Tuesday, August 23, 2011

Facebook privacy settings still have a long way to go

I'm probably not the only person on Facebook who has, perhaps naïvely, accurately filled the "employer" field in his Facebook profile. I happen to have all my privacy setting set to either "Friends only" or "Other" for contact information.

However, Facebook can be used to login to a variety of online sites that are public, for example some discussion forums. When you do that, you are generally prompted to let the site access some of your profile information. Apparently, there seem to be few limits to how the information gets used once one has logged in to a site.

Case in point : I am a fan of the San Jose Mercury News, online edition. Not the dead tree edition. I occasionally like to comment on articles.

About a year ago, the site changed from a completely anonymous user database, to using Facebook. This was not a welcome change for me, not the least because I didn't have a Facebook account until recently.

I eventually relented and created one earlier this year, and started using it to post comments.

Imagine my surprise when every comment on the site appeared thus prefaced :
Julien Pierre · Works at [Name of major tech company deleted]

Now, I'm pretty sure my (now former) employer wouldn't have wanted this. I certainly didn't speak for them, not then and not now.

As it turns out, there is only way to prevent the employer name from being posted in public comments : deleting it from your Facebook profile. But then you won't be able to share it with your friends, either. This is the option I'm choosing. I have not updated my Facebook profile with my new employer. And I may have to delete all my former employers from it, too, just so it is clear that my forum comments are only my own.

The other way, of course, is not to login to public websites with your Facebook account. Sadly, this is not possible with the San Jose Mercury News forums anymore.

This shows that the privacy controls on Facebook are broken. The settings for my profile are clearly not respected, since they are being shown on a public forum, whereas as I have the info set to "friends only".

The fact is that the Facebook social plug-in was able to get to that information anyway. Facebook does not make at all clear that this is possible in the privacy settings.

There should be another privacy setting option to allow or prevent Facebook applications from accessing certain information.

Morale of the story : don't do anything on facebook or write anything in your Facebook profile that you don't want published on the front page of the New York Times.

Or even the public comment section of the San Jose Mercury News.

No comments:

Post a Comment