If you haven’t heard, the past few weeks have not been good for Facebook.  They’ve made a number of changes in how the privacy settings work, and have not been completely clear in explaining the changes. They’re not respecting people’s privacy.  “Facebook changed the rules and this information was unexpectedly shared with perfect strangers. That is, simply stated, a profound invasion of privacy.” (Gizmodo, 5/10/10). Rather than reshashing all of the issues, I’ll direct you to a few articles:facebook trash

Facebook: The ‘Evil Interface?’
10 Reasons To Delete Your Facebook Account

Facebook keeps crossing lines and the last one may be a line too far
(Thanks to Derek Peplau for the list of great articles)

People are in an uproar about this. There’s even a formal revolt for people to quit Facebook on May 31st.  I understand why people are mad.  Facebook hasn’t been clear about what they’re changing, and people don’t trust them to keep their data safe.  I agree that Facebook should have some backlash for this, as they are not keeping promises made to consumers, and are playing around with potentially sensitive information.

So What?

On Facebook, I do protect my privacy (unlike on Twitter).  I only friend people I know, I put people I don’t know very well into lists so they don’t see certain things (status updates, photos of my nieces) and I don’t use my real birth year or high school graduation year to protect against identity theft.

But as someone who is also VERY public with my online life through my blog, Twitter and LinkedIn, my question is, what should I be worried about? (note that I’m NOT asking why is it wrong that Facebook is doing what they’re doing.  I get that they are wrong). What are the risks to me? In the worst case scenario that ALL of my data is exposed, what’s the problem?  I see a few possibilities, none of which concern me enough to quit Facebook:

  • Facebook’s advertisers have more information to target me with –> I don’t really care about that, if I get ads that are more appropriate for me
  • People will see photos of my nieces –> OK, not great (and my brother-in-law would not be happy), but not the end of the world
  • People see information about my work history –> It’s all very public on LinkedIn and my website anyway
  • People will see my private status updates –> I’ve probably posted something similar on Twitter anyway!

So, is it just me being naive, or are there other security risks I”m not seeing?  Identity theft?  Using my information in a way that could harm me?  I’m really trying to understand this, so comments, as always, are encouraged!

(Photo credit: Facebook Trash)

Be Sociable, Share!
    If you enjoyed this post, make sure you subscribe to my RSS feed!
    • http://twitter.com/askvor askvor

      Hello Rachel

      That's exactly what I think about it too. I mean even if Facebook was very secure – it is still out in the cloud. And that's what people always have to remember. So everything they put on the net – it doesn't matter where – COULD ALWAYS be read or seen by someone else.

      Everyone has to think about his postings / pics / status updates and not to put that on the internet. It always happens that platforms get hacked or whatever. And then?

      You're not naive about the security. Every single person is self responsible for the data he puts on the internet. So think before you publish, so easy. What's the worst that could happen when the publicity sees it? People who put sensitive or for them negative data (like pics of being drunk) out to the cloud, are a bit not so smart anyway ;)

      And then there's also the financial aspect. Facebook is free. Always remember: you get what you pay for. If people want to have security, they should use a paid and a in security highly maintained platform.

      Happy social media-ing :)


    • http://www.rachel-levy.com Rachel Levy

      Thanks for the comment Andrea! I feel like I've been alone in this, so it's
      good to get confirmation from someone. Great points about the cloud.

    • http://pluperfecter.blogspot.com Steven E. Streight aka Vaspers

      Identity Theft is a real possibility on Facebook. Why? Because people are giving out the town where they were born, what schools they attended, even mother's maiden name, etc. Hackers can use such info to phish scam you into maybe even giving them your Social Security number or other personal info. http://tinyurl.com/29c3uf9

    • http://www.rachel-levy.com Rachel Levy

      So as long as you don't fall victim to phishing and give out your social
      security number, you're fine?

    • MITDGreenb

      There are three intertwined issues.

      The first is in regards to what data you put up there and how secure it is. As Andrea says, you are responsible for self-censoring, just as you are in any public space. However, consider what would happen if you commented on some medical condition… that you were concerned over a close relative's recent diagnosis of cancer. (I am not wishing it upon you by any means!!!) That information is sold to an advertiser who might then resell it. Or, worse, it's hacked out of the system. Now a potential employer can find it and not make an offer of employment. “Illegal!” you say? Clearly you don't understand “at will” employment.

      The second is whether you can or should expect that your information might be kept in confidence… private. For instance, you're quite public about your life — we know you're “actively dating” — but we don't know whom. If you called a friend on your mobile and told them, you'd expect the friend to keep that information private. What if the phone company tapped your phone, and sold the information to… well… anyone who wanted to know? (Suppose their right to do so were buried somewhere in that mobile phone service agreement you signed when you got your phone, although they **promised** they'll never let anyone know the information they gather.) Be careful — however you answer for a phone should apply regardless of the medium. Are you really willing to censor yourself for every medium except face-to-face?

      You might be horrified to know that telephone switches have this capability built in. It's completely undetectable by you. Take it from a an ex telecom engineer — I've literally seen the development requirement. The only thing that stops them from using it is that it's illegal for them to do so in this country, though not necessarily for international calls. However, hackers have used this capability. (There's a famous case in Greece.) Now extrapolate to Facebook: more hackers, less security, and a company whose business model is based on selling your data.

      The third issue is one of making changes to the policies above. If I know the relative security and privacy of my data, I can make intelligent choices on what I share. If Facebook as a medium is not secure, I can choose to use the phone (or a secure file sharing site). A lot of the current problem stems from Facebook's changing the rules, as they've done several times since they began. And each time they change the rules, Facebook resets your privacy options to “opt out”. Today, your niece's pictures are protected, but tomorrow Facebook could change the rules — say add a category like Networks — with an opt out. That defeats any/all previous intelligent decisions you've made. That's just not cool.

    • http://pluperfecter.blogspot.com Steven E. Streight aka Vaspers

      Phishing is just one sub-category of social engineering (tricking people into falling into a trap by using their own normal behaviors and interests against them). By harvesting your personal information and lifestyle aspects from Facebook, they could also lure you into a spyware attaching website for a drive-by browser exploit. There are many ways to harm and endanger people (rape, kidnapping, burglary, etc.) via intimate personal details harvesting. As I say all the time on Twitter, where fools love to announce what airport they're stuck at and what conference they're wasting their money on, “The only people who care what airport you're at are burglars.” :^)

    • http://www.rachel-levy.com Rachel Levy

      Great point, thanks for the comment!

    • http://sharisax.com Shari Weiss

      Andrea, I'm with you. I continue to be amazed that people would put “private doings” on the Global Whiteboard. If you do something that you only want a few select people to know about, them.

    • http://www.rachel-levy.com Rachel Levy

      Dan – Wow, thanks for the thorough analysis. Great thoughts all around. I
      like the “real life examples” — helps make it real for me.

    • Jeraa2t

      I would think the Venture Capital Community and or yahoo/aol would take this up as a perfect opportunity to grab market share from Facebook. For example I use http://www.startpage.com instead of Google. Jeraa2t

    • http://www.financiallydigital.com Nunzio Bruno

      Wow after reading this post I felt pretty much like you did Rachel. Then I went through the comments..and wow. There are soo many great explanations and points about privacy that I never would have thought of on my own. So I just wanted to say thanks to everyone who commented before me. This was a great post to get a conversation going though so nice work there too!! I can't believe I've been following you on Twitter for so long and this is the first time to the site..I'm hooked (and subscribed) :)

    • http://www.ob27.com ob27

      Great post, very good and pertinent comments too. Thank you.

    • http://twitter.com/psalvitti Peter Salvitti

      Hi Rachel,

      Not sure if “naive” is the appropriate term here. As “MITDGreenb” indicates, the issues of privacy and security are not so easily apparent or separated. Are you really being “naive” if an underlying application (like Facebook, or Twitter, or Foursquare, or … you get the picture) changes the rules to suit their business model frequently? No. How can you, as an end-user, ever possibly keep up with the vagaries of a for-profit enterprise and how it decides to use your data?

      You mention that FB should suffer some sort of backlash because of this. I would've have to agree, but FB isn't the only culprit here. The rapid advancement of technology has made information available through a variety of channels (i.e., web, mobile, IVR, etc.) when we want, how we want it and on whatever device we choose to use. This infinite flexibility puts an incredible strain on the infrastructures of those companies that ply their trade, or are looking to be, in the social media space.

      Existing “legacy” enterprises often have an advantage where security and privacy are concerned (often, but not always) as they've been at it a lot longer (i.e., locking down your information) and their policies generally translate well to the web or mobile space. This doesn't mean that there won't be breaches but, generally speaking, all (most?) of those breaches occur from inside a company than from someone hacking from the outside.

      Like you, I'm very open about what information is out there; I'm also a very late entrant to the FB sweepstakes, for very good reasons (security and privacy are but two of those reasons.) I take great pains to ensure that whatever information is out there about me that I have, or had, a direct hand in the validity and security of that information. This works for me because I've been in IT for 25+ years; my methods DO NOT translate very well to the general public because we cannot expect non-IT folks to have the necessary background to actively police themselves and/or the sites that they frequent … and so, we rely on the FB's of the world to provide the security and privacy that our information deserves; and this is the fundamental problem — we eagerly abdicate our responsibility to protect our information to the likes of FB and companies like it.

      I would inform your readers that they should ACTIVELY take charge of whatever information they decide to publicly publish AND ensure that they remain vigilant to whatever changes get announced by the FB's of the world (e.g., since I joined FB, I've had to modify my settings in response to FB's policy changes.) Is this a lot of work? Sure it is, but what price would you place on protecting yourself and gaining peace of mind?

    • http://www.rachel-levy.com Rachel Levy

      Glad you liked the post AND comments! The meat is for sure in the comments on this one. THIS is social media :-)

    • MITDGreenb

      A friend of mine just tweeted this scanner for Facebook privacy. I am going to give it a try.

    • http://www.rachel-levy.com Rachel Levy

      Wow, that's awesome! Just ran it on my account.

    • http://ariwriter.com Ari Herzog

      I recently learned from an AT&T engineer that their staff routinely listen-in on calls made through their network.

    • http://ariwriter.com Ari Herzog

      The motivating factor for me — http://ariwriter.com/why-i-want-to-delete-my-fa… — is not about privacy and my right to change such settings but the fact the company guaranteed me certain protections when I signed up for an account so many years ago, and it has constantly pulled the rug from underneath me until all I have left is nothing to call my own.

      I was never paranoid with the information I distributed through my Facebook wall and photo albums and the like because I was always confident the data stayed within my friends and networks. That's no longer the case, as search engines like http://kurrently.com show.

      I recognize things change, but I also recognize Facebook management is assuming I want certain elements turned ON on my account when I really want them OFF. Their changes should be opt-in, not opt-out. And that is why they are bugging me to no end.

    • http://www.rachel-levy.com Rachel Levy

      I agree with you. Was just trying to understand the implications of those
      changes on people

    • MITDGreenb

      And another thing…

      This story discusses a truly insidious problem: one person's decision to live life in the open divulges information about others who have chosen not to. As the article says,

      “So when people like Robert Scoble and others proudly proclaim their Facebook page an open book, remember it could bring others along with out into the open who choose to remain private.”

    • http://www.rachel-levy.com Rachel Levy

      Thanks for all of your comments on this post. I really appreciate it! Yes,
      when I ran that search tool yesterday, that was one area that was called out
      for me. I changed that. Thx for the article.

    • http://twitter.com/psalvitti Peter Salvitti

      Thanks! I was just about to post about here … as secure as I “thought” my settings were, it found some privacy holes.

    • http://www.techwatch.co.uk/ Techwatch

      they have a habit of stepping on peoples toes and then thinking it is ok to just say sorry afterwards

    • http://jasonkeath.com jakrose

      You are just knowledgeable about the web and social media more than most. So you realize what you should and should not be putting out there.

      But at the end of the day, I think the privacy concerns are overblown. The web is open. Do not put things on it that you would are not comfortable with the world possibly seeing. This rule goes for email even.

      Nice convo Rachel.

    • http://www.wistex.com/ WisTex

      Well, I think it depends on what you use it for. I have all my “tweets” (Twitter posts) automatically appear in Facebook, reply to people commenting in Facebook and see what my friends are doing, but I don't do much else there. Although my Facebook profile is private, I assume everything I post there would be publicly available at some point, and I post accordingly.

      Between hackers, nosy administrators, forwarded e-mails, copy & pasted posts, spyware, warrants, court orders, tracking software and companies going out of business selling all your data, anything you post online is subject to disclosure at some point in some way, legally or illegally.

      Basically if you don't want people to know, don't post in on the internet. After all, privacy on the internet was an afterthought.