UPDATE: Flaw in Facebook Privacy Settings
Thursday, April 29, 2010
It has come to my attention that there is a serious flaw in Facebook’s privacy settings. I thought I should share this information because most people think that if they have their privacy options set to “friends only” that—as the name implies—only friends can see their posts. But that’s not the case anymore. In fact, when one of your friends leaves a comment on one of your posts (whether it be a status update, picture or link), the post is then open for viewing to that person’s entire friend list. So somebody you never met could have the opportunity to view your post. It also opens the door for those people to see other things in your profile that would normally be off limits…like additional photos in a particular album, personal information listed under the “info” tab and more.
The way this works is when you post a comment on someone’s post, an update is added to your wall. Then, anybody within your friend list can click on that link and see the original post, along with the comment you left. There used to be an option to keep this from happening, but facebook seems to have done away with it in their last update. You can test this by visiting any of your “friend’s” walls and clicking on a comment link to a friend you don’t have in common. You’ll see that you have access to much more than you should.
I’ve looked all over the current privacy settings and could not find a way to thwart this issue. If you can find one, let me know. But, the lesson: Do not post ANYTHING on facebook that you don’t want the whole world to see.
And, spread the word so everybody understands just how un-private their stuff is.
—————————————————————————————
UPDATE
It turns out that there is a way to somewhat thwart this issue. Thanks to Karon Halama putting me on the right path. The problem lies in the fact that many people thought they had already set their privacy controls to “friends only”. But, when facebook did a recent update, many of those settings were reverted to a default of “everyone.” So, here’s what you need to do to change it back. Click on “account” on the top right side of your screen and then click on “Privacy Settings” from the drop down menu.
When you get to the privacy screen, “Personal Information and Posts.”
Then make sure each is set to “Friends Only.”
Note, that while should protect your posts from being seen by the wrong people, Facebook has been know to have security bugs. For instance, in March, Mashable reported that Facebook experienced a bug that exposed users hidden email addresses. So, I’ll keep my original warning in place: Don’t post anything on Facebook that you don’t want the world to see.
Also note that if your friends do not have these privacy settings in place, that means that whatever you write on their wall is up for viewing to the rest of your friend list.
Other stories of interest:
Facebook Chat Down for Maintenance Following Privacy Lapse
Facebook instant personalization: what you need to know
“Facebook rolled out its “Instant Personalization” privacy settings which default to shared information on third party websites. Users can, however, arm themselves with the ability to opt out of the plugin features- the trick is understanding these new settings and electing your privacy choices.
Thank you for keeping us informed! It’s much appreciated.
You can get around this. I just discovered the work-around on this one last night after finding that I could see the entire profile of someone I don’t know.
Go to Account – Privacy Settings – Profile Information. Second option from the bottom is “Posts By Friends.” Set this to “Only Friends” and you have solved the problem.