August 19, 2010 | By Kurt Opsahl

How to Protect Your Privacy on Facebook Places

Yesterday, Facebook introduced Places, a new location feature that competes with popular services like Foursquare, Google Latitude, Loopt, and Gowalla. Places allows Facebook users to 'check in' to real world locations and to tag their friends as present (similar to how Facebook allows tagging in photos). Everyone who is checked in to the location can see who else is listed as "Here Now" for a few hours after they check in. Once you are checked in to a location, Places also creates a story in your friends' News Feeds and places a notice in the location's page's Recent Activity section. The product will roll out over the next few days.

Like all location products, the new application publishes potentially sensitive information, since a stream of information on location can provide a detailed picture of your life. Some locations might appear cool at one moment, and yet become something you'd rather forget the next. Your Facebook friends may include prolific bloggers, business competitors, and former lovers. For business and personal reasons, you might need to keep your location private from them. And, as pleaserobme.com effectively illustrated, revealing your location can also reveal sensitive information about where you are not.

To its credit, by default, only your Facebook friends can see when you are tagged in a location, unless you opted for the "Everyone" master setting on the privacy controls. (EFF recommends against using the "Everyone" master setting; see how to maximize your privacy on Facebook). To further protect your privacy, you can use friend lists to exercise a more fine-tuned control over who can see your check-ins. If you don't want a location to go down on your permanent record, you need to manually delete the check in.

If your friend attempts to check you in and you have not opted into Places, you will receive a notification that gives you two options: (1) “allow check-ins," which opts you in to the program or (2) "not now" which only disallows that particular check in. Once you are opted in, you will not receive further notices before being checked in by friends. If you want to have complete control over whether you are listed at a location, you have to permanently disallow check-ins by your friends by disabling "Friends can check me in to Places" on the customize privacy settings page. This is the most privacy protective option, since you will only be listed at a location if you affirmatively choose to check in.

"Here Now" broadcasts a list of those checked in to everyone else who is checked in, regardless of whether they are "friends." Sometimes you may not want every Places user in the same location to be able to see you, since the location might be large like a ballpark or an outdoor music festival. You can opt out of the Here Now feature by unchecking the "Include me in 'People Here Now' after I check in" privacy control. However, Facebook does not offer the ability to limit Here Now visibility to subsets of your friends.

Places is designed to limit your location options to places that are actually near you, as reported by the geolocation features of your mobile device. Sometimes, however, you may have personal or professional reasons to report a different location. For example, you might want to report your location as being at a cafe, when you are really at an HIV clinic or a domestic violence shelter. While you can have a friend check you in anywhere they are, or spoof your geolocation if you have sufficient technical chops, Facebook should allow arbitrary locations.

Note that location data can be a tempting target for law enforcement. We urge Facebook to follow the lead of other location service providers like Google and Loopt, and provide the strongest protection for its users by requiring a wiretap order before tracking a Places user's location for law enforcement. Update: In response to this post, Facebook tells us that "We consider our Places product to generate content of communications, and would require a search warrant for prior generated content or a wiretap to capture forward generated content."

If you start to use Places, Facebook apps can also use your location data, and your friends can authorize the disclosure of your location data. The ACLU's DotRights has provided a helpful guide to managing your location privacy settings, including how to prevent your friends' apps from seeing your location information. (Facebook responded to ACLU's criticisms in Techcrunch).

Places is Facebook's most significant product launch since the controversial introduction of Connections and Instant Personalization. We had a number of constructive conversations with Facebook leading up to this launch, and appreciated the opportunity to provide feedback. Not everything resulted in changes, but overall it was a positive process. While the product is not perfect and could use some important changes, as noted above, the privacy settings and defaults represent a substantial improvement over those earlier launches. However, the settings are only good if users understand them intuitively and use them effectively. As the product rolls out to millions of Facebook users, we will be looking closely at its implementation and effects on locational privacy.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

EFF will speak at Black Hat Briefings on both government surveillance and export controls. https://eff.org/r.nilc #BHUSA

Jul 6 @ 7:14pm

Massive leak of Hacking Team docs exposes the firm selling spyware to authoritarian governments: https://eff.org/r.f6bu

Jul 6 @ 4:40pm

Newest leak of TPP's IP chapter reveals how countries are converging on anti-user copyright takedown rules: https://eff.org/r.jedp

Jul 6 @ 3:40pm
JavaScript license information