If you’re a PrivacyFix user, or have been following the PrivacyFix blog, then you’ve learned how to make your Facebook profile private. It’s time to put these privacy fixes to the test and see how much or how little information your Facebook profile shares. You may think that a stranger, or anyone who searches for you on Facebook, is only able to see your name shown under your timeline cover. But how can you really know that your Facebook profile is private?
A simple way to check to see how the privacy settings you have changed affect your profile, and to see what other privacy settings need to be changed, is to view your profile as a stranger sees it. Here’s a walkthrough of how to do this:
To see how someone else views your profile:
Click the Privacy Shortcut Button (it’s located to the right of the home button and looks like a lock)
Click “Who Can See My Stuff?”
Click “View As”
You will be lead to your Facebook page as it is viewed publicly. From this page, you will also have the option to view your profile through the eyes of a specific Facebook friend
The ability to view your Facebook profile the way someone else does is an extremely useful feature in terms of Facebook privacy.
Be sure that when you update your privacy settings on Facebook, you are actively saving your progress. You can tweak your privacy settings all day, butnot saving your changes means not securing your profile. Viewing your profile as someone else not only lets you know how the settings you’ve altered have affected your profile, it also lets you know what needs to be changed.
Did you know that advertisersupload email addresses and phone numbers to Facebook in order to target ads to you? This makes some people uncomfortable, since it encourages marketers to try to associate your identity with your behavioral profile, including things like your income or what you buy online and offline. Unfortunately, Facebook doesn’t let you opt out from these kinds of ads, and it’s hard to track down opt-outs at all of the companies involved. This means you aren’t really in control of your own data.
All is not lost — there is a way to limit the impact.You can make sure that the email addresses that you give to Facebook are not ones you want used for the purpose of ad targeting. If you have given Facebook multiple email accounts, consider cutting that down to just one. You may still need Facebook email notifications, so it needs to be an account that you do check or can set up a forwarding filter to your regular account.
To get to your email settings:
Click the Privacy Shortcuts icon.
Click “See More Settings.”
Click the “General” tab.
Once you access you General Settings:
Click Edit at the end of the row that says “Email.”
If you want to remove an email, click the button next to the email you want to remove, then click remove.
If you want to add an mail account, click the link that says “Add another email.”
Be sure to save your changes.
What’s the downside? You might miss more relevant ads. It doesn’t get rid of the profiles that are keyed to your email, just makes your profile less usable.
They say you can’t have too many friends. How true is this maxim in terms of Facebook privacy?
Sure, it seemed like a good idea to add your high school sweetheart on Facebook, but after you never talked to them, sorting through pictures of what they had for dinner can get annoying.
Here are three ways that ditching some of your Facebook Friends might be good for your privacy:
1. Some of them aren’t really friends.
If you’re like us, your Facebook friends probably include more than a few people you couldn’t pick out of a police lineup. So you had a great week, and you post about it on Facebook. Do you really want the person that sat next to you in Home Economics in High School to know how your week went? Unless you select the “Only Me” option, this friend will have access to everything you post, and will be able to slice and dice your profile through Facebook’s new Graph Search. It’s almost like they never left your side.
2. More Friends means more “friends of friends.”
For some of your Facebook privacy settings, you may have selected “Friends of Friends” in terms of who can see your profile or find you on the social network. If that’s your choice, then each Friend not only brings themselves to the data party, they also bring their own friends, too. Choose your Friends wisely, and trust that they are doing the same.
3. Your Friends apps track you.
Do you know that, unless you’ve changed your default privacy settings, your friends can give apps permission to access your Facebook information? If you think FarmVille invites are annoying, how about the idea of your name and other profile information going to apps you don’t even use? If you’ve limited your Friends list to real friends, then you’ll be more comfortable letting them share your data with apps, particularly if it means more automated birthday greetings.
With this in mind, it’s time to head over to your Friends list and give it a scrub. Sure, if they’re paying super close attention or use some kind of friend-checking app, they might notice that you’ve broken the bonds of Facebook friendship. If they really care, they’ll let you know, and maybe you can rekindle the relationship.
(Today’s guest post is by Ryan Wakely, a senior at UC Santa Cruz and PrivacyChoice Intern.)
There comes a time in every undergraduate’s life when they have to face the un-faceable: Graduation. You worked hard during your four or more years at the University of Your Choosing and you deserve to land a great job after you graduate. Even if you’re leaving school knowing formulas, proofs, and dates, how much do you know about the online profile you’ve created, particularly in Facebook, and how well does it set you up for success in the real world?
A prospective employer wants to know what you can offer their company, and they’re likely to look at any resource they can to know more about you. Remember, they’re on Facebook, too, and it’s easy enough to look you up.
What will they find when they do? Unfortunately, while your friends might be impressed by how much alcohol you can consume in a weekend, the CEO is probably not. And that photo album titled, “Spring Break: Cabo Edition,” probably isn’t something you want linked from your online resume.
So what can you do? As far as I can tell, there are three ways to go about it: Delete, Deactivate or Manage.
Delete
The first option is very simple: Kill your Facebook account by deleting it. Although it’s hard to find, Facebook provides a process to commit account suicide, which you can find here. Problem number one with this is that the process is actually incomplete; deleting your Facebook account erases some, but not all, of your Facebook data. Your page is deleted and all tags are removed, but pictures and statuses that you were tagged in may remain.
An even more important downside is that your Facebook page, including the contact list you likely worked hard to develop, is gone forever. That’s why deletion even feels bizarre. The confirmation page makes it seem like you’re giving your life away.
Deactivate
You may have tried to contact a Facebook friend only to find out that their profile is nowhere to be found. After a day or so you see that person post a status about a new job. Clearly their profile is active again, but where was it just a few day ago? Your friend likely deactivated their account during the hiring process.
Deactivating a page does not mean that your data (i.e., pictures, status updates, and likes) is gone forever. Your data is stored on Facebook servers (and with any companies that were able to grab it), but it is not currently public. All it takes to reactivate is to log into your account.
Unfortunately, de-activating your Facebook account during a job search might give an even worse impression: Will the hiring manager really believe that you’re not really on Facebook, unlike 99% of college-age people? Or will they assume something even worse? And what about career opportunities that might come at you even when you’re not actively looking (but your account is re-activated)?
In short, deactivation is a weak way of controlling your life on Facebook. It sends an ambiguous message to potential employers, and is super annoying for your real friends.
Manage
A more sensible approach is to manage your Facebook appearance more closely, which involves navigating a web of Facebook privacy settings. Facebook would just as soon have you share everything with “everyone,” not just “Friends” or “Friends-of-Friends.” That’s a rational approach for Facebook, since “everyone” includes advertisers, who pay the bills. But “everyone” also includes employers, recruiters and other people and companies who may want to scrutinize your profile. With the new “Graph Search” feature , it’s easier than ever for them to do this.
How do you get your arms around all of the different privacy settings that matter, and how do you know you’ve hit all of the right ones? That’s where Privacyfix comes in. As an intern on this project, I’ve learned just how valuable it can be for the recent graduate:
You can easily clean up prior activities using the Privacyfix Activity Log review with filters. Remember Freshman year when you Liked the Four Loko theme song just to be ironic?
You can get your settings in shape so that future activity is seen only by the right people, and (if you want) to make sure you can decide when you’re tagged in posts or photos.
You can also deal with a bunch of other settings that PrivacyFix includes, like making sure that your name and image don’t pop up on ads and preventing Facebook from tracking you across other sites.
You can be done with the whole process in about 20 minutes. You can get back to trying to find something suitable to wear to interviews, since cargo shorts and flip-flops no longer suffice.
One more tip that isn’t covered yet in Privacyfix is custom groups, an essential tool for those of us with large groups of friends spanning high school, college, and family. To your Facebook friends, custom groups are like that exclusive nightclub you’ve always wanted to get into; if you don’t have the right credentials, you’re not getting in.
Making a custom groups is simple:
Find the “Groups” tab in the Facebook navigation bar.
Click on Create New Group and ive it a name that lets you know who is included in the group (i.e., Mom and Dad, Party Friends, or Class Friends).
Add the appropriate members to the group.
Posts statuses, pictures, and information within the group that you want to communicate with.
An obvious way to prevent people from seeing you do something is to simply not do it, but, we all like to let loose once in a while. You should not feel the need to isolate yourself from friends and family while applying for jobs because your Facebook account may be affected in a negative way. Custom groups allow users to share what they want, with the people they want. Here’s an example of how custom groups make you free to live a little and not worry about Facebook creating problems for you.
Your roommate just turned 21 and you want to go out and celebrate. However, you know that your parents frequently visit Facebook and will inevitably see photos from your roommate’s party. To prevent this from happening, create a custom group that excludes your parents and make sure only Facebook users added to that group can see tagged pictures from that night.
Contrary to hiding things from family members and employers, you can make things public to them. Make sure to take plenty of pictures of you at the library.
It’s a frequently asked question from our users. How could there possibly be more than 1,200 companies collecting data about you as you across the web and mobile apps?
This quick video from the Interactive Advertising Bureau illustrates the increasingly complex stack of data collection.
Not comfortable with being the data in this ecosystem? Go here.
Today we launched Privacyfix 3.0, a major upgrade focused on getting you ready for Facebook Graph Search. All the details are in the press release (below). This post is about the highlights. The first thing you need to know is:
There is no opt-out from Graph Search.
Facebook wants you to be more open and connected, so anything you share on Facebook is ‘graph-searchable’ by anyone who otherwise has access to your stuff. What’s different now is that Graph Search is amazingly easy, fast and precise, which means that other Facebook users can now probe, slice and dice the details of your profile, posts, tagged photos and all the rest at the click of a mouse. Graph Search is rolling out right now to Facebook users in the United States.
There are three things to do to get ready for Graph Search.
1.Make sure only the right people can search your posts.
The first order of business is to make sure that you’re only sharing with the people you want to share with, so that other people won’t find your information when they use Graph Search. This is a two-step process: first, for the most privacy, make sure your setting for future posts is limited to friends; second, retroactively limit all of your past posts to friends only.
2. Review your Activity Log for what your friends can see.
Even if only your friends can search for your stuff, you still may want to review what they can see, since Graph Search picks up things you may have ‘liked” years ago, or companies that you don’t really “like” but that you wanted to follow for some other reason.
The best place to review your Facebook history is through your Activity Log, which is a big, scrollable master list of the Likes, tags and photos related to you on Facebook. When you use Privacyfix to review your Activity Log, you can automatically highlight words and phrases that might be of concern, within categories like sex and profanity, health and substances.
Super important: Hiding something on your Timeline does not remove it from Graph Search. if you really want something to be unavailable in Graph Search, you need to delete it or remove it completely. You’ll notice that we hit you over the head on this in Privacyfix, because it confuses just about everyone who encounters it.
3. Take control of tagging.
When someone tags you in a post or photo, that tag associates you with that item within Graph Search, almost instantly. Privacyfix shows you how to change this setting so that the tag requires your prior approval.
Of course, even with these fixes in place, Graph Search means that you need to be careful about what you do in Facebook, since it’s now much more easy for anyone to find.
But wait, there’s more.
In Privacyfix 3.0 we’ve added a new feature that helps you help your friends and family make sure they have their privacy settings in order. Now Privacyfix shows you when their Facebook profile is indexed in Google, which usually indicates that they have never checked their privacy settings. With two clicks, you can send them a link to Privacyfix to get the job done. Parents of teens, this one’s for you.
Last, but not least, when you run Privacyfix now, you’ll see a new layout, which simplifies your console into a single page and brings it together with our tutorial information in a handy slider. You’ll also see a new status indicator at the top of the page, which shows you instantly when you have open privacy choices to consider. The new layout also gives us more room to add more settings and services, and aligns our design with Privacyfix for iOS and Android, which are now in field testing.
PRIVACYFIX PREPARES YOU FOR FACEBOOK GRAPH SEARCH
Easily limit exposure to invasive searches and check exposure of family and friends
February 13, 2013 – Santa Cruz, CA – Privacy-technology leader PrivacyChoice today announced Graph Search Control as part of a major upgrade to Privacyfix. Privacyfix 3.0 gets you ready for Graph Search in three easy steps, using the guided interface that drew rave reviews when Privacyfix launched in October. Privacyfix also features new setting checks, a simpler, unified interface and the ability to see and warn your friends when they are vulnerable to public searches of their Facebook timeline. These new features are immediately available to new users and to over 300,000 users who have already installed Privacyfix for Chrome and Firefox.
Jim Brock, PrivacyChoice Founder, said: “Graph Search is a privacy nightmare for millions of people who have never checked their default settings on Facebook. Every post, every Like and every tagged photo can now be scanned in infinite detail by anybody with a Facebook account. Because Facebook has provided no way to opt out from Graph Search, it’s up to each user to control who can see and search for their information. Privacyfix makes it much easier and quicker to get this right.”
Privacyfix 3.0 includes these new features:
Graph Search Control
Privacyfix checks your exposure to Facebook’s new searching feature, and takes you through three simple steps to control what others can find out about you through Graph Search. The new Activity Log highlight feature zeros-in on content that you don’t want to be searchable, even by your friends. Privacyfix also now shows you how to require approval before being tagged in other people’s posts, which helps limit Graph Search Exposure.
Jim Brock: “Because Graph Search has no opt out, the burden is on the user to review their Activity Log for things they probably never thought would be so easily available to other users. Our helpful overlay speeds this process by highlighting content that may be of concern.”
Friend Privacy Helper
In another innovation, Privacyfix now lets you check the Facebook privacy exposure of your family and friends, and then send them a gentle reminder when their Facebook profile can be found in Google. Now it’s easier for concerned parents and relations to ensure that their loved ones are making thoughtful privacy choices.
Jim Brock: “Online privacy is challenging, and we can all use a hand to make sure we aren’t over-sharing. Parents of teenagers, in particular, will find this new feature is a great way to help make Facebook a safer and more comfortable experience for everyone in the family.”
Spiffy New Design
Privacyfix 3.0 also shows off a new, unified design, which foreshadows the launch of Privacyfix for Android and iOS (both now in field testing). The new version also adds a handy progress bar that summarizes your overall privacy status.
Jim Brock: “Online life involves an ever-growing set of privacy choices. Our mission is to make Privacyfix the platform for these decisions across every device that you use.”
About Privacyfix
Privacyfix is the ultimate privacy tool, checking and protecting your privacy across Facebook, Google, and thousands of websites and online trackers. Privacyfix is a service of PrivacyChoice, a leading provider of privacy technology and data, founded in 2009 in Santa Cruz, California. Privacyfix is available in English, Spanish, French, Italian, Portuguese and Russian.
Contact:
Jim Brock
PrivacyChoice
101 Cooper Street
Santa Cruz CA 95060
@privacychoice
408-641-9290
jim@privacychoice.org
Today the FTC published a very helpful set of guidance for app developers on the best practices to keep user data secure. So helpful, in fact, that it’s worthy of repeating in full right here:
Make someone responsible for security.
Your team should include at least one person responsible for considering security at every stage of your app’s development. If you’re running a solo operation, that person is you. It’s easy to assume someone else is handling security — whether that someone is a mobile operating system provider, a device manufacturer, or another member of the development team. It’s true that everyone has a role to play, but as the developer, you’re the final line of defense.
Take stock of the data you collect and retain.
Practice data minimization: Don’t collect or keep data you don’t need. For example, if your photo-editing app doesn’t require access to a user’s contact info, don’t ask for it. Simply put, data you don’t collect is data you don’t need to worry about protecting. Avoid keeping data longer than you need to. For example, if you offer a location-based mobile game, get rid of the location data when it’s no longer relevant.
Understand differences between mobile platforms.
Research the mobile platforms you work with. Each mobile operating systems uses different application programming interface (APIs), provides you with different security-related features, and handles permissions its own way. Don’t expect that one platform works exactly like another. Do your research and adapt your code accordingly.
Don’t rely on a platform alone to protect your users.
Mobile platforms often provide helpful security features. But it’s your job to understand those features (and their limitations), implement them properly, and take other measures necessary to protect your users. In addition, while platform-based permissions might be helpful in conveying security information to your customers, they’re no substitute for your own effective communication. Talk to your users in your own words.
Generate credentials securely.
If you create credentials for your users (like usernames and passwords), create them securely. For example, a short number string might be an appropriate token for authenticating a user on a game score board, but the same credential wouldn’t be appropriate for a social networking app.
Use transit encryption for usernames, passwords, and other important data.
Anytime your app transmits usernames, passwords, API keys, or other types of important data, use transit encryption. Mobile devices commonly rely on unsecure Wi-Fi access points at coffee shops, airports, and the like — and it’s easy for troublemakers to snoop and intercept connections.
To protect users, developers often deploy SSL/TLS in the form of HTTPS. Consider using HTTPS or another industry-standard method. There’s no need to reinvent the wheel. If you use HTTPS, use a digital certificate and ensure your app checks it properly. A no-frills digital certificate from a reputable vendor is inexpensive and helps your customers ensure they’re communicating with your servers, and not someone else’s. But standards change, so keep an eye on current technologies, and make sure you’re using the latest and greatest security features.
Use due diligence on libraries and other third-party code.
Before using someone else’s code to build or augment your app, do your research. Does this library or SDK have known security vulnerabilities? Has it been tested in real-world settings? Have other developers reported problems? Third-party libraries can save time, but make sure you stay accountable for your app.
Consider protecting data you store on a user’s device.
If your app handles personal information, consider protecting or obscuring the data — for example, by using encryption. Some platforms have special storage schemes for sensitive data like passwords and keys. Use them if they’re available. This helps protect your users in the event of viruses, malware, or a lost device.
Protect your servers, too.
If you maintain a server that communicates with your app, take appropriate security measures to protect it. If you rely on a commercial cloud provider, understand the divisions of responsibility for securing and updating software on the server. While some commercial services will monitor and update your servers’ security, others leave you in control.
Server security is its own complex topic, so do some research. Take steps to protect yourself from common vulnerabilities, including injection attacks, cross-site scripting, and other threats.
Don’t store passwords in plaintext.
Don’t store passwords in plaintext on your server. Instead, consider using an iterated cryptographic hash function to hash users’ passwords and then verify against these hash values. (Your users can simply reset their passwords if they forget.) That way, if your server suffers a data breach, passwords aren’t left completely exposed.
You’re not done once you release your app. Stay aware and communicate with your users.
Even after you ship your app, stay involved. New vulnerabilities arise daily, and even the most reputable software libraries require security updates. Follow general and library-specific mailing lists and have a plan for shipping security updates if needed.
Check your inbox, too. User feedback can help you spot and fix security vulnerabilities. When they discover vulnerabilities, researchers often try to resolve the issue with developers before publishing their findings. It’s best to be part of that discussion early on.
If you’re dealing with financial data, health data, or kids’ data, make sure you understand applicable standards and regulations.
If your app deals with kids’ data, health data, or financial data, ensure you’re complying with relevant rules and regulations, which are more complex.
Previously on the PrivacyChoice Blog, I was critical of Apple’s implementation of Do Not Track in iOS 6.0, which stands as a striking exercise in hide-the-ball product design. Literally, finding and exercising your choice about being tracked by advertisers requires a sequence of six interactions with your device:
Tap > Tap > Tap > Swipe down > Tap > Tap
Not to mention knowing that this setting doesn’t live anywhere near the “Privacy” tab; rather, it lives deep at the bottom of “About” under the label “Advertising.” This is the opposite of Privacy By Design.
Rather than putting their attention to fixing this mess, Apple’s privacy team has been working hard on an essential upgrade in iOS 6.1 and here it is — now you have the ability not just to turn off tracking, but now you can reset your “Advertising Identifier.” It’s like deleting your cookies, but not filtering new ones. (Hold your applause.)
As any faithful reader knows, I’m all for choice — who knows, maybe some people do want to reset their Advertising Identifier, maybe because they accidentally used an unsavory app with unsavory ads. So thanks for the additional choice. But c’mon, this is not a serious effort to enable people with choices about their data. If it were, the opt-out choice (and the reset choice, too) would actually be findable.
Personally, I’m filing this new feature with the $29 adapter for an iPhone 5; another example of the kind of cynicism toward us as users that may ultimately be Apple’s undoing.
Identity information is not connected to what you do.
If you sign up for site scanning, privacy widget or seal services, we may ask for your name, title, email address, city, state, postal code, country of residence, and phone number, and we may invite you to select a password. We never associate any of your personally identifiable information with information about your activities through our services.
We do not use or store your precise location.
We do not access your precise location. Our analytics system may log the approximate location of anonymous users.
You can request to see your identity data.
You may choose to correct, update, or delete the membership information you have submitted to us by sending an email requesting changes to privacy@privacychoice.org. You may unsubscribe from email communications by clicking on a link in the bottom of each email you may receive from us.
We keep data for a limited time period.
We maintain information collected for no more than one year after your last interaction with our service or the termination of your membership.
We don't share your identity data.
We do not convey any information about your use of this service to any other party for their use, other than for their use solely in providing services to us. We may publish reports with aggregate information, such as trends in the interests of PrivacyChoice users. This never includes information about any individual user.
No ad companies collect data here.
We do not allow any other company to collect information on this site for their own use.
You can ask privacy questions.
We encourage questions and comments on our privacy policy, and anything else that can help improve our service. Please contact us at privacy@privacychoice.org or use our contact form.
Analytics companies access anonymous data on our behalf.
"Google Analytics is a web analytics tool that helps website owners understand how visitors engage with their website. Google Analytics customers can view a variety of reports about how visitors interact with their website so they can improve it. Google Analytics collects information anonymously. It reports website trends without identifying individual visitors." (Google)
We may use agents and contractors in order to help operate our site. Their use of information is limited to these purposes and is subject to confidentiality agreements.
We may disclose your data in special situations.
To operate the service, we also need to make your information available to third parties in these limited circumstances: (1) with your express consent, (2) when we have a good faith belief it is required by law, (3) when we have a good faith belief it is necessary to protect our rights or property, or (4) to any successor in a merger or acquisition. We will attempt to notify you in any such case, to the extent permitted by law to do so.
Our full privacy policy includes more information.
Our full privacy policy includes other important terms. Click to read it:
To see how someone else views your profile:
The first option is very simple: Kill your Facebook account by deleting it. Although it’s hard to find, Facebook provides a process to commit account suicide, which you can find 
