Think twice before you post: How secure is Facebook?
Facebook™ is about sharing. As its founder, Mark Zuckerberg, reiterated in the Washington Post (2010), it is his belief that “people want to share and stay connected with their friends and the people around them. And a world that's more open and connected is a better world.”
Zuckerberg also wants to give users control over what they share and with whom, but by his own admission, some of their efforts to provide users with “lots of granular controls” may have resulted in user settings that were too complicated. Recent efforts have been focused on making privacy setting easier to manage and understand. As Zuckerberg puts it, “the biggest message we have heard recently is that people want easier control over their information.”
You’re not always sharing with who you think you are
Facebook, according to its founder, remains "focused on achieving our mission of giving people the power to share and making the world more open and connected." Users, however, need to be aware that they may be more "open and connected" than they realize.
Users who have their status updates set to share with "everyone," for example, may not understand that anything they post as a message is available not only to their friends and friends of friends, but becomes as open to the Internet as a Twitter tweet. As the site youropenbook.org demonstrates, this can potentially release a stream of personal information that is easily searchable to the world. A search for "phone num" reveals several people unwittingly giving out personal information across the Internet. A similar search for "new address" returns people giving out email addresses and even physical addresses the same way.
Also, although one of Facebook’s founding principles is that "we do not give advertisers access to your personal information," it had to scramble to change code in its reporting to advertisers recently after the Washington Post revealed that Facebook and other social networking sites were passing along referral data to advertisers that included user IDs, which they "don't consider [as] personally identifiable information."
The issue only arose in circumstances when users clicked on their own profiles and then clicked on an ad, and advertisers that were advertising companies, including DoubleClick owned by Google and Yahoo Inc.'s Right Media, hadn’t been aware of the possibility that some of this data "could direct advertisers back to a profile page full of personal information." Nevertheless, Facebook was quick to change the code.
Taking charge of Facebook security settings
Users need to be aware of their security settings and choose with whom they share information. Sophos.com has suggestions for managing Facebook to prevent ID fraudsters harvesting your personal information. This also includes advice to create "limited friends" and restrict the information they can access. You can do this by creating friends lists and choosing different privacy settings for each list. Sophos also recommends turning off options like "instant personalization" on third-party sites, saying, "It makes a lot of sense to disable an option until you have decided you do want and need it, rather than start with everything accessible."
It’s a good idea to take a few minutes to read the Facebook Privacy Explanation page, where the different settings are outlined. Here you will learn how to control access by applications and that, by clicking on the padlock icon beneath the status update box, you can override default status settings. So when you do decide to announce your new phone number or address, you can direct that information only to your friends or to lists of friends who you trust with it.
