February 7, 2010

Facebook: Why you should hide your friend list

When I wrote my first Facebook security posts a month ago, Facebook had decided that friend lists were to be public knowledge. Luckily, they retreated on this, and now you can hide the friend list from non-friends. Simply go to your profile page, click on the pencil, and uncheck the "show friend list to everyone" box.

The question, of course, is, why should you do this? I'm here to tell you why. Because Facebook's search functions reveal information about you that you probably don't want others to know. I'll use an example, using me.

I'm in the CSU Long Beach network, so you can tell what college I went to, but let's say I didn't have such a network. It would be easy enough to find out what college I went to – because Facebook orders the "Browse > College Friends" list by the most amount of people based on network. I have more CSU Long Beach friends than anywhere else, naturally, because I go there, so it's at the top.

Also, my network says "CSU Long Beach '10". So from that you can surmise approximately what year I was born, or at least the minimum age I must be. Even if this wasn't the case, though, I could just click on a bunch of friends and see what college network years they are. Most of my friends are '08, '09, and '10, so you could guess anywhere from a 4-5 year range what year I graduated, and again, what age range I should be.

This also applies to what high school you went to. The truth is that, even if you hide Education Info, you'll still show up under searches for that high school and graduation info. But this is about the friend lists. You can easily tell that I most likely went to Huntington Beach High School, and must have a lot of friends up in Canada (because Killarney is a secondary school in Vancouver). Actually, I only have two friends that are in the Killarney network. All "Browse" features are grouped by network, so the effect is more pronounced for people currently in school.

This applies to every kind of friend list. You can guess certain things based on the friend makeup. For instance, I have a few friends in the Los Angeles Times network, and they'll show up under Work Friends. So I have some kind of relationship to the LA Times, and I do; I intern at the LAT's smaller papers. Right now, since I'm still in college, I don't have many friends that show up under the work banner.

If you look at friends by city, you can see that I either lived in Huntington Beach, CA for a long time, I still live there now, or it was my hometown. This looks like it's based on hometown and current city information since Facebook abolished regional networks two months ago. So even if you hide the hometown from the profile, people could guess where your hometown is based on sorting friends by city.

What's the point of all this? Hide your friend list, please. It provides a wealth of information that you don't want people to necessarily know about.