Social networking software

Grading Facebook's Privacy Changes

Facebook on Wednesday overhauled its privacy controls, in the hopes of making them simpler to use. The company focused on three major changes for Facebook users:"a single control for your content, more powerful controls for your basic information, and an easy control to turn off all applications," according to a blog post by Facebook CEO Mark Zuckerberg. The new changes should be rolled out to your Facebook account over the next few days.

So, how do Facebook's new privacy controls stack up against recent criticisms about how Facebook handles your personal information? Perhaps the easiest way to measure this is to take a look at PCWorld's recent article, "A Bill of Rights for Facebook Users," and see how Facebook's new settings compare to this ideal.

While I haven't had a chance to use the new controls myself yet, here's my comparison based on Facebook's announcement.

Proposed Right: Facebook must explain both the benefit to me and the benefit to Facebook when introducing services or features that may expose more of my data.

Grade: C The new changes don't do anything to give users more information about the various benefits to Facebook and its users when introducing new services. While I'm not so sure Facebook needs to detail what it gets out of a business deal with sites like Yelp and Pandora, the social network could do a better job of communicating user benefits.

Proposed Right: Tell me what I'm broadcasting to the world.

Grade: B- Facebook allows you to set the privacy level for each piece of content you post on Facebook through the News Feed--including links, status updates, events, videos, and photos. For almost everything else, like your pages, interests, and Web sites, you have to wade through Facebook's privacy settings.

Proposed Right: Let me opt-in, and not have to not opt out, of new features.

Grade: B++ Facebook appears to have learned its lesson from the privacy backlash over Instant Personalization and Facebook Beacon before that. But the real test will come when Facebook unveils its next new feature. Let's see if Facebook can resist the temptation to meddle with your privacy controls next time.

Proposed Right: Make Privacy Settings Simple.

Grade: B Facebook's new privacy controls look a lot better than before, but there are still a lot of Web pages you have to wade through to fully control your privacy. Current Facebook settings require you to go through six pages and their respective sub-pages to get all your settings, while the new controls require you to go through four pages: Basic Directory Information, Sharing on Facebook, Applications and Websites, and Block Lists.

But there's no telling how many sub-settings are underneath these four new simplified sections. I haven't been able to get a close look at these settings yet, but I have to wonder just how effective these new controls will be. Also, there are some privacy controls that aren't filed under your Privacy settings, but instead are stashed in your Account Settings and your Profile page. That gets really confusing.

The new privacy controls may be easier to understand than before, but as Search Engine Land's Danny Sullivan notes, "The complexity [of Facebook's new privacy controls] may still leave users feeling there are too many controls to be in control."

Proposed Right: Let me control whether or not someone can tag me in a photo on Facebook.

Grade: F This is not a part of Facebook's new controls. Sure, some people couldn't be bothered to approve a photo tag for every photo they're in, but I bet a lot of people would like this level of control. Besides, why should any of my Facebook friends be able to link to my Facebook profile through a photo tag, and then share that photo with the world? I may not be able to stop that photo from going online, but shouldn't I be able to choose whether or not I want Facebook to directly associate that photo with me?

This would be an excellent control for Facebook to implement, and would go a long way to regaining user trust. Just make sure it's an optional setting, and don't force it on users who can't be bothered.

Proposed Right: Tell me what data I'm sharing with apps.

Grade: F When you sign up to use an application like Farmville, you only get a vague statement telling you the app will be able access your personal data. Instead, Facebook should require each application to present you with a checklist of your personal information. Then you can decide which parts of your profile the application can see.

Proposed Right: Don't let search engines index my content without my permission

Grade: B++ Facebook has allowed you to opt-out of third-party search indexing ever since Facebook opened up your data to Bing, Google, and Yahoo. But new Facebook users are presented with a weird setting where the box that allows third-party search engines to index their profile is automatically checked off. But even though the box is checked, the feature is not turned on until you click "Allow" and then "Confirm." So why is that check box there in the first place if it's essentially meaningless? That's a very confusing way to do things.

Proposed Right: Facebook must notify me when bugs or mishaps come up, and give me advance notice before making changes to Facebook's data management policies.

Grade: B- Facebook has had a few technical mishaps recently such as the recent exposure of user chat sessions, a bug that allowed Facebook data scraping at Yelp, and the automatic app installation bug. Facebook wasn't upfront about any of these issues, but they should have been. On the other hand, the company does have an open governance policy for changes to its Terms of Use, and the company recently posted notices about its privacy changes on its blog. Nevertheless, Facebook could still do a better job of alerting users to potential new changes, especially the recent privacy revisions which went largely unnoticed until the recent privacy flap started.

Proposed Right: Accept responsibility when things go wrong.

Grade: A Even though Facebook didn't own up as well as it should have to recent bugs, the company recently admitted it had made mistakes with user privacy and moved to alleviate those concerns.

Proposed Right: Give me the right to quit and leave nothing behind.

Grade: B This is a tough issue, because you can never really know for sure whether any online service completely eliminates all your data from its servers once you leave. It all comes down to whether or not you believe the company when it says your data is being purged.

Facebook also has a very difficult process for deleting your account that takes 14 days to complete. Plus how ever long it takes to remove all your information from its backup servers. A good step in the right direction would be for Facebook to plainly state on its Facebook account deletion page how long it takes for your data to be removed from its servers once you delete your account.

Facebook's latest privacy overhaul is a step in the right direction, but the company still has a long way to go if it wants to make issues surrounding privacy and privacy control easier to understand.

Are you satisfied with Facebook's new controls?

Connect with Ian on Twitter (@ianpaul).

Subscribe to the Daily Downloads Newsletter

Comments