit.

There are a couple of other minor negatives such as the need to go to subsidiary privacy settings for some features (why???) and some other default settings that are questionable (e.g. do we really need our activities to be visible by default), but Facebook have at least been clear on their direction.  You may like it or may not – it is now up to the market to decide.  I suspect that with 400M+ users Facebook is still going to be a driving force on the internet for a while yet.  Will their radical approach to openness become the norm, or will users (eventually) drive back to a more private exchange of information with just their friends.  I am in the latter camp, but time will tell if I am in the minority or the majority.

Facebook Privacy – A deliberate deception?

Over the last few months the number of people who have been complaining about Facebook’s privacy policy have been rising.  What are they complaining about? – the fact that slowly the default Facebook privacy options are being made more and more open so that, unless you take specific action, more and more of what you write and exchange on Facebook is available to anyone on the internet.  There is a great site by Matt Mckeon which illustrates this change and how the pace of change (of default openness) is growing.

First of all is this an issue?  I would contend it is, and a very big one at that.  If I came to the Facebook site knowing that everything was open I would use it differently than if I came to the site knowing everything was private – where in this case private means shared only with those I choose, i.e. my friends.  What has happened is that the default privacy settings have been changed and many people don’t realise this.  What was once private is now open.  This is like you buying a mobile phone for private conversations, only to find a year later that your phone company is making all your calls available to the whole world – not good I would suggest!

Maybe you think its obvious that if you don’t change your privacy settings what you post will be public?  Well clearly this is not well known – if you’re in doubt have a look at this site – do you think people really wanted their DNA test discussions open to the world?

If I go back six months I thought the Facebook privacy issue was about education.  Facebook has privacy settings which anyone can use to restrict the openness of their information so surely it was only a matter of educating people to use them?  However, now I am not so sure – not only have I been caught out once or twice with privacy changes imposed by Facebook, I now think that Facebook have made it very hard to manage even for the IT literate and that this is directly opposite to the rest of the site.

Why has Facebook got 450M+ users – not only because it provides useful features that many of us want, but also because it is easy to use – so easy that one really doesn’t need much computer expertise at all.  But the privacy settings? – they are complex and difficult to use.  This is stretching my belief system too far – I can only conclude that Facebook have deliberately made it difficult and confusing.  They have the expertise to make them easy as the rest of the site shows.  At the end of the day how difficult would it be to have a single override box – “only share my stuff with my Friends”?  I am forced to conclude that Facebook are deliberately making it hard so that they can benefit from the disclosure of their users data (and benefit they do – massively).  I am therefore, albeit reluctantly, only able to conclude that Facebook are operating unethically – saying one thing and doing another.

It is a big step to go from the thought that all that is needed is some awareness to the statement that Facebook are operating unethically; however, there seems no other conclusion that can be reached.  There are clearly many others who think the same as the recent Facebook Suicide campaign for 31st May attest to.  The question is, are those complaining only a drop in the ocean or are they sufficient for Facebook to have to do something about it? – I await Facebook’s future communications with interest.  I am skeptical and think they will probably try some further obfuscation, but I’ll give them the benefit of the doubt for a little while.

But is Facebook really any different from Google and other web sites which hold your personal data and/or haven’t we all changed, so as Mark Zuckerberg says, the default is social (which in his mind means 100% open)?  Let me take the last point first – the default for humans is indeed social, we like to interact with other people, but that doesn’t mean that we’re not private nor does it mean we want everybody to know everything about us.  The internet has not changed this any more than it changed basic business fundamentals of profit/loss (as people seemed to believe in the millennium internet bubble).  I do like to share my status and pictures with my friends, but not with the world.  I share different things with different groups of friends and acquaintances – deeper with my family, some other stuff with close friends, different again with my sports mates, with work colleagues, with those I drink with in the pub, etc.  I may share a lot, but that doesn’t make me 100% open and nor does it make me not care about privacy – I am a very private person too.  The bottom line is I choose what to share with whom – and I don’t want my choices overruled by someone else and especially not without my knowing.  That’s why we tend to get cross when friends betray our confidences.

Haven’t we all got a little more relaxed though in reality over the last decade?  Well yes to an extent I suppose we have.  In the era of big databases, we have got relaxed about our local supermarket recording everything we buy and our credit card company knowing our spending patterns.  They have an enormous amount of data on us and could probably tell us more about ourselves than we would really want to know – but they don’t.  More importantly, they don’t tell anyone else about that data except in big dataset terms – meaning they look for patterns amongst many people, and not the one.  Sure they use that knowledge of ourselves to target us with specific offers and adverts, but no one individual is looking at my data saying, “ah ha he buys too much of this” or whatever.  We’ve become comfortable with this data acquisition and use because it provides a benefit for us and no harm (provided data protection rules are followed) – it is a second level of privacy if you like.  Google with the data they collect from us are similar (apart from their Buzz debacle) , as are Apple with their iTunes library feature on which the Genius function is based, and so on.  The companies make more money by collecting this data on us, but we benefit to.

So why is Facebook different? – because they have an AND in their model.  They collect and use all the data we enter on their site and use it to make money by selling targeted adverts, games, etc – this is fair and reasonable because we get a free service and they have to make money somehow.  So what is the AND?  The AND is they do what the others do AND they share out data with the world because this gives them even more revenue streams.  It is this AND which they have got wrong – they are forcing it to happen instead of us allowing it to happen in a knowledgeable manner.  They are not only forcing it to happen, but I contend doing so in an underhand way, because I suspect they know we their users would not agree en masse if we all understood what they were doing.  It is this underhand deliberate forced disclosure which makes me believe they are being fundamentally unethical.

I would welcome your comments on this issue, for example am I right?  Are Facebook being unethical or have they inadvertently misunderstood the mood of their users?  Please do take the time to express your opinions below.

(I talked about this subject yesterday on the BBC Radio 4 programme “Today” )

Open disclosure: iBundle, the team behind SocialSafe, are launching a new product, DAD (www.dadapp.com), in late June which will have a private, secure sharing feature that can be used as an alternative to Facebook.  This product has been in production since early 2009 and is not the reason for this post – though the thoughts that led to the creation of DAD are apparent above.

Facebook – A Responsible Approach to Data Ownership

Our application SocialSafe was launched in mid-June this year and in its first version allowed users to download to their desktop computer details of their Friends, their own profile, all their photos and also 3rd party photos in which the user was tagged.  All this was accomplished using the comprehensive Facebook API which developers can use for free, subject to Facebook’s Terms of Service.  From reviews and comments received SocialSafe has been welcomed by all as an extremely valuable service; however, whilst acknowledging the utility of SocialSafe, Facebook have raised the question to us of whether we are breaching the privacy rules associated with Facebook data by downloading tagged photos without explicit permission from the users who posted the photos.

We had considered this originally and felt that as the SocialSafe user was in the photo and as the originator’s privacy settings allowed the user to see and be tagged in the photo that this was giving implicit permission for the user to download the photo; however, as this was not a clear cut case we included a notification process to tell the photo originator that our SocialSafe user had downloaded the photo.  After receiving an indication from Facebook that they felt that explicit permission was required, rather than the implicit permission we were relying on, we re-evaluated our policy.  Taking the view that we have already expressed on this blog that the data belongs to the originator (summed up in the phrase “Its your data”), we are making some changes because whilst it is OK to download to your desktop any data you have originated on Facebook through the Facebook API, we believe downloading any data from another user does require explicit permission from that other user.

As a result we will this week put out an update to SocialSafe which temporarily removes the tagged photo download functionality (the update also includes a new Time Capsule feature).  We will be restoring the tagged photo functionality in a subsequent version we hope to release in two to three weeks, but this time we will include a smart method for friends of the SocialSafe user to explicitly authorise or prohibit the download of their photos for that SocialSafe user.  This will involve users in an extra step, but will ensure that SocialSafe follows the cleanest data policy of all – the user who originates data owns it and must authorise anybody else to use it.

We recognise that users who have bought SocialSafe to date have done so in good faith believing that the existing functionality will remain as is, whilst future updates will come with increasing functionality (such as the Time Capsule feature being released this week).  We believe that we have found a good solution to downloading tagged photos, but ultimately some of our existing users may not agree and may feel that we have unilaterally reduced the available functionality to their detriment.  If you are such a user then we are happy to offer you an unconditional refund of your payment to us – please just contact us with a request for repayment and we will do so within 3 days and hopefully sooner.

At SocialSafe we are, as our name suggests, committed to keeping your social data safe and to having the most explicit and correct privacy policy to protect everyone’s data.  We believe the change in policy we have described above reflects this and we hope you feel so too.  Future updates to SocialSafe will follow this policy, as will other products from the iBundle stable (iBundle and 1minus1 are Joint Venture partners in the production of SocialSafe).

Julian Ranger

Chairman iBundle & SocialSafe

SocialSafe – a new Facebook application – can you trust us?

Over the weekend I engaged with @treypennington through Twitter and one aspect of the conversation was how can users trust our SocialSafe Facebook application because we are a new business? – on what basis is trust given or earned?  A fascinating question for us at SocialSafe because we are involved in backups of user’s Facebook data – if we are not trusted to follow Facebook privacy rules then people won’t use our application.  I have searched the internet on this issue and found lots of problem reports of spam generation, phishing and worse, but not a lot on how to actually determine whether an application or service is trustworthy – clearly a difficult issue.

Facebook contains an enormous amount of data about yourself and your friends and when you let an application use your logon details that is a huge amount of trust you are placing in the application – the Facebook API allows access to most of the data Facebook has for you, and this is not controlled in the same way as your Facebook privacy settings work for friends.  There are rules and principles posted by Facebook for application authors to follow, but have they followed them? – there is no way to check.

First stop for anyone looking at a new service if you do not know who is providing it or have not been recommended to it by someone else you trust, must be the Privacy Policy of the website behind the application/service and/or their T&Cs/Terms of Service.  See what they say and think about whether the use they are going to put your data to is reasonable.  For example we at SocialSafe make a strong point that we do NOT see any of your data – our application sits on your computer and your data downloads from Facebook to your computer without us at SocialSafe seeing it in any way (other than anonymous stats that you have to enable).

Another aspect of trust that Trey mentioned which I had not thought of before was who are we? – not the company, but the founders behind the company.  A good point I think – if we put down our biographies and there is some history to what we’ve done then that is at least a pointer to our trustworthiness or not.  Of course we could lie in those bios, but some searching on the internet would expose that (I hope!).  This is difficult for the younger entrepreneurs I acknowledge as they do not necessarily have the history of accomplishments, but honesty can come across in writing and so even the bio of an 18 year old entrepreneur is worthwhile I suggest.  We are changing our web site to reflect this point and will refer to our two founding companies, iBundle and 1Minus1, and will be adding bios to our details at iBundle.

So that gives two methods of researching the trustworthiness or not of an app.  Apart from personal recommendations (and on what basis do those involve knowing whether the app is trustworthy?) what other methods are there? – I’d love to hear from you what you think of this issue and any methods you use.

A social web has to be a trustworthy web – anything that can be done to improve true trust (whilst retaining usability) must be a good thing.