Open Source Utilities For Facebook Privacy

dward90 writes "Two online projects will scan and edit Facebook privacy settings for maximum protection: ReclaimPrivacy (reclaimprivacy.org) and SaveFace (untangle.com). The article says: 'Several new applications have launched this week that are designed to easily reset a Facebook member's privacy settings, following new changes from the company that make a sizable chunk of profile content public by default when it was once kept under lock and key.'"

Is It Just Me ...

[WrongSizeGlass]

... or is it just a bad idea to be able to change privacy settings via Facebook's API? Couldn't some other site/service "open the flood gates" instead of locking them down?

Re:Is It Just Me ...

Just about everything about Web 2.0 sites is a bad idea.

The privacy problems are well known.

The general stupidity of the users is well known (and often exploited by both the sites themselves and others).

The technology the sites use is often shitty (NoSQL, mainly).

Web 2.0 sites are about doing things as wrong as possible, but becoming popular thanks to the stupidity of people as a whole.

Re:Is It Just Me ...

[0100010001010011]

You can't. And neither of these tools do.

You have to drag them from their website to your toolbar. Go to facebook, click on them. The javascript scrapes the website and either validates the settings (reclaim) or just sets everything to 'friends only' (save face).

I've tested both and they seem to work just fine.

I bet facebook releases a change in the html to break the scraper soon though.

Re:Is It Just Me ...

[commodore64_love]

RECLAIM doesn't seem to work. It tells me I have vulnerabilities, but when I click "fix" it doesn't fix the problems.

SAVEFACE - I'm not sure. It does something, but whether or not it actually worked is a mystery.

Re:Is It Just Me ...

In your rush to get first post, you failed to read the article and have now asked a question that you wouldn't need to ask. Had you spent 30 seconds scanning any one of the links instead of typing your post, you would have saved yourself from looking like an idiot.

Better luck next time.

Re:Is It Just Me ...

[K.+S.+Kyosuke]

What is so wrong with not using SQL? Even if you do use relational databases, SQL as such should have been replaced by a proper relational query language ages ago.

Re:Is It Just Me ...

RECLAIM doesn't seem to work. It tells me I have vulnerabilities, but when I click "fix" it doesn't fix the problems.

You're vulnerability is using Facebook. To "fix" this you need to delete your account.

Re:Is It Just Me ...

[Pvt_Ryan]

I ran them in the following order:

reclaim
saveface
reclaim

on the 2nd run recalim reported everything as "good"

Re:Is It Just Me ...

[commodore64_love]

Ditto. It appears reclaim didn't really change my settings (hence why it still showed red). Saveface did all the work.

Re:Is It Just Me ...

[eleuthero]

...except that they wont actually delete your account without running through a massive number of hoops - one site and another among several that pop up with a "delete facebook" search on google

Re:Is It Just Me ...

[Locke2005]

You're missing the point... if any app can update your privacy setting, it is trivially easy for a trojan such as a game to update your settings as well.

Re:Is It Just Me ...

[facebook]

It's a good idea, just trust me. Most of you dumb fucks already have.

Re:Is It Just Me ...

[icebraining]

The technology the sites use is often shitty

Says the guy posting in a site written in Perl.

Re:Is It Just Me ...

[0100010001010011]

And it couldn't before? Any trojan could go and change your settings for any website that you're currently logged into. It's not like this is something new with facebook.

Heck, the fundamental way they work is the entire idea behind GreaseMonkey & UserScripts (for Chrome/Opera)

Re:Is It Just Me ...

Is that a serious question?

Relational databases can do anything and everything that any NoSQL "database" can do. But unlike NoSQL "databases", relational databases don't go randomly losing data, don't go corrupting data, allow for proper normalization, allow for much better performance, allow for transactions, and in general are always a much better idea.

The only reasons people gravitate to NoSQL databases and architectures are:
1) They're ignorant of how to properly use a relational database.
2) They're doing it just because it's the "cool" or "trendy" thing to do.

The fact that SQL hasn't been replaced in 40 years shows that it's working okay for most people, even if it isn't perfect.

Re:Is It Just Me ...

[Hognoxious]

How much difference does changing the settings actually make? The words "stable", "door" and "bolted" spring to mind.

Re:Is It Just Me ...

[bill_mcgonigle]

RECLAIM doesn't seem to work. It tells me I have vulnerabilities, but when I click "fix" it doesn't fix the problems.

Same here. The underlined link did bring up the right page and I unchecked the right boxes. Then it verified the change correctly.

Re:Is It Just Me ...

[MoralHazard]

In other news, YHBT. HAND.

Re:Is It Just Me ...

[bami]

You're putting the emphasis wrong.

"Says the guy posting in a site written by complete idiots with no understanding of usability"

Re:Is It Just Me ...

[K.+S.+Kyosuke]

I'm not talking about non-relational databases, I'm talking about relational databases not using SQL. You can't query a true relational database using SQL, simply because SQL does not support constructs that a true relational database should, and on the other hand, SQL does things that don't belong to the relational model. And BTW, SQL isn't 40 years old.

Re:Is It Just Me ...

I've heard that if you post porn pics to your profile, Facebook will delete your account pretty darn fast

Re:Is It Just Me ...

Most "NoSQL" data storage solutions are simplistic stores chained together to create a relational store for the frontend (for example an edge graph combined with a key/value store). Rather than replacing SQL with a "proper" relational query language, everyone is busy reinventing the relational database. The decision to go "NoSQL" usually comes when a poorly tuned, poorly architected MySQL instance (which is slow and lame as a relational database to start with) proves too slow, with little consideration payed to other, better SQL-fronted databases (they might cost money!) or a better database architecture.

Then, companies like Twitter say that they are "web-scale" and nobody has ever solved they kind of problems they have and that have invented a truly innovative and magical solution, even though thousands of organizations have been handing orders of magnitude more data in significantly more complicated scenarios just fine for 20+ years. Most established organizations with huge data (banks, governments, telecos, retailers, travel, etc.) just don't write hip blogs and attend tweetups about their scaling process, so Twitter et. al. think they've got an unsolved problem that needs a new solution.

NoSQL datastores aren't solving a novel problem in a novel way, they're just a way to try to throw less upfront capital (but a lot of man hours) at a very old problem that's been solved for years in enterprise-class (and often SQL-fronted) datastores.

Re:Is It Just Me ...

[bertoelcon]

Says the guy posting in a site written in Perl.

Not just the site, some of the editors are Perl scripts too.

Re:Is It Just Me ...

[kdemetter]

SQL was developed in the early 1970's . So that's exactly 40 years old.
I know , time flies by quickly.

Not sure what you mean by "constructs that a true relational database should support" though .

Open Source Warning

[AnonymousClown]

Before creating a facebook account, please consider this:

• Facebook must exploit your personal info in order to make the mega bucks that they've grown used to.
• A Facebook page may make you unemployable.
• All Facebook privacy safeguards will be circumvented.

Re:Open Source Warning

[Abstrackt]

A Facebook page may make you unemployable.

This one thing from an otherwise good post really bugged me. You may make yourself unemployable by posting things you shouldn't in public because despite Facebook's atrocious privacy policy they can only work with data you give them.

Re:Open Source Warning

[dcmoebius]

they can only work with data you give them.

Not true, actually. They can also work with the information your "friends" give them.

Re:Open Source Warning

[nacturation]

A Facebook page may make you unemployable.

This one thing from an otherwise good post really bugged me. You may make yourself unemployable by posting things you shouldn't in public because despite Facebook's atrocious privacy policy they can only work with data you give them.

"Damn Abstrackt, you sure had a fun time with those hookers last night. I can't believe they happened to have marijuana on them... you sure went to town on that bong! [pic attached] I'll be on IRC tomorrow... you've gotta tell me all about that Windows bug you exploited to crack into that .mil site." -- written on your wall

Re:Open Source Warning

[Animaether]

At which point it doesn't matter whether you, yourself, are on Facebook - as long as that 'friend' puts your name in an entry, you could be flagged in such an internet query. I.e. if you're laying face-down in vomit with a half-empty bottle of Absolut in your hands, it doesn't really matter whether that somebody 'tags' that photo with the 'friend' account 'dcm' or simply jots down 'lol dcm after a FUN night out!'

Re:Open Source Warning

[John+Hasler]

> You may make yourself unemployable by posting things you shouldn't in
> public because despite Facebook's atrocious privacy policy they can only
> work with data you give them.

I mostly agree. There's nothing wrong with using Facespace or any other free, ad-supported service as long as you understand that anything you put there might become public (or be lost in a crash or be deleted when the service is discontinued). As to their privacy policy, well, hell. They have no contract with you (nor you with them): just some vague non-binding promises. What do you expect for free? Enjoy it while it lasts, but don't rely on it.

Re:Open Source Warning

[isilrion]

[...] because despite Facebook's atrocious privacy policy they can only work with data you give them.

... or that your friends give them. Some of which may not even be your "facebook friends".

Re:Open Source Warning

[icebraining]

In fact, it's the reverse: being on Facebook is better because it alerts you when people tag you, so you can ask them to take it down/edit it; if you aren't registered you probably will never know until it bites you.

Re:Open Source Warning

[hitmark]

Facebook must exploit your personal info in order to make the mega bucks that they've grown used to.

maybe grows used to, but that do not mean entitled to. If i grow used to getting $1000000 onto my account each month, and then it stops, am i then entitled to having that start again?

Re:Open Source Warning

[Hognoxious]

You may make yourself unemployable by posting things you shouldn't in public because despite Facebook's atrocious privacy policy they can only work with data you give them.

Gibberish. I could post a picture of two drunken idiots dancing naked in the street on my page - and tag one of them as you.

Re:Open Source Warning

I really don't get this "employers digging through Facebook" stuff... My profile is totally closed to the outside world. All my info is set to "only friends" or just me. I don't even show up in Google or Facebook searches. How on Earth is a prospective employer going to get to my profile? Even if they did, they wouldn't be able to see ANYTHING.

Honestly, explain it to me because I don't get it. If you don't want to be found, you won't be found. Say what you will about Facebook's privacy settings, at least for the time being they allow for that.

Re:Open Source Warning

And if you're registered under a nickname and an obscure email address your employer won't be able to find you, or the photos tagged with your nickname.

Re:Open Source Warning

[LWATCDR]

What always shocked me is that anybody ever thought that data you posted on a social networking site was private to begin with?
Really?
Of course there will always be the problem of someone tagging you in a photo where you are making an ass of yourself but then it has always been wise to avoid making an ass of one's self in public.

Re:Open Source Warning

[SatanicPuppy]

I was in an amusing job interview the other day:

Interviewer: "So, I'll need to see your Facebook page"
Me: "I don't have one."
Interviewer: "I know it's probably not something that you want all employers to see , but we're not 'narcs', we just want to know if you're a 'culture' fit."
Me: "No, really. I don't have one. I never understood the draw."
Interviewer: "You know, this is really not the sort of attitude we look for in a potential hire."
Me: "...If you Google my name, you get one hit, and it's not Facebook."
Interviewer: "I'm not going to show anyone."

Damned if you do, damned if you don't.

Re:Open Source Warning

[dbIII]

Yes but people do that sort of stuff all the time (eg. the "drunken pirate" teacher fired over an innocent costume party photo) and annoying HR types use that as an excuse to play with facebook all day instead of doing any work.

Re:Open Source Warning

[syousef]

they can only work with data you give them.

Not true, actually. They can also work with the information your "friends" give them.

Here's a thought. Don't get yourself photographed doing crazy illegal shit. Hell another thought don't do crazy illegal shit. If you're letting your friends photograph you smoking pot, having sex with hookers, putting graffiti on public walls etc. YOU are making you unemployable.

Re:Open Source Warning

[The+Fanta+Menace]

A Facebook page may make you unemployable

Seriously, if some dumbarse business won't employ you because they found something on your Facebook page, they would be a god-awful place to work anyway. There will be plenty of better employers out there who will employ you no matter what's on your page, and they will be far more pleasant places to work.

Re:Open Source Warning

[smash]

Actually, they can only work with the information you give your "friends" to post. Don't want to be pictured face down in a pool of vomit? Don't do it in public? :D

Re:Open Source Warning

[smash]

Facebook privacy settings recently got changed, and people lost their settings which were set to "private". So, if you just ignore your facebook account, it may not actually stay private.

Re:Open Source Warning

[tabdelgawad]

Um, you can do that anyway - Facebook or not.

Re:Open Source Warning

[budcub]

If anyone ever asked me in a job interview to show them my facebook page, I'd laugh out loud. If they persisted, I'd tell them to kiss my ass and go to hell. I'm not kidding.

Re:Open Source Warning

[BlackBloq]

Why the fuck would you let ANY work related asshats be friends in facebook is way beyond me! I guess if your stupid enough to post pics of you smoking a big fat joint and add your new boss then you deserve your ass to be raped.

Re:Open Source Warning

[RMH101]

Hahaha, name and shame. That's hilarious.

Re:Open Source Warning

Who's the other one?

Re:Open Source Warning

Quoting Animaether above:

At which point it doesn't matter whether you, yourself, are on Facebook - as long as that 'friend' puts your name in an entry, you could be flagged in such an internet query. I.e. if you're laying face-down in vomit with a half-empty bottle of Absolut in your hands, it doesn't really matter whether that somebody 'tags' that photo with the 'friend' account 'dcm' or simply jots down 'lol dcm after a FUN night out!'

Doesn't even have to be you who's face-down in that photo. Just needs to be tagged as you.

Re:Open Source Warning

I'm not trying to be invasive, but could you give us some more information about that company?
If you'd be so kind.

What was the position?
What was the size of the company? (Employees, revenue)
What does the company do/sell?

Did you get the job?

Copy

[mehrotra.akash]

What prevents these apps from keeping a copy of the info in their databases before changing the settings?

Re:Copy

The fact that they are open source and you can view the code before you run it? If you're not comfortable with it, don't use it.

Re:Copy

[mehrotra.akash]

Considering that many of the people who need to use an app to change their privacy settings and are on facebook will not be able to understand code.
Example: so many people grant full profile access to apps just to view a video(and that app just spams the wall of their friends)

Re:Copy

[pjfontillas]

But with the source code available people who do understand code can analyze the code for just such a thing. We don't need to have everyone understand how the code works we just need some that find any flaws that then help spread the word to everybody else.

Re:Copy

[CannonballHead]

We don't need to have everyone understand how the code works we just need some that find any flaws that then help spread the word to everybody else

There is no guarantee that that has happened, is there? With a small project that apparently has, at this time, one developer? I have not read anyone that has reviewed the current codebase and told me that nothing bad is in there.

Re:Copy

[blueg3]

For Reclaim, at least, your data doesn't go through their servers. It's a bookmarklet that causes JavaScript to be executed. The JavaScript file can be downloaded and reviewed, and you could even change the bookmarklet to run your local, reviewed copy instead of the one from their server. It doesn't appear to communicate with anyone but facebook.com.

Re:Copy

[Myopic]

There doesn't need to be a guarantee. There only needs to be sufficient basis for trust. Your interlocutors are claiming that, for them, there is sufficient basis for trust. You can make your own decision.

Re:Copy

or the fact that these "apps" are just some javascript that can be executed on facebook, and have no database whatsoever. You could be afraid that it phones home and sends data to the creator, but if you can't read simple javascript well enough to tell if this is happening, turn in your geek card and get the fuck off this site.

Re:Copy

[CannonballHead]

My argument is that the framework is there for trust, but simply being open source doesn't automatically mean it is trustworthy in its current form (i.e., current code).

In other words: it's open for review, but that does not mean that someone has reviewed it.

(that said, I would tend to trust an open-source one more than closed-source with no external review, simply because the open-source one is openly inviting review at any time... if that is your point, then I agree :))

Re:Copy

[fbjon]

Oh just look for yourself. But to ease your pain, I already looked through the relevant code (I'm assuming the jQuery code is fine), and found nothing sinister. It's less than 1000 LOC, well-formatted, and half of it is just CSS.

Are these tools in the article safe?

They run javascript on the facebook page, can they be used to steal my facebook password?

Re:Are these tools in the article safe?

can they be used to steal my facebook password

Would losing your Facebook account be such a bad thing?

Re:Are these tools in the article safe?

Not if you are already logged in before you run them.

Re:Are these tools in the article safe?

[c-reus]

Losing the account wouldn't matter. However, losing the password would, since a lot of people use the same password for a lot of other sites

Other websites knowing your facebook account

[HockeyPuck]

I've noticed recently that many non-facebook accounts (cnnmoney.com for example) know about my facebook account. Usually I see a link/graphic at the bottom of the page that says "click to 'like' this" or something similar.

Anybody know how to keep these third party sites from knowing about your facebook account?

Re:Other websites knowing your facebook account

[mehrotra.akash]

Account->privacy settings->Apps and websites Disable "Instant Personalization Pilot Program"

Re:Other websites knowing your facebook account

You should sprinkle a lot of obscenities, pornographic pictures, and the most distastful things that you can find on your facebook pages. It will insure that other sites cannot use your information without losing their "safe for work" designations.

Re:Other websites knowing your facebook account

[TimmyDee]

I wish it were that easy. I have the "Instant Personalization Pilot Program" disabled on my account, but FB Connect popped up on CNN Money this morning.

What did I do? I specifically blocked any URL containing "fbconnect". Problem solved. OmniWeb let me do this using RegEx, but I'm sure the same can be done with AdBlock.

Re:Other websites knowing your facebook account

[HockeyPuck]

I've always had that disabled, but it still shows up on cnnmoney.

Re:Other websites knowing your facebook account

[mehrotra.akash]

My mistake, that is only for 2-3 sites that use your FB id to store profile settings

However, the other sites seem to be taking the data with explicit permission from FB. See http://www.microsoftteched.in/
On the bottom right there is a FB app click on the privacy button in it, there is a 4-5 page long document, but since it is on facebook.com, I assume that it is only for selected partners, so it should be as safe as your data is on FB itself

Re:Other websites knowing your facebook account

[Fnkmaster]

Here is a very helpful post from a few weeks back. Easy enough to set up Adblock to block all that stuff out.

Alternatively, if you log out of Facebook after use, most of this stuff doesn't show up. However, that doesn't block all the Facebook content on third party websites according to some.

The Adblock solution seems to be 100% effective for me.

Re:Other websites knowing your facebook account

People just aren't paranoid enough. I normally use Safari for day-to-day use, but for Facebook I setup up Firefox with a separate profile just for Facebook. That profile has every anti-facebook extension I could find installed. I use Facebook, but it's locked in a sandbox with a steel cage around it.

Re:Other websites knowing your facebook account

Yep, easily done with AdBlock here's the filter: http://dev.mathiasbaert.be/misc/facebook-connect-opt-out.html
it will block facebook.com, fbcdn.net and facebook.net on third party sites

Re:Other websites knowing your facebook account

[Locklin]

For privoxy, I added the following to my user.action file:

{ +block{Facebook privacy invasions} }
http://api.facebook.com/restserver.php
http://www.facebook.com/connect.php/js/FB.SharePro/
http://www.facebook.com/ajax/connect/
http://www.facebook.com/plugins/
http://www.facebook.com/connect/
http://connect.facebook.net/

and saved.

Re:Other websites knowing your facebook account

[mcb]

The CNN issue really bothered me. From my research, you can also prevent it by disabling third party cookies.

In Firefox it's in Tools->Options->Privacy->Use custom Settings for history

Re:Other websites knowing your facebook account

It will also insure that your facebook account loses it's "allowed to remain on facebook" designation.

Re:Other websites knowing your facebook account

[Landshark17]

You can, Lifehacker just posted this article about doing that today:

http://lifehacker.com/5542041/block-sites-from-using-your-facebook-login-with-adblock-plus

Re:Other websites knowing your facebook account

[intheshelter]

Problem solved!

DO NOT use UNTANGLE.com

I tried it, and without asking, Untangle.com reset all my privacy settings!!! This is unacceptable as I had painstakingly customized it to better settings than default.

Use reclaimprivacy.org looked much better - it simply listed what is wrong with my account.

Re:DO NOT use UNTANGLE.com

[iamhigh]

RTFM you moron. It plainly states on the download page that it resets all your settings to friends only.

Re:DO NOT use UNTANGLE.com

[jonpublic]

This is slashdot. People never RTFM.

And now for something completely different!

And that, my liege, is how we know the Web to be banana-shaped.

This new learning amazes me, Sir Zuckerberg. Explain again how a series of tubes may be employed to eliminate privacy.

Oh, certainly, sir.

Look, my liege!

[trumpets]

Facebook!
Facebook!
Facebook!

It's only a website.

Shhh!

Friends, I bid you welcome to your new home. Let us ride... to Facebook.

[singing]

We're Friends of the round table
We Poke when e're we're able
We do Farmville and play Mob Wars
With mousework impecc-able
We lurk around on Facebook
We tag and quiz our friends a lot!

[dancing]

We're Friends of the round table
Our Likes are for-mid-able
Though many times we're given gifts
That are fake and unuse-able
We're news-feed mad on Facebook
We check from mobile phones a lot!

[tap-dancing]

Oh, our Walls we cradle
Quite indefatigable
Between our posts we friend request
And pad our list where able
It's a busy life on Facebook
I have to push the 'Hide' a lot!

[outdoors]

Well, on second thought, let's not go to Facebook -- it is a silly place.

Right.
Right.

And now for something completely different!

Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb f***s.

Re:And now for something completely different!

[Culture20]

Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb f***s.

I usually mask out dirty words too, but if you're quoting someone directly, and are doing so to make a point, altering their words doesn't help.
Zuckerberg, in that last exchange, called all Harvard Facebook patrons...

Dumb fucks.

Re:And now for something completely different!

[himself]

(Cue raucous applause, pounding on tables, wolf whistles, and shouts of "bravo!" and "huzzah!")

Looking forward

[Spad]

Cue an endless series of phishing sites: "Did you know that anyone on the internet can see things you post on your Facebook page? Just type in your username and password and we'll scan your profile to see if it's secure..."

Re:Looking forward

[IamTheRealMike]

No it's even better. "Just drag this bookmarklet and click - it's totally safe!". Why do the Reclaim folks claim this is somehow better when it's clearly not? Their script is not only compiled (ie, pita to read) but could change at any moment or even change by IP address!

Re:Looking forward

[fbjon]

They claim that because they're right. Here's the entire code for the bookmarklet, with some formatting inserted:

javascript:(
function(){
var script = document.createElement('script');
script.src = 'http://static.reclaimprivacy.org/javascripts/privacyscanner.js';
document.getElementsByTagName('head')[0].appendChild(script);
}
)()

And the script itself is nicely formatted. Look towards the end for the actual code that matters. Have fun.

It's really not that difficult.

[UncHellMatt]

I work in IT for a small police department, and recently have begun doing presentations for parents on Facebook and general online privacy, what steps can be taken and how to watch out for warning signs of problems. I'd say at least half the parents I talk to are completely unaware of what information is freely available online about their kids, if allowed to use such a site, or how much information their kids are making available online.

It only takes about 20 minutes to educate a neophyte, if they're willing to learn, how to lock down privacy on Facebook.... He said with a pained expression. One thing which never ceases to boggle my mind is the number of parents (and people in general) who really don't understand and don't CARE what information is out there, or what it can mean. ID theft, home intrusion, stalking, all that pretty much is "someone else's problem", producing enough SEP power to cloak an average sized nation.

While products like this are certainly useful, the bigger issue is education. If you're aware of the changes to FB and the like, setting security takes all of a minute. If you're unaware and someone tells you, and if you're not particularly inclined toward looking over security settings, it might take someone 10-20 minutes to go over them with you. If you just plain don't care, no amount of open or closed source software is going to make any difference whatsoever.

Re:It's really not that difficult.

[gbrayut]

You should record the presentations and put them up on youtube...

Re:It's really not that difficult.

[Hognoxious]

It only takes about 20 minutes to educate a neophyte, if they're willing to learn

Ummm, stop. I see the problem, right there.

Re:It's really not that difficult.

[Mashiki]

We do something similar via the RCMP and MP's from the military and RAD here in Canada, but it's aimed for kids and takes 7mins. If you're interested look up, but 20mins is far too long. If you can do it in under 10 and make it easy enough a grade schooler can figure it out then you're all set.

Re:It's really not that difficult.

[Culture20]

It only takes about 20 minutes to educate a neophyte, if they're willing to learn, how to lock down privacy on Facebook....

Until Facebook changes it again. Two years ago, I had everything locked down to friends only. Since that time, they've forced profile picture, current city, home town, likes/interests, work history, education history (and approximate age by proxy), to be public. There are still options to prevent non-friends from seeing some of those things via Facebook, but the Facebook Connections API allows anyone on the internet access to all those things for every user (further confusing the issue, because people are "sure" they locked things down, and I have to argue with them to show them that they really don't). I'm curious whether a court will determine that providing fake privacy controls constitutes a "reasonable expectation of privacy", and smack Facebook hard in the near future.

Re:It's really not that difficult.

[UncHellMatt]

Hey, thanks for this! I'm googling it now.

And yes, 7min for kids... "easy enough for a grade schooler" to figure out doesn't translate into easy enough for (unfortunately) many adults. Particularly ones who are in there hoping that I'll have some magic wand that'll take away all their problems surrounding FB and maybe do their parenting for them.

Re:It's really not that difficult.

[Culture20]

Sorry for replying to self: I forgot about a couple forced public changes: Networks, Friend list (but only if you have a friend list on your profile).

Re:It's really not that difficult.

[intheshelter]

Looked and can't find it. Can you provide a link?

Re:It's really not that difficult.

[edleslie]

That is why I removed all the info from those parts of my profile. My "Friends" already know that information anyway, so I don't need to post it. All posting it does is to let Facebook target you with ads.

Re:FACEBOOKS knews to MUACH!

MOD +5 INSPIRING

Offtopic

[mehrotra.akash]

What is SEP Power?

Re:Offtopic

[UncHellMatt]

Sorry... Hitchhikers Guide reference. http://en.wikipedia.org/wiki/Somebody_Else's_Problem

Re:Offtopic

"Someone Else's Problem"

Re:Offtopic

Read Hitch Hikers Guide to the Galaxy series. I think its in book 2 or 3. Someone Else's Problem fields are quite powerful.

Re:Offtopic

Clearly, you've never read any hitchhiker's guide books.

Re:Offtopic

[Hognoxious]

What is SEP Power?

It's where instead of scanning backwards through the post for the enormous distance of five whole words - until you find three consecutive words beginning with the letters "s", "e", and "p" (in that order and in quotes) - a dumb fucking Indian generates a DFI field by asking a stupid question.

Re:Offtopic

Someone else's problem

http://en.wikipedia.org/wiki/Somebody_Else%27s_Problem

Re:Offtopic

"Somebody Else's Problem" in that context I believe.

Re:Offtopic

Someone Else's Problem Power

Re:Offtopic

What is SEP Power?

http://www.google.ca/#hl=en&source=hp&q=sep&aq=f&aqi=g5g-s1g4&aql=&oq=&gs_rfai=&fp=bff28e8e230e9c76

http://en.wikipedia.org/wiki/Somebody_Else%27s_Problem

Facebook is a Gossip

[ObsessiveMathsFreak]

Facebook is the world's worst gossip. You tell them anything, they will tell it to every one of your friends, their friends (marketers), and probably anyone else who so much as passes by.

All these tools essentially do is add a "and please don't tell anyone" onto your data entries. The real solution is not to tell the gossip anything in the first place.

Re:Facebook is a Gossip

[commodore64_love]

That's why most of my facebook is blank. I listed my High School and College so I could reconnect with friends, and that's it. And from time to time I go through my profile and delete 90% of my older, obsolete postings.

Re:Facebook is a Gossip

[CannonballHead]

The real solution is not to tell the gossip anything in the first place.

Pft. You and your common sense may go elsewhere. What I want is to be able to tell anyone I want anything AND force them to be quiet and not tell others! ...

Seriously though, you're right - but it seems that most people would rather gossip and take the risk than have to live without. And only when they "get burned" do people suddenly find out that their privacy is important, perhaps more important than the gossip-entertainment. And Farmville.

Re:Facebook is a Gossip

Friends are still a vector though, they can post and tag images of you doing crazy things, talk about you on your wall, etc...

Re:Facebook is a Gossip

[Myopic]

That sounds like the market (the privacy market) at work. Some people take too much risk and get burned; some take not enough, and lose out on certain benefits.

Please note that I am not a market ideologue, I just wanted to comment on how this instance seems to be working out.

Re:Facebook is a Gossip

I keep a minimalist profile, but I enjoy having relevant ads on Facebook. Very few sites offer this sort of personalized advertising.

Re:Facebook is a Gossip

[CannonballHead]

Hum. That's a good point, I hadn't thought of it that way before.

In general, I don't think FB is doing anything wrong necessarily. I don't know all of what their doing, of course. And, in general, privacy settings are your own things to choose, and you agree to various terms. Everyone just checks the I Accept box, clicks submit, and then complains when something they accepted happens :)

Anyways. Interesting thought about the "privacy market."

Re:Facebook is a Gossip

[onemorechip]

Kind of irrelevant. Posting and tagging of images of me can be done whether I'm on FB or not. And if I don't have a wall they can still talk about me (only then it will be behind my back).

Warning about SaveFace

SaveFace automatically goes through and sets your privacy to "Only Friends" for everything. This may undo certain privacy measures you've already taken. For example, I set up a Limited Profile friend list for people who don't need to have access to my e-mail addresses, screen names, etc and blocked those items for them. SaveFace went through and removed those restrictions, so any of my friends could see my e-mail addresses, screen names, phone number, etc.

This tool would work fine if everyone on your friends list are actually friends who you'd like to share all of this with. On the other hand, all those folks from high school I added don't need to be able to IM me, call/text me, or use my e-mail address for anything.

Re:Warning about SaveFace

[Macgrrl]

Personally I don't have a FaceBook account, but have been a LiveJournal user for a decade give or take. I have maintained for years there needs to be a two teir relationship setting, friend (real friends) and acquaintances (friends of friends you want to track, etc...).

The one teir solution means it's all or nothing for many settings.

Third Option

[WarpedCore]

http://www.facebook.com/help/contact.php?show_form=delete_account

Re:Third Option

Thanks. I just deleted my account.

Re:Third Option

[Mr.+DOS]

Unfortunately, that option – as has been stated here on /. before, if not on this article – only removes access to your account. Facebook still has all the data in your profile archived away, and if you log in again, the account is reactivated and comes up in the exact same state it was when you “deleted” it.

Is it really that hard?

[Bambi+Dee]

Is it really so hard to simply go through Facebook's privacy settings yourself and consciously set them to whatever you want (as far as that's possible)? Same with all these warnings people pass around through status updates. I keep seeing suggestions to the effect of "click this, then that, then that, then 'wet your pants in public', then 'no'" only to find that I've already done that anyway. If you're really concerned about your Facebook privacy, what's been keeping you from checking out the relevant options yourself? They're not hidden, they're just... many. Or is there something that external "helpers" can do that you can't do yourself?

Re:Is it really that hard?

[Todd+Knarr]

It's not hard, just involved and convoluted. Facebook's settings are many, and some of them aren't in the obvious places. These tools make it easy to do what's time-consuming to do by hand.

Re:Is it really that hard?

[Bambi+Dee]

I see your point. I think I'd just start worrying about my grasp of the tools' "reach" and trustworthiness in addition to worrying about Facebook's admittedly huge "options hierarchy".

Re:Is it really that hard?

[Aladrin]

When they change every month and you have no idea what changed? Yes, it's really that hard.

I was 99% sure I was covered before I ran ReclaimPrivacy the other day. It found 3 sections that had data that was more open than I intended.

Re:Is it really that hard?

[JustinOpinion]

Is it really so hard to simply go through Facebook's privacy settings yourself and consciously set them to whatever you want (as far as that's possible)?

Yes, it really is "so hard". Intentionally so. Take a look at this NY Times graphic showing all the privacy settings options that exist throughout a Facebook profile. (Or, at least, the options the NY Times was able to find.) You can see that the options behave in inconsistent ways. You can set "maximum privacy" on one page without realizing that an option at a different level over-rides this (e.g. third-party ads may still have access).

To really insure maximum privacy, you not only have to navigate this maze of options (the NY Times graphic helps to make sure you've nailed them all), but you have to repeatedly re-check your settings since Facebook can (and does) change the settings interface (and thus the default settings) from time to time. So a previously "highly private" profile can have information leak unless you are actively checking whenever there are changes.

As I said before, this is probably intentional. Facebook would prefer to have more access to data and more ability to redistribute personal data for profit. So it is to their advantage if people don't have maximally-private settings. A plugin that actually produces a clean, sane, and useful privacy settings interface can thus make it much easier to control those settings. It also points out just had bad Facebook's settings and customization pages really are: you need third-party apps and newspaper flow-charts to make sense of them.

Re:Is it really that hard?

[Bambi+Dee]

It came up all "good" for me. But I "shared" it nonetheless.

Re:Is it really that hard?

[Bambi+Dee]

On the one hand, I do think it's good that people in general are becoming more aware of privacy issues, and this article is a symptom of that.

On the other hand, I wonder if external tools aren't just catering to or perpetuating a sense of helplessness in the face of Facebook's (certainly convoluted) settings: "Oh, you can't trust yourself to understand how to do it right, you need this third-party utility to be safe."

But I guess I'm not really trying to make sense of the settings either. I just go through them one by one.

Or friends

[DrYak]

You may make yourself unemployable by posting things you shouldn't in public {...} they can only work with data you give them.

Or, some idiot might post un-appropriated stuff about you.
In fact, you don't even *need* to have a facebook account to get embarrassed by people you made the mistake to consider as friends.

Re:Or friends

[AnonymousClown]

That happened to a friend of mine. She was out with friends and wasn't drinking. Someone passed her shots to pass down the table. Of course, someone was taking pictures and guess what? Yep, the picture of her with the two shots got on her friends Facebook page. She had a Facebook page too which was linked to her friends .... Oy!

I disagree.

[AnonymousClown]

Many employers and definitely for security clearances will look at your page and all of your friends. Guilt by association.

See here under "Yes, Facebook can get you fired."

Mr. Fulmer and his wife made fun of a local church sermon in a podcast they posted online in 2005. Mr. Fulmer says it got so much attention, his boss listened to it, thought it was offensive and fired him.

The thing is, sharing things about yourself can be objectionable to an employer - and you don't know what they could be.

What may be completely harmless or even your God given right to say or do, may make you unhirable for an employer or even fired. Against the law in some cases - prove it. They can always find a legitimate and legal excuse to not hire you or fire you.

The best thing to do is pass on Facebook.

Re:I disagree.

[BobMcD]

The article you linked says that 27% of orgs have a policy and that 2% of them have actually fired someone over things like this.

It seems to me having an objectionable Facebook page might be an asset. It would definitely keep you away from employers who do not understand that you're there to earn a paycheck, and then you go home. Now if you're the sort that actually wants to be micromanaged without pay, heed the advice, but for the normal among us, maybe it isn't such a big deal. Take this:

That happened to a friend of mine. She was out with friends and wasn't drinking. Someone passed her shots to pass down the table. Of course, someone was taking pictures and guess what? Yep, the picture of her with the two shots got on her friends Facebook page. She had a Facebook page too which was linked to her friends .... Oy!

Maybe you want to work for an establishment that understand that bars exist and that adults go into them. If you are seeking employment from an organization that would like to see all bars burnt to their foundation, I'd suggest you never even drive past one, let alone go inside.

At which point it doesn't matter whether you, yourself, are on Facebook - as long as that 'friend' puts your name in an entry, you could be flagged in such an internet query. I.e. if you're laying face-down in vomit with a half-empty bottle of Absolut in your hands, it doesn't really matter whether that somebody 'tags' that photo with the 'friend' account 'dcm' or simply jots down 'lol dcm after a FUN night out!'

You'd rather your boss went 'lol' along with the rest of us. Trust me. If they don't understand that adults of a certain age do certain perfectly legal things on their own time then they likewise won't understand when your kids get sick, when you want to vote your conscience, or when you land that really great promotion in another firm and want to say goodbye.

Re:I disagree.

good post. A minor correction: I don't have any God given rights. I only have rights given by Smith and Wesson.

Application Boundary Enforcer

[johndoe42]

Even if you turn off instant personalization, facebook still knows every time you visit one of those partner sites. But NoScript (I leave scripts enabled globally) has a cute feature called Application Boundary Enforcer. Here's (some of) my config:

Site .facebook.com
Accept from .facebook.com
Deny

Site .fbcdn.net
Accept from .facebook.com
Accept from .fbcdn.net
Deny

Enjoy!

Re:Application Boundary Enforcer

[uniquegeek]

thanks; I hadn't poked in there for a while, and had forgotten about it
(mod parent up)

SaveFace warning

[Rune64]

Using the ReclaimPrivacy page worked great, made appropriate suggestions and allowed me to one-click fix select privacy settings. After running my profile through the SaveFace tool, however, it actually loosened my privacy settings automatically (changed some things which were set as "Only Me" to "Friends Only"), and did so without allowing me to interact and with no prompt telling me what it was doing in advance, with no way to stop it.

Ran into an issue with Reclaim...

[BLKMGK]

It doesn't finish the scan for some reason - hangs on "scanning". Might be just me, might be FireFox which is damned goofy and crashes often for me, or it may be Fluff Busting Purity (which kills the animal and Mafia postings etc. via Greasemonkey). Other than it hanging on those two things it does look to be the better tool in that it examines settings and warns vs setting them to whatever the other tool thought was most appropriate when it was written.

A very nice concept though!

Re:Ran into an issue with Reclaim...

[carvell]

Yeah mine does the same.

All I see is JavaScript?

[Eggbloke]

All I see is the JavaScript when I click on the bookmark. (Ubuntu 10.04, Firefox) Help?

It *doesn't* suck you in!!

[Torodung]

Insidious, ain't it? The only way to see if someone's posted Photoshopped naked pics of you in Facebook is to be on Facebook.

I liked Web 1.0 better, where Photoshopping people on nude bodies was only done to celebrities, who had decided to give up all their privacy in their choice of career, for considerable fringe benefits. That or banished to some obscure part of the Internet.

Web 2.0 is all the disadvantage of celebrity, with none of the benefits.

--
Toro

My idea for facebook privacy...

[Jah-Wren+Ryel]

Instead of using facebook's privacy settings which they can arbitrarily ignore as they see fit at any point in the future, I say be proactive.

1) Create social-group specific facebook accounts - one for high-school, another for college, another for people you meet professionally, another for hook-ups, etc.
2) Use different browser profiles dedicated to each facebook account - see firefox's command line options " -no-remote -ProfileManager "
3) Add plugins to differentiate the profiles - "User Agent Switcher" to make each profile look like a different release of firefox, "BetterPrivacy" to block super-cookies that get shared across profiles in Flash and then all the basics like adblock, CookieSafe-Lite, noscript, ghostery, etc. This makes each profile look like a different user behind the same firewall
4) Never ever use those facebook-specific profiles for anything else, keep separate profiles for regular web browsing and any other specific tasks (banking, etc).
5) Use theming to make each profile look different on your screen so you don't accidentally use one profile for another task

While not foolproof, this approach puts all the control in YOUR hands rather than relying on websites to honor their promises - plus it isn't facebook-specific, you can use separate profiles to isolate websites you give personal information to from the rest of your web browsing and thus keep the behind the scenes 'leaking' to a minimum.

Re:My idea for facebook privacy...

[dave562]

You should turn that into a PowerPoint presentation and sell it to the CIA as a training program for agents looking to cover their tracks.

Easier

NoScript, and your done.

whitelisting > blacklisting

Think private, not public plz!

[ftide]

Don't even try it. We need local solutions that scale ''left'' down to some kind of district/relational size. In other words it IS all about who we are, plus where we want to grow as people and think long-term and quality of life while doing this.

Facebook is a Web site that's privately owned with an end-user license agreement the user must adhere to that's more heavily supply oriented than demand based IN TERMS OF CONTEXT, not to mention all that data and information.

They'll begin to reverse engineer, drop api support or strip the api's down ( Google never will ) and could implement Web performing, .NET-centered stuff at the first opportunity to contravene all of your open activity.

"can-you-see-me-now dept." NO! shit! This is radar. How do you know what it is if you really don't know where?

Facebook Privacy App

also check out: http://www.rabidgremlin.com/fbprivacy/

Re:Fool's Gold Warning

[Overzeetop]

Before creating a Facebook account, please consider this:

Everything that you put into Facebook is public. If you don't want people to know, don't post it.

Delete account

[filloy]

Deleting your account isn't as easy as you may think, but here are the instructions: http://www.facebook.com/group.php?gid=16929680703

Gaaaa SaveFace worsened my settings !!!!

[devitto]

I had a load of 'only friends, except.....' and it reset them to 'only friends' !!!

*without asking* and only briefly saving 'resetting settings' ! :-(

Really... how dumb can everybody be?

[DogDude]

Anything you put in Facebook will become public.

Doesn't anybody realize this? They've exhibited it time and time and time again. Why is anybody still bothering to play games with settings and tools and such? Facebook says so in their massive (and growing) privacy statement.

Anything you put in Facebook will become public.

This tool, and every similar tool is a waste of time and effort. If you can imagine or if you can imagine that your grandchildren may not want any information to be public, DO NOT PUT THAT INFORMATION IN FACEBOOK.

I'm amazed that so much of the /. crowd is so oblivious.

Re:Really... how dumb can everybody be?

[KlaymenDK]

As I also posted to somebody else above, the ONLY reason I've been pressed into having a Facebook account is to have SOME measure of tabs on, if not control of, what OTHERS post about me. My own info is as sparse and as locked-down as it gets.

gpg over facebook, lets do it!

Immagine a plugin that could encrypt your data on facebook with a shared key between groups of friends and subkeys to see the other groups, and the keys don't have to stay on FB
just need to tell all millions clueless users...

Huh?

I don't get it? Are you guys putting your bank account info and keeping all your passwords on facebook? Don't get me wrong, I think Zuckerberg is a major douchebag but people are acting as if they put all their vital information on facebook.

LOL you morons the founder called you "Dumb F*cks"

Everything you post or say on Facebook is copied by the Pentagon and countless other groups of criminals and losers. The very founder of the service said it best when he called users of Facebook "Dunb F*cks" and I couldn't put it better myself.

If you want the Government to have pictures of your house, kids etc then by all means keep your retarded Facebook or Myspace account and help them spy on you.

YOU ARE ALL DUMB F*CKS FOR USING THIS SHIT IN THE FIRST PLACE - USE THE OPENSOURCE FREEWARE TOOL GOD GAVE YOU CALLED "COMMON SENSE" AND PROTECT YOUR INFO INSTEAD OF TWEETING WHEN YOU POOP FOR THE GOV

Re:Fool's Gold Warning

[KlaymenDK]

The ONLY reason I've been pressed into having a Facebook account is to have SOME measure of tabs on, if not control of, what OTHERS post about me.