Aaron's Thoughts

In a previous post I walked through some of the new features Facebook has launched for us third-party websites. In a nutshell, facebook users can share their friends' information. That means under normal privacy permissions, your friends can share your likes, your posts, your birthday, etc to third party sites. The example is the birthday card site, it needs to know all of a user's friends' birthdays in order to send them all cards on the right day.

When facebook launched "Places", I was curious, so I dugg in a big and sure enough, the same thing exists. Friends can share the check-in locations that their friends have posted. If you don't want this functionality, find this screen:

Go to "Account" -> "Privacy Settings"

At the bottom of the page is a section called "Applications and Websites" click "Edit Settings".

Next, find the section called "Info accessible through friends". This is the information you grant friends to share with third party sites. You might want some of these, like, you may not get a birthday card if you don't share your birthday. Choose wisely though, if you use "Places" and you check in to places you'd rather nor broadcast (why are you putting them on facebook anyways?) you should uncheck this box.

Yesterday Facebook launched a whole bunch of new tools for web developers with the idea being that outside sites can taylor better to you, the user, with more information about you. Indeed, this has always been the idea; a website could look different, suggest different things, and show you what your friends have been up to on the site. To do this, facebook gives developers simple things that show up if you are already signed in to facebook: the "like" button, comments boxes, and list of friends who liked or commented on that site.

Beyond that, we, the web developers, have to ask you to log in with those blue facebook buttons. When we set up that login feature, we get to decide how much from your facebook account you are authorizing us to see.

SO... read VERY carefully these kinds of dialog boxes, they tell you what the developer has requested access to:

Great, so YOU know to be careful... but do your friends? That's not a trivial question, because with that same "Allow" button above users can approve third party sites to access the profile, photos, statuses, comments, likes, friends, groups, notes of all their friends! In fact, here is the full list, see the column called "Friends permissions": http://developers.facebook.com/docs/authentication/permissions

As a result, everyone you are currently friends with have a lot of power to share YOUR information with websites outside facebook -- a little scary if you ask me.

I encourage everyone to review the following new privacy permissions by following these instructions:

1) Log in to Facebook and go to "Account", then "Privacy Settings"

2) Click on "Applications and Websites"

3) Find the section "What your friends can share about you" and click the "Edit Settings" button.

4) On this screen you should decide what your friends can share about you to third party sites. THINK ABOUT THIS CAREFULLY.

Ultimately, you are the owner of your content so be careful what you post about yourself. Third party websites can store your data once they have it, so deleting stuff you don't want about you on facebook doesn't delete it from existence.

Keep in mind, this is new, so we have to see how things go. The notion that a website can personalize to you means that it needs some info. AND, facebook is leading the way towards a single sign on for all sites so that you don't have to recycle those 3 passwords all over the web which is a big security issue. My two cents though is that these particular privacy settings are too burried for how important they are.