Tuesday 27 January 2009

Facebook content viewable when logged out


Go to Facebook's simple, uncluttered homepage and you'd be forgiven for thinking that you can't see any of the content within the site unless you log in. Not so. A lot of information on Facebook is actually accessible through a web search (such as Google).

You'd be surprised at just how much information on Facebook is available to the wider public. While logged out of Facebook, I was able to find the following:

People's search results page (see above). This may include a list of your friends, as well as your photograph. Not only that, but you may be able to see the things that person is a "fan" of - there are a number of Facebook "Pages" dedicated to musicians, movies, brands and so on, and whatever Page you've joined is listed here. You can tell Facebook not to include your name and photo in search engine results via the privacy settings, and you can also choose not to have your friends and fan Pages viewable. But not all people do this.

Groups and Pages. Although surnames are not included in Groups and Pages when you click through to a search result, you can still view the content posted to a Group's website (such as the Jeff Buckley for Christmas Number 1 group). If people choose to let people find them via Google and the like, you can click through to their search results page (such as the one above), and this will include their surname.

Applications. Popular third-party widgets that people add to their Facebook profiles, such as games, are searchable. You can view the Application's Facebook page without having to log in, and see a list of fans. Again, if people's search results pages have been made public, you can click through to see their surname and possibly a list of their friends and fan Pages.

Photos. If you know the website address for a particular photo album, you'll be able to click through to view it without having to log in. This is not necessarily because the person creating the album has chosen to make it available to "Everyone" - I'll go into more detail on this later.

Trainee cops trawl web for knife gang evidence

Rookie cops in Scotland have been scouring Facebook and other social networking sites to find pictures of youths wielding violent weapons like knives, in a bid to cut teen violence.

Much of the time the young people, evidently unaware that their acts of bravado are available to all and sundry, are posing in a public place such as a park, which is an illegal offence. If they are at home, the cops pay a visit to the teen and their parents.

Constable Holly McGee, 18, told BBC Newsbeat: "We're looking for anyone who is brandishing offensive weapons or blades. We take the date, the time, detail of what's in the photograph, [then] a copy of the photograph is printed out and thereafter it's all sent to the gangs task force unit."

Operation Access, as the project is called, has led to the questioning of 400 teenagers and has been declared a success.

Source: BBC Newsbeat

Friday 9 January 2009

What Facebook collects about you

Facebook's privacy policy is written in plain English, but there are still a few vague phrases kicking around. So, what stuff does Facebook hold on you?

Apart from the usual stuff all websites know about you when you visit (like the numerical identifier, called the IP address, that traces you back to your internet provider) Facebook says it holds personal information you "knowingly choose to disclose that is collected by us and Website use information collected by us as you interact with our Website". This essentially means everything you say and do on Facebook is collected, because everything you do on there is a knowing disclosure - right?

It also says "you provide us with certain personal information, such as your name, your email address, your telephone number, your address, your gender, schools attended and any other personal or preference information that you provide to us". Wow. I certainly haven't told it all of this stuff. I think I registered before you had to specify your gender, so it doesn't know this, either. If people make all of this stuff available for even close friends to view (and say a friend's account gets hacked), it's perfect fodder for an identity thief.

You also need to provide Facebook with your date of birth, because you need to say you're over 13 to use the service. I always provide my date of birth to identify myself when I call a bank.

Note: All this doesn't even apply to the third-party applications that you might have installed. As soon as you give them permission to install themselves on to your Facebook profile, they have access to your data, too. And in an earlier post we discussed Beacon, the feature that broadcast certain actions on third-party websites to your friends that you may have preferred to keep private.

Third parties that you haven't even given permission to access your profile can access aggregated information about you. It's not personally identifiable, but your actions are contributing to Facebook's bottom line. "We do this for purposes such as aggregating how many people in a network like a band or film and personalising advertisements and promotions so that we can provide you with Facebook. We believe this benefits you."

We believe this benefits Facebook, too, n'est-ce pas?

Oh, and most creepy of all, "We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services, Facebook Platform developers and other users of Facebook, to supplement your profile."

Huh? This is probably something Facebook will focus on more in the future, as information becomes more easily tied to individuals. Does this mean Facebook will be able to associate your profile with, say, a mention of you in a local newspaper? When you list your blog on your profile, will it scan the blog and tie it up with your likes/dislikes? And as Microsoft has a small stake in Facebook, and you list your Hotmail address to sign up - where will that end? Facebook says: "Where such information is used, we generally allow you to specify in your privacy settings that you do not want this to be done or to take other actions that limit the connection of this information to your Profile (e.g. removing photo tag links)."

What I don't like about Facebook is it doesn't make it easy to delete information about myself. If I need to delete things individually from my Wall, for instance - I can't do multiple deletes. Making it possible is one thing, but it's also quite difficult to do.

Madeliene mayhem

Happy New year! The Facebook Privacy Watch team is back from their break and ready to share more stories for you.

Today's latest? A young UK Conservative party activist bragged on Facebook about dressing up as missing toddler Madeleine McCann at a New Year's bash.
Matthew Lewis was expelled from the political party and apologised "unreservedly" for his action, which may not have been widely discovered had he not boasted about it on the social networking site. His status update attracted many comments including: "Is this a cunning Baldrick style plan to obtain the reward money?"