Recent blog posts

Facebook's new privacy controls: Still broken

It seems Facebook's new privacy controls aren't really that new and don't really protect your privacy. Aside from that, they're great.

By Dan Tynan  6 comments

August 29, 2011, 11:35 AM So Facebook finally rolled out those new privacy controls it promised last week – to some users, at least. I was one of the lucky ones.

They sounded good at the time. In practice, though, not so much. In fact, I don’t think these changes were about improving privacy at all. More on that in a moment.

[Facebook revamps its privacy controls again (thanks, Google+) and Can Facebook privacy be simple?]

First, though, a correction. I was wrong when I wrote about Facebook’s new tagging controls last week. I had written:

One of my biggest complaints about Facebook is that it allows anyone to tag photos with your name – even if you’re nowhere in the picture. It was up to you to stay on top of tagging alerts and delete tags you didn’t want appearing. Now Facebook will let you preview tags and approve  or delete them before it they appear on anyone else’s wall. You’ll also be given more options about what you want to do – say, whether you want to remove the tag or ask your friend to remove the entire photo.

It turns out that the picture isn’t quite so rosy.

Let’s say your friend Bob tags you in a photo. Facebook will send you a message saying “Bob added a photo of you. To approve this for your profile, review your pending posts.” That’s the new bit.

That picture won’t appear on your Facebook page until you click “Add photo to your profile” (or “Approve all posts”). But it will appear on Bob’s profile, regardless of what you do. And all of Bob’s friends will be able to see it, assuming his privacy settings allow that.  That’s where I got it wrong.

Go ahead and reject that post. It will still appear on your friends profileGo ahead and reject that post. It will still appear on your friends profile

You can, of course, remove the tag, or you can ask your friend to take down the photo (and if he or she doesn't, block them entirely). But if you don’t remove the tag or your friend doesn't delete the image, the photo and the tag will stay there in perpetuity, as in the past. So Facebook tags are substantially no different than they were before; which is to say, they still suck.

Actually, that’s not true – they’re worse. Using Facebook’s new “improved” privacy controls, you can tag someone else in photo and then keep them from seeing it. It’s pretty simple; just change the sharing option so they don’t see what you posted. So if you want to tag a picture of a jackass with your friend’s name on it and make it Public, everyone on Facebook will be able to see it except one – the person whose name is on it.

Here’s how the same status update appears to me (top) and the fake profile I’ve tagged in the update (bottom).

Top: What your Facebook posse sees. Bottom: What your tagged friend sees.Top: What your Facebook posse sees. Bottom: What your tagged friend sees.

See the name that’s missing from the bottom one? That (fake) person would have no idea he’s been tagged in this.

You can turn off the feature that lets other people check you into locations by going into the new privacy controls, selecting How Tags Work, and disabling Friends Can Check You Into Places. But you can’t keep people from tagging you or hiding those tags. And now, Facebook allows anybody and their dog to tag you, not just your friends.

Maybe this a bug. Maybe it’s just a strange alignment of the social media planets that affects only me. But if it’s not a bug or a planetary misalignment, it’s not good.

Really, though, what Facebook is spinning as “privacy controls” is actually something much sneakier, I think. The biggest thing they’ve done is embed tagging and Facebook Places into status updates, making it easier to tell people where you are, what you’re doing, and with whom.

What are you doing, with whom, and where? Facebook wants to know.What are you doing, with whom, and where? Facebook wants to know.

I am sure many Facebook fans would see this as a benefit, but it ain’t privacy enhancing. And the ability to claim you were someplace with someone – and block that person from viewing your post, so they could refute or remove it – is wrong. I’m hoping this is just a glitch or just a mistake on my part. I can't believe even Facebook would do this intentionally.

TY4NS blogger Dan Tynan is feeling a big soggier than usual after the hurricane. Visit his snarky, occasionally NSFW blog eSarcasm or follow him on Twitter:@tynan_on_tech. For the latest IT news, analysis and how-to’s, follow ITworld on Twitter and Facebook.

Follow Dan on Google+

Author Dan Tynan has been writing about Internet privacy for the last 3,247 years. He wrote a book on the topic for O'Reilly Media (Computer Privacy Annoyances, now available for only $15.56 at Amazon -- order yours today) and edited a series of articles on Net privacy for PC World that were finalists for a National Magazine Award. During his spare time he is part of the dynamic duo behind eSarcasm, the not-yet-award-winning geek humor site he tends along with JR Raphael.

6 comments

    Tanya Del Monaco
    Tanya Del Monaco 24 weeks ago
    I have reached the point where I view everything that I post on Facebook as being public, regardless of any privacy settings (or lack of it! ) My wall now consists of a few random meaningless links and belated birthday wishes as my desire to visit my Facebook page has all but disappeared.

    Thank you for the post and bless stumbleupon for bringing me here :)
    Flag comment  |  Permalink Reply
    Natalie Johansson
    Natalie Johansson 25 weeks ago
    ahhhh - I don't want that my friends comment or like my posts! What the hell did Facebook do with these stupid changes?!? How I can turn the comment or like function off?

    PLEASE HELP ME! :(
    Flag comment  |  Permalink Reply
    Belinda
    Belinda 25 weeks ago
    (I have posted this elsewhere.)

    IMPORTANT INFO: There is a VERY SERIOUS problem that is actually a BREACH of PRIVACY if you look at the settings, (and someone has already referred to it here in the comments- but it is not just photos that are affected.)

    OTHER PEOPLE CAN SEE who you have (and have not) allowed to see the post/ photo/ status update. That information is PRIVATE- but your audience can see (by using the audience selector icon on your post) the exact details of who you have included (eg, there are some posts that I customise to exclude certain people- but now that info is out there for people to see!!!).

    I checked the walls of several friends, and can confirm this: eg. I can go to the wall of a friend, “Andrew”, hover over the icon of each post, and see “Andrew’s friends, except (x and y- names of 2 people)”. What a mess! That info is only Andrew’s business- not others!!

    The worst part is that this also affects things posted BEFORE the changes, from what I could see.
    Flag comment  |  Permalink Reply
    Rob_ReputationDotCom 25 weeks ago
    Hi Dan,

    Thanks for sharing your take on Facebook's new privacy controls. While the new controls may make it easier for some users to customize access to their profiles, the simple truth is that no privacy settings are infallible and no matter what Facebook will be able to access the content in some way.

    That's why we came up with uProtect.it, which you've talked about in this column before. With uProtect.it, you can encrypt your Facebook posts and ensure that you have complete control over the content you share online.

    Thanks,
    Rob Frappier
    Community Manager
    Reputation.com
    Flag comment  |  Permalink Reply
    Samuel W. Lessin
    Samuel W. Lessin 25 weeks ago
    Hello, just to clarify... if you 'tag' someone that trumps privacy exclusions... so if you post to [Friends of Friends] - [Person] and then tag Person, that person will see your post. I just wanted to clarify the action based on your above assertion.
    Flag comment  |  Permalink Reply
    dantynan
    dantynan 25 weeks ago in reply to Samuel W. Lessin
    @samuel:

    that doesn't explain why in my tests the profile that got tagged could not see that tag. I tried this with tag privacy on that account set to "me only" and also to "everyone" and had the same result. the test account that got tagged had not yet been upgraded to the new facebook privacy controls, so I don't know if that affected it. but it sure looks like a bug to me.

    (fyi, sam lessin is a facebook employee).

    dt
    Flag comment  |  Permalink Reply

      Add a comment

      Post a comment using one of these accounts
      Or join now
      At least 6 characters

      Note: Comment will appear soon after you have activated your account.
      Obscene/spam comments will be removed and accounts suspended.
      The information you submit is subject to our Privacy Policy and Terms of Service.

      ITworld LIVE

      IT Management/StrategyWhite Papers & Webcasts

      White Paper

      How To Regain IT Control In An Increasingly Mobile World

      It's a tricky balancing act to ensure the security of mobile devices without jeopardizing the user experience. In many cases, IT winds up focusing more on one aspect than the other, meaning that risk is added or users are alienated. Finally, both considerations will be accorded the attention they deserve.

      White Paper

      ESG: Defining Tier One Storage in the Modern Data Center

      This report defines "tier-1" storage in the modern IT world and in the data centers and services that support it. What was a simple environment just a few years ago with mainframes or a few large servers to be supported has evolved into a complex web of virtual machines, clouds, and expanding user expectations -- factors which demand and create flexibility, but do so in a way that pushes a lack of predictability upon the storage infrastructure. Learn what your criteria should be for tier-1 storage.

      White Paper

      HP 3PAR Storage Systems Designed for Mission Critical High Availability

      In this technical whitepaper, learn how HP 3PAR Storage Systems have been designed to deliver 99.999% and greater availability, bringing new possibilities to storage thinking outside the realms of what has been achievable in a traditional SAN environment.

      White Paper

      ESG Lab Review: Focus on Federated Workload Balancing, Asset Management, and Thin Provisioning

      This ESG Lab review documents hands-on testing of HP 3PAR Peer Motion Software's distributed volume management with a focus on federated workload balancing, asset management, and thin provisioning.

      Webcast On Demand

      Mobility KnowledgeVault

      How "mobile ready" is your infrastructure? This Mobility Knowledge Vault provides a wide variety of expert advice on how to strike a balance between end user ease-of-use and security. Prepare your organization with primers on data encryption and user authentication, device disablement and devising an employee-liable device strategy that makes both IT and users happy.

      Sponsor: Dell

      See more White Papers | Webcasts

      Answers - Powered by ITworld

      ITworld Answers helps you solve problems and share expertise. Ask a question or take a crack at answering the new questions below.

      Join Now

      New questions

      Why would Microsoft release Office for the iPad?
      0 answers
      After an admin installed software that I know nothing about, what can I do to ensure it is secure?
      0 answers
      Why did Pinterest suddenly become the "hot new thing"?
      0 answers
      How do you define HYBRID cloud computing?
      0 answers
      What do you think about the Samsung Galaxy Note, step forward or step back?
      2 answers
      View more questions

      Ask a question

      Join Now or Sign In to ask a question.
      Ask a Question