I’ve noticed a lot of Facebook privacy creep recently. I intend to go into more detail in my next post, but this week saw a new Facebook feature worth a special mention because some are commenting that it breaks Facebook’s privacy model. I ran my own test to see for myself that [-Spoiler warning-] it does a bit, but not as much as you might have feared. Read on and decide for yourself whether they are breaking their privacy assurances.
What’s the new feature?
Essentially it’s Facebook’s version of forwarding content through the network, as retweeting is to Twitter. I can’t find an official announcement of this feature. Mashable and All Facebook have referred to it as the “via” feature, or the “Facebook retweet”. Both ugly terms. I prefer “repost”, although “reshare” would be more inline with the Facebook lexicon. To cut a long story short, it lets you share with your friends something that a friend of yours has shared with you. At first glance this may seem like it circumvents the walled garden of your friend network. i.e. people you don’t want seeing your content seeing your content. gasp.
The repost privacy test
From my personal account (where I am simply known as Tim W and have every privacy feature locked down its strictest setting) I posted a link with appropriately alarming status update, as follows:
Then from my professional account (which is 100% public having the loosest privacy settings) I temporarily befriended myself and naturally saw the post from the elusive Tim W in its full glory. Nothing unexpected so far. I clicked the “share” button and reposted this link for all my friends on this profile to see.
Now I needed a third account that wasn’t friends with Tim W, but as a Facebook member could access the second profile in full. So I set up a Facebook account in the imaginative name of Mit Kcoltihw (Polish I imagine) and accessed the page of my public, professional profile. Lo and behold there was the reposted link, as below:
( ignore, if you can, the fact that my profile photos are the same. The repost doesn’t show the original poster as it does in Twitter)
What we see is that the posted link, and its meta data are visible, but my status update is missing. A non-friend seeing your link even if you set “Posts by me” to “Only friends” looks rather like a breach. It seems Facebook doesn’t consider this content as being “by you” as it came from a public source. However, if you change the link description text to your own text when posting the original link, this is also visible, and that’s definitely a loophole.
Links are one thing, but photos are a bit more serious. I tried the same test with a wall photo post, and you’ll be relieved to hear that the repost was completely invisible to third parties. Good.
So in conclusion – not so black and white. Your privacy settings are maintained to an extent, and you don’t need to worry about status updates and photos getting into the wrong hands, but there is definitely creep here. I think the “posts by me” privacy setting is now misleading and needs addressing, and the reposting of custom link descriptions is highly questionable. I won’t lose any sleep over this one, but I won’t be getting complacent any time soon either. If you’ve spotted a loop hole let me know by commenting below, but double check your privacy settings first.
More in my next post about Facebook privacy creep.