Facebook tosses graph privacy into the bin

December 11th, 2009 at 01:41 UTC by Joseph Bonneau

Facebook has been rolling out new privacy settings in the past 24 hours along with a “privacy transition” tool that is supposed to help users update their settings.  Ostensibly, Facebook’s changes are the result of pressure from the Canadian privacy commissioner, and in Facebook’s own words the changes are meant to be “new tools to control your experience.” The changes have been harshly criticized in a number of high-profile places:  the New York Times, Wired, CnetTechCrunch, Valleywag, ReadWriteWeb, and by the the EFF and the ACLU. The ACLU has the most detailed technical summary of changes, essentially there are more granular controls but many more things will default to “open to everyone.” It’s most telling to check the blogs used by Facebook developers and marketers with a business interest in the matter. Their take is simple: a lot more information is about to be shared and developers need to find out how to use it.

The most discussed issue is the automatic change to more open-settings, which will lead to privacy breaches of the socially-awkward variety, as users will accidentally post something that the wrong person can read. This will assuredly happen more frequently as a direct result of these changes, even though Facebook is trying to force users to read about the new settings, it’s a safe bet that users won’t read any of it. Many people learn how Facebook works by experience, they expect it to keep working that way and it’s a bad precedent to change that when it’s not necessary. The fact that Facebook’s “transition wizard” includes one column of radio buttons for “keep my old settings” and a pre-selected column for “switch to the new settings Facebook wants me to have” shows that either they don’t get it or they really don’t respect their users. Most of this isn’t surprising though: I wrote in June that Facebook would be automatically changing user settings to be more open, TechCrunch also saw this coming in July.

There’s a much more surprising bit which has been mostly overlooked-it’s now impossible for any user to hide their friend list from being globally viewable to the Internet at large. Facebook has a few shameful cop-out statements about this, stating that you can remove it from your default profile view if you wish, but since (in their opinion) it’s “publicly available information”  you can’t hide it from people who really want to see it. It has never worked this way previously, as hiding one’s friend list was always an option, and there have been many research papers, including a few by me and colleagues in Cambridge, concluding that the social graph is actually the most important information to keep private. The threats here are more fundamental and dangerous-unexpected inference of sensitive information, cross-network de-anonymisation, socially targeted phishing and scams.

It’s incredibly disappointing to see Facebook ignoring a growing body of scientific evidence and putting its social graph up for grabs. It will likely be completely crawled fairly soon by professional data aggregators, and probably by enterprising researchers soon after. The social graph is powerful view into who we are—Mark Zuckerberg said so himself—and  it’s a sad day to see Facebook cynically telling us we can’t decide for ourselves whether or not to share it.

UPDATE 2009-12-11: Less than 12 hours after publishing this post, Facebook backed down citing criticism and made it possible to hide one’s friend list. They’ve done this in a laughably ham-handed way, as friend-list visibility is now all-or-nothing while you can set complex ACLs on most other profile items. It’s still bizarre that they’ve messed with this at all, for years the default was in fact to only show your friend list to other friends. One can only conclude that they really want all users sharing their friend list, while trying to appear privacy-concerned: this is precisely the “privacy communication game” which Sören Preibusch and I wrote of in June. This remains an ignoble moment for Facebook-the social graph will still become mostly public as they’ll be changing overnight the visibility of hundreds of millions of users’ friends lists who don’t find this well-hidden opt-out.

Entry filed under: Privacy technology, Social networks

13 comments Add your own

  • 1. Hans F. Nordhaug  |  December 11th, 2009 at 09:32 UTC

    I’m happy to see that someone focus on the problem with the friends list being exposed on the public profile. (My tweets are read by just a handful.) I must admit that I didn’t think about the bigger picture – that you can build complete social graphs from this …

  • 2. Mark P  |  December 11th, 2009 at 11:35 UTC

    So where is this hidden setting to restrict access to the friend list? I have just spent 10 mins looking at every privacy setting and can’t see it – I may be blind but could you please tell us where to find it?

  • 3. Laurel  |  December 11th, 2009 at 12:12 UTC

    See also today’s
    Joy of Tech comic

  • 4. Joseph Bonneau  |  December 11th, 2009 at 12:16 UTC

    @Mark P: You’re not blind, hiding your friend list isn’t in the privacy settings at all, if you view your own profile though there is a pencil icon in the upper right corner of the box where your friends are. When you click on this you get some options including removing it from your profile. Certainly not designed to be easy to find!

  • 5. Harry P  |  December 11th, 2009 at 13:29 UTC

    one major problem still remains: any of your friends’ applications can access all sorts of info about you. noted at the end of the ACLU doc:

    “Previously, even if you opted into sharing data with applications, you could uncheck all of the boxes on the page and the only information you would still be sharing was your name, your networks and your list of friends. Now, even if you uncheck all the boxes, an application one of your friends runs will be able to access your name, your profile picture, your gender, your current city, your networks, your friend list and the pages you are a fan of.”

  • 6. Michael Lefevre  |  December 11th, 2009 at 14:35 UTC

    As Harry P notes, much of this argument and Facebook “backing down” is a lot of fuss over the least significant change.

    It is and always was possible for anyone to see people’s friends lists via applications, so anyone who wanted to find who your friends were could do so without much effort (of course most people don’t know how, but it’s possible to find out with 2 minutes on Google).

    Facebook were going to make it clear to people that this information was public, and show it to everyone rather than only the people that knew how to find it. In backing down, all they’ve done is made things less clear again, and lots of people are happy with that because they believe that the information is private when it isn’t, and wasn’t before.

  • 7. Logical Extremes  |  December 11th, 2009 at 15:35 UTC

    @Michael, that’s exactly why many people disable apps. Also, there have historically been controls to block all non-public information going to apps. Name and Networks used to be the only public information, now public information includes name, profile photo, list of friends, pages you are a fan of, gender, networks to which you belong, and current city.

    BTW, despite the update noted at the end of the post, your social graph is STILL public and STILL available to applications.

    The cynic in me wonders how much of it is commercially motivated, or whether there’s an element of legally making more information available to government without any due process getting in the way. Call me paranoid, but also ask a Facebook officer a direct question about that and see if you get a definitive public statement one way or the other.

  • 8. Andrew Cottrell  |  December 12th, 2009 at 00:46 UTC

    As an average user, I don’t know why someone would dig to find my friend list. I don’t want it put in my front window, however. Account Deleted.

  • 9. giraa2  |  December 13th, 2009 at 05:11 UTC

    FB profiles have never been private at all! You can easily access “private” photos of non-friend people using a brute force attack (privacystalker.blogspot.com) no matter your profile privacy settings, whether you have the old setup or the new one! FB should be as open as twitter!! after all your information is not longer private once you have uploaded it to the internet…

  • 10. Filipe  |  December 24th, 2009 at 16:11 UTC

    According with the post of the link below FB add the option to hide the social graph…


    Anyone already tested it?


  • 11. carton  |  January 7th, 2010 at 23:55 UTC

    No, there is nothing new in the link you’ve posted. It’s just a description of the same partial feature this blog describes. Your friends list is still visible to apps and FQL.

    Also, if you request someone to be your friend but they do not accept your request, you can see in your news feed every time that person who is not your friend acquires a new friend even though you cannot see their list of friends directly. The information is not being protected in any remotely thorough way just because you click on the pencil.

  • 12. Ahana  |  March 22nd, 2010 at 04:27 UTC

    There is no privacy on facebook no matter which permutation and combination you work on – simple tip -keep your special friends special and e-mail them personally , put the rest on facebook and stop cribbing when the world knows about them . If you come up with a really solid formulla for privacy on these sites ,share it with

  • 13. Christian Mungle  |  May 19th, 2011 at 09:47 UTC

    Hmm it appears like your blog ate my first comment (it was extremely long) so I guess I’ll just sum it up what I wrote and say, I’m thoroughly enjoying your blog. I too am an aspiring blog writer but I’m still new to everything. Do you have any tips for rookie blog writers? I’d certainly appreciate it.

Leave a Comment


Required, hidden

Some HTML allowed:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

Subscribe to the comments via RSS Feed


December 2009
« Nov   Jan »