Every time Facebook introduces a new feature it initiates a game of cat-and-mouse with its users when privacy holes are opened up and the user is left to close them. It comes as no surprise, then, that Facebook's new location-sharing feature, Places, continues this cycle of potential data leaks.
Places is far better in terms of protecting user privacy than previous new feature roll outs such as the Instant Personalization service launched in April. Nevertheless, Places can still reveal important data about you if you don't take the time to adjust your privacy settings.
Instead of explicitly opting you in by default for Places, Facebook leaves most of your Places privacy settings unconfigured and you have to manually set them up. Choices include settings that let you share your check-ins with all Facebook users or just your Facebook friends. One setting allows your Facebook friends to initiate a check-in for you (for a primer on what it means to "check-in" see PC World's Geolocation 101).
The most crucial setting is the one that allows friends to check-in for you. If you leave this setting unconfigured you end up in a kind of privacy limbo, as TechCrunch describes it, where you have not opted in to Places but you're not opted out either.
Let's say a friend initiates a check-in for you at a bar called Louie's. You will then get a notification telling you your friend checked you in at Louie's. Since you are in privacy limbo, you will be given two choices: always allow others to do check-ins for you or ask you about this setting later. If you choose to be asked again, or if you do nothing at all, your presence at Louie's won't be registered in Facebook as a place you visited. However, your presence will be broadcast to others via a status update in real time. Since a friend could tag you in a regular status update and reveal your location that way--the thinking goes--why not allow the same functionality in Places?
The other problem is with third-party applications. Even if you lock down your location-sharing data so that only your friends can see it, your data could still be sent to a third-party application. Let's say your friend Linda uses Facebook to connect to Pandora. Once Linda authorizes Pandora, that application can access Linda's Facebook data and any of the publicly available data from people on Linda's friends list. If you're on Linda's friends list that means all kinds of data about you can be shared with Pandora if you haven't configured your privacy settings.
If you don't want third parties accessing your data, you need to find and adjust another setting. Step-by-step instructions are in the previous post entitled Facebook Places: How To Adjust Your Privacy Settings. The information about how third-party applications can access your data via your friends is under the sub-heading "Not Finished Yet."
Why, Facebook? Why?
So why does Facebook do this? Based on the company literature I've read, Facebook believes the more open your data is, the better your experience on Facebook will be. Your data is also enticing for third-party applications that connect with Facebook. True, Facebook's policies are supposed to prevent third-party apps from using your data for anything other than enhancing your Facebook experience. But who can guarantee that a rogue business isn't building a profile on you based on the data they collect from Facebook?
It's also much easier for Facebook to automatically turn on a new feature, thereby forcing it on users, than to try and convince you to activate the new feature yourself. And without new features that enhance your user experience, you might become bored with the service and look elsewhere for your online entertainment.
So the neverending cat-and-mouse game continues, with Facebook activating new features to entice you to use Facebook more often than you already do. Users who care about privacy scramble to turn off the new features as soon as they appear.
Connect with Ian on Twitter (@ianpaul).