Facebook and privacy… again
If you’re a Facebook user, you may have come across this recently, usually forwarded as a Wall post:
Facebook has agreed to let third party advertisers use your posted pictures without your permission. Click on “Settings” up at the top where you see the “Log Out” link. Select “Privacy Settings”. Then select “News Feed And Wall”. Next select the tab that reads “Facebook Ads”. There is a drop down box, select “No One”. Then save your changes.
I don’t know if Facebook have really ‘agreed to let third party advertisers use your posted pictures’ but it wouldn’t surprise me; after all, Facebook don’t have a good record in this area.
And it’s this lack of a good track record that makes me wonder why people are surprised. As I commented today on a friend’s Facebook page, all Facebook want to do is run a successful, profitable business. They don’t care about your privacy.
But, as users, we also have to take responsibility for our own privacy. If we don’t care about it, then no one else will. Do we really need to put all that information on Facebook? Could we scale it down a bit? Perhaps not put our whole life on there?
After all, this is the Internet. It’s a public information exchange; no part of the internet is private, no matter how it appears. If you don’t want lots of people using your pictures, or knowing your personal information, then don’t put it online. Simple as that. If you do put it online, be aware that it is not secure. The internet is not a gated community; there are no borders to protect you – you have to protect yourself.
Update: Facebook have written a post, addressing this issue of third-party use of pictures and stating that this does not happen and that they do care about your privacy after all. So, it seems like this particular issue is just a false rumour, but my advice still stands; it’s the internet – it’s not private, so protect yourself.
Facebook again
The BBC have discovered that it’s easy to write a Facebook application that will, when loaded on a users profile, harvest all sorts of information about that person and their contacts. If the BBC are the first people to think of doing this, I would be really surprised, yet there seems to be a level of indignation that I find hard to take. This is the internet; it is not anywhere near as secure as people would like us to believe and hacking goes on. If you don’t want anyone to find out enough information about you to commit identity fraud, don’t put it on a public forum – it’s as simple as that.
Until we all learn that our personal data is valuable – and that protecting it is OUR OWN RESPONSIBILITY – then identity theft will continue to increase.
That data thing again
This story from the BBC highlights the latest arguments that are raging over online information. Apparently, the Press Complaints Commission are to undertake consultation about whether newspapers should be able to re-print information that individuals have made available on sites like Facebook and MySpace.
The impetus for this seems to be that individuals who have seen their information re-used in newspaper stories about them are objecting; they say that this information is private and not for public consumption.
Which is crap. This isn’t (or shouldn’t be) a privacy issue – it’s a question of copyright. You’ve already made the information public by publishing it on a website; if it gets re-used by a newspaper then the best you can hope for is to sue them for infringement of your copyright – so if they re-publish your holiday snaps without your permission, you’ve got a case.
As far as privacy goes, if you don’t want people to know about something then don’t put it on a website. As I’ve said before (here and here), you’re just opening yourself up for trouble.
In a related story, you may have heard of the issues that are surrounding the “whistle-blowing” site, Wikileaks. Everyone seems to be up in arms because they’ve been closed down for making public some confidential documents owned by companies; this is being seen as stifling of freedom of speech. Um, no. What it is is stopping the illegal use of documents that are not owned (and may have been obtained illegally) by those people who are making them public. Freedom of speech is a great thing and if it’s being stifled then I’m ready to protest as loud as the next person – but that’s not what is happening here.
Facebook and your data
A few days ago, I wrote this post about the amount of data that people give to Facebook, and asked whether those that do so had really thought about the implications of what they are doing. The post was prompted by the story about Robert Scoble being banned for scraping data from the site.
In the comments for that post, brightfeather asked:
(1) When you say “trimmed” I take that to mean that you removed some information. What did you remove? (2) And what would you recommend as the bare minimum amount of information to post on Facebook?
I was going to reply in the comments for that post, but thought that this was worth a post by itself.
To answer the first part, I removed photos, school history, employment history (but not current employer), all of the “About Me” type information like interests, favourite movies, etc as well as hometown, country, political views, religious views, groups and all my contact details other than websites that I’m associated with.
I also took the opportunity to remove all those annoying applications that Facebook is infested with these days, even though I didn’t have that many on my profile.
The information that I left is already in the public domain; my employer, for example, is known to anyone that reads any of my blogs. I also left my profile picture, as it’s the same picture I use everywhere.
I didn’t delete the account entirely because I use Facebook to stay in easy contact with people; if you lose their email address you can still send them a message via Facebook. And it’s also a good way to get back in touch with people that you’ve not heard from for a long time. However, my account remains restricted so even though there’s no longer much information up there, only my friends can see it all; everyone else just gets a potted version.
The rest of Facebook (all those stupid applications and how many varieties of ‘Wall’ that just get filled with the same four or five allegedly funny items) just doesn’t appeal to me – but then, it’s not really aimed at my demographic.
To answer the second part is harder and will, I imagine, be different for each individual because it comes down to how comfortable you are with disclosing personal information. The first problem is that Facebook don’t seem to have users interests at heart when it comes to spreading data around (see the recent press about Beacon) because data is valuable – they can sell it to advertisers for big bucks. The second problem is that, as Robert Scoble demonstrated, Facebook can be scraped. What this means is that you’ve got a repository of information about in excess of 50 million people (at least that’s the most recent user figure I’ve heard) which is not too hard for someone with the right software to access. And data is valuable to them too; for opening bank accounts in your name, getting credit cards or scamming you directly.
So you have to ask yourself what you’re happy about people knowing, but remember that identity theft does not require much information (see this story about Jeremy Clarkson if you’re in any doubt), so the more information you put up the more at risk you could be.
For instance, let’s say that you’re a young married man with a family. So your profile shows who you’re married, and your friends list may include your brothers and sisters, and your Mum and Dad. You put up where you went to school, where you work, pictures of your darling children (and their names and ages), pictures of your car and your house. You tell people your hometown and when you’re going away on holiday. You make status updates about how you hate your Bank – and you tell people which Bank it is so they can avoid it. All in one session at the computer.
Now you can call me paranoid if you want, but with all of the data losses that have been going on in the UK recently do you really want to give any more away? Do you really want to take the risk?
Do you tell Facebook everything?
You may have heard today that ‘noted’ blogger Robert Scoble has had his Facebook account suspended because he was – in their eyes – scraping data from the site. The fact that he was using a tool to take data that he already had on his profile and port it to other social network environments is beside the point, they say. He was violating the terms of service and his account is forfeit.
I could care less about whether Scoble gets to have his Facebook account back (I imagine he will, because Facebook can’t afford to lose any more credibility with their audience), but what all the various arguments back and forth have highlighted to me is the vast amount of data that is sitting on Facebook; Scoble may have only been harvesting data he already had access to, but what about the less scrupulous user? And if you voluntarily put all that information online, is it still yours?
When you think about the millions of users that Facebook has – what is it? 50 million now? – and the think about the information that each of them puts up, the possibilities for identity theft are frightening. Think about your own Facebook account – how much data do you display? And just how safe do you think it is?
I’ve used Facebook for quite a few months and I’ve looked at I don’t know how many profiles – a large number are public, so you can browse at your leisure. People put up their names (obviously), age, gender, where they work, where they went to school, the music, films and books they like, their partner and all their friends. They put their contact details – email, phone, IM, you name it. I’m surprised they’re not putting up their Social Security number and their credit card details. They put up photos of themselves, their families, their children. They make announcements like when they’re going on holiday, when they’re moving house. Basically, they put up almost their entire lives.
All nicely packaged for someone to come along and steal.
How much information do you think it really takes for someone to commit identity theft? How about your name, your date of birth and the town you live in. That could be enough – they can wing the rest – but Facebook users give them so much more without a thought.
But you’re probably thinking “Ah, but all of my data is set just for my friends to view, and my profile is restricted not public”. Which is where tools like the Scoble was using come in; how much effort do you think it really takes for a determined enough person to write a tool that will (or can, there are probably ones out there already) breach Facebook’s security. And with 50 million users up for grabs, they will be determined. After all, if they got 50c per name, that’s a lot of zero’s…
And even if Facebook is 100% secure and people can only scrape data that is made public, what about Facebook themselves? They got into hot water recently because of their Beacon program – which would have allowed “specially chosen” partners to access some of your data, so they could “tailor” your online shopping experience accordingly. A system that was going to be opt-out became opt-in and now seems to have been dropped because of the public outcry.
But think about it; Facebook is a company. Companies exist to make money. Companies make money from exploitation of their assets. What is Facebook’s biggest asset? Your data. If hackers and scrapers can’t come in and steal it, Facebook themselves have shown they are perfectly happy to sell it; are you OK with that? Because by putting your data on their service, that’s what you’re saying. Think about it a bit, and then go check out your Facebook account.
For myself, I’ve had a bit of a spring-clean of my Facebook account. I haven’t deleted it completely, but it’s a lot trimmer than it was – not that it was fat with information to begin with and I won’t be updating it anywhere near as much as I used to.
Wolfs Helpers
