Facebook simplifies controls but continues exposing users
Default settings flash entire internet
Analysis Facebook was praised for simplifying its privacy controls on Wednesday, but critics say the moves fail to restore users' trust in the appropriate handling of their information.
The social network unveiled a greatly simplified interface for controlling user privacy settings, hosted on a single page. The previous set-up, featuring a bewildering array of 50 privacy settings and 170 privacy options, is to be phased out as the new controls are put in place.
Facebook has also backed away from insisting users need to share their friends list and pages with the world at large, effectively undoing controversial changes made last December.
Lastly there are new options to block all applications and websites, and opt-out of Instant Personalization. However users who opt-out of applications and the entire Facebook platform will be unable to play games, a major downside. Users are still being pushed to share information by default - the site still forces users to opt out of features they dislike rather than creating compelling reasons for users to opt in.
Privacy International reacted to the changes with "disappointment and frustration".
"While we acknowledge Facebook for putting right the mess that it created last December by deploying unusable settings, this latest action is only the first of many steps to be taken before the company can even hint that it understands the nature of privacy," it said.
Key to PI's concerns are that the default settings, which few users change, open up most of what a user posts on the site to the internet as a whole.
"The defaults - which Facebook unhelpfully describes as 'recommended settings' - are still set to for maximum disclosure to everyone. That means the vast majority of users will continue to operate on the site fully exposed. The company has done little to change this situation," PI said.
The privacy activists argue that Facebook's business model relies on monetising data harvested from customers. This runs counter to claims by chief exec Mark Zuckerberg at a press conference on Wednesday that the extent to which people shared or restricted data they posted on the site had little effect on ad revenue.
Chester Wisniewski, a researcher at anti-virus firm Sophos, argues that Facebook has changed its privacy controls without actually offering any increase in privacy:
"I welcome the simplified controls, but nothing has changed. Users are still defaulted to sharing too much information with the world, privacy itself has not really improved in any meaningful way, and the return of controls that were present previously simply addresses some of the most vocal complaints of their users," Wisniewsk said.
"I didn't see any hints of an apology, nor a solid acknowledgment that Facebook went too far."
Don Smith, VP of Engineering and Technology at web security firm SecureWorks agreed that the changes were an improvement but repeated the criticism that they do not go far enough, and will leave the majority of users sharing data to more people than they might suspect.
"The changes are definitely an improvement. However, they still do not go far enough in ensuring the default privacy settings minimise disclosure. For example, the new 'recommended' privacy settings expose data such as status updates to 'everyone' and photos and birthdates to 'friends of friends'.
“Looking at Facebook’s default settings over the last six years you can see that privacy eroded from initially sharing only a user’s name, gender and picture to a default stance of displaying all wall posts, photos, friends and networks to the entire Internet." ®
There's a very fine difference
between "social networking" and "giving up all hope of privacy". I wonder if you can tell me what it is?
Your boss doesn't necessarily need to know who your friends are, or the sort of things you talk to them about. Neither does your family. And, of course, vice versa.
We behave differently depending on who we're with. Mixing completely different social contexts into one big mess is Not A Good Thing.
Being able to find people...
...is all well and good, but there's no reason why anyone should be able to view wall posts, photo albums or anything else like that *until* the person associated with said posts/albums/etc has agreed that you're actually someone who they're happy to have viewing said stuff.
Let's say I'm sat in the pub with a few friends and we're passing around photos from a recent holiday. Would I be happy for a complete stranger to wander over, plonk themselves down next to us, and start looking at those photos too? Uhh, no. Would it make it any less anti-social if this complete stranger then turned to me and said "hey, I think we were at school/uni/insert company name here together, do you remember me?". Not unless they were a) right about our previous association AND b) they were someone I had any interest in reassociating myself with...
There are plenty of us who've managed to use FB as a very successful social networking tool without needing to expose all our details to anyone who passes by, so I don't agree with the suggestion that having default settings which hid most/all of the interesting stuff from anyone outside of our networks would render it useless.
I think you're missing the point ...
What security managers are saying... sure its nice that they've simplified the controls, but by default, you're open as always.
What they are saying is that you should start off with nothing being visible and then you the user walk through the options and turn on what you want to be made public and what you don't want to be public.
Sure its more work for the average luser. For most intelligent people its the same amount of work since we go through the options as a matter of routine behavior.
The WTF because most normal people know this shite...