December 19, 2009

The New Facebook: Why Friends-of-Friends is a Bad Idea

In Facebook's new privacy settings, regional networks were dismantled completely. However, in its place, the "friends of friends" setting has become immensely popular. This is a very dangerous proposition and I urge you to restrict your privacy to friends only. There are far too many people that can see your profile and it may even affect your ability to get a job.

How many "friends of friends" will have access?

Friends of friends is much more dangerous than the regional network. Let's take the highly conservative count of 200 friends. Let's say each of them has, on average, 200 friends. Multiply that and a potential 40,000 non-friends could have access to your profile and photos. This is highly conservative, because in my friend count list, 12 of the top 20 have more than 1,000 friends each, and many other have anywhere from 400-900 friends. Heck, one of my friends has 1,950 friends.

Places, location, and event "friends"

Before the advent of Facebook Pages, a friend profile was a common way to get the word out about your product or location. I've gotten friendship requests from the "Port of Long Beach" or "PRSSA Long Beach." This can be dangerous, because they can be the mutual friend link that would otherwise not exist. For example, CSULB ASI has 1,200 friends. If I became friends with CSULB ASI, I potentially have access to more than 1,200 people's photo albums, notes, etc. if they chose to set friends-of-friends privacy.

Pages do not have this problem. They're much better because you don't have to disclose as much private information as a friend link would (and it's a pain to set limited profile). This is probably why they've become far more popular than these friend profiles. I don't recommend severing ties with these profiles, just set everything to friends-only to avoid this problem.


If you're networking well, there's a really good chance that a potential employer can see your profile if you have friends-of-friends access. For example, I'm friends with the adviser at the Daily 49er and the CSULB photojournalism teacher. Both used to work at the Orange County Register and the photo teacher used to work at the Associated Press. When I sent the name of the Associated Press internship coordinator to the photo teacher for a recommendation letter, she came back to me and said, "Hey, i used to work with that coordinator." So if that coordinator had a Facebook and I had friends-of-friends privacy, she could potentially see my photos, notes, etc. which is a really bad thing.

And what could she see? Well, by default (and Facebook is really stupid), the profile photos album is accessible to friends of friends. As I stated in my prior post, if you have less-than-work-safe poses (such as holding beer containers uploaded before your 21st birthday), this could look bad. Photo album access can also be compromising, especially those of parties. I also believe that notes access is Everyone by default. Now that it shows up in profile search, employers could see potentially embarrassing "25 random things about me" notes or other things.

The point is that you shouldn't take the risk. Any potential employer's evaluation of you should purely be based on what you submit – the resume, cover letter, and the interview process. They should not have the access to make assumptions about your social life, relationship status, or other things not pertaining to the job description. Legally, they can't ask such questions. But I don't believe there's anything illegal if they happen to find that information on their own if your friends-of-friends privacy setting grants them that access.

December 13, 2009

New Facebook Privacy: Taking Control

Facebook has recently rolled out a new series of privacy controls. After some review, I've concluded that they're much leakier than before and the new defaults are worse than the original. Here's a summary of what's changed and how to restore the privacy that Facebook has stripped.

Broadly, I recommend all information to be restricted to Friends Only unless there is a compelling reason otherwise not to. Opening the information to My Networks is just asking for trouble. In the CSU Long Beach network there are 18,000 people alone. For instance, I want people to go to my website, so I have it visible, and my email address is also listed on my Zenfolio, so there's no reason why to have it restricted on Facebook.

More information is now easily accessible:

Before, your settings could be "Everyone" for notes, emails, and photo albums, but it took a lot of work to actually find the information. For instance, to find notes, I would grab the ID number after the notes.php?id= and this trick didn’t work for people who had picked out usernames. Now, the "Notes" tab shows up in the profile search. To fix this, go to Application Settings and set Notes privacy settings to Friends Only.

Email addresses are by default set to "Everyone." Before, the only practical purpose was if you already had someone’s email you wanted to find, like an old friend. The CSULB database attaches email addresses to names, which was useful for common name people; i.e. if there were two persons named Michael Yee in the CSU Long Beach network, but you knew my email was (CSULB search), you could figure out which one was me (if my email was open, which it isn't; I also lost the password, so contact me at my Gmail). Now it's shown in the profile search, meaning that more people can see your email address. Go to Privacy Settings and set email access to Friends Only. Only your friends or close associates should know your email address, unless it's a business email.

The profile photo album is also now visible to everyone by default. You have to dig into the photo album settings to restrict it further. Since the profile picture is one of the most prominent features of one's profile, having Everyone access by default is a problem. People often have pictures of their significant others, poses that are more personal than professional, and other things. Non-friends should not be able to see your profile pictures by default. To fix this, go to Photos Privacy, scroll to bottom and set privacy of the Profile photo album to "Friends Only".

Photo albums also show up searches now as well. You should go through your photo albums and restrict certain ones (parties, indecent albums, etc.) to Friends Only.

Friend lists are weird now. Before, you could set it so certain lists or non-friends could not see the friend list. Now, it's either ON for everyone or OFF for everyone. You have to turn the friend list on by default, which you can do by clicking the pencil icon in the friend list in the profile.

Searching gives away more information

Your ability to block non-friends from seeing your friend list, the "Add as Friend" button, and profile picture are gone. This is really bad. I can confirm that at least 3-4 people who previously had their profile pictures hidden, hidden lists, and the Add as Friend button now have all three visible. You can still restrict people from poking you or messaging you. In addition, Facebook will show the groups you've joined and the pages you're a fan of. Facebook considers all of that information to be publicly available (according to their Privacy Settings FAQ) and there is no current way to hide them, except for removing your membership in all pages.

Facebook's defaults are terrible

Facebook revokes your searchable status – it reverts to everyone – and you have to switch it back to "Friends Only" so non-friends can't find you. However, as of this writing, restricting access to "Friends Only" doesn't work; my mom has that setting enabled but I can still see her under other accounts. Good job, Facebook. Way to make being invisible harder. Also, "Add as Friend" now shows up. I know one person who has accepted the new privacy settings that somehow has disabled the Add as Friend button (incidentally, the same person has also banned me), so there might be an option to disable that, but the 2-3 others who previously had it disabled now feature the "Add as Friend" button.

Facebook privacy has become considerably harder now. Check your settings, because the New Facebook is worse than the old one. Just like how the Old Facebook layout was a lot better than the new one.