Facebook Security

Facebook Security is your "friend". Do you "like" Facebook security? In your Facebook, dude!

Okay, I'll stop. But seriously, you do need to know what's going on here. Facebook has changed its privacy policy and security settings several times since its inception. And it gets more and more liberal as time goes on. In other words, they are making your personal information more public every time they change the privacy policy.

So, let's talk about what they are doing that you should be concerned about. This was accurate as of May 2010.

The first thing you need to understand is that Facebook doesn't exist just so that you can build a social network. It's a business. And businesses exist to make money.

Facebook makes money by advertising to you. You've seen the ads in the right-hand column. There's nothing wrong with that as long as you understand that this pays the Facebook bills. It also makes money selling virtual gifts. And then there's the Facebook credits program that is now available to third party applications like Farmville. Facebook gets income from all these sources.

So, with all of your personal data swirling around in the Facebook blender, there are several key realities that you should be aware of so you can make an intelligent decision about Facebook security and even keeping your account.

• Facebook owns all of the data you post on your account. Yep, text, pictures, links, all of it. It's right in the Terms of Service. They own it and they can do whatever they want with it, even after you quit using Facebook.

• Facebook's latest privacy changes mean that much of your data is now public by default, possibly to the entire Internet. What does this mean? Well, the new "like" button can be put on any web site. If you "like" a web site by clicking the button, everyone you know, or knows you, will know you like it.

  Big deal? Well, this information is basically permanent. So, once it's out there, it's out there. It would be near impossible to get rid of it later.

  Here's a cool graphic representation of how the privacy policy has changed since 2006: Facebook Privacy.

• Employers, ex-significant others, law enforcement, and a host of others troll Facebook for information about you. Anything that you haven't explicitly set to "Friends Only" is available to the entire Internet via a bit of searching. Since Facebook is now the biggest repository of personal information on you, be very careful what you're posting and whom you allow to view it. Facebook security tips follow.

This is a partial list of steps I'd take to ensure your privacy. I know it's a pain in the rump but do you really want your personal life laid bare before the whole planet? I think not.

• Only accept Friend requests from people you've met face to face. If your account isn't meant to be a business networking tool, I highly recommend this restriction.
• Create Friends lists. By separating friends into lists, you can set different access levels to them.
• Use the "limited profile" feature in your Facebook security settings for friend requests that you'd like to add but don't want them to have access to everything.
• Edit your photo and video albums to allow only family or any other list to see them.
• If you are ever asked for login information while your already logged in to Facebook, watch out. This could be a phishing ploy to get you to hand over your password.
• Be very careful joining groups you know nothing about. Many are simply marketing ploys in disguise. Once you click, you give them permission to spam the crap out of you.
• Be very wary of messages from someone you know claiming that they are stranded somewhere and need you wire them some money. Scammers do this by hijacking someone's account and sending these fake pleas for help to the hijacked user's friend list. Since they have access to a lot of details this way, they can be very convincing. It can happen to anyone and it did, including Beny Rubinstein, a 20 year IT veteran. Here's an article that talks about it.
• Install Defensio for additional Facebook security. Defensio tries to protect you from spam, viruses, phishing and whole bunch of other stuff. And it's free! Just type Defensio into the search box inside Facebook and you'll find a link to the application. Then follow the wizard to sign up. It took me about a minute.
• Any apps and games that you approve will be able to access some or all of your Facebook data. That data is then stored in places other than Facebook. It used to be that apps could only store this data for 24 hours but that restriction is gone now; they keep it as long as they want. Do you trust it to stay there? I don't like this attitude with Facebook security settings.
• Posting your birthday, hometown, family tree, and other personal information just makes it easier for identity thieves to build a file on you. I know the point of Facebook is to socialize but remember that criminals use this information against you. Read this article for a quick lesson on how it's possible to find you via social networking sites.
• Lately, a lot of "rogue applications" are making the rounds. These are applications that claim to offer videos or other types of information that are attention grabbing such as "Teacher nearly killing a 13-year old boy". Once you click on that application , you'll be directed to a web page that asks you to click and allow the video. But the only thing that happens is that the application gets access to your user profile. You don't want that because then it can do several things that exploit you. I recommend not using applications at all since Facebook security settings haven't been good about preventing this type of trick.

The New York Times published this terrific article online on May 12, 2010. It's very useful in understanding how complicated Facebook's privacy policy and settings have become.

Update 5-17-10 HOT!: A couple of tools have been released that can set all of your privacy settings to "Friends". One is called "SaveFace" by a company called Untangle. I tried this tool on my wife's account and it works like a charm! I thought I had already set everything to "Friends" already but this tool found some photo albums that I missed.

The company claims that they do not collect any personal information themselves and I think this tool rocks. You can get it here.

The other tool, called "ReclaimPrivacy", was released by an independent developer. It does the same thing and can be found here.

For both of these tools, you just drag the tool (the actual picture on the web site) to your bookmarks or shortcut bar. Then, login to Facebook and then click on the shortcut you created. The tools will check all your privacy settings and change them to "Friends" only. This might take a few minutes so be patient. I love these kinds of time-saving gizmos!

Update June 30, 2010 Facebook must be listening because they've made several improvements to the site. The latest is a confirmation dialog that pops up when you try to install an application or first log into an external web site. The dialog informs you of personal information that will be accessed by the third party and requires a button click to allow it. This is a big step in the right direction, Facebook.

Update Jan 25, 2012 Facebook continues to evolve its security settings. They are far simpler now and I'm happy about that because I maintain these type settings for many of my family members.

There's a pretty great resource at allfacebook.com that gives some terrific info on Facebook as well. Check them out.

Here's another great article on the subject at ZDNet: The Definitive Facebook Lockdown Guide.