Facebook's privacy settings are too complex for ANYONE to use - Change these settings today
My wife is quite a bit smarter than I am. She is also more educated that I am. Frankly, I'm happy she talks to me at all.
She put a photo on Facebook last week of she and a friend and was careful to double-check that the photo was set to "Friends only."
A few days later she rushed in and told me that she thought the photo was public even though it was set as Friends only.
"Because random people that I don't know are commented on this photo! Like, who is this guy? I don't want him to see this - I don't know him! Why did they let non-friends see it?"
I looked for a minute and noticed that she had "tagged" her other friend in the photo as in this example photo below:
In this photo there are four people tagged. When you tag someone they are notified that they've been tagged and they can remove the tag which removes it from their "photos of me" list. The photo above is totally public but let's say it was posted by me and I tagged my three friends and marked as "friends only."
Who can see the photo of me and my 3 friends? Who can see the photo of my wife and her friend when the photo is marked Friends?
Answer: The union of all the friends of everyone tagged in the photo. If someone else sees the photo and tags some more people, the circle of visibility for that photo or post expands.
This may seem obvious to a software engineer or someone with a background in set theory but it's not obvious even to smart regular folks. It certainly surprised my wife although she gets it now. Here's the thing, though. Now she says she really is less likely to put photos on Facebook and certainly less likely to tag folks in photos.
Confused a little? There's more. Recently my programmer man crush and favorite Canadian Reginald Braithwaite wrote a post called When you share personal data with Facebook friends, you're sharing your personal data with every app your friends use. Read that title again.
Remember that when you aren't paying for something (like Facebook), someone is paying. The advertisers are paying and you, your friends and all your info are the product.
Reginald points out that when you grant an application (Farmville, etc) in Facebook access to your profile you are often granting that application access to your friends personal information. That means that your annoying friend who is always pushing the Mob Wars invites has likely granted an application access to your information by proxy.
UPDATE: When you are sharing something note that you can pull down the privacy dropdown, select custom and make changes then hover your mouse over the gear to get a plain English tooltip showing the resulting visibility of this update:
Your Homework - and pass it on
Go log into Facebook and in the upper right corner click Privacy Settings:
Then, spend some time in these two areas of Settings. Timeline and Tagging and Apps and Websites.
Under tagging you can choose what happens when someone tags you and tags that friends add to your own posts or photos. You can also control tag suggestions. You can lock this down as much as you want.
Next, click on Apps and Websites and freak out when you see how many you (or your teen) has added. You can remove them as you like. Most importantly, click on "How people bring your info into apps they use."
How much of this info to you want your friends sharing with their applications? Turn this stuff off.
And finally, check out the Public Search option. Do you want Facebook and your public timeline to show up when someone Googles for you or your child? If not, turn this OFF.
You can also go back in time and "limit old posts." This will take posts from years ago when you didn't know this information and make them visible to friends only.
Facebook will likely try to talk you out of it. Use your judgment.
Now, for a fun over-dinner exercise try explaining this to your 14 year old and why everyone should be careful about information leakage. Seriously. At least try.