Five months after it first announced coming privacy changes this past summer, Facebook is finally rolling out a new set of revamped privacy settings for its 350 million users. The social networking site has rightly been criticized for its confusing privacy settings, most notably in a must-read report by the Canadian Privacy Commissioner issued in July and most recently by a Norwegian consumer protection agency. We're glad to see Facebook is attempting to respond to those privacy criticisms with these changes, which are going live this evening. Unfortunately, several of the claimed privacy "improvements" have created new and serious privacy problems for users of the popular social network service.

The new changes are intended to simplify Facebook's notoriously complex privacy settings and, in the words of today's privacy announcement to all Facebook users, "give you more control of your information." But do all of the changes really give Facebook users more control over their information? EFF took a close look at the changes to figure out which ones are for the better — and which ones are for the worse.

Our conclusion? These new "privacy" changes are clearly intended to push Facebook users to publicly share even more information than before. Even worse, the changes will actually reduce the amount of control that users have over some of their personal data.

Not to say that many of the changes aren't good for privacy. But other changes are bad, while a few are just plain ugly.

The Good: Simpler Privacy Settings and Per-Post Privacy Options

The new changes have definitely simplified Facebook's privacy settings, reducing the overall number of settings while making them clearer and easier for users to find and understand. The simplification of Facebook's privacy settings includes the elimination of regional networks, which sometimes would lead people to unwittingly share their Facebook profile with an entire city, or, as Facebook's founder Mark Zuckerberg explained in a recent open letter, an entire country.

Perhaps most importantly, Facebook has added a feature that we and many others have long advocated for: the ability to define the privacy of your Facebook content on a per-post basis. So, for example, if you only want your close friends to see a particular photo, or only your business colleagues to see a particular status update, you can do that — using a simple drop-down menu that lets you define who will see that piece of content.

Most important, however, is the simple fact that as part of this transition, Facebook is forcing all of its users to actually pay attention to the specifics of their privacy settings. Considering that many if not most users have previously simply adopted the defaults offered by Facebook rather than customizing their privacy settings, this is an especially good thing.

No question, these are positive developments that hopefully will lead more people to carefully review and customize their level of privacy on Facebook. Unfortunately, the new flexibility offered by per-post privacy settings, a definite "good," is being used to justify the "bad"...

The Bad: EFF Doesn't Recommend Facebook's "Recommended" Privacy Settings

Although sold as a "privacy" revamp, Facebook's new changes are obviously intended to get people to open up even more of their Facebook data to the public. The privacy "transition tool" that guides users through the configuration will "recommend" — preselect by default — the setting to share the content they post to Facebook, such as status messages and wall posts, with everyone on the Internet, even though the default privacy level that those users had accepted previously was limited to "Your Networks and Friends" on Facebook (for more details, we highly recommend the Facebook privacy resource page and blog post from our friends at the ACLU, carefully comparing the old settings to the new settings). As the folks at TechCrunch explained last week before the changes debuted:

The way Facebook makes its recommendations will have a huge impact on the site's future. Right now, most people don't share their content using the 'everyone' option that Facebook introduced last summer. If Facebook pushes users to start using that, it could have a better stream of content to go against Twitter in the real-time search race. But Facebook has something to lose by promoting ‘everyone' updates: given the long-standing private nature of Facebook, they could lead to a massive privacy fiasco as users inadvertently share more than they mean to.

At this point there's no "if" about it: the Facebook privacy transition tool is clearly designed to push users to share much more of their Facebook info with everyone, a worrisome development that will likely cause a major shift in privacy level for most of Facebook's users, whether intentionally or inadvertently. As Valleywag rightly warns in its story "Facebook's New ‘Privacy' Scheme Smells Like an Anti-Privacy Plot":

[S]miley-face posturing aside, users should never forget that Facebook remains, at heart, not a community but a Silicon Valley startup, always hungry for exponential growth and new revenue streams. So be sure to review those new privacy "options," and take Facebook's recommendations with a huge grain of salt.

Being a free speech organization, EFF is supportive of internet users who consciously choose to share more on Facebook after weighing the privacy risks; more online speech is a good thing. But to ensure that users don't accidentally share more than they intend to, we do not recommend Facebook's "recommended" settings. Facebook will justify the new push for more sharing with everyone by pointing to the new per-post privacy options — if you don't want to share a particular piece of content with everyone, Facebook will argue, then just set the privacy level for that piece of content to something else. But we think the much safer option is to do the reverse: set your general privacy default to a more restrictive level, like "Only Friends," and then set the per-post privacy to "Everyone" for those particular things that you're sure you want to share with the world.

The Ugly: Information That You Used to Control Is Now Treated as "Publicly Available," and You Can't Opt Out of The "Sharing" of Your Information with Facebook Apps

Looking even closer at the new Facebook privacy changes, things get downright ugly when it comes to controlling who gets to see personal information such as your list of friends. Under the new regime, Facebook treats that information — along with your name, profile picture, current city, gender, networks, and the pages that you are a "fan" of — as "publicly available information" or "PAI." Before, users were allowed to restrict access to much of that information. Now, however, those privacy options have been eliminated. For example, although you used to have the ability to prevent everyone but your friends from seeing your friends list, that old privacy setting — shown below — has now been removed completely from the privacy settings page.

Facebook counters that some of this "publicly available information" was previously available to the public to some degree (while admitting that some of it definitely was not, such as your gender and your current city, which you used to be able to hide). For example, Facebook points to the fact that although you could restrict who could see what pages you are a fan of when they look at your profile, your fan status was still reflected on the page that you were a fan of. But that's no justification for eliminating your control over what people see on your profile. For example, you might want to join the fan page of a controversial issue (like a page that supports or condemns the legalization of gay marriage), and let all your personal friends see this on your profile, but hide it from your officemates, relatives or the public at large. While it's true that someone could potentially look through all the thousands upon thousands of possible fan pages to find out which ones you've joined, few people would actually do this.

Facebook also counters that users can still control whether non-friends can see your Friends List by going into the hard-to-find profile editing settings on your profile page and changing the number of friends displayed on the public version of your profile to "0" unchecking the new check-box in your Friends setting that says "show my friends on my profile". However, if the goal with these changes was to clarify the privacy settings and make them easier to find and use, then Facebook has completely failed when it comes to controlling who sees who you are friends with. And even if you do have some control over whether non-friends can see your friends list — if you hunt around and can find the right setting, which is no longer under "Privacy Settings" — Facebook has made the privacy situation even worse when it comes to information sharing with the developers of Facebook apps.

The issue of privacy when it comes to Facebook apps such as those innocent-seeming quizzes has been well-publicized by our friends at the ACLU and was a major concern for the Canadian Privacy Commissioner, which concluded that app developers had far too much freedom to suck up users' personal data, including the data of Facebook users who don't use apps at all. Facebook previously offered a solution to users who didn't want their info being shared with app developers over the Facebook Platform every time a one of their friends added an app: users could select a privacy option telling Facebook to "not share any information about me through the Facebook API."

That option has disappeared, and now apps can get all of your "publicly available information" whenever a friend of yours adds an app.

Facebook defends this change by arguing that very few users actually ever selected that option — in the same breath that they talk about how complicated and hard to find the previous privacy settings were. Rather than eliminating the option, Facebook should have made it more prominent and done a better job of publicizing it. Instead, the company has sent a clear message: if you don't want to share your personal data with hundreds or even thousands of nameless, faceless Facebook app developers — some of whom are obviously far from honest — then you shouldn't use Facebook.

These changes are especially worrisome because even something as seemingly innocuous as your list of friends can reveal a great deal about you. In September, for example, an MIT study nicknamed "Gaydar" demonstrated that researchers could accurately predict a Facebook user's sexual orientation simply by examining the user's friends-list. This kind of data mining of social networks is a science still in its infancy; the amount of data that can be extrapolated from "publicly available information" will only increase with time. In addition to potentially revealing intimate facts about your sexuality — or your politics, or your religion — this change also greatly reduces Facebook's utility as a tool for political dissent. In the Iranian protests earlier this year, Facebook played a critical role in allowing dissidents to communicate and organize with relative privacy in the face of a severe government crackdown. Much of that utility and privacy has now been lost.

The creation of this new category of "publicly available information" is made all the more ugly by Facebook's failure to properly disclose it until today — the very day it is forcing the new change on users — when it added a new bullet point at the top of its privacy policy specifying this new category of public information that will not have any privacy settings. The previous versions of the policy, however, either didn't disclose this fact at all, or buried it deep in the text surrounded by broad assurances of privacy.

For example, in its previous privacy policy before it was revised in November, Facebook didn't specify any of your data as "publicly available information," and instead offered broad privacy assurances like this one:

We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. ... You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the Privacy page.

Meanwhile, the privacy policy as updated in November did specifically call out certain information as "publicly available" and without privacy settings nearly half-way down the page, surrounded by privacy promises such as these:

  • "You decide how much information you feel comfortable sharing on Facebook and you control how it is distributed through your privacy settings."
  • "Facebook is about sharing information with others — friends and people in your networks — while providing you with privacy settings that you can use to restrict other users from accessing your information."
  • "you can control who has access to [certain information you have posted to your profile], as well as who can find you in searches, through your privacy settings."
  • "You can use your privacy settings to limit which of your information is available to 'everyone.'"

These statements are at best confusing and at worst simply untrue, and didn't give sufficient notice to users of the changes that were announced today.

In conclusion, we at EFF are worried that today's changes will lead to Facebook users publishing to the world much more information about themselves than they ever intended. Back in 2008, Facebook told Canada's Privacy Commissioner that "users are given extensive and precise controls that allow them to choose who sees what among their networks and friends, as well as tools that give them the choice to make a limited set of information available to search engines and other outside entities." In its report from July, The Privacy Commissioner relied on such statements to conclude that Facebook's default settings fell within "reasonable expectations," specifically noting that the "privacy settings — and notably all those relating to profile fields — indicate information sharing with 'My Networks and Friends.'"

No longer. Major privacy settings are now set to share with everyone by default, in some cases without any user choice, and we at EFF do not think that those new defaults fall within the average Facebook user's "reasonable expectations". If you're a Facebook user and you agree, we urge you to visit the Facebook Site Governance page and leave a comment telling Facebook that you want real control over all of your data. In the meantime, those users who care about control over their privacy will have to decide for themselves whether participation in the new Facebook is worth such an extreme privacy trade-off.