Facebook shares private information via your friends

This week Facebook made sweeping changes to its privacy and upset a lot of people. Users were greeted with an obligatory pop-up which forced them to set their preferred privacy but appeared to default to a “show everyone everything” setting. Many users just clicked OK and carried on their merry way.
Jason Calacanis make a great post in his newsletter this week, and asked whether Facebook was unethical, clueless or unlucky. This however is half the story. What nobody seems to have realised yet, is that Facebook have ended up sharing your private information, via your friends’ lack of privacy control.
We still have a fair amount of control over our own privacy through Facebook’s privacy controls. However, Facebook have now decided (in all their wisdom) to allow people to publish their wall posts. This means that Facebook have created a back door, around your privacy settings, and now, anyone can view your status updates, pictures and anything else you post, when your friends “like” or “comment” on your content in Facebook.
Let’s take Jason Calacanis as an example here. Jason has allowed Facebook to show his wall publicly. I presume he’ll change this fairly quickly, so here’s a screenshot of what I can see at the moment.

Scanning through his wall, you’ll see all the things he has commented on, liked or also where friends have liked or commented on content of his. This includes a picture of him holding his new baby “London Athena Calacanis, born December 8th 2009 at 7 pounds 11 ounces“. It also includes a comment on a photos posted by Randi Zuckerberg (Mark Zuckerberg’s sister), specifically a comment on a private photo of Randi and Demi Moore. Also included are seemingly private family Halloween photos and various other people’s photos (including Leo Laporte), and their status updates and comments.
However the problem doesn’t stop there. Facebook has always employed a security through obscurity methodology when it came to photos. That meant that you could easily “share” photos with people that weren’t on Facebook, but they needed to know the exact link. You might have also noticed that if someone shared one photo, you also had the link to the rest of the photos in that album. Randi Zuckerberg’s photo album for instance is linked in the “Back to Album” link. No security is employed here, thus any user, as long as they have the link to one picture, has access to all of the photos in that album. Now that is public, and not just limited to your friends via other public walls of your friends.
You can prevent friends from interacting with your content in the future, including preventing friends from posting on your wall, and commenting on photos. You can set “Posts by Friends” and “Comments on posts” to yourself only, but this rather destroys the basic ethos of Facebook. Worst of all, the status updates are a static archive, so if you prevent friends from commenting on your photos today, any previous “comments and likes” will still remain in their Wall history.
So, how can you stop this? The basic answer is that you can’t. You can protect all of your content through the privacy controls, but you can’t prevent your friends from sharing their walls as well. If just one of your friends has shared their wall, then potentially your private content is left open to the world, through what I think is the worst, most public back-door-fuck-up that Facebook has made to date.

Published by

Ben Powell

Ben Powell was born in Wales and after living in several European countries is now resident in Germany. He is a frequent blogger, software developer and a social techie.

3 thoughts on “Facebook shares private information via your friends”

  1. There used to be a privacy setting to keep posts and comments I’ve made on Friends pages OFF the News and Live Feeds.
    That privacy setting is no longer available.
    But it was a vital setting for me, because I don’t want certain friends knowing what I am writing on other certain friends walls. In other words, I can’t have a private conversation anymore, unless it’s in a message.

  2. Ben, you should send this example to EPIC (Electronic Privacy Information Centre). It’s still a working example because Calacanis’s wall is still public and the comment, photo, album etc are all still there.

  3. “In other words, I can’t have a private conversation anymore, unless it’s in a message.”

    Then send a message? Walls are not the places for private conversations.

Feel free to leave constructive comments that aren't spam!