If you use Facebook, don’t wait to change your privacy settings

In a privacy policy change announced recently and effective on December 9, social networking supersite Facebook made significant changes to the default privacy settings for all Facebook users. In some cases the default settings announced disclose more information to more of the Facebook user population and expose that information to search engines like Google, while in other cases (at least according to Facebook’s statements about the changes) they are merely continuations of existing disclosure standards, albeit now with more fine-grained access control settings available to users to constrain the visibility of their own information. The changes that have garnered the most attention in the press relate to a core set of personal information that Facebook now makes available to everyone, regardless of preferences users might have had for controlling disclosure of that information in the past.

“Certain categories of information such as your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly available to everyone, including Facebook-enhanced applications, and therefore do not have privacy settings. You can, however, limit the ability of others to find this information through search using your search privacy settings.”

While the level and granularity of privacy settings where users may set preferences has increased, in addition to the basic set of information items now considered “publicly available” regardless of a user’s preferences, some global privacy settings that were previously available to users have been removed, such as the single setting that used to allow users to prevent any of their information to be made available to Facebook applications. Most troubling among privacy advocates seems to be the explicit move by Facebook towards openly sharing users’ information. Facebook has angered users in the past, saying at the same time that users “own all of the content and information you post on Facebook” but claiming unrestricted rights to do just about anything Facebook wants with that data. The company’s stance has softened somewhat in the past few months, and language in the current privacy policy is not as strong as it was back in February, but it is also understandable that some users are considering canceling their accounts entirely in response to the latest changes and re-categorization of key profile information as “public.”

Even among those aware that changes have occurred, many Facebook users may not realize that unless and until a user takes explicit action to modify privacy settings, the new changes have overwritten any previous disclosure preferences expressed by those users. The global default seems to make profile information and content users store on Facebook available to all friends and friends of friends (a setting Facebook calls “Friends and Network”) which for many users is a substantial increase in the user population that now has access to their information. Also, because the changes went into effect for all users, the new settings remain in effect until a user changes his or her own privacy settings, something users are prompted to do the first time they log in to Facebook since the change occurred.

There is a precedent for Facebook reconsidering moves broadly deemed to be too invasive of privacy, and there are explicit terms within Facebook’s Statement of Rights and Responsibilities (see part 13, “Amendments”) that allow for unpopular changes to be put to a vote of the membership, although for the vote to be binding requires 30% of active users (or approximately 105 million based on current total user estimates) to participate. A couple of years ago, Facebook ultimately chose to cancel its controversial Beacon program after widespread outcry over the advertising application’s reach into online behavioral tracking. It remains to be seen whether enough users are sufficiently upset by the latest Facebook changes to mount a coordinated effort to roll back to the previous privacy settings and approach.