Investigation Looks at Data Collection through the Biggest Social Network; Nine Ways for Consumers to Protect Themselves
YONKERS, NY — Nearly 13 million U.S. Facebook users do not use, or are not aware of the site’s privacy controls, according to a new Consumer Reports investigation on Facebook and privacy, potentially exposing personal information beyond their network of Facebook friends. The report also revealed that a projected 4.8 million people have posted about where they planned to go on a certain day, a potential tip-off to burglars, while 4.7 million have “liked” a Facebook page about health conditions or treatments, details that insurers might use against them.
The full report can be found in the June 2012 issue of Consumer Reports and online at www.ConsumerReports.org.
The Consumer Reports investigation focused on Facebook as it is the largest social network with just over 900 million users worldwide and more than 150 million users in the U.S. The service makes it easy for people to keep up with friends, family and colleagues, discover great content, and connect to causes. Consumer Reports notes that to deliver this service, Facebook and other social networks collect enormous amounts of often highly sensitive information and distribute it widely and quickly.
Consumer Reports points out that all of this data collection is not without risks. A projected seven million households using Facebook said they had trouble last year, ranging from someone using their log-in without permission to being harassed or threatened – up 30 percent from the previous year, according to the Consumer Reports Annual State of the Net survey. And unless an individual has chosen their privacy settings meticulously, one of their friends who runs an app could grant it access to their information without their knowledge, including information that was set to “friends” only view. Only 37 percent of users say they have used the site’s privacy tools to customize how much information apps are allowed to see, according to the Consumer Reports survey.
“Facebook really is changing the way the world socially communicates and has become a successful service in part by leveraging copious amounts of personal data that can be spread far wider than its users might realize,” said Jeff Fox, Consumer Reports Technology Editor. “Our investigation revealed some fascinating, and some disquieting trends – but ones always worth knowing for consumers who wish to keep their personal data under better control.”
What does Facebook know? Americans feed all kinds of personal details into Facebook’s vast database by posting status updates on their “wall,” updating their profile, “liking a page,” or using other
Facebook features. The numbers below show how many people engaged in each activity during the past 12 months, based on projections from the Consumer Reports State of the Net survey:
- 39.3 million identified a family member in a profile
- 20.4 million included their birth date and year in their profile
- 7.7 million “liked” a Facebook page pertaining to a religious affiliation
- 4.6 million discussed their love life on their wall
- 2.6 million discussed their recreational use of alcohol on their wall
- 2.3 million “liked” a page regarding sexual orientation
While some privacy or security issues arise from poor choices Facebook users themselves make, other problems can stem from the ways the company collects data, how it manages and packages its privacy controls, and the fact that users’ data can wind up with people or companies with whom they did not intend to share. Some users might be surprised to know that Facebook gets a report every time they visit a site with a “Like” button, regardless of whether or not they click on that button, have a Facebook account, or are even logged in.
For its part, Facebook says it takes privacy and safety issues seriously. CEO Mark Zuckerberg has said that the company does privacy access checks tens of billions of times each day. The company has also announced that it would offer users greater access to records of their past Facebook activity. In addition, it says it watches vigilantly for apps that misbehave. According to a company spokesperson, “We have a dedicated team that reviews apps using a risk-based approach to ensure we address the biggest risks, rather than just doing a cursory review at the time an app is first launched.”
Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online. It also supports the Obama administration’s effort to bring industry and privacy groups together to set clear rules for how personal data is collected and used. Additionally, Consumers Union launched a petition urging Facebook to improve privacy controls and address concerns about sharing practices. The petition is highlighted in a CU policy ad appearing in Politico which can be found atwww.hearusnow.org.
It addition to the privacy safeguards that Facebook already has in place, Consumer Reports notes that the company could also fix a security lapse that permits users to set up weak passwords including some six-letter dictionary words. And it could help users avoid inadvertently sharing status updates with the public, either by alerting them more prominently when they are about to do so or by changing the default audience for posts to the user’s preferred audience.
Nine ways to stay protected. Facebook offers many privacy controls that may not be easy for layfolk to understand. A new study by Siegel+Gale, New York-based consultants, finds that Facebook’s and Google’s privacy policies are tougher to comprehend than the typical bank credit card agreement. Below are nine tips from Consumer Reports that will help users understand and utilize privacy tools:
- Think before typing. Even if a user deletes his/her account (which takes Facebook about a month), some info can remain in Facebook’s computers for up to 90 days.
- Regularly check Facebook exposure. Each month, users should check out how their page looks to others. Review individual privacy settings if necessary.
- Protect basic information. Set the audience for profile items, such as town or employer. And users should remember: Sharing info with “friends of friends” could expose them to tens of thousands.
- Know what can’t be protected. Each user’s name and profile picture are public. To protect one’s identity, they should not use a photo, or use one that doesn’t show their face.
- “UnPublic” the wall. Set the audience for all previous wall posts to just friends.
- Turn off Tag Suggest. If users would rather not have Facebook automatically recognize their face in photos, they could disable that feature in their privacy settings. The information will be deleted.
- Block apps and sites that snoop. Unless users intercede, friends can share personal information about them with apps. To block that, they should use controls to limit the info apps can see.
- Keep wall posts from friends. Users don’t have to share every wall post with every friend. They can also keep certain people from viewing specific items in their profile.
- When all else fails, deactivate. When a user deactivates their account, Facebook retains their profile data but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible forever.