2 ways Facebook could fix its top privacy risk



Facebook has gotten some praise lately for experimenting with a new feature, known as Privacy Checkup, which reminds users who have been posting public status updates on their wall for a long time that they have been doing so. A status update whose audience is set to public is a privacy risk because it can be read by virtually anyone on the Internet.

Julia Horwitz, Consumer Privacy Counsel at the Electronic Privacy Information Center, is unimpressed, saying that the feature is "an evasive maneuver." "Facebook won't make any changes in its collection or treatment of user data," she continued in an e-mail to Consumer Reports. "The program might be more accurately called 'Publicity Check-Up.'"

Where Privacy Checkup falls short

I have my doubts about the value of Privacy Checkup. As I explained in a recent post here, among the many privacy risks inherent in using Facebook, public status updates are by far the biggest, a main reason being that commercial data brokers such as Social Intelligence gather and report the contents of such updates to employers, insurers, and government agencies.

Reminding users that they have been posting publicly for a long time, which is what Privacy Checkup does, is like alerting someone to a banana on the ground after they have slipped on it. By the time you remind them, the damage has already been done.

More On This...

Find more tips and information in our guide to online security.

The essential problem with Facebook’s in-line audience selector is that it too easily lets you slip back into repeatedly posting publicly without realizing it. That’s because every time you change the in-line audience selector to Public—even if you intend it for just one status update—it remains set to public for all subsequent status updates unless and until you realize that. If this weren’t the case, there would be little need for a reminder feature such as Privacy Checkup.

How to fix it

Facebook could easily fix this problem in either of these ways.

• Alter the status in-line audience selector’s behavior so that after a user has changed it to public for a single update, for at least the next couple of updates it explicitly asks them something such as, “Are you sure you want to continue sharing this and all future status updates with the public?”

• In Facebook’s Privacy Settings, make the value that the user has set for “Who can see my future posts?” (e.g. Friends) actually stick as the default audience setting for all future status updates, even if the user temporarily overrides it for individual updates by using the in-line audience selector.

Facebook seems to have become more aware of users’ privacy concerns lately. To really help its users avoid unintended public postings, it should adopt one of these fixes, or something equally effective.

—Jeff Fox

Copyright © 2005-2014 Consumers Union of U.S., Inc. No reproduction, in whole or in part, without written permission. Consumer Reports has no relationship with any advertisers on this site.