Time for a Facebook-privacy checkup

Facebook assures us that recent reports of friends' phone numbers being exposed via our accounts are unfounded, but the confusion surrounding the matter shows the service's privacy policies are clear as mud.

Dennis O'Reilly Former CNET contributor
Dennis O'Reilly began writing about workplace technology as an editor for Ziff-Davis' Computer Select, back when CDs were new-fangled, and IBM's PC XT was wowing the crowds at Comdex. He spent more than seven years running PC World's award-winning Here's How section, beginning in 2000. O'Reilly has written about everything from web search to PC security to Microsoft Excel customizations. Along with designing, building, and managing several different web sites, Dennis created the Travel Reference Library, a database of travel guidebook reviews that was converted to the web in 1996 and operated through 2000.
Dennis O'Reilly
3 min read

Facebook wants to be a part of everything we do on the Web. The company's philosophy is that the Internet is more fun when it's shared. In some ways social networks are like parties that never end. The problem is, we can't be sure who else Facebook has invited to the party, and whether these unknown guests can be trusted.

This week there was a minor dust-up about our friends' phone numbers being exposed to strangers. On Wednesday the official Facebook page explained that the feature has been in place for some time and does not publish the numbers. As with the contacts in your phone, only you can view the numbers, according to the post.

Well, the phone numbers are available to Facebook, of course. How did the numbers get there? Either your friends supplied their own numbers or you imported them via the sync feature of the mobile Facebook app. The company uses the numbers to "improve the quality of friend suggestions to you and your friends," according to the Facebook page for removing imported contacts (you may need to sign into the service first).

Before you click the Remove link on the Facebook Remove Imported Contacts page, make sure the sync feature is disabled on the mobile Facebook app: as the page states, "open the Facebook application on your iPhone, click the Friends icon in the main menu, then click Sync in the upper-right."

Two days after the public-phone-number hubbub, there were almost 10,000 comments on Facebook's explanation post--no, I didn't read them all. Clearly, people are confused about who their Facebook information is shared with. While the service allows you to determine how much of your profile, posts, and other personal information is made public, its recommended settings allow your status, photos, posts, family, and relationships to be shared with everyone.

A tour of Facebook's privacy options
The recommended setting for who can view your Facebook contact information is Friends Only. To prevent your phone number from appearing in your friends' contacts list, sign into your Facebook account, click Accounts > Privacy Preferences > Customize settings. Scroll to "Contact information," click the drop-down menu next to the phone number, and choose Customize. Select Only Me in the drop-down menu next to "These people" and click Save Settings.

Facebook custom privacy settings
Make sure you are the only person who can view your phone number on Facebook by selecting Only Me in the number's view options. screenshot by Dennis O'Reilly

While you're on the Customize Settings page, you may also want to make some other changes. For example, if you prefer not to let friends know your whereabouts, make sure Enable is unchecked for the People Here Now option under Things I Share.

Much has changed about Facebook's privacy options since I reviewed the settings in "Keep your Facebook profile private" almost two years ago. The Facebook Help Center provides information on the privacy options for each Facebook feature.

One setting I recommend you disable is Instant Personalization, which shares your Facebook doings with companies Facebook has chosen as its partners. On the Privacy Preferences page (Account > Privacy Preferences), click "Edit your settings" under Apps and Websites, choose Edit Settings next to "Instant personalization," and make sure "Enable instant personalization on partner websites" is unchecked.

Facebook Instant Personalization settings
Disable Facebook's Instant Personalization feature that shares your Facebook information with the company's partners by unchecking this option in Privacy Preferences. screenshot by Dennis O'Reilly

Last March I described in "Privacy: Facebook's Achilles heel" how the information you post on Facebook and other social networks can be used against you by third parties. A month earlier I wrote about the shortcomings of Facebook's HTTPS feature. And Facebook's security advice for parents and teens was the subject of a post in April 2010.

Social networks must strike a balance between encouraging their customers to share personal information (the source of their profits) and protecting their users from sharing too much with too many. Most people trust these services implicitly to keep them safe and not infringe on their privacy. Once that trust is lost, the services face an uphill battle to regain it. Let's hope Facebook and other social networks prove to us that they deserve our trust.