Facebook tosses graph privacy into the bin

Facebook has been rolling out new privacy settings in the past 24 hours along with a “privacy transition” tool that is supposed to help users update their settings.  Ostensibly, Facebook’s changes are the result of pressure from the Canadian privacy commissioner, and in Facebook’s own words the changes are meant to be “new tools to control your experience.” The changes have been harshly criticized in a number of high-profile places:  the New York Times, Wired, CnetTechCrunch, Valleywag, ReadWriteWeb, and by the the EFF and the ACLU. The ACLU has the most detailed technical summary of changes, essentially there are more granular controls but many more things will default to “open to everyone.” It’s most telling to check the blogs used by Facebook developers and marketers with a business interest in the matter. Their take is simple: a lot more information is about to be shared and developers need to find out how to use it.

The most discussed issue is the automatic change to more open-settings, which will lead to privacy breaches of the socially-awkward variety, as users will accidentally post something that the wrong person can read. This will assuredly happen more frequently as a direct result of these changes, even though Facebook is trying to force users to read about the new settings, it’s a safe bet that users won’t read any of it. Many people learn how Facebook works by experience, they expect it to keep working that way and it’s a bad precedent to change that when it’s not necessary. The fact that Facebook’s “transition wizard” includes one column of radio buttons for “keep my old settings” and a pre-selected column for “switch to the new settings Facebook wants me to have” shows that either they don’t get it or they really don’t respect their users. Most of this isn’t surprising though: I wrote in June that Facebook would be automatically changing user settings to be more open, TechCrunch also saw this coming in July.

There’s a much more surprising bit which has been mostly overlooked-it’s now impossible for any user to hide their friend list from being globally viewable to the Internet at large. Facebook has a few shameful cop-out statements about this, stating that you can remove it from your default profile view if you wish, but since (in their opinion) it’s “publicly available information”  you can’t hide it from people who really want to see it. It has never worked this way previously, as hiding one’s friend list was always an option, and there have been many research papers, including a few by me and colleagues in Cambridge, concluding that the social graph is actually the most important information to keep private. The threats here are more fundamental and dangerous-unexpected inference of sensitive information, cross-network de-anonymisation, socially targeted phishing and scams.

It’s incredibly disappointing to see Facebook ignoring a growing body of scientific evidence and putting its social graph up for grabs. It will likely be completely crawled fairly soon by professional data aggregators, and probably by enterprising researchers soon after. The social graph is powerful view into who we are—Mark Zuckerberg said so himself—and  it’s a sad day to see Facebook cynically telling us we can’t decide for ourselves whether or not to share it.

UPDATE 2009-12-11: Less than 12 hours after publishing this post, Facebook backed down citing criticism and made it possible to hide one’s friend list. They’ve done this in a laughably ham-handed way, as friend-list visibility is now all-or-nothing while you can set complex ACLs on most other profile items. It’s still bizarre that they’ve messed with this at all, for years the default was in fact to only show your friend list to other friends. One can only conclude that they really want all users sharing their friend list, while trying to appear privacy-concerned: this is precisely the “privacy communication game” which Sören Preibusch and I wrote of in June. This remains an ignoble moment for Facebook-the social graph will still become mostly public as they’ll be changing overnight the visibility of hundreds of millions of users’ friends lists who don’t find this well-hidden opt-out.

13 thoughts on “Facebook tosses graph privacy into the bin

  1. I’m happy to see that someone focus on the problem with the friends list being exposed on the public profile. (My tweets are read by just a handful.) I must admit that I didn’t think about the bigger picture – that you can build complete social graphs from this …

  2. So where is this hidden setting to restrict access to the friend list? I have just spent 10 mins looking at every privacy setting and can’t see it – I may be blind but could you please tell us where to find it?

  3. @Mark P: You’re not blind, hiding your friend list isn’t in the privacy settings at all, if you view your own profile though there is a pencil icon in the upper right corner of the box where your friends are. When you click on this you get some options including removing it from your profile. Certainly not designed to be easy to find!

  4. one major problem still remains: any of your friends’ applications can access all sorts of info about you. noted at the end of the ACLU doc:

    “Previously, even if you opted into sharing data with applications, you could uncheck all of the boxes on the page and the only information you would still be sharing was your name, your networks and your list of friends. Now, even if you uncheck all the boxes, an application one of your friends runs will be able to access your name, your profile picture, your gender, your current city, your networks, your friend list and the pages you are a fan of.”

  5. As Harry P notes, much of this argument and Facebook “backing down” is a lot of fuss over the least significant change.

    It is and always was possible for anyone to see people’s friends lists via applications, so anyone who wanted to find who your friends were could do so without much effort (of course most people don’t know how, but it’s possible to find out with 2 minutes on Google).

    Facebook were going to make it clear to people that this information was public, and show it to everyone rather than only the people that knew how to find it. In backing down, all they’ve done is made things less clear again, and lots of people are happy with that because they believe that the information is private when it isn’t, and wasn’t before.

  6. @Michael, that’s exactly why many people disable apps. Also, there have historically been controls to block all non-public information going to apps. Name and Networks used to be the only public information, now public information includes name, profile photo, list of friends, pages you are a fan of, gender, networks to which you belong, and current city.

    BTW, despite the update noted at the end of the post, your social graph is STILL public and STILL available to applications.

    The cynic in me wonders how much of it is commercially motivated, or whether there’s an element of legally making more information available to government without any due process getting in the way. Call me paranoid, but also ask a Facebook officer a direct question about that and see if you get a definitive public statement one way or the other.

  7. As an average user, I don’t know why someone would dig to find my friend list. I don’t want it put in my front window, however. Account Deleted.

  8. FB profiles have never been private at all! You can easily access “private” photos of non-friend people using a brute force attack (privacystalker.blogspot.com) no matter your profile privacy settings, whether you have the old setup or the new one! FB should be as open as twitter!! after all your information is not longer private once you have uploaded it to the internet…

  9. No, there is nothing new in the link you’ve posted. It’s just a description of the same partial feature this blog describes. Your friends list is still visible to apps and FQL.

    Also, if you request someone to be your friend but they do not accept your request, you can see in your news feed every time that person who is not your friend acquires a new friend even though you cannot see their list of friends directly. The information is not being protected in any remotely thorough way just because you click on the pencil.

  10. There is no privacy on facebook no matter which permutation and combination you work on – simple tip -keep your special friends special and e-mail them personally , put the rest on facebook and stop cribbing when the world knows about them . If you come up with a really solid formulla for privacy on these sites ,share it with

  11. Hmm it appears like your blog ate my first comment (it was extremely long) so I guess I’ll just sum it up what I wrote and say, I’m thoroughly enjoying your blog. I too am an aspiring blog writer but I’m still new to everything. Do you have any tips for rookie blog writers? I’d certainly appreciate it.

Leave a Reply

Your email address will not be published. Required fields are marked *