Tuesday, February 15, 2011

Facebook Privacy Settings: Third-Party Apps, Location Sharing, Search Engines

Every time I review my Facebook privacy settings I discover something new that is disturbing. New Facebook features come with a corresponding new privacy setting that is historically set to a value that makes your personal data open to all of your friends, third-party applications, and maybe even the public. The two most disturbing instances are third-party applications and location sharing. A little less disturbing is having a portion of your Facebook profile indexed by Google.

Third-Party Applications

There is a very disturbing default privacy setting which allows your friends to share your information with third-party Facebook applications and web sites. As a former developer of Facebook applications, I do not see any reason why you should let an application developed by a third-party (i.e., a non-Facebook company) have access to your information because once your information is in a third-party database then it will be very difficult to know if and when your information is procured by someone with bad intentions. Trusting Facebook with significant amounts of your personal information is one thing, but not knowing that your friends may be unintentionally sharing your information with a company other than Facebook is disturbing. I say unintentionally because when one of your friends uses a third-party Facebook application or web site, your friend does not know what queries the application is running against your profile behind the scenes. The third-party application can collect and store your information indefinitely and for no legitimate reason. Facebook policies state that third-party applications can only store your information in their database for a short period of time (i.e., ~24 hours), but I do not believe Facebook has an effective procedure for enforcing this policy.

I have my photos and videos set to only be viewable by my friends. It is possible that Facebook honors this request and denies third-party applications access to my photos and videos. However, the wording in their privacy settings does not give me confidence that this is the case. Therefore, I recommend denying third-party applications and web sites access to all of your information.

My recommended course of action:
  1. In Facebook, go to Settings / Privacy Settings / Apps and Websites / and click "Edit Settings"
  2. Click "Edit Settings" for "Info accessible through your friends"
  3. Uncheck all of the check boxes seen in the subsequent picture and click "Save Changes"

This should ensure that your friends do not unintentionally share your personal information with third-party websites.

Location Sharing

Having your real-time location shared with people you don't know and/or people who you wouldn't want to know is scary and creepy. The primary method of Facebook learning your real-time location is via your cell phone so decline any requests from Facebook to do so. Another method is one of your friends can share your location by "checking you into Places". Needless to say, that is not good.

My recommended course of action:
  1. In Facebook, go to Settings / Privacy Settings and click "Customize Settings"
  2. Next to "Places I check in to", select "Only me"
  3. Disable the following: 'Include me in "People Here Now" after I check in'
  4. On the same page but under "Things others share", disable "Friends can check me in to Places".
Preventing Search Engines from Displaying your Facebook Profile

You can prevent your Facebook profile from showing up in search engines like Google, Yahoo, and Bing by doing the following:
  1. In Facebook, go to Settings / Privacy Settings / Apps and Websites / and click "Edit Settings"
  2. Click "Edit Settings" next to "Public search"
  3. Make sure "Enable public search" is unchecked. You may need to check and uncheck it a couple of times to make sure it is disabled.
  4. You can test to make sure your profile is not viewable by search engines by copying your Facebook profile URL, logging out of Facebook, and pasting your profile URL into  your browser's address bar. If done correctly, you should see the following: 

No comments:

Post a Comment