Facebook drew back> the curtain Wednesday on new privacy settings designed to keep users personal information more secure, but consumer advocates say the social networking site s update will still leave some information vulnerable.
Because that data remain at risk, users should take caution with the information they post on Facebook, these advocates say.
Parry Aftab, the executive director for Wired Safety, a consumer resource that focuses on online security and privacy, says she has a simple test for gauging which information is Facebook-safe. Would you put it on a sign in front of your house? she says. That s got to be your measure. (Wired Safety is one of five groups that sit on Facebook s unpaid safety advisory board.)
Facebook has come under fire from users since December, when policy changes made more of users information open by default, unless they activated controls to keep it private. The outcry picked up in late April when the social networking site began pilot testing an instant personalization feature that allowed partner sites visited by a user to pull data from his or her profile and automatically share it with others. (For example, the feature could inform users Facebook friends that they had been using the Internet radio station Pandora to listen to Justin Bieber.) To avoid having their information shared, consumers must actively opt out on Facebook and on the partner sites, but they could still unwillingly have their information shared if their friends didn t opt out, as well. The policy changes spawned user complaints, as well as concern from consumer advocates, Congress and the Federal Trade Commission.
Facebook s new policy, which it plans to roll out in coming weeks, will provide simpler controls, founder and CEO Mark Zuckerberg said in a conference call. Among the changes:
* Basic privacy setting controls will be condensed to a single page, reformatted as a chart so that users can easily review who has access to what.
* Once a user chooses who can see a particular type of content -- friends only for photos, for example, or friends of friends for status updates -- that choice will apply retroactively and going forward in the case of future policy changes.
* Opt-outs for instant personalization and other applications that access a user s profile will be made easier.
* Users can opt out of sharing information with Facebook platform and third-party apps, even if what's collected is something consumers have set that everyone can access. Apps must also ask permission to access any information a user has set to more private settings.
Although the new policy addresses some of users concerns, it doesn t do enough to protect their information, says Jeffrey Chester, the founder and executive director for the Center for Digital Democracy, an advocacy group focused on digital media.
It does not bode well for protecting privacy on Facebook in the future, he says. Of particular concern: Facebook s desire to share user data with advertisers to better target the ads that appear on pages. Policy changes have weakened users ability to opt out as that business grows, Chester says.
A Facebook spokesman says the site doesn t sell currently user data to advertisers or anyone else and that the company's revenues are not tied to how open its users are with their information.
Here s how to navigate the new settings and keep your profile secure:
1) Review settings
Simpler controls may help most users, but an opt-out system will do little for users who don t look at those controls, says Paul Stephens, the director of policy and advocacy for the Privacy Rights Clearinghouse, a nonprofit consumer advocacy group. Unless users say otherwise, everything is shared. Use the preview my profile tool on Facebook s privacy settings pages to see what others can spot. Also consider downloading the free tool at ReclaimPrivacy.org, which flags unsecure settings and offers tips to revise them.
2) Eliminate everyone
Users would do well to stop thinking of social networks as somehow cut off from the broader Internet. People understand that when they tweet [using Twitter.com], that it s a broadcast to the world, Aftab says. Anything in Facebook settings that s available to everyone is available publicly in the same fashion, potentially showing up to anyone who clicks on your profile, visits sites such as OpenBook or conducts a search on Google. Don t post it unless you want your parents, the police, predators and your principal [or boss] to see it, she says.
3) Opt for security
Facebook s new policy still allows users to specify restrictions post by post. Opt for a more secure setting and tighten or loosen it further if the situation calls for it, Aftab suggests. For example, users can set photo sharing to friends only but then specify that their boss can t view the newly uploaded pictures from a recent party. On the other hand, they can broaden a job-hunt status update to include friends of friends, instead of just people in their immediate circle.
4) Share with caution
Even information shared with friends only could pose a security threat if a friend s account is hacked or a bug occurs, Stephens says. Seemly innocuous data, such as a birthday, a mother s maiden name or a favorite pet s name is enough for hackers and identity thieves to do serious damage. You re providing a source of data that might be used by a hacker to access password-restricted sites, he says.
There s also the embarrassment factor. In February, a temporary bug resulted in a handful of Facebook users receiving hundreds of private messages meant for others. In early May, another glitch allowed users to view friends private chats with other people.