How Facebook is Getting it Wrong: New Privacy Settings Offer Less Privacy

Facebook implemented some updated privacy features this week which were supposed to give users greater control over their privacy settings. However, alarmingly, some of the updates have left previously protected information exposed. As a mental health professional, I am deeply troubled by these changes, both in terms of how it compromises my own personal privacy, and for how it affects the privacy of my clients.

But one doesn’t have to be a mental health professional or a client to be affected by the changes made by Facebook. We all deserve personal privacy and I feel that the ways in which profiles have become more visible have not been adequately addressed in Facebook’s statements to users.

Here is Facebook’s updated privacy statement from their Help page:


Some settings are changing with the recent updates to Facebook privacy, but Facebook’s commitment to providing you control over your information is not. Here’s a summary of what’s changing:

* The Privacy page has been simplified, and in that process, some settings have been consolidated. For security reasons, you will now be required to enter your password if you’d like to update your privacy settings.

* A privacy control has been added to the publisher at the top of your home and profile page. This allows you to set privacy on individual posts. For example, you could post a status to Everyone or only to Friends. Learn more on the Publisher help page.

* Instead of having networks for regions (eg., Australia or New York City), people’s locations are now listed in the “Current City” or “Current Region” field of their profiles. This means if you use the “Friends and Networks” privacy setting, the networks part only applies to work and school networks.

* A basic set of information is publicly available, meaning it’s visible to anyone that’s able to navigate to your profile, applications you use on Facebook, and websites you connect with via Facebook. This information includes your name, profile picture, gender, current city, networks, friend list, and Pages. Any additional information (eg., photos or videos) will only be exposed if your privacy settings allow it.

Keep in mind that anyone who navigates to your profile will be able to view your publicly available information and information you’ve made visible to Everyone. In addition, your profile picture appears in places you make comments and posts. You can always change your current profile picture or lower your search visibility if you choose.

Here are some of the changes that are particularly unsettling to me as a mental health professional who works with many people who had opted for great profile invisibility in the previous version of Facebook:

No more hiding your email from email searches

Previously, you could opt-out of email searches so that you (or your patients) could choose not to have every person they’d ever contacted via email be able to find their Facebook profile. Now, there is no longer an option of hiding yourself from email searches. This means that Facebook gives you the illusion of invisibility by giving you the choice of omitting yourself from a general Facebook search (which you do by going to Privacy > Search and limiting your profile to be seen by “Only Friends,” and disallowing Indexing from search engines. Nevertheless, hundreds of people can still find your profile, depending upon the number of people with whom you have exchanged email using the email address that is linked to your Facebook account.

Why is this disturbing? First, it’s simply misleading since many users will assume that their profile is hidden due to tweaking their Search settings. Second, by making it impossible for you to hide yourself from email searches, your Facebook profile will show up to anyone who uses “Find Friends,” in the email search to find users in their address book. That means your profile is really visible to more than “Friends Only.” While many Facebook users like to be found by random (and not-so-random) people, there are many of users who would prefer that their profiles would not be visible to others, including health care providers they’ve exchanged email with, clients they work with in a professional setting, co-workers, exes, or people who have stalked, harassed, or abused them in some fashion in the past. Users no longer have the choice to choose true privacy.

As an experiment, I tried what seemed to be a simple work-around to this: changing the email address that is associated with one’s Facebook account. But after creating a new email address for my Facebook profile and removing the old email address associated with my account, my profile and original email account still come up in other users’ “Find Friends” email searches. It is unclear to me whether this will update over time. However, changes in privacy settings on Facebook usually update immediately, so it’s of some concern that this is not updating after I’ve removed an email address from my account.

Friends lists unveiled

All friends,” are now visible on all user profiles, once you’ve navigated to the profile. As a psychologist, and semi-private person, hiding my own friends list was a feature that I particularly liked on Facebook. It allowed me to participate in online culture while still enjoying having a (semi) private personal life. Friends of mine could always see if we had friends in common, but I employed settings that allowed me to keep my total list of friends for my eyes only if we did not share friends. I felt that allowing all people in my life a list of all my friends was more information than I wanted to share and I liked having that choice.

This choice is also gone now. I find it especially troubling now to think that there is no way to keep curious strangers, professional contacts, or previous acquaintances from clicking on a user profile and seeing who all their friends are. Many people may not care about hiding this information, but to remove the option for people to select a privacy level is problematic. It also allows any user to navigate to another users profile if the person knows which friends of theirs to target in a search. Again, I see this as having potential safety implications for people.

Profile Photos and Comments Are Now Visible

With the new settings, if you default to your previous privacy settings it gives you the impression that others cannot view your photo and the rest of your profile. Not exactly true. This actually entails additional steps in which you must go to your Profile Photo Album and reconfigure the settings for that album.

Previously, you could make it so that your photo showed up as a generic figure when another user viewed your wall posting and someone who was not your friend could not access any part of your profile.

No more.

Now, your Profile Photo shows up anywhere you post anything and any user can click on that photo or icon or name to view your basic profile. Furthermore, that user can then click on your Profile Photo and see all of your profile photos, including any comments made on them by other users. You can hide this, but this setting has to be adjusted separately and many users will remain unaware that a big piece of their personal information can be viewed by others.

In the name of beta testing, I tried this by clicking on the profile of an old college friend who had previously denied my friend request because….well, I’m not sure exactly. But let’s just assume that this user has stricter friending criteria than I do. In the past, this person’s profile just showed me a generic illustration for her photo. But when I clicked on that illustration today, I was able to view six profile photos, including her family photos and other people’s comments on them.

This is a huge breach of privacy for many people who thought they were hiding this information from others.

Facebook is giving people the illusion that they are making their profile more private, when an unlimited number of people now have greater access to user profiles. Some users will not be savvy enough to even recognize how much more information is visible to others who they do not want to have access to this information.

That’s just wrong.

Update: December 11, 2009

Seems that Facebook has responded to user outrage and added back the ability to hide “All Friends” on profiles.

3 Responses to “How Facebook is Getting it Wrong: New Privacy Settings Offer Less Privacy”

  1. Should Mental Health Professionals Block Clients On Facebook? | Dr. Keely Kolmes

    […] How Facebook is Getting it Wrong: New Privacy Settings Offer Less Privacy […]

  2. Technology Matters » Blog Archive » Facebook drops a deuce on Privacy.

    […] Keely Kolmes does a very good job of addressing these specific  issues in her blog.  Dr. Kolmes also points out in a newer post that Facebook has in fact made some additional […]

  3. I’m Not a Rock Star! (More Thoughts on Facebook Fanning) | Dr. Keely Kolmes

    […] I do not need my clients to be my “Fans,” particularly on a site which already has an unstable track record in regard to user privacy. The way I see it, other than the positive interpersonal exchange (pride, recognition, and other […]

Comments are closed.