Facebook’s New Features and Your Privacy: What You Need To Know
By Ian Paul
Facebook is about to get a lot more personal and dig deeper into you and your friends’ likes, dislikes, and what you do online. This week at a Facebook developers conference called F8, the company pulled the curtain back on some very cool and soon to be available features.
What follows is an overview of what those new features are and how these features will impact your privacy. First, I’ll start with five new Facebook features debuted this week.
Five New Facebook Features
Social bar plugin: This is a persistent bar similar to what you see at the bottom of your Facebook page right now. The bar sits at the bottom of the Webpage you are visiting, and includes Facebook features such as Facebook chat. This feature has not been released yet.
Like buttons: There are two types of Like buttons that are very similar to each other, but handle different items you’ll come across online. Actual ‘Like’ buttons are meant for real-world items such as your favorite sports team or movie, while ‘Recommend’ buttons are for Web content such as news articles and videos on news sites.
Whenever you visit a site such as CNN you will start to see ‘Recommend’ buttons next to videos and articles listing how many Facebook users have recommended the item you are viewing. If you are logged in to Facebook you will also be able to see if any of your friends have recommended that news item, and then recommend the article yourself if you want to. Whenever you recommend something on CNN or other sites with a recommend button, a notification will be sent to your Facebook newsfeed that includes a link back to the CNN article.
The ‘like’ button works similarly to the ‘recommend’ button. But whenever you ‘like’ an item such as your favorite sports team or movie, the like not only appears in your newsfeed but also gets placed in your ‘Likes and Interests’ section under the ‘Info’ tab of your Facebook profile.
Recommendation plugin: Not to be confused with the ‘Recommend’ button, this browser plugin shows you a box with the top ‘likes’ on the site from all Facebook users as well as recommendations and likes from your Facebook friends. You must be logged in to Facebook to see recommendations from your friend.
Activity stream plugin: Similar to the recommendations plugin, when you are logged in to Facebook and visit a site with the activity stream plugin, a mini-Facebook Newsfeed will appear showing you all the recommendations and likes your friends have taken on the site. If you are logged in to Facebook, and you can see an example of the activity stream plugin on CNN.com.
Facebook login plugin: If you are logged in to Facebook, you will see the profile photos of your Facebook friends that have signed up to become members of the site you are visiting, as well as a link to sign up for the site using your Facebook login.
Instant Personalization: If you are logged in to Facebook and visit Yelp, Docs.com or Pandora, the site will be able to help you find information you may want to see, based on data that gets pulled from your publicly available Facebook profile information. Pandora, for example, would be able to look at your favorite music listings on your Facebook profile and deliver music selections to you based on that information.
Facebook’s new features are making it easier to build your Facebook profile and share online articles and other items with your friends. But like anything Facebook-related there are some serious privacy implications to consider. Here are a few of the most important things you need to know.
How Websites handle your data
Before we discuss these new features, let’s look at how third-party Websites are allowed to handle your personal Facebook data. Before this week’s announcements, whenever you signed in to a third-party Website such as Colbert Nation or NBC.com using your Facebook login credentials, those external Websites were allowed to store your Facebook data for only 24 hours. Facebook recently changed that requirement, and now those Websites can store your Facebook data indefinitely.
That sounds scary, what does that mean?
After you log in, the third-party site can also access any other Facebook information you’ve made public, and if the site needs more information about you that isn’t public it can ask you for it-although you don’t have to approve it. As I mentioned above, under the old policy, a Website could only hold your data for 24 hours, but under the new rules all that information can be kept indefinitely by any Website you connect with using Facebook.
Now don’t freak out about this too much, because site developers are still bound by Facebook’s rules telling them what they are allowed to do with your data–you can read about it in
Section 9 on this Webpage. Basically, Facebook’s rules state that a third-party Website cannot sell your data or do much more than use it in relation to your Facebook account.
To be fair that statement is probably a legal safety valve designed to protect Facebook from a privacy scandal, but it also appears there’s not much stopping a rogue site from using your data inappropriately. Is that likely to happen? Maybe not, but this new data storage policy serves as a reminder that you should always consider whether you trust a particular site before giving it access to your Facebook data.
Plugging In To Privacy
The ‘Like’ and ‘Recommend’ buttons you will see on third-party Websites, as well as most of the other plugins detailed above, have the least impact on your privacy. That’s because these buttons do not share any of your data with the third-party site you’re visiting, according to Facebook. All the Facebook data is served to you from Facebook’s own servers, even though it is being displayed on a third-party Website. So when you see that your friend Bill clicked the ‘Recommend’ button on a CNN article, that information is coming from Facebook and not CNN.
However, the actual ‘Like’ button, not the ‘Recommend’ button, does have some impact on your privacy. That’s because this button interacts directly with your Facebook profile’s ‘Likes and Interests’ that can be found under the ‘Info’ tab on your profile page.
So let’s say you visit the Webpage for the movie Iron Man on IMDB, and press the ‘like’ button. A notification that you ‘like’ Iron Man not only appears in your Facebook Newsfeed, but a link to the IMDB page will also be created under ‘Movies’ in your profile’s ‘Likes and Interests’ section.
At first glance this doesn’t sound like much, but keep in mind that whenever you connect with a site using your Facebook login, your ‘Likes and Interests’ are public by default. That means any site you connect with will have access to your favorite movies, books, music, and ‘Other’ pages (Other pages are mostly made up of your old Facebook Fan pages).
It’s also important to note that when you press ‘Like’ on an IMDB page or other site with the ‘Like’ button, that Webpage is now linked to your profile where all of your friends and other Facebook users can see it.
Are these issues a big deal? Maybe not, but at the same time you should be aware of all the information you’re making public and which Webpages are connecting to your profile for all the world to see.
The Like buttons are potentially going to be a huge part of the Web. Facebook CEO Mark Zuckerberg said on Wednesday that Facebook expected to deliver one billion likes in the first 24 hours that the company offered this functionality.
(click on image below to enlarge)
Instant Personalization is a more deeply-integrated social experience for Facebook users compared to the ‘Like’ buttons. The new feature can help personalize your visits to Facebook partner sites like Yelp, Pandora and Microsoft’s new Docs.com site
At Yelp, this new functionality becomes immediately obvious. If you are signed in to Facebook, a large blue banner pops down from the top of the site, telling you the site can be personalized for you. Essentially, the site does this by showing your friends’ activities on Yelp. You can see things like any restaurant reviews your friends have written, your friends’ ‘likes’ on Yelp and an activity feed with other recent actions taken by your friends on Yelp.
At first glance, most of this customization sounds similar to the new plugins Facebook offers, but the difference is that sites using Instant Personalization will also have access to your publicly available Facebook information the moment you land on their Webpages, while signed in to Faceboo. So when you go to Yelp or Pandora, for example, these sites can access your name, profile picture, gender, current city, networks, friend list, likes and interests, and your fan pages.
It’s also important to note that some actions you take on these sites could be sent back to Facebook. Let’s say, for example, that you visit Yelp and press the Facebook ‘Like’ button for the restaurant Convivium Osteria in Brooklyn
. That information would automatically be sent back to Facebook just as it would be if you clicked the ‘Like’ button on a site that doesn’t offer Instant Personalization. Yelp could also publish other activity you take on its site if you have authorized Yelp to post things on your Facebook Wall.
Another option is to click ‘No Thanks’ on the blue Facebook banner that pops down when you visit Instant Personalization sites. (see image in the previous section to see what this banner looks like) When you click ‘No Thanks,’ Facebook’s Instant Personalization partner sites are required to delete your data. But watch out, as I understand it you have to explicitly click ‘No Thanks,’ because simply closing the banner by clicking on the ‘X’ in the far right will not block the Instant Personalization features.
Opting Out Isn’t Opting Out
It’s also important to note that opting out of Instant Personalization will not completely stop Instant Personalization sites from accessing your information. If any of your Facebook friends visit these sites, the Instant Personalization feature can access that person’s friend list and all the publicly available information for each friend. So if you’re Facebook friend Suzy visits Yelp, even if you’ve opted out of Instant Personalization, your publicly available information will be shared with Yelp simply because you are on Suzy’s friend list
The good news, however, is that you can completely block Instant Personalization sites, but it takes a little more effort on your part. To stop Instant Personalization dead in its tracks, you can go to the individual Facebook pages for each Instant Personalization site, and click the ‘Block Application’ link underneath the application’s profile picture. That way, sites like Yelp or Pandora will not be able to get at your data no matter how many times your friend Suzy visits the site.
Facebook’s new plugins and instant personalization features offer a variety of ways for you to interact with your favorite Websites and Facebook friends. However, Facebook is not being as clear as it should be about how your information is shared and stored across third-party Websites when you sign in to those sites using your Facebook credentials. Facebook says doing away with the 24-hour time limit solved a technical issue for developers, and does not affect how your data can be used by third parties. That may be true, but at the same time, that’s my data the Website is now storing indefinitely, and Facebook should have made it clear to users that it had changed this rule.
Facebook should also do a better job of making it obvious and easy for users to completely opt-out of Instant Personalization. A good way to do this would have been for Facebook to have an alert appear that told you about the new Instant Personalization feature, and then gave you the option to opt out of the new feature right from the alert window.
Instead, Facebook users are notified with a pop-up that sends you to this page. Then, at the bottom of that page, there’s another link that takes you to your Facebook Privacy Settings where you can find the Instant Personalization opt-out check box. That’s a total of three clicks just to get to the Instant Personalization check box, and Facebook never once explicitly told me that this new box was there, I had to find it on my own.
The other troubling fact is that Instant Personalization Websites can still access your public information through any of your Facebook friend’s connections list unless you explicitly block every Website using Facebook’s Instant Personalization features. This method of blocking Instant Personalization sites places an unfair burden on the user. Right now, it’s easy to block just three sites using Instant Personalization, but what happens when Facebook expands this functionality to hundreds or thousands of partner sites?
Privacy Is About Control
It’s true that privacy is not as locked down as it was ten or twenty years ago, because people want to use the Internet to share far more personal information than they ever could, or would, before.
But even though the notion of privacy is changing, I don’t think it’s unreasonable for you to expect to retain control over the information you share on Facebook. The social network has become better at giving you granular control over how our information is shared within Facebook.com, but now Facebook users may be losing more control as Facebook functionality spreads across the Web and their data gets shared with numerous third-parties.
ControlAs Much As You Can
With Facebook functionality growing across the Web, today would be a good time to examine your privacy settings and make sure you are comfortable with your level of privacy control. The best place to start is your Facebook account’s Privacy Settings page
, and then check out this page which lists all the information your friends can share about you through Websites and applications. But remember that no matter what you do certain aspects of your profile are always public including your name, profile picture, gender, current city, networks, friend list, and your fan pages.