Consumer Reports has found that an estimated 13 million US Facebook users don't use, or don't even know about, the social network's privacy controls.
That's not necessarily the fault of the users.
Consumer Reports - an independent, non-profit US product-testing organisation - notes that Facebook users do make some bad choices as far as protecting their privacy goes. But Facebook doesn't make it all that easy for us, either.
From CR's press release:
"While some privacy or security issues arise from poor choices Facebook users themselves make, other problems can stem from the ways the company collects data, how it manages and packages its privacy controls, and the fact that users' data can wind up with people or companies with whom they did not intend to share. Some users might be surprised to know that Facebook gets a report every time they visit a site with a 'Like' button, regardless of whether or not they click on that button, have a Facebook account, or are even logged in."
Those factors, taken together, have created a privacy free-for-all where users publish all manner of personal data from which can be extrapolated religious affiliation, sexual orientation, alcohol usage proclivities and more.
Based on projections from CR's State of the Net report, which was released on Thursday, Americans during the past 12 months "liked", updated their profiles, and posted status updates to produce these data points at these rates:
• 39.3 million identified a family member in a profile
• 20.4 million included their birth date and year in their profile
• 7.7 million "liked" a Facebook page pertaining to a religious affiliation
• 4.6 million discussed their love life on their wall
• 2.6 million discussed their recreational use of alcohol on their wall
• 2.3 million "liked" a page regarding sexual orientation
For the report, CR surveyed 2,002 members of its interactive consumer online panel who were over the age of 18 and had a home internet connection.
CR found that some people are sharing way too much, including an estimated 4.8 million who've potentially tipped off burglars where and when they're going on given days and 4.7 million who've "liked" Facebook pages about health conditions that can be used against them by insurers.
The privacy situation's bad even for those of us who restrict our information to be seen only by friends, given that friends using Facebook apps can allow our data to be transferred to a third party without our knowledge.
CR says that privacy-related problems caused by Facebook are on the rise: 11 per cent of households using Facebook reported trouble on the site last year, ranging from someone using a log-in without permission to being harassed or threatened.
That percentage projects to some seven million households - 30 per cent above figures from last year's State of the Net report.
Privacy policies tough to decipher
CR acknowledged Facebook's claims that it takes privacy and safety issues seriously, including CEO Mark Zuckerberg's assertion that the company checks privacy access tens of billions of times every day and the company's pledge to offer users greater access to records of their Facebook activity.
It's all not quite enough, however. For one thing, Facebook's privacy controls are too hairy for many people to understand.
CR references a recent study from consultants Siegel Gale that finds that Facebook's and Google's privacy policies are tougher to comprehend than the typical bank credit card agreement.
Meanwhile, US online privacy laws are feeble in comparison to those of Europe, for example. In the US, scant federal rights allow us to see and control much of the information that social networks collect.
To address all these issues, CR has put out a call for a national privacy law, asked Facebook to fix what it sees as a security weakness around passwords, as well as a collection of tips to help users understand and use Facebook's privacy tools.
Better protections. Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online. It also supports the Obama administration's effort to bring industry and privacy groups together to set clear rules for how personal data is collected and used. Additionally, Consumers Union launched a petition urging Facebook to improve privacy controls and address concerns about sharing practices. The petition is highlighted in a CU policy ad appearing in Politico which can be found at www.hearusnow.org.
What else CR wants to see fixed:
Fix password security lapse. CR notes that Facebook could fix a security lapse that permits users to set up weak passwords including some six-letter dictionary words. And it could help users avoid inadvertently sharing status updates with the public, either by alerting them more prominently when they are about to do so or by changing the default audience for posts to the user's preferred audience.
And CR's tips for users on using privacy controls:
- Think before typing. Even if a user deletes his/her account (which takes Facebook about a month), some info can remain in Facebook's computers for up to 90 days.
- Regularly check Facebook exposure. Each month, users should check out how their page looks to others. Review individual privacy settings if necessary.
- Protect basic information. Set the audience for profile items, such as town or employer. And users should remember: Sharing info with "friends of friends" could expose them to tens of thousands.
- Know what can't be protected. Each user's name and profile picture are public. To protect one's identity, they should not use a photo, or use one that doesn't show their face.
- "UnPublic" the wall. Set the audience for all previous wall posts to just friends.
- Turn off Tag Suggest. If users would rather not have Facebook automatically recognise their face in photos, they could disable that feature in their privacy settings. The information will be deleted.
- Block apps and sites that snoop. Unless users intercede, friends can share personal information about them with apps. To block that, they should use controls to limit the info apps can see.
- Keep wall posts from friends. Users don't have to share every wall post with every friend. They can also keep certain people from viewing specific items in their profile.
- When all else fails, deactivate. When a user deactivates their account, Facebook retains their profile data but the account is made temporarily inaccessible. Deleting an account, on the other hand, makes it inaccessible forever.
Lisa Vaas is a technology writer for Sophos, see her profile and other articles here.