Kevin Bankston, a senior staff attorney with the Electronic Frontier Foundation, specializing in free speech and privacy law, discussed the good, the bad and the ugly of the move by the social-networking site in a lengthy blog post, with highlights below:
The new changes have definitely simplified Facebook’s privacy settings, reducing the overall number of settings while making them clearer and easier for users to find and understand. The simplification of Facebook’s privacy settings includes the elimination of regional networks, which sometimes would lead people to unwittingly share their Facebook profile with an entire city, or, as Facebook founder Mark Zuckerberg explained in a recent open letter, an entire country.
Perhaps most important, Facebook has added a feature that we and many others have long advocated for: the ability to define the privacy of your Facebook content on a per-post basis. So, for example, if you only want your close friends to see a particular photo, or only your business colleagues to see a particular status update, you can do that—using a simple drop-down menu that lets you define who will see that piece of content.
Although sold as a “privacy” revamp, Facebook’s new changes are obviously intended to get people to open up even more of their Facebook data to the public. The privacy “transition tool” that guides users through the configuration will “recommend”—preselect by default—the setting to share the content they post to Facebook, such as status messages and wall posts, with everyone on the Internet, even though the default privacy level that those users had accepted previously was limited to “Your Networks and Friends” on Facebook (for more details, we highly recommend the Facebook privacy resource page and blog post from our friends at the American Civil Liberties Union, carefully comparing the old settings to the new settings).
Being a free-speech organization, EFF is supportive of Internet users who consciously choose to share more on Facebook after weighing the privacy risks; more online speech is a good thing. But to ensure that users don’t accidentally share more than they intend to, we do not recommend Facebook’s “recommended” settings. Facebook will justify the new push for more sharing with everyone by pointing to the new per-post privacy options—if you don’t want to share a particular piece of content with everyone, Facebook will argue, then just set the privacy level for that piece of content to something else. But we think the much safer option is to do the reverse: Set your general privacy default to a more restrictive level, like “Only Friends,” and then set the per-post privacy to “Everyone” for those particular things that you’re sure you want to share with the world.
Looking even closer at the new Facebook privacy changes, things get downright ugly when it comes to controlling who gets to see personal information such as your list of friends. Under the new regime, Facebook treats that information—along with your name, profile picture, current city, gender, networks and the pages that you are a “fan” of—as “publicly available information,” or “PAI.” Before, users were allowed to restrict access to much of that information. Now, however, those privacy options have been eliminated. For example, although you used to have the ability to prevent everyone but your friends from seeing your friends list, that old privacy setting has now been removed completely from the privacy settings page.
These changes are especially worrisome because even something as seemingly innocuous as your list of friends can reveal a great deal about you. In September, for example, an MIT study nicknamed “Gaydar” demonstrated that researchers could accurately predict a Facebook user’s sexual orientation simply by examining the user’s friends list. This kind of data mining of social networks is a science still in its infancy; the amount of data that can be extrapolated from “publicly available information” will only increase with time. In addition to potentially revealing intimate facts about your sexuality—or your politics, or your religion—this change also greatly reduces Facebook’s utility as a tool for political dissent. In the Iranian protests earlier this year, Facebook played a critical role in allowing dissidents to communicate and organize with relative privacy in the face of a severe government crackdown. Much of that utility and privacy has now been lost.
In conclusion, we at EFF are worried that today’s changes will lead to Facebook users publishing to the world much more information about themselves than they ever intended.
Major privacy settings are now set to share with everyone by default, in some cases without any user choice, and we at EFF do not think that those new defaults fall within the average Facebook user’s “reasonable expectations.” If you’re a Facebook user and you agree, we urge you to visit the Facebook Site Governance page and leave a comment telling Facebook that you want real control over all of your data. In the meantime, those users who care about control over their privacy will have to decide for themselves whether participation in the new Facebook is worth such an extreme privacy trade-off.