ProPublica

Journalism in the Public Interest

Cancel

The Best Reporting on Facebook and Your Privacy

With Facebook passing the one-billion user mark, we’ve rounded up the best reads on the company and privacy issues.

(File photo, Saeed Khan/AFP/GettyImages)

Oct. 15: This story has been updated to reflect new reporting.

Facebook hit the one-billion user mark last week, a little more than two years after it reached 500 million users. To mark the occasion, we've rounded up some of the best reads on Facebook and privacy.

When the Most Personal Secrets Get Outed on Facebook, The Wall Street Journal, October 2012
Two University of Texas students who didn’t want their fathers to know they were gay thought they had taken advantage of Facebook’s privacy settings. But their fathers found out anyway when the president of Queer Chorus, a campus choir they belonged to, added them to Queer Chorus’s Facebook group and Facebook automatically published a public notification. "Our hearts go out to these young people," Andrew Noyes, a Facebook spokesman, told the Journal. "Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls."

Facebook Raises Fears With Ad Tracking, The Financial Times, September 2012
Facebook has been working with a company called Datalogix to track how often people who see ads for a given product on Facebook end up buying it in real-world stores. Datalogix does this by matching up the email addresses tied to users' Facebook accounts with troves of email addresses and other data it has purchased, much of which comes from customer loyalty cards and other programs. The company has data on 70 million American households from more than 1,000 retailers, including drug stores and grocers.

Facebook Sells More Access to Members, The Wall Street Journal, October 2012
In addition to its work with Datalogix, Facebook has started letting advertisers target users based on their email addresses, their phone numbers and the other websites they've been visiting. Gokul Rajaram, who oversees Facebook's ad products, said the changes were made "in a way that respects user privacy."

Facebook Confirms It Is Scanning Your Private Message for Links, The Next Web, October 2012
Last week, a Polish startup called KILLSWITCH.me posted a video to the website Hacker News that seemed to show that including link to a website — say, Mashable — in a private message to another Facebook user would include the "Like" counter on Mashable's website. Facebook confirmed to The Next Web that it was doing this, though it said it was not revealing any of users' private information.

Should Employers Be Allowed to Ask for Your Facebook Login?, The Atlantic, February 2011
When Robert Collins applied for a job with the Maryland Department of Corrections, the organization required him to give them his Facebook password. The Department of Corrections backed down after the American Civil Liberties Union sent a letter calling the practice "a frightening and illegal invasion of privacy," but it hasn't stopped elsewhere. California became the latest state to ban it last month.

Why Facebook Is After Your Kids, The New York Times Magazine, October 2011
The Children's Online Privacy Protection Act, which bars websites from gathering data about children under 13, means that 12-year-olds can't legally use Facebook. Mark Zuckerberg wants to change that. "That will be a fight we take on at some point," he said. He may not be successful. The Federal Trade Commission pushed new rules last month to make it harder for companies to track children online.

Germans Reopen Investigation on Facebook Privacy, The New York Times, August 2012
In August, the German data protection commissioner in Hamburg — yes, the Germans have a data protection commissioner — reopened an investigation into Facebook's huge database of human faces culled from users' photos. (Johannes Caspar, the commissioner, had suspended the inquiry in June but reopened it when Facebook failed to cooperate.) The database is a component of facial-recognition technology that allows Facebook to automatically detect users' friends' faces in the photos they upload to Facebook. The company has since agreed to get rid of it for users who live in the European Union.

The Face of Facebook, The New Yorker, September 2010
Jose Antonio Vargas's profile of Zuckerberg details some of his views on privacy, which the Facebook founder calls a "third-rail issue" online. "A lot of people who are worried about privacy and those kinds of issues will take any minor misstep we take and turn it into as big a deal as possible," he said.

Zuckerberg: Facebook 'Made a Bunch of Mistakes' on Privacy, Mashable, November 2011
Facebook is now required to respect users' privacy and undergo regular privacy audits for two decades, thanks to a settlement between the Federal Trade Commission and the social network last November. It also requires that Facebook pay $16,000 a day for each violation of the agreement. In a blog post the day the settlement was announced, Zuckerberg apologized for making "a bunch of mistakes" on privacy issues, including its now-defunct Beacon advertising platform and a number of changes made in 2009.

Facebook to Target Ads Based on App Usage, The Wall Street Journal, July 2012
Facebook is also taking steps to track users on mobile devices, likely the next frontier for online privacy. "The social network is tracking the apps that people use through its popular Facebook Connect feature," the Journal reports, "which lets users log in to millions of websites and apps as varied as Amazon.com, LinkedIn and Yelp with their Facebook identity." Facebook uses that data to help target ads. When the Journal's story ran in July, the company was also considering tracking what people do on the apps. (We reached out to Facebook to see what the decided, but they did not respond to requests for comment.)

Something worth mentioning is that, if you ask anybody who’s ever worked at Facebook, Facebook deletes nothing.  When you delete it, it’s just hidden from view, but it’s still in the system.

Even if you told the system to “untag” you somewhere or remove a picture or post entirely, the engineers still have it, and still use it for processing (to train their facial recognition, for example).  It’s very likely that it even scans the German faces, but just doesn’t report the results.

And none of it’s encrypted on their end, meaning that Facebook is one hacker (or disgrunted employee, or bad business decision) away from the biggest privacy breach in history—millions of birthdays, inappropriate pictures, work histories, vacation schedules, political leanings, admissions of cheating in various contexts, and…well, basically, anything a criminal could want to scam or exploit you, plus their analysis of the data.

To the New Yorker summary’s point, this is why people seemingly blow every lapse out of proportion—it’s not out of proportion when you realize what’s at stake.  Look at it this way:  Every time they decide to or accidentally reveal everybody’s private list of connections or interests, some gay teenager gets “outed,” which may very well put him or her in physical danger.  Or someone might get fired for interacting with a competitor to his employer.  Molehill or mountain?

On top of that, keep in mind that their entire business model is basically trading on content that you created for them for free, which is more than a little exploitative.  Especially since what you get in return is…well, it’s basically a small, ad-supported version of the Internet.  You get a page where you can post things you find interesting, communicate with your friends, search for stuff, and play games.

My computer is protected by AVG which I buy (two machine license) which includes a firewall, etc. I was on FB three years ago and my account was hacked. Links showed up in 2 postings that were suspect and a friend sent me an email note asking if this was from me.  It was not.  I suspended the account and it was reactivated. I then started the process of leaving FB and found that an arduous process.  No tech support, no instructions on how to close the account, not suspend, but close.  I finally left successfully by sending a certified letter to the VP for technology with a cc to a lawyer friend.  that worked. I have rejoined FB to follow grandchildren, but maybe I should close the account again. OTOH, I post very little, no photos, really just check in on 3-4 of my grandchildren.  I’d love an informed decision or comment since I’m above my 74 year old pay grade on this one!

Michael, first, AVG protects your computer against viruses, which has nothing to do with Facebook.  Think of it like taking antibiotics when talking to a sick person over the phone.

Generally, what you’re talking about comes from one of two sources (that I’m aware of).

First, when you “like” things or follow certain articles, it runs a small program in the webpage (more or less—I can be more detailed if you care, but I promise the detail isn’t very interesting) that pretends to be you.  If that happens, it’s usually a one-shot deal, and won’t be repeated.  (It usually happens because it happened to a friend, and it looks legitimate enough that you follow it, falling into the same trap.)

Second, Facebook has “apps,” programs you run inside Facebook that do whatever the programmer told it to do.  They pose as stupid games or quizzes, but that “whatever” may include (depending on the permissions it asked for) sending announcements to your contacts.  This is ongoing, but you can slog through the options to turn all the apps off that you don’t recognize.

A third possibility is that someone just guessed your password.  Considering that something like half of all passwords are “password,” “12345,” or something easily found on a person’s Facebook page (kids’ names are very popular), it’s not a very hard game and you’re in good company (I once worked for a company that made a password manager and all of OUR passwords were “password”).  To stop this, I’ve been recommending using “pass-sentences,” something like the first line of your favorite book or even “I’m typing my Facebook password” (though I forget if spaces work in Facebook’s passwords).  It’s nearly impossible to guess, but much easier to remember than something allegedly “secure” (but not really) like “Ku43*&1fnq;.”

(Facebook also has a setting somewhere where they’ll send you an e-mail every time you log in.  It sounds stupid, but if you’re worried that someone else is getting into your account, any e-mail you get that you’re not expecting answers the question.)

As for Facebook’s tracking itself, keep in mind that it’s not just what you post with them.  They also “follow” you on every site that has a “like me on Facebook” button.  The best solution I’ve found to that is Ghostery (ghostery.com), a gadget that works in your browser to block those buttons (from a lot more than Facebook).

Oh, and yes, they make it horrible to end the account.  I’m surprised the letter worked, since I gathered that anything sent to the wrong address or person would get discarded.

“if you’re not paying for the service you are using, you are the product they are selling.”

Michael, first, AVG protects your computer against viruses, which has nothing to do with Facebook, just to clarify.  Think of it like taking antibiotics when talking to a sick person over the phone.  It’s good software, but won’t protect your interactions.

Generally, what you’re talking about comes from one of two sources (that I’m aware of).

First, when you “like” things or follow certain articles, it runs a small program in the webpage (more or less—I can be more detailed if you care, but I promise the detail isn’t very interesting) that pretends to be you.  If that happens, it’s usually a one-shot deal, and won’t be repeated.  (It usually happens because it happened to a friend, and it looks legitimate enough that you follow it, falling into the same trap.)

Second, Facebook has “apps,” programs you run inside Facebook that do whatever the programmer told it to do.  They pose as stupid games or quizzes, but that “whatever” may include (depending on the permissions it asked for) sending messages to your contacts.  This is ongoing, but you can slog through the options to turn all the apps off that you don’t recognize.

A third possibility is that someone just guessed your password.  Considering that something like half of all passwords are “password,” “12345,” or something easily found on a person’s Facebook page (kids’ names are very popular), it’s not a very hard game and you’re in good company (I once worked for a company that made a password manager and all of OUR passwords were “password”).  To stop this, I’ve been recommending using “pass-sentences,” something like the first line of your favorite book or even “I’m typing my Facebook password” (though I forget if spaces work in Facebook’s passwords).  It’s nearly impossible to guess, but much easier to remember than something allegedly “secure” (but not really) like “Ku43*&1fnq;.”

(Facebook also has a setting somewhere where they’ll send you an e-mail every time you log in.  It sounds stupid, but if you’re worried that someone else is getting into your account, any e-mail you get that you’re not expecting answers the question.)

As for Facebook’s tracking itself, keep in mind that it’s not just what you post with them.  They also “follow” you on every site that has a “like me on Facebook” button.  The best solution I’ve found to that is Ghostery (ghostery.com), a gadget that works in your browser to block those buttons (from a lot more than Facebook).

Oh, and yes, they make it horrible to end the account.  I’m surprised the letter worked, since I gathered that anything sent to the wrong address or person would get discarded.

(If this goes through a million times, I sincerely apologize.)

Michael, first, AVG protects your computer against viruses, which has nothing to do with Facebook.  Think of it like taking antibiotics when talking to a sick person over the phone.

Generally, what you’re talking about comes from one of two sources (that I’m aware of).

First, when you “like” things or follow certain articles, it runs a small program in the webpage (more or less—I can be more detailed if you care, but I promise the detail isn’t very interesting) that pretends to be you.  If that happens, it’s usually a one-shot deal, and won’t be repeated.  (It usually happens because it happened to a friend, and it looks legitimate enough that you follow it, falling into the same trap.)

Second, Facebook has “apps,” programs you run inside Facebook that do whatever the programmer told it to do.  They pose as stupid games or quizzes, but that “whatever” may include (depending on the permissions it asked for) sending messages to your contacts.  This is ongoing, but you can slog through the options to turn all the apps off that you don’t recognize.

A third possibility is that someone just guessed your password.  Considering that something like half of all passwords are “password,” “12345,” or something easily found on a person’s Facebook page (kids’ names are very popular), it’s not a very hard game and you’re in good company (I once worked for a company that made a password manager and all of OUR passwords were “password”).  To stop this, I’ve been recommending using “pass-sentences,” something like the first line of your favorite book or even “I’m typing my Facebook password” (though I forget if spaces work in Facebook’s passwords).  It’s nearly impossible to guess, but much easier to remember than something allegedly “secure” (but not really) like “Ku43*&1fnq;.”

(Facebook also has a setting somewhere where they’ll send you an e-mail every time you log in.  It sounds stupid, but if you’re worried that someone else is getting into your account, any e-mail you get that you’re not expecting answers the question.)

As for Facebook’s tracking itself, keep in mind that it’s not just what you post with them.  They also “follow” you on every site that has a “like me on Facebook” button.  The best solution I’ve found to that is Ghostery (ghostery.com), a gadget that works in your browser to block those buttons (from a lot more than Facebook).

Oh, and yes, they make it horrible to end the account.  I’m surprised the letter worked, since I gathered that anything sent to the wrong address or person would get discarded.

margaretcameron

Oct. 28, 2012, 11:40 a.m.

report a man that is on face boobook using two surnames 1 is mark willso 2 is mark man this is the same person and he is asking people for money and it is not small amounts thius is in the region of 3omillion pounds just hope that no one has been taken in with this person and i have informed the sussex police about this person and they have said that he ios on a scam and told me to contact you and to let you know what is going on and for you to deal with irt but they will be keeping an eye on him as well as they have put some thing onthere computers so pc know about him