Facebook responds to criticism and reworks privacy settings

According to Graham Cluley, senior technical consultant with Sophos, whereas the privacy settings are easier to access – and may encourage users to be more careful with how they share information online – “it feels as if Facebook may be reacting more to Google+ rather than making a fundamental shift in its attitude to users' privacy.”

In a blog post, Chris Cox, Facebook's vice president said the changes are "a bunch of improvements that make it easier to share posts, photos, tags and other content with exactly the people you want."

Cluley says that the changes include 'inline controls' – previously, he notes, the privacy settings for your Facebook content were buried away in a labyrinth of different pages, while in the future, each post will have a privacy control alongside it, making it more obvious who you are sharing information with.

This is, he explains in his latest security posting, a little like how Google+ operates, with users being able to choose at the time of post exactly which individuals or groups of friends – known as circles – they wish to share information with.

“Now, content on your profile will be accompanied by a privacy control, making it simpler to see who you are sharing the information with and making it easy to change with one click”, he says.

The other area of changes that Cluley and others have criticised previously, centres on photo tagging and, he says it is Sophos' belief that many Facebook users would like the ability to block anyone from tagging them in photographs without their express permission, rather than simply blocking the photo from appearing on their profile.

“Instead, you'll probably find yourself continuing to request that people untag you from photographs, and kindly learn not to do it anymore in future”, he notes, adding that the tags have changed, with 'everyone' now becoming 'public.'

This is, he observes, a terminology change by Facebook as, where in the past, users may not have been aware that if they chose to share information with 'everyone' that actually meant 'everyone, everywhere on the internet, forever.'

“Is 'public' an improvement? Probably, but I suspect many folks still won't realise its true implications”, he says, adding that, even if you change your mind, it's too late – “and although Facebook say they will remove information from your profile if you choose to zap it, you and they have no control about how it is used outside of Facebook.”

“Although I'm pleased to see what appears to be Facebook simplifying its privacy settings, and making them more visible, it has missed an opportunity to lead the way on privacy”, he says.

Facebook, adds Cluley, should become truly opt-in. Not just on the basis that a new user opts in altogether by joining Facebook in the first place, but on the basis that everything is locked down until a new user opens up each feature.

“Facebook should not wait until the regulators in the world's developed economies start legislating to make it do a better job. If they took the lead, people would love them all the more in the end”, he concludes.

What’s Hot on Infosecurity Magazine?