Facebook privacy mess - a technical (not T&C-based) perspective

I've blogged on some of facebook's stupid changes before and there have been plenty of concerns over some of the things that they've done over time regarding privacy options. In truth most of them are reasonably valid concerns but let's be honest, they are a business and the way they are going is understandable regardless of whether or not you agree with it because they have a huge captive audience. However some of the things that they do is just purely nonsensical from the perspective of actually enabling users to put the restrictions they want in place.

Despite them making strides forward with the settings, they still have glaring holes. This article will show you some of the things the just don't seem to have got right:



Control of posting from external apps
If you give an external app access to post to your wall, then it's impossible to set the visibility of that app's posts to anything other than your default visibility. If you use an app that posts on a particular topic and you don't want to spam everyone, then you'll want to restrict it (usually to a group), but you can't. The same thing also (in my opinion) gives facebook places an anti-competetive advantage over Foursquare etc. This is also true of all mobile apps and the web interface. The options are not there.

Default "per-post" settings
If you use the privacy control drop down on the main facebook page to adjust the visibility of your posts and select the 'make default' checkbox then it actually does more than just set the default for all future posts - it actually acts as a global filter on all your posts and changes your overall privacy setting so people not in the group can't see your posts, regardless of what visibility they were posted with. If I want my default privacy post to be 'group X' but have the ability to change individually selected posts to 'all friends' then I basically can't do it. You have to make 'all friends' the default and select 'group X' for each post ... which as per the first point you can't do from external apps. I've accidentally stopped people from seeing my wall several times accidentally.

Visbility of photo albums etc.
When you create a facebook album with photos there's no way for your friends to tell what visibility they have. If, for example, they wanted to show someone else a facebook album then they can't easily cut & paste the album/photo link and know if it'll work. The only way to check is to cut & pasting into a non-logged in browser (which still doesn't tell you if it has visibility to 'anyone logged in' or 'friends of friends'). Now that's not great in itself, but in most cases there's nothing to stop you sharing individual images within the album anyway and bypassing the restrictions. Just cut and past the 'Download image' fbcdn link.



With the first two points together you can see that it's basically impossible to use list-based access control from a mobile device, which is frankly ridiculous in this day and age.

The first point about not allowing control via external apps is something I tried to feed back to them, however I didn't get a response. That probably says something in itself.

There is also an issue where sometimes if you see "friend X commented on Y's status" then despite you not being able to view Y's stream, you will be able to click on that link and see it. It appears intermittent, but happens enough that it seems to have been a bug for some time now. (If anyone has details of when it happens let me know!)

I've had this blog post in draft for a couple of months and not put it up. I'm posting it now to get it out there, but finally they might have some competition to get them out of their complacent mode. Google+ has just gone into limited trial, and they get the privacy options right in terms of allowing restrictions for any posts easily. It'll be an interesting battle...

Comments

Popular posts from this blog

macOS - first experiences from a Linux user perspective

Antisocial Networking: List of Top Tips

Customer service: contacting banks via the internet - how hard can it be?