In this cyber world, Facebook has been a necessity to many users worldwide but it comes at the price of privacy. This comes in the wake of rising concerns that Facebook makes it possible for Internet hackers to hack the users information. This article takes a look at the recent privacy settings of Facebook being compromised by its creators.

Sites like Facebook and Orkut may be great for connecting with others, but they also provide a sure-fire way for broadcasting intimate details about you. Social networking giant Facebook has again created a furor in cyberland. But, this time around, users are not only sitting up and noticing the changes but also threatening to leave the world's largest social network platform.

This comes in the wake of rising concerns that Facebook makes it possible for Internet stalkers, cyber criminals and even nosy neighbors to gain a wealth of information about its users without their knowledge, thanks to a confusing system for setting privacy safeguards.

Serious Privacy Issues

Social media experts and users opine that Facebook and its founder Mark Zuckerberg might have just crossed the limit on individual privacy by allowing general information of users - which includes user's name, user id, friends' names, profile pictures, gender, connections and any other content shared using the 'Everyone' privacy setting - to be publicly visible.

Facebook, with close to 500 million users, has been consistently changing its stand on privacy. From 'no personal information available to any of the user on the website until specified' in 2005, to 'making general information accessible to other sites' in April this year. This is what bothers users like Rajesh, one of the 181 million users who visit Facebook from India every month (according to data provided by tracking agency Vizisense).

User’s Misery

Rajesh started off as a hesitant Facebook user in 2006 while he was studying in the US. "Back then, Facebook existed just for college students. Now that I am on it, I admit I am hooked to it," says Rajesh. "But Facebook has never been forthright on its privacy terms. I would prefer if they tell me directly: 'Hey, we are a free service, but this is how we use your information to sell ads - that's how we make money'," he adds. Many angry users like Rajesh have gone ahead and supported websites that are asking users to delete their accounts on Facebook. About 10,992 users across the globe have pledged to delete their accounts by May 31, 2010. But security experts say that Facebook need not get worried yet. They believe if users spend a little time while they sign up for social media sites and pay attention to the settings, they can control the access to data.

Shukla of a leading Web 2.0 consulting company, feels users need to be aware of the settings before pointing fingers at sites like Facebook. "Besides, users always have the option to delete their presence on the site. Why single out just Facebook? Google does this too. As a user of Orkut, Google makes use of my contact list in Gmail to send invites. I never asked Google to synchronise my address book to Orkut. Google's Web History is another application that can track my web footprint if my default setting is not changed. I think users will have to be more pro-active when it comes to privacy," points out Shukla.

Security experts say that, other than the basic security software, users could make use of a special software that helps one browse the net under supervision. Some of these include 'ReclaimPrivacy' and 'SaveFace'. Further security experts claim that details like date of birth should never be made public. This allows hackers to use information for targeted phishing attacks. Additionally, why should one give mobile numbers on social networking sites?

Jack, another social media user, feels a social networking site should ask users for feedback before forcing them to adopt new features. "When Google launched Buzz, it had a gaping privacy hole. People complained and, within three days, it was fixed. That's the response time users appreciate," he says. "Yet, when Facebook first announced 'Connections', it automatically transformed the user's personal information, including hometown, education, work history, interests and activities, allowing far more people than ever before to see this critical information, regardless of whether you want them to or not."

That's perhaps one reason why experts suggest being always up-to-date with the news a social networking site sends. "Ideally, one should read all the updates that your online platform sends, whether it's regarding email, social networking, or anything else. If you are in a hurry and don't have time to go through it, then go for the option 'Ask later', instead of clicking 'allow'," advises a security analyst.

If you are concerned about who looks at your data on Facebook, then opt out of the new setting 'Instant Personalisation'. Since, this allows data to be shared easily with non-Facebook websites (read third-party partners) and it is automatically set to 'allow'.

But then, there are people who understand that being online means someone will use the data they post online. "Only personally protecting what you give out can guard your privacy. Online data are permanent and have the potential to get misused. Someone somewhere has taken a system backup and it contains the information," says an Orkut and Facebook user who did not wish to be identified. Shukla agrees: "It's not that Facebook is asking you to stay. If you don't agree with its policy, you can always choose to delete your profile."

If users truly want to share more information with the world, they will. Social media users in India (close to 181 million on Facebook and 60 million on Orkut, who update their pictures, status messages and send each other messages) seem justified in demanding that sharing of information should be at their discretion.

If Facebook wishes to change their service to make information public by default, that's fine, but users should still have complete control it's they who make a social site after all.

Facebook Damage Control

Amid mounting criticism that it is betraying the trust of its users, world's largest social networking website Facebook has overhauled its privacy controls under which the amount of information that is always visible to others will be reduced.

While the Facebook users worldwide are giving a serious thought of stopping the services, Facebook is beefing up privacy protections on its network. It is said that Facebook would roll out additional changes over the coming months that would give users more powerful tools to prevent personal information from being accessed by others.

In an hour-long news conference held in the third week of May 2010 at its Palo Alto headquarters in California, Facebook CEO Mark Zuckerberg outlined 'a pretty big overhaul' and billed it as a dramatically simpler way for people to control who sees information they post on the online social networking service. "The number one thing we've heard is that there just needs to be a simpler way to control your information. We've always offered a lot of controls, but if you find them too hard to use then you won't feel like you have control." - "Unless you feel in control, then you won't be comfortable sharing and our service will be less useful for you. We agree we need to improve this," he wrote on his blog.

Is the Privacy Settings Revival Good Enough?

Facebook unveiled a redesigned privacy settings page to provide a single control for content and 'significantly reduce' the amount of information that is always visible to everyone. It said it is giving users more control over how outside applications or websites access information at the service. The changes, to be introduced over the next few weeks in June 2010, mean that one click can block any third-party sites from tapping into Facebook's data on a user. A similar one-click option will allow a user to stop applications on Facebook from tapping user information unless told otherwise. And in a reversal of a confusing feature introduced in December 2009, users will be presented with simpler options on who gets to see information.

Keep Yourself Safe on Facebook

Remember that social networking sites like Facebook are a service provided by a commercial third party we are invited to their playground on their terms and conditions (remember the tick box on signing up?). But there are ways to close the gates on them. This is how you do it on Facebook:

* Most of us have loads of friends on Facebook. But it's advisable to turn off your friends' visibility to others and prevent unwanted contacts picking off your friends for marketing purposes or other reasons. Also, your friend list is frequently visible through search engines, and exposing this information can ultimately present a security risk. To modify the visibility of your friends, visit the Profile Privacy page, then navigate down to the 'Friends' option and modify the setting to whatever is right for you.

* You might want to control which friend can post on your wall, since we befriend many friendly strangers. Visit the Profile Privacy settings page's 'Wall Posts' section. From here, you can completely disable your friends' ability to post on your wall. Or, select specific friend lists that can post on your wall.

* Your actions in Facebook such as comments, what you like or what you play appear as highlights on your friends' home pages. To control this, go to Privacy Settings and select 'News Feed and Wall' to filter what actions you want the world to know.

* Facebook deploys two types of advertisements third-party and Facebook-generated. To prevent use of your pictures (profile images) for third-party advertisements, go to Privacy Settings, then click on 'News Feed and Wall' and check the 'Off' option in 'Facebook Ads' tab.

* For many, Facebook is the Mecca of games and quizzes. When a Facebook user initiates a game or a quiz, a notice pops up to declare that interacting with the application will require access to user's information. There's also the opportunity to opt out and cancel. This is the most common way any user allows access to any application to pull profile information, photos, friend's data or other content. Avoid quizzes and games, if you value privacy.

A Brief Conclusion

While privacy issues are a major concern for users’ worldwide, users should remember that technology comes at a price. Most of the social networking websites and their creators are working for money and privacy issues of users are certainly not their highest priorities. So the users should weigh the utility of social networking sites in terms of privacy and use it in a sensible way. The users can always refer to the recent security bulletins from various websites on the Internet and follow the best practices on online security.

—By: R. Manoj The author is an Assistant Editor at Fanatic Media, Bangalore.
He is also an Independent Researcher, specializing in Systems Security. He has an active interest in designing security algorithms for securing mission critical systems. He can reached at infosecurity@fanaticmedia.com