Facebook Privacy: Information accessible through your friends

I created a new Facebook account today. I was interested in what the current, default settings are.

Upon browsing to the privacy setting I am faced with what looks like a nice and simple set of privacy controls.  ”Hey, great!”, thinks I, “Facebook has been promising this for a while.”

So the default settings look okay-ish, albeit not as private as some may think they are.

It likes to share your posts, status updates and photo’s with the world by default.  ”The world” meaning anyone with an internet connection.  This is pretty open, but not really more-so than a weblog or a personal website.  The problem may be in the expectations of the users.  I won’t delve into all that.

I do like the fact that the default privacy screen does give you a fairly easy way to change most of the settings from the default “recommended settings” to a couple of other presets, like Friends of Friends, and Friends Only.  The latter is my preferred setting, so with a couple of clicks I can make this the case…

“Great.  Now only people I deem as friends can access my profile information.  All is well.  Isn’t it?”  Oh brain…if only it were that easy.  Let’s jump past the fancy, drop dead easy privacy screen that just made me feel all warm and fuzzy.

Let’s take a very quick look at the “Applications and websites section”.  In particular lets look at “Information accessible through your friends”  Say what now?  I though I was only sharing info to my friends.  Not through my friends.

Let’s look at those settings.

That is an awful lot of check boxes… lets read what this section is “Use the settings below to control which of your information is available to applications, games and websites when your friends use them. The more info you share, the more social the experience.”

So let me get this straight… Even though I previously just said “I only want my friends to see my information.” You remember, on that big fancy new privacy screen that even grandma can understand; even though I just said that, there are these settings hidden a level deeper that say “forget all that”.  These settings say that if my friend Joey decides to play Poodleville, that now the makers of Poodleville can see all of the information that my friends can.  But the makers of Poodleville are not my friends, are they?   I don’t understand.

And oh look.  Joey just installed Scam-ville, Data-miner-ville and I’ll-post-your-private-beach-photos-on-pervy-sites-ville.  They too can now see all my stuff.  My relationships, status updates, photos, videos, notes, etc….  Lo and behold, it turns out that the owner of Scam-ville also owns Pedo-ville and they too would love to see those pictures of my kid in the bathtub that I posted for grandma.

Why wasn’t this included in their fancy new privacy settings?   You know, the back door into all my data.    Why is the default option such that my friends bad decisions can compromise all of the information that I believed was private based on the screen prior?

I am no expert on Facebook privacy.  I believe I am reasonably locked down within the scope of what is possible on Facebook.  But in this little experiment, I was admittedly shocked that this is the default setting.

I would personally suggest navigating to Account >Privacy Settings

Look to the bottom of the page for “Applications and websites” and the “Edit your settings” option.

Look for “Information accessible through your friends”.

Edit the settings.

Uncheck everything.

I think it is horribly irresponsible of Facebook to allow such a setting to remain the default.  It is ridiculously exploitable.

Update: Thanks to victorymanual for providing this link to a tool that checks your privacy settings for you.  I thought it should make it to the post proper.

Try it here:

http://www.reclaimprivacy.org/facebook