Monday, March 09, 2009

Facebook privacy settings - nice, but I wish they actually worked

I resisted joining facebook as long as I could, but I finally succumbed to peer pressure and joined. Like most people, I have a love-hate relationship with the site. It has been great for catching up with old friends, keeping up with what people are doing, and making announcements to large groups of friends. But facebook has also posed dilemmas at times. What do I do when someone I barely know tries to friend me? How about someone I don't know? What about someone from high school whose name sounds very familiar, but I can't for the life of me recall if we were friends or if perhaps I hated that person?

Like most people, I set a person threshold above which I accept the invitation. At the risk of offending people, I typically err on the side of accepting requests. So, I've now got over 200 facebook friends, many of whom I barely know. As such, facebook is a lot less useful. The main reason is that I have disjoint circles of friends who I know for different reasons, and with whom I have different kinds of interactions. First there's family. I like to share pictures and videos of my kids with my relatives. But, I don't necessarily want everyone to see them. I have my soccer buddies. I play in two different leagues on Sunday mornings and Thursday nights. I sometimes use my status to poke fun at something that happened in a game, or to brag about a big win. Most of my friends don't really care about that. I have my poker buddies, my geek computer science friends, my high school pals, college roommates, sailing mates, tennis partners, and other circles of friends, none of whom know each other. I've been friended by current and former students, researchers in my field at other universities, past colleagues in industry, and friends of my family since childhood. Of course, I've done a lot of the friend requesting myself. The point is that it's a diverse set of people, and that I interact with them very differently. Some of my poker buddies have tattoos and take cigarette breaks during games, while many colleagues in my field have never had a friend with fancy body markings and wouldn't be caught dead in a casino. Some of my computer science colleagues have won international awards for highly technical discoveries, while some of my soccer teammates didn't go to college.

As far as I can tell, facebook does not recognize that people live in many different communities. I'd like the ability to post one status message to all my relatives and a different one to all my technical colleagues. I'd like to post pictures of my kids that only our group of friends that I will refer to as "parents of our kids' friends in school" can see. I tried to figure out a way to do this, and discovered a feature on facebook that allows you to make lists of friends. Then, supposedly, you can control the access to your facebook information based on these lists.

Either I do not understand how these features work, or more likely, they do not actually work correctly. (If the former is true, then facebook has designed privacy features that a computer scientist specializing in computer security and privacy cannot understand, and so they better get to work on their interface.) In the privacy setting screen, under Settings->Privacy->Profile, you can set who can see various information, such as profile, status, wall postings, videos that you are tagged in, and others. If you select "Custom", you can specify a friend list. There is also a nifty feature that lets you see your page as any of your friends who you select would see it. So, for example, I can specify Ann Rubin and see what my facebook pages look like when Ann Rubin access them, based on my privacy settings. I played around with this for a while. I set a friends list that consists of personal friends who I tend to socialize with. Selecting the names was an interesting exercise. The threshold I set was whether I had gotten together with this person in a purely social setting in the last two years. I set it so that only people on this list could view my status updates and my wall postings. I then set my status and posted some things to my wall.

Next, I viewed my facebook home page as one of my friends who was not on the social list. The status was not visible, but the wall posting was. I've since experimented quite a bit with the privacy settings using friend lists, and I've found that some of the features simply don't work. It is possible that I'm not doing it right. It wouldn't be the first time. But I consider myself an expert in this sort of thing, and if I can't get it right, I don't think there's much hope for the broader facebook user population. I wonder to what extent facebook has tested their custom settings options in their privacy settings. The only thing worse than not providing privacy features is providing privacy features that do not actual give the claimed privacy. Think of how much trouble you could get in. I might have posted pictures of myself sailing on a day that I was supposed to be at work, believing that my JHU colleagues, my department chair, or most seriously my students couldn't access my wall. It's a good thing that I tested the features before feeling comfortable using them.

The bottom line is that there really is no privacy for information that you volunteer onto facebook. If something would embarrass you, or would be inappropriate for certain friends, you shouldn't post it thinking that only the other friends will see it. In theory, facebook is an excellent way to keep up with people and to notify people of your activities in a twitter-like fashion. But, when it comes to privacy, facebook still has a lot of work to do to.