The Facebook Privacy Thread

[Morrigoon]

Quote:

Originally Posted by Alex

I would have gone with complete fabrications but since within these communities I was already well known I decided to keep using Alex.

Well, if you ever decide to change it to "Curmudgeon" I promise to recognize you

[bewitched]

Quote:

Originally Posted by BarTopDancer

What do you mean block websites? You just have to reject their access request.

According to FB's help center, if you don't want your personal info shared when a friend visits those 3 sites, you have to go to their facebook page and specifically opt out. It is only when you go to use these pages that an accept/reject pop-up will appear.

Quote:

Originally Posted by Facebook Help Center

To prevent your friends from sharing any of your information with an instant personalization partner, block the application: Microsoft Docs.com, Pandora, Yelp.
http://www.facebook.com/help/?faq=17105

[bewitched]

Quote:

Originally Posted by innerSpaceman

Aside from the privacy (which is not a concern of mine), does anyone think the claims of being more susceptible to hackers holds any water? That's my concern. I don't expect much privacy on the 'net, but I don't want to paint a target on my facebook's back.

I think the concern is more for spammers who would be inclined to put fake "like" buttons on a website to mine data. Apparently there is no easy way to verify that a "like" really is a FB "like".

[BarTopDancer]

Facebook Privacy FAQ For those who can't access FB at work (spoilered due to length)

Spoiler:

What are social plugins?
Social plugins are simple tools that can be "dropped" into any website to provide people with personalized and social experiences. Using social plugins, websites everywhere can give you more ways to experience the web with your friends--from letting you form connections on these sites with your favorite movies or restaurants to showing you the most popular content based on what is being shared among your friends. Rather than seeing popular stories, products or reviews from people you don't know, you'll now see content that matters to you the most--from your friends--displayed prominently.
Social plugins include:

• "Like" or "Recommend" buttons: Click to publicly share and connect with content you find interesting.
• Activity Feed: What your friends are liking, commenting on or sharing on a site.
• Recommendations: Most liked content among your friends on a site.

How do social plugins work?
While these buttons and boxes appear on other websites, the content populating them comes directly from Facebook. The plugins were designed so that the website you are visiting receives none of this information.These plugins should be seen as an extension of Facebook.

You only see a personalized experience with your friends if you are logged into your Facebook account. If you are not already logged in, you will be prompted to log in to Facebook before you can use a plugin on another site.

At a technical level, social plugins work when external websites put an iframe from Facebook.com on their sites, as if they were agreeing to give Facebook some real estate on their websites. When you visit one of these sites, the Facebook iframe can recognize if you are logged into Facebook. If you are logged in, it’ll show personalized content within the plugin as if you were on Facebook.com directly. Even though the iframe is not on Facebook, it is designed with all the privacy protections as if it were.

What personal information is shared with sites that use social plugins?
None of your information – your name or profile information, what you like, who your friends are, what they have liked, what they recommend – is shared with external sites you visit with a plugin. Because they have given Facebook this "real estate" on their sites, they do not receive or interact with the information that is contained or transmitted there. Similarly, no personal information about your actions is provided to advertisers on Facebook.com or on the other site.

Can websites that use social plugins publish information about me?
No information is published if you do not interact with social plugins. If you click "Like" or make a comment using a social plugin, your activity will be published on Facebook and shown to your Facebook friends who see an Activity Feed or Recommendations plugin on the same site. The things you like will be displayed publicly on your profile.

How can I identify social plugins on websites?
You’ll recognize social plugins by the branding in the footer that looks like similar features on Facebook—the "f" icon is next to the phrase, "Facebook social plugin."

What am I sharing when I click a "Like" or "Recommend" button on external websites?
The "Like" and "Recommend" buttons on other sites work in a similar way to the "Share" buttons from Facebook and other services that you've likely seen on the web for years. These buttons enable you to publicly express your interest in some piece of content with a simple action, similar to how you might rate a restaurant or movie on a site today. Nothing happens unless you choose to click the buttons, and you must be logged into Facebook before you can use them.

When you click "Like" or "Recommend," the button turns darker to indicate that you like or recommend something and are making a public connection to it. Back on Facebook, a story will appear on your profile and may appear in your friends' News Feeds, just as if you had liked something on Facebook. You can click "Like" again if you wish to remove the like.

Your likes and recommendations also may appear to your friends on the website where you clicked the button and elsewhere through other Facebook social plugins appearing on websites (e.g., Activity Feed or Recommendations). Some sites may also give you the option to add a comment when you like or recommend something.

In some cases, when you create a connection to a real world entity, such as a book, movie or athlete, your likes and recommendations become a part of your profile in the same way as the connections you make with Pages on Facebook. They will appear in your "Likes and Interests" section of your profile, and you may receive updates from that connection in News Feed.

[BarTopDancer]

Continued:

Spoiler:

Why do some of the things I like from other websites appear in my "Likes and Interests" section of my profile, while others don't?
Social plugins are a common set of tools from Facebook to bring social and personalized experiences to other websites you visit. However, each website may choose to implement them in different ways.

In some cases, your likes and recommendations become a part of your profile in the "Info" tab in the same way as the connections you make with Pages on Facebook. This occurs when you like or recommend a real world entity, such as a book, movie or athlete, where it makes more sense to form a lasting relationship.

Which sites use social plugins?
Any website can use social plugins. Learn more about adding social plugins to your website.

How do I opt-out of viewing social plugins?
No data is shared about you when you see a social plugin on an external website. You can choose to use social plugins when you click the "Like" or "Recommend" button on a piece of content you want to share. These actions are publicly available information, similar to public comments or reviews you might write on a website. Only click the "Like" or "Recommend" buttons if you want to share your likes and recommendations publicly.

How is this different from the "Log in with Facebook" or "Connect" features I see across the Web?
If you want to interact more deeply with a website, on some sites you’ll see ways to log in or sign in to that site using your Facebook information. This capability has been available since July 2008 and was previously called Facebook Connect. It provides you with ways to share your information with other websites and find your friends. In these cases, you are establishing a relationship directly with these websites and sharing your information with them after you choose to sign in; this includes your data from social plugins.

Instant personalization pilot program partnerships
How does instant personalization work on websites participating in the pilot program?
We have established a small pilot program with an exclusive set of partners—currently yelp.com, Microsoft Docs.com, and pandora.com—to offer a personalized experience as soon as you visit. These partners have been given access to public information on Facebook (e.g., names, friend lists and interests and likes) to personalize your experience.

When you first visit any of these three partner sites while logged into Facebook, you’ll see a blue bar appear at the top of the site letting you know that your experience is being personalized. You can choose to learn more, remove the personalized experience or click "x" to remove the bar. If you don't want your experience personalized on these limited number of sites, you can opt out by clicking here. You can also navigate there by going to 'Account' -> 'Privacy settings' -> 'Applications and Websites' -> 'Instant Personalization Pilot Program'

What data is shared with instant personalization pilot program websites?
When you and your friends visit an instantly personalized partner site - currently including yelp.com, Microsoft Docs.com, and pandora.com the partner can use your public Facebook information, which includes your name, profile picture, gender, and connections. To access any non-public information, the website is required to ask for you or your friend's explicit permission.

Will my actions on instant personalization pilot program websites be published back to Facebook?
No information is published back to Facebook unless you click on a "Like" button or other social plugin or explicitly authorize the website to publish to Facebook on your behalf.

How did Facebook select partners for its instant personalization pilot program?
Facebook has carefully selected and reviewed the partners in the instant personalization pilot program. These partners are contractually required to respect people's privacy preferences. Additionally, they are required to provide an easy and prominent method for opting out directly from their website and delete data if people choose do opt out.

Is there a complete list of which websites are participating in the instant personalization pilot program?
Instant personalization is enabled only for the following partner websites: yelp.com, docs.com, and pandora.com.

How will I know that I've arrived on an instant personalization pilot program website?
Each instant personalization partner is required to display a blue Facebook notification at the top of their website when you first arrive on their site.

How do I opt-out of the instant personalization pilot program?
You can opt-out of instant personalization by disallowing it here. By clicking "No Thanks" on the Facebook notification on partner sites, partners will delete your data. To prevent your friends from sharing any of your information with an instant personalization partner, block the application: Microsoft Docs.com, Pandora, Yelp.

How do I block individual sites in the instant personalization pilot program from accessing my public information my friends share?
You can block each site individually by clicking on "Block Application" link on the following pages: Microsoft Docs.com, Pandora, Yelp.

[BarTopDancer]

After reading all that, it seems that if you log out of Facebook before going out to the web you can avoid having your data pulled. Your data is accessed via FB code on the other website (as GD explained earlier).

Before these changes Yelp and Pandora were already doing this type of data sharing. I think OpenTable was too.

I get why the changes are raising questions and concerns but it seems to be a lot of uproar about the lack of privacy when your data isn't being broadcast to the rest of the internet.

[bewitched]

Quote:

Originally Posted by BarTopDancer

After reading all that, it seems that if you log out of Facebook before going out to the web you can avoid having your data pulled. Your data is accessed via FB code on the other website (as GD explained earlier).

Well yeah...unless your friends visit certain websites.

I guess my problem isn't so much that a website I have chosen to log into looks at my info (if I don't opt/log out) but I have a big problem with a website I've never even visited pulling whatever info my FB friends are privy to (different from public, i.e. "everyone" info) whenever one of them goes to visit (without ever even pressing a "like" button.)

I mean honestly, with all of the uproar about the "like" thing, how many people even know that there are 3 sites out there that require nothing more than a visit by a friend (and is FB going to say when they add more or do I need to go check everyday?)? And how big of a leap is it before it doesn't matter whether or not you're logged in or out...that you are IDed by FB by your IP?

I don't mind having to opt in or out when I am informed of privacy changes but I resent having to go on a treasure hunt to find what the new policy really is. And frankly, has FB said how long they've been partners with Yelp, Pandora and MS docs? They could have been pulling info for months before anyone noticed.

[Pirate Bill]

Quote:

Originally Posted by €uroMeinke

More an annoyance than anything else as long as you don't do things like use your date of birth, friend or pet names as passwords.

It's not just passwords the black hat hackers are after. It's stuff like your home town, the city you were born in, the best man at your wedding, your mother's maiden name, etc. All such insights into your life can grant people backdoor access to your bank accounts or email (which can also help get back door access to bank accounts). No matter how secure your passwords are the weakest link is the security questions used to reset or remind you of your passwords.

[Alex]

That's why, when setting them up, you never accurately the security questions. I just have standard answers that have nothing to do with reality.

[Kevy Baby]

Quote:

Originally Posted by Alex

That's why, when setting them up, you never accurately the security questions. I just have standard answers that have nothing to do with reality.

So your pet's name isn't Rufus and your mother's maiden name isn't McFlinkenheimer?