Privacy advocates urge better protections
Under a settlement that Facebook signed with the Federal Trade Commission last year, it was barred from making misrepresentations about the privacy or security of consumers’ personal information. It also agreed to obtain users’ consent before making changes that override their privacy preferences, among other things. Consumers Union, the advocacy arm of Consumer Reports, has praised the settlement, saying it sends “a strong message to companies that they must live up to the privacy promises made to consumers.”
Some privacy advocates think the settlement wasn’t tough enough. The Electronic Privacy Information Center has urged consumers to join its petition asking the FTC to make Facebook restore its privacy settings of 2009. EPIC also wants Facebook to offer complete access to all data it keeps about users, stop creating facial recognition profiles without their consent, cease secretly tracking users across the Web, and publicly disclose the results of the privacy audits that the FTC agreement requires every other year for the next two decades.
Consumers Union wants a national privacy law that holds all companies to the same privacy standards and lets you tell companies not to track you online. It also supports the Obama administration’s effort to bring industry and privacy groups together to set clear rules for how your data is collected and used.
Leaving aside formal government regulations, there are plenty of steps that Facebook could take on its own to protect users better. It could, for example, fix a security lapse we first identified nearly two years ago that permits users to set up weak passwords including some six-letter dictionary words. It could help users avoid inadvertently sharing wall postings with the public, either by alerting them more prominently when they are about to do so or by changing the default audience for posts to the user’s preferred audience. Facebook could also tighten its oversight of apps and respond faster to urgent user problems, such as those of Kevin Jolly.
[Related: Eight Products the Facebook Generation Will Not Buy]
Until it does, perhaps the best advice comes from Ed Skoudis, an instructor at the D.C.-based SANS Institute, which trains security experts: “Maximize your privacy settings, but even then, assume anything you do on Facebook can be seen by all of your friends, your mom, your great-great-grandchildren, your employer, health insurer, and the government.”
How children fare on Facebook
Children under 13 aren’t supposed to use Facebook. We project from our survey that the company closed about 800,000 such accounts in the last year.
But some 5.6 million underage kids still have accounts, our survey suggests. And 800,000 minors were harassed or subjected to other forms of cyberbullying on Facebook.
Our survey also shows that most parents who knew their preteen used Facebook had not discussed online threats with them or “friended” them, while up to a third did nothing to keep up with their children’s Facebook activities.
Targets: 11- to 13-year-olds. The least vigilant parents in our survey were those with children under 13 on Facebook. “The kids most often targeted are 11- to 13-year-olds, because they’re more naive and less likely to tell an adult about it,” says Nils Frederiksen, a spokesman for the Pennsylvania Attorney General’s Office. Its Child Predator Unit recently charged William Ainsworth, 53, with using phony Facebook identities to lure hundreds of girls as young as 11, whose profiles revealed that they were vulnerable because of trouble at home or school. Ainsworth allegedly solicited nude photos from some and arranged to meet for sex. He has pleaded not guilty.
Investigators interviewed more than 30 girls; almost all said they were using Facebook with little or no parental knowledge when they communicated with the predator. Most used cell phones or other mobile devices, making supervision difficult.
An elusive solution. The Federal Children’s Online Privacy Protection Act (COPPA) prohibits sites from collecting, using, or disclosing personal information from preteens without parental consent. The Federal Trade Commission proposed changes last year for children who use child-oriented sites, which include improving methods for securing parents’ permission. Final recommendations are expected by year’s end.
But the new rules wouldn’t require sites with a more diverse audience, such as Facebook, to try to verify the age of someone who opens an account.
In a recent study published by the University of Illinois at Chicago, more than 80 percent of parents said they’d known when their underage child had signed up for Facebook. The study implied that one strong privacy standard for adults and children would be better than two, since with two policies kids may pretend to be older than they are.
Jeff Chester, a child-privacy advocate who led the campaign to enact COPPA, wants the FTC and Congress to consider a different option. He thinks Facebook should create a section for children under 13 and require opt-in parental permission, as COPPA requires.
We asked Facebook for its views about such an option. “We see ourselves as innovators, and believe it is time to focus on how to keep kids safe online and on Facebook, rather than on how to keep them off,” a spokesman replied in an e-mail.
What you can do. If your young teenager wants to join Facebook, insist that he or she “friend” you, says Colleen Cronin of East Hampton, Conn., who interceded when she found evidence of bullying among children in her son Cameron's Facebook network. Monitor kids’ activity. Make sure that they really know their “friends” and that they set the audience for all wall postings to “friends” only.
After all, it's your data
Facebook says that it will soon give users access to portions of the data below, and more, which it didn’t disclose before.
• Time and date of Facebook log-ins
• IP address used for each session
• Friend requests you’ve made
• Facial recognition data
• Previous names used
• Your searches and page views within Facebook while logged in
• “Poke” information
Nine ways to protect yourself
Facebook offers many privacy controls, but good luck understanding them. A new study by Siegel+Gale, New York-based consultants, finds that Facebook’s and Google’s privacy policies are tougher to comprehend than the typical bank credit card agreement or government notice.Google's widely promoted new policy was so dense that researchers "found it impossible to write an adequate question to test a reader's comprehension." Facebook’s tools were nearly as opaque. Here are tips to help you with them. For more details, read "Protect Your Privacy on Facebook."
Think before you type. Even if you delete an account (which takes Facebook about a month), some info can remain in Facebook’s computers for up to 90 days.
Regularly check your exposure. Each month, check out how your page looks to others. Review individual privacy settings if necessary.
Protect basic information. Set the audience for profile items, such as your town or employer. And remember: Sharing info with “friends of friends” could expose it to tens of thousands.
Know what you can’t protect. Your name and profile picture are public. To protect your identity, don’t use a photo, or use one that doesn’t show your face.
“UnPublic” your wall. Set the audience for all previous wall posts to just friends.
Turn off Tag Suggest. If you’d rather not have Facebook automatically recognize your face in photos, disable that feature in your privacy settings. The information will be deleted.
Block apps and sites that snoop. Unless you intercede, friends can share personal information about you with apps. To block that, use controls to limit the info apps can see.
Keep wall posts from friends. You don’t have to share every wall post with every friend. You can also keep certain people from viewing specific items in your profile.
When all else fails, deactivate. When you deactivate your account, Facebook retains your profile data, but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible to you forever.
* Editor's Note: The figures we cite on the behavior of Internet users, including those on Facebook, are drawn from our State of the Net survey, which was conducted January 16 to 31, 2012, by the Consumer Reports National Research Center. The findings are nationally representative of Internet households. Participants were 2,002 adults with a home Internet connection who were part of an online panel convened by TNS, the world’s largest custom-research agency. From those respondents, we created national projections. The margin of error for the full sample was plus or minus 2 percentage points at a 95 percent confidence level.