Posted Online: May 05, 2012, 12:40 pm
How to close Facebook privacy loopholes
Comment on this story
By Leslie Meredith
Facebook never has been known for simple privacy controls. But to be fair, you can put a ton of data into your profile and specify who can see each item, if you're willing to do the work. However, giving users granular control still isn't enough.
Last month, Facebook issued a revamped Statement of Rights and Responsibilities and opened a comment period, which has been extended. Last week, the company invited more than 2,000 users to comment on the statement — selected because they "liked" Facebook's governance page and represent some of the social-media site's most vocal critics.
One sticking point is that your personal data still can be accessed by the apps of your friends. Birthday apps frequently are used to illustrate the problem, David Jacobs, Consumer Privacy Fellow at EPIC, told me.
EPIC, the Electronic Privacy Information Center headquartered in Washington, D.C., closely monitors Facebook.
You may not use even a single app on Facebook, but if any of your friends do, your profile information could quickly spread through a sea of users.
For instance, you may feel comfortable with your friends knowing your birthday (setting your privacy controls to "friends only"), but uneasy about apps using it — suddenly, you could be getting "Happy Birthday" messages from strangers. Jacobs said that Facebook's recent "fix" seems to offer appropriate controls to separate friend access from app access.
Facebook said users could prevent their friends' apps from accessing their Facebook data by changing the "Apps and Websites" settings. Here's how:
1. Go to your privacy settings page on Facebook.
2. Select "Edit settings" beside Apps and Websites.
3. Click "Edit settings" next to "How people bring your info to apps they use."
4. Uncheck any items that you don't want apps to use such as birthday, if you're online and photos.
But Jacobs still is not convinced that Facebook's updated Statement of Rights and Responsibilities is as comprehensive as it could be.
Facebook may be tracking users' visits to other websites even when they are logged out of Facebook. The issue came to the attention of EPIC last fall. Jacobs said that Facebook claims it has stopped tracking logged-out users, but he is not so sure.
"How complete that fix was remains unclear," he said. "Personally identifiable information like usernames and ID numbers may still be sent to Facebook."
He also said that even people who are not Facebook members and visit a Facebook page may be tracked once they move onto other websites. The issue was not addressed in Facebook's revised privacy statement.
For people who want to play it safe, Jacobs offered a solution: Use two browsers. One would serve as a Facebook-only browser and the second for everything else. Because browsers don't share information, your online browsing would remain outside Facebook's reach.
As far as Facebook was concerned, you only visit its site. This same strategy has been used by people who want to "quarantine" their banking activities.
"It may be a little inconvenient," Jacobs said. But that's the price of privacy.
Do you have concerns? Facebook is accepting comments: "Please review the new proposed updates under the "Documents" tab of the Facebook Site Governance Page and leave any comments by 5 p.m. PDT on April 27, 2012."
Note to readers: We have decided to dig a little deeper into cable providers, their service fees, contract agreements and rate hikes. If you have an experience to share, please send me an email.
Ogden, Utah-based TopTenREVIEWS.com guides consumers by comparing products in the world of technology, including electronics, software and Web services. Have a question? Email Leslie Meredith at email@example.com, or join her at AskLeslie on Facebook or Leslie Meredith on Google+.