Facebook policy on friends’ data is no friend of privacy

Discovering that information I never even offered to Facebook potentially has been made available to strangers is infuriating

A Facebook employee walks past a sign at Facebook headquarters in Menlo Park, California.  “Like family in-laws, a friend of a friend might know a lot more about you than you would wish.”
Photograph: Jeff Chiu/AP
A Facebook employee walks past a sign at Facebook headquarters in Menlo Park, California. “Like family in-laws, a friend of a friend might know a lot more about you than you would wish.” Photograph: Jeff Chiu/AP

Facebook friends of friends are the equivalent of online in-laws.

For the benefit of the remaining few who bravely have not succumbed to Facebook, friends of friends are the people whom you haven’t personally “friended” but your friends have.

So, Sue might be my friend on Facebook, and Sue might be friends with Joe, but Joe is not one of my Facebook friends. Yet, simply by his Facebook friendship with Sue, Joe can see a range of my posts, comments and pictures, if Sue has interacted with them – reposted an image, say, or commented on one of my posts. That is, he can do so if I have kept to the default privacy settings on Facebook.

So, like family in-laws, a friend of a friend might know a lot more about you than you would wish, through information you never intended for them to see. Sometimes this is innocuous. Still, we’d not necessarily want our in-laws to obtain such information regularly.

READ MORE


Revealing
Things get more complicated if you are more revealing about your life, thoughts and activities in your posts and don't want people you have never met learning all about them. And yes, I know – many people have plenty of Facebook "friends" they barely know or don't really know at all. But still, those are people a Facebook user has actively chosen to friend.

And, unbeknownst to you, a friend of a friend may well be someone you actively dislike.

You might dislike them so much that you make a snide post about them to Facebook, and your shared friend reads it and posts a comment, thus revealing the original post and all the comments to the person snidely spoken about.

Just like a detested in-law, these people end up connected to you, and get information about what you are doing and saying, through a third party.

But a lot is revealed about what you do, regardless of your privacy settings. You can limit your audience for your posts to just your friends, for example. But they see far more than just your posts. Your activities come up on the right hand side of your friends’ pages when you like something, comment on someone’s post (and that someone, even if not a mutual friend, is named), or add a photo.

This can be far more revealing than you might wish, letting your entire list of friends know about every minute action you take on Facebook, including things you may well have believed were private.

As far as I can tell, you cannot limit this wide range of notifications about your every activity going to friends, and therefore sometimes revealing your friends to friends of friends. You cannot, for example, limit such notifications to your posts, as opposed to other activities. I’ve tried.

But it gets worse.

Maybe you were one of the other 5,999,999 people Facebook recently notified to explain there had been “a technical bug” that possibly allowed others – including people you might know but were not friends with on Facebook – to see information about you that someone else uploaded when they uploaded their contacts to Facebook, so that Facebook can try to match people and details to make friend requests to others (which, frankly, is creepy).

That information included my phone number and email address. I am not mollified by Facebook’s suggestion that any person who saw those details was most likely someone I know, even if not a Facebook friend.

Many of us – most of us, I am sure – have Facebook friends, as well as other people “known” to us with whom we would not share such personal information.


Frustrating
It's frustrating enough to me to have so little control over who can see what I do on Facebook – a service I enjoy in many ways but constantly consider leaving because of its weak privacy management tools.

However, discovering that information I never offered to Facebook potentially has been made available to others – even if it might only be one person, and someone probably “not a stranger”, as Facebook’s apology suggests – is infuriating.

This is quite a different matter to managing, and making decisions about, one’s online information. The breach raises serious questions about whether social media sites should be permitted to access and use a person’s contacts, thus affecting third parties who are given no say at all in this (mis)use of their personal data.