PDA

View Full Version : Facebook erosion of privacy


davidh
April 10th, 2010, 09:41 PM
Facebook users complain about erosion of privacy
http://www.networkworld.com/news/2010/040810-facebook-users-complain-about-erosion.html

davidh
April 11th, 2010, 04:49 AM
I would advise checking your settings, or profile, etc. on any services such as instant messaging or email or RSS readers, etc. for any options or settings which might change or affect your privacy.

I have seen at least TWO cases where inadvertent sharing of information happened.

For example, one of my wife's Yahoo Messenger friends added my wife as one of her (the friend's) Yahoo 'connections'. And that fact of sharing was apparently , by default at least, broadcast to anyone in the world who happened to be a Messenger correspondent of either of them.

For example, I found that I had a follower on my Google reader account and I had no idea who the ID belonged to.

In both cases I found it rather challenging to read and figure out what settings to fix to block (at least as best I could figure) this leakage of or erosion of privacy.

I have no idea in the case of Google reader whether the unknown follower's appearance in my reader (RSS) account had anything to do with Google's new Buzz feature. For what it's worth I did NOT click on the Buzz feature to open it when it first appeared in my Gmail AND I did delete the Buzz link from my Gmail main window as soon as I noticed that it was appearing there.

If anyone is really highly concerned about privacy it might be better to access email exclusively by a standalone mail program such a T-bird, than using some form of web mail, unless forced to use web mail, e.g. while traveling.

A little more time and maybe everybody will have to be a web developer to figure out how to plug the leaks :rolleyes:

davidh
May 22nd, 2010, 10:13 PM
Facebook users complain about erosion of privacy
http://www.networkworld.com/news/2010/040810-facebook-users-complain-about-erosion.html

Securing your Facebook privacy settings
An online tool will tell you how secure your settings are—does it work?

by Philip Michaels, Macworld.com
http://www.macworld.com/article/151437/2010/05/reclaimprivacy_facebook.html

FYI. FWIW.
I haven't tried this. I'm not even on FB.

ktinkel
May 23rd, 2010, 01:45 PM
If anyone is really highly concerned about privacy it might be better to access email exclusively by a standalone mail program such a T-bird, than using some form of web mail, unless forced to use web mail, e.g. while traveling.I am beginning to think that anyone even modestly concerned about personal privacy should sign off from Facebook altogether.

They have revised TOS and the arrangement (and number of items in) settings recently, with no advance notice. The settings are convoluted, and most sensible people assume they are as they set them. But lately many settings have been changed to new defaults, and you need to dig them out and revise them.

And these new affiliate relationships are downright scary.

sidney
May 23rd, 2010, 04:22 PM
I am beginning to think that anyone even modestly concerned about personal privacy should sign off from Facebook altogether.

That's what I did last week.

I had an account that I created back when you had to have a university email address to join. I thought it would be a more grownup version of MySpace. I never put anything on my page or enabled anyone to see it -- I could never see the point of advertising private things to people I wasn't already in close communication with and I already had a blog and a web site I could use to share pictures and so forth with family.

Then one friend and one relative started using Facebook to keep in touch with people and I gave in started using it a bit, friending a few other friends and relatives who were on it, but still not putting my private information in my profile.

The last straw for me was when I started getting pop-ups on a non-Facebook web pages that made it clear that Facebook was making information from my cookie available to the third-parties for marketing purposes. I went to my profile to find where I could set options to turn that off and found tons of different things I had to go through if I wanted what I considered an acceptable level of privacy. A couple of days later I discovered that there was a whole other set of options I had missed in the first tedious session. After I completed those settings, I sent a message to each of my Facebook "friends" announcing that I was leaving Facebook and why, then I deleted all messages and so on that I could, unfriended everyone, deleted all network affiliations, deleted or falsified as much of the profile information as possible, and then deleted the account. I went through it that way to minimize the amount of information that they might keep after I deleted the account -- I have no way of knowing if they bother to save every version of profile data or if they update one copy in the database, but in case it is the latter and they don't really delete the data when the account is deleted, that's how I did it.

Now I'm waiting out the two weeks before the account deletion becomes permanent and hoping that I didn't miss a cookie somewhere that will automatically log me in before the two weeks are up, which would cancel the deletion.

ktinkel
May 23rd, 2010, 08:40 PM
Whew!

That is pretty much my inclination as well.

I have reading about open source social networking systems that can function on a local level; they sound interesting. Not sure that people will like them if what they want is universal access, though.

The stuff in vBulletin is pretty bad.

[edit: no idea how/why I made Q the subtitle.]

davidh
May 24th, 2010, 02:43 PM
I added several categories of domains to block in my OPENDNS.COM settings, in the hope that tracking of myself would be reduced.

I don't know if blocking scripting on domains helps reduce tracking or not. I figure that them guys can still do a lot of tracking with web beacons, etc. which don't require scripting.

However, I am considering blocking all plugins incl. Flash, by default, in NoScript, to reduce Flash cookies, even tho' I DO have 'better privacy' FF extension which does erase Flash cookies when FF closes.

davidh
May 24th, 2010, 02:45 PM
However, I am considering blocking all plugins incl. Flash, by default, in NoScript, to reduce Flash cookies, even tho' I DO have 'better privacy' FF extension which does erase Flash cookies when FF closes. I mean even on whitelisted sites.

davidh
May 24th, 2010, 02:57 PM
I blocked social networking domains in opendns.com

However I use Yahoo RSS feed reader in 'My Yahoo'. I noticed that a social networking feed I had set up on My Yahoo still worked, at least for the text part.

I have no idea if any of my Yahoo personal identifying info gets passed thru the My Yahoo feed reader along to the (blocked) social networking site. Since I have to be logged on to Yahoo to use the feed reader, I suppose passing info along is a possibility. If that's the case, then it might be preferable to use T-bird. I am assuming that with T-bird the main info relayed would be just my IP with no cookies or other ID info.

Judy G. Russell
May 25th, 2010, 09:51 AM
The last straw for me was when I started getting pop-ups on a non-Facebook web pages that made it clear that Facebook was making information from my cookie available to the third-parties for marketing purposes. I've been pretty careful to keep my Facebook privacy options set very high, and haven't detected any real issues... yet. But then I'm also making sure there is very very little said or done on Facebook that I'd be concerned about if the world knew about it.

davidh
May 25th, 2010, 01:06 PM
BTW, FWIW
I blocked chat (but not IM) on opendns and then unblocked it when I couldn't get into the Paltalk web site to read their support pages. So opendns did NOT block the IP addresses used by the IM part of the Paltalk program itself, just the name of the domain. Which makes sense since DNS just tells you the address but does not have anything to do with routing. Whether the IP addresses used by the Paltalk program itself have any domain names connected to them, I don't know. I think that if one knew the IP addresses one could do a reverse lookup (WHOIS), out of curiosity.

The reason I blocked chat was because I was thinking of Paltalk as IM (I use AIM, Yahoo, Google). But I suppose that most people think of chat as group chat, which Paltalk mainly is.

ndebord
May 26th, 2010, 09:36 AM
That's what I did last week.

I had an account that I created back when you had to have a university email address to join. I thought it would be a more grownup version of MySpace. I never put anything on my page or enabled anyone to see it -- I could never see the point of advertising private things to people I wasn't already in close communication with and I already had a blog and a web site I could use to share pictures and so forth with family.

Then one friend and one relative started using Facebook to keep in touch with people and I gave in started using it a bit, friending a few other friends and relatives who were on it, but still not putting my private information in my profile.

The last straw for me was when I started getting pop-ups on a non-Facebook web pages that made it clear that Facebook was making information from my cookie available to the third-parties for marketing purposes. I went to my profile to find where I could set options to turn that off and found tons of different things I had to go through if I wanted what I considered an acceptable level of privacy. A couple of days later I discovered that there was a whole other set of options I had missed in the first tedious session. After I completed those settings, I sent a message to each of my Facebook "friends" announcing that I was leaving Facebook and why, then I deleted all messages and so on that I could, unfriended everyone, deleted all network affiliations, deleted or falsified as much of the profile information as possible, and then deleted the account. I went through it that way to minimize the amount of information that they might keep after I deleted the account -- I have no way of knowing if they bother to save every version of profile data or if they update one copy in the database, but in case it is the latter and they don't really delete the data when the account is deleted, that's how I did it.

Now I'm waiting out the two weeks before the account deletion becomes permanent and hoping that I didn't miss a cookie somewhere that will automatically log me in before the two weeks are up, which would cancel the deletion.

Sidney,

I too had what I thought was a minimal Facebook account. I did not do what you did with the settings, just deleted it. I'll try and look later on to see if anything pops up that leads me to think Facebook kept data.

ndebord
May 30th, 2010, 08:31 AM
Sidney,

Went one step further, after quitting facebook, I read this.

http://www.nytimes.com/2010/05/12/nyregion/12about.html

Diaspora sounds good.

davidh
October 17th, 2012, 12:14 PM
If anyone is really highly concerned about privacy it might be better to access email exclusively by a standalone mail program such a T-bird, than using some form of web mail, unless forced to use web mail, e.g. while traveling. FWIW, the "webmail" extension of Thunderbird may be useful here.

My idea being that using the webmail extension for such email services as yahoo or hotmail or google ought to minimize or possibly eliminate the presence of cookies in your browser(s) from those servers which would contain any personal info. In other words one would not have to sign in to those domains with a browser except to use OTHER services BESIDES email which they might provide, e.g. to upload to flickr, picasa, youtube, etc.

Of course Google supports POP3 and IMAP email, but webmail for T-bird could be useful for someone using Gmail from behind a proxy / firewall at a business that only allows HTTP to go thru.

FWIW, I have only used T-Bird 'webmail' extension with yahoo and it works pretty well. However it did "break" for a couple days recently when mail.yahoo.com threw an extra prompt into the login dialog. However the extra prompt "went away" after a couple days.

I also set my Firefox browser options to always erase cookies when I close the browser, just in case I forget to log out of webmail if I DO happen to use the browser itself to access email, or have forgotten to log out of any other site which requires signing on with a password, or in case the web site itself leaves cookies after log out.

And I only let the browser remember passwords for accounts that are rather unimportant.

I also use open source PIDGIN for most text based instant messaging in the hope that being open source would make it more likely that instances of undue release of private info by the client program would be widely divulged, so to speak.