Facebook privacy - Instant personalisation and connections
Facebook has been announcing a number of changes recently, many of which will impact your privacy. While you may not have seen them hit your account yet, they will almost certainly do so soon.
Connections
In the past, Facebook had a whole bunch of free-form fields for things like location and interests. You could put practically anything you wanted in these, and show them to your friends. For things like interests, there was some basic search features, but they weren't very advanced.
These free-form fields are now changing into "connections". Like existing fan pages, connections represent an actual relationship, rather than just text. Also, just like fan pages, they're public, so you can see all the people who like cooking, or mushrooms. The new connection pages include extra information including text from wikipedia, and an automatic search through both your friends and all public posts to look for content related to that subject. The same applies for your location (hometown and current), your employers, and education!
From an application developer's standpoint, this is a great change. The existing free-form fields were next to useless. From a privacy standpoint, this is an interesting change. It's great to be able to find friends who share your common interests, but because connections are public, you're not just revealing that information to your friends. You're revealing it to the whole wide world. For any user who just accepted the defaults the defaults, I now know the city where you live, who you work for, where you went to school, and what you enjoy doing, in addition to who your friends are, and what you look like.
Luckily, you don't have to convert your interests and locations to connections. However if you don't, those parts of your profile will simply cease to exist. Facebook would really like you to convert to connections, and you'll get a scary looking message about parts of your profile being removed if you don't. Of course, not all of your interests will map to new connections, and those that don't will be discarded in any case, so whatever you do you will be losing information, including potentially the dates of your employment and education. For me, that's not a big deal, but it might be for you. If you do want to continue listing your interests in a free-form and private fashion, I recommend you simply add them to your "about me/bio" section.
If you do convert your interests (and Facebook will ask you to do so sooner or later) then keep in mind that these (along with your existing fan pages) are very public. Your friends, family, employer, potential employer, applications, websites, enemies, and random people on the Internet will all be able to see them. If you don't want that, your only recourse is to remove those connections.
In theory, you can also edit your birthday, and change your age to under 18, which limits what Facebook will publicly disclose about you, although your connections are still very broadly published. Unfortunately, as I discovered the hard way, you can only transform from an adult into a minor once, so if you've edited your birthday in the past you may not be able to change it now. In fact, if you've already converted to the new connection system, then your birthday will no longer show up as something you can edit, so make sure it's set to a date you're happy with before going through the conversion.
Instant Personalisation
Facebook is rolling out changes to allow websites to automatically access your "publicly available information", which includes name, profile picture, gender, friends, and "connections".
What's that, I hear you ask? Are these the same connections that I just added to my profile during the conversion process? They sure are! I bet you just love the idea that when you visit a website, they not only automatically know your name, your location, and your friends, but also a detailed list of your interests, activities, education, and employer!
Luckily, you can turn instant personalisation off. There's a new ticky box on the applications and websites privacy page. For some users, this is on by default, and for others it's off, and I'm not yet sure how that's determined. If it's not ticked now, and you later go through the connections conversion process, then I recommend you go back to double check it's still unchcked.
Having ensured that instant personalisation is disabled, I bet you're feeling pretty safe. However there's a great little clause if you read the fine print: To prevent your friends from sharing any of your information with an instant personalization partner, block the application...
That's right, your friends can share your information. This actually isn't anything new; applications your friends have installed can also view your information, but you probably don't want them sharing your info with the instant personalisation sites either.
So, in addition to unticking a box, you probably want to visit the applications listed in the FAQ entry and block them, too.
While you're at it, I recommend you look at your list of authorised applications as well, and remove any ones that you no longer need. It's very easy to authorise an app these days (in fact, commenting or liking this blog post will do so!), so you might be surprised to see what's there.
Finally, if you want to protect against accidental leakage of your profile information, consider logging out of Facebook before browsing other websites. Sure, this may be a pain in the arse, but Facebook can't share your information if you're not logged in.
Conference Talk at OS BridgeAFAICT, the URL you need to block is "connect.facebook.net". Unchecking the box in your privacy settings doesn't seem to disable this mis-feature.
