The Facebook Privacy Triangle
You know, I really enjoy using Facebook. No one can deny that it’s an amazing tool when it comes to connecting with old friends and distant family members as well as being a great business tool. Facebook allows me to connect with former classmates and even my sorority sisters—something I probably wouldn’t be able to do otherwise.
As a business tool, I can connect with other individuals who are interested in learning about, and keeping up with, Internet and social-networking safety issues that are important to them. Sure, I realize that the connections I make with these people aren’t nearly as effective as a face-to-face conversation, but I enjoy them nonetheless.
So it’s kind of (to say the VERY least) disappointing when I see the amount of bad news that surfaces regarding our privacy and security on Facebook, most of it in the last week.
Here’s what got me concerned, and I want to share it with you so that in case you missed it, you’re aware of what’s going on. There are three things you should be aware of, and in some cases, reminded of:
First – I came across an article on MaximumPC.com that addressed yet another security loophole in Facebook.
Basically, the bug, which was discovered by TechCrunch Europe, allowed users to view the live chat logs of any of their friends on Facebook. Ironically, this bug is activated when a user is changing their privacy settings and asks to “preview their profile”. When you go to see how your profile would look from the perspective of one of your friends, you can see their chat log.
Facebook fixed the problem quickly once TechCrunch alerted them, but as Ryan Whitman from MaxPC said, “…it shouldn’t have happened in the first place”.
Second – There’s been a lot of commotion going on as a result of the changes made (yes, again) to Facebook’s privacy settings. The changes were announced at the F8 conference, and apparently Facebook is making even more of your private information available to the public by default. In addition to this, more of your information is being sold to third parties, including advertisers and game companies.
Here’s how Curtis Silver from Wired.com put it, “Basically it became quite apparent that Facebook is in fact, a business, and that your so-called “personal” data was for sale. To economists and investors, this was no surprise at all. They all expected Facebook to make a genuine attempt to make money at some point, and what better way than demographic targeted advertising?”
Caroline McCarthy from CNET.com included these recent privacy tweaks in a series of changes that Facebook has made over the years. Of course, as McCarthy points out, these changes have been made very slowly as to not attract too much attention from Facebook users. In her article, she compares Facebook’s unstable foundation to a piece of land built on earthquake territory. Sure, you can build a house on that land and fill it with a bunch of personal stuff, stuff that is near and dear to you, but you always run the risk of losing it all in an earthquake.
The recent hiccup in Facebook that allowed users to see their friends’ private chat logs (mentioned above) was made into an example of the security risks that can come out of these minute changes.
“We should be getting used to the fact that [it’s] become commonplace now that pushing out new features no longer requires waiting for the next release of a shrink-wrapped software package […] It will mean bugs that are quickly patched and poorly thought-out features that are pulled in due time, but they were there in the first place, and user data may have been affected in the process” says McCarthy.
Though the analogy may be a bit extreme, it still makes sense. People put all this private information into Facebook’s database, private information that they think is safe, and all the while they have no idea that underneath them Facebook’s “tectonic plates” are slowing shifting.
Looking at it from a different angle, all of these small changes are partly responsible for Facebook’s massive success compared to other, similar social networks. “The ground is moving at Facebook, and it always has been.” says McCarthy, “The social network can credit a big portion of its success to this ability and willingness to keep changing while some of its industry brethren–MySpace, Digg–kept products relatively static and are now suffering the consequences.”
But it’s also these very changes that are causing the Facebook-user upheaval. There have been a bunch of articles and blogs written on Facebook’s privacy changes, in fact, I’ve reference two in this blog alone, and both of them were written on the same day. Some of the commotion is taking its form in a Twitter campaign—it’s actually going on right now. Basically it’s a Twitter protest asking users to not log into Facebook for an entire day on June 6th as an outcome of the privacy changes.
Now, I’m no one to say whether you should be using Facebook or not, I use it all the time. To restate my opinion, it’s a great social media tool—whether for family reasons or work reasons, but that doesn’t mean you shouldn’t be privy to the changes going on within Facebook, be it big or small.
So then what can you do to combat the privacy risks that come out of these changes? Not much, taking into account their Terms of Service, but the first you can do is go through Facebook’s privacy settings, nice and slow, and make sure that you have everything set the way you want. Pay special attention to the settings that are automatically set to “default”.
The other thing you can do is understand. Understand that NOTHING on the Internet is private, and as a result, avoid putting information about yourself that you wouldn’t normally share with strangers into a website that’s full of them.
Third – Then I read this article that came out of NYTimes.com. The article addresses the underground black market that exists purely for buyers and sellers of hacked Facebook accounts. Hackers gain access to these accounts and sell them, sometimes in bundles, for money.
Who would buy a bunch of stolen Facebook accounts? Well, apparently con artists use them to con the friends and family of that particular Facebook member. The buyers of these Facebook accounts also gain access to all of the personal information on that person’s profile—information that Facebook encourages you to fill out when you first sign up.
“Last summer, Eileen Sheldon’s Facebook account was hacked and used to send messages to about 20 friends claiming she was stranded in Britain without a passport and needed money. Ms. Sheldon, who lives in California, had recently been living in London, and one friend, believing the ruse, wired about $100 to the thieves.”
“Other friends smelled a fraud and warned Ms. Sheldon, who quickly reported the problem to Facebook. She does not know how her password was stolen.”
If there’s any ray of light shining through the murkiness of this underground black market, it’s the fact that a lot of the stolen accounts are fake—sort of a “con artist conning a fellow con artist” type of deal where the hacker actually makes a bunch of fake Facebook accounts, accumulates about a dozen friends on each of those accounts, and then sells them. Nevertheless, take heed, as seen from Eileen’s example; some of these stolen accounts are real.
While I wish I could provide you with a list of “things you can do” to protect your privacy on Facebook, all I can really do is restate the basics and recognize that nothing is 100% full-proof:
1. Do what you can with Facebook’s privacy settings.
2. Refrain from posting too much personal information on any website. A combination of any two listed here can create a potion for identity theft, cyberbullying, or other cybercrime – first and last name, birth date, phone number, school, or address.
a. Here’s what I do:
- I don’t list my “primary email”. If you know me, or you are close to me, or if we become close, I’ll make sure you know my main email.
- I try not to include personal information about my children.
- I don’t post my real birth date.
- I don’t post my phone number.
- I post my work address only because it’s already available on my website.
- I don’t share a picture on Facebook that I wouldn’t share want the rest of the world to see.
- I don’t write anything in Facebook that I wouldn’t want my mom or dad to read. (Even as an adult, I care about what they think and that’s a natural filter. After all, if I wouldn’t say what I wrote in FB to them, they why would I to anyone else….)
- I recognize that I have accepted friend requests from adults I don’t know in real life. As such, I think about every post as: would I say this to a new friend I met outside my office that said: “I heard about you, and Yoursphere, and/or your social-networking safety blog, tell me more.” With that in mind, that’s how I communicate.
3. I’ve accepted the burden that Facebook, for me, as an adult, comes with a price. That price is my information is for sale to those I have no say over.
4. Don’t chat about too-personal of topics over Facebook, save those conversations for over-the-phone or face-to-face.
5. Share with your kids how you handle yourself responsibly on Facebook. I’ve discussed with my two older children these issues and have shown them the details.
6. In the end, understand that NOTHING is private on the Internet, especially on an open social network such as Facebook where you’ve been promised privacy, but it hasn’t been consistently delivered.
Mary Kay is a nationally-recognized Internet safety expert and the founder of 
