Facebook is a hugely popular social networking tool used by many people who don't ordinarily use a computer for anything else.
For this reason, general user security-awareness is not high, and in my opinion Facebook uses a very irresponsible set of default privacy values.
So, what if you want to publish photos on Facebook, to be seen only by your "real" friends? (as opposed to the list of 900 virtual strangers that sent you friend requests that you felt bad refusing)
Well the first thing to do is set up a special friends list. eg: "Close Friends", "Family", etc. For the following examples we'll assume you've set one up called "Family" which you don't want anybody else to see, without exception.
Once you've done this, you need to ensure every time you create a new photo album that you assign a "Custom" privacy setting for it, and then add your "Family" group.
Also of note in the screenshot above is the "Public Link" - this allows anyone to view the album even without logging into Facebook, so don't send it to anyone or publish it anywhere.
Please note, the above applies for any videos you may have uploaded too - just click "Edit Video" and change it to the same Custom privacy settings as we did for the photo albums.
Now in an ideal world this would be enough to protect your photos and videos from random friends. After all, you've clearly set the privacy to "Family-only" right? Well, you might think that, but unfortunately Facebook has left ways that you and your friends can unwittingly override this setting, meaning that photos wilthin the album may still be visible to other people.
The first thing to be aware of is "tagging". This is done to let people know who is in a particular photo. What you need to know is that if someone is tagged in one of your photos, they get to see the photo, even if they are not in your friends list. And... anyone that you let view your photos may tag them for you!
So, what harm can this do? After all, they are in the photo, so surely they should have the right to see it? Well, in general this may be the case - but it's your photo after all, and Facebook should really give you some way of stopping this behaviour, especially as many users won't realise that tagging overrides their previous privacy settings.
There are any number of ways this tagging problem can be a privacy issue. For example, what if you are at a works do and publish some photos for a selected, custom group of trusted friends. One of your snaps has your boss in it, and a few of you have posted some comments that you'd rather she didn't see. All it would take is for one of your friends to "tag" your boss and she will have access to that photo and the comments. Depending on her Facebook settings, she may also receive an email telling her she's been tagged with a convenient link - so it's highly likely she will see the photo, and the associated comments. Note, the friend that added the tag may not have done it maliciously, they may simply not have understood the implication. They may even make a complete mistake and tag your boss in a photo she doesn't appear in, that you definitely wouldn't want her to see... This is easier done than you would think, especially if several people have similar names.
The important point is that you cannot stop them making this kind of mistake, even though you were the one that published the photo. Facebook should really add an option that restricts tagging on photos so that people other than the photo's owner may only tag themselves, and nobody else. This would allow additional security on your private albums.
What you can do, is remove any tags from your photos, which should also stop them from being added again. However, this of course requires that you spot the tag before it is too late.
Tagging is actually a nice, fun feature, and I can see why it is popular. However, the above security risks should be addressed by Facebook.
Tagging Continued (these pesky tags are confusing!)
Apart from tagging other people in your photos, you (and your friends) may also tag yourself. Any pics tagged as such will be viewable from your profile page in one special album. This is great, provided you know how to restrict access to these photos too. Luckily, this is quite easy. In the screenshot below I've kept to the same privacy settings as I have for my other albums - i.e. only "Family" may view photos tagged of me.
Note this of course does not stop other people from viewing photos other people may publish of you, but you would never be able to prevent that anyway. It simply means that people with access to your profile won't be able to see your own potentially private photos.
"My family member just commented / tagged my private photo and it's now visible on their wall!"
Don't worry, provided you followed the above directions, the only people who can see that wall entry are people with permissions to view that album. So, only you and anyone else in your "Family" group can see it.
Publishing Albums to your Wall
This is not nearly so much of a problem as tagging, but worth knowing anyway. When you edit your photo albums, you have an option to "Post this album to your profile." Users again may be forgiven for thinking that this would just post a story to their wall, but wouldn't undo their previous privacy settings. They would be wrong though - clicking this option posts the album as a story, and undoes all your privacy permissions for the album at the same time. i.e. anyone that may view your wall can click that story and have full access to your album.
The easy fix for this is to not click the option in the first place.
Note however, that you can still have the album appear on your wall, with the security intact. This happens automatically when you add new photos to the album etc. If you are worried these new stories may not be secure, you can check them by hovering your mouse to the right of the story on your wall, and clicking "story options" on the link that appears, and then "edit privacy". eg: in the screenshot below, a story has been posted saying "2 new photos" but the story is correctly honouring the privacy settings for the album.
If you don't see an "Edit Privacy" option, then it's likely you've accidently published the story publicly and should delete the story immediately if you didn't mean to do this (this won't delete the album, just the entry on your wall).
Be Careful When Joining Networks!
So, we've taken note of all the above, and are now confident our photos are protected from strangers. There is another "gotcha" to beware of though. If you decide to join a "Facebook Network" your settings will be changed to the below:
Now I'll admit that in my testing this didn't seem to open up photos to people belonging to the same network as me, whether they were on my friends list or not. But, just on the off-chance I've missed something, it's not worth the risk of opening up your private photos and videos you've tagged yourself with to potentially millions of strangers (eg: the "London" network). So, I'd advise changing the custom settings to "None of my networks"
Please note, there are other settings on that page that also change to allow your networks access, but as this post is about Photos I'm not detailing them here - just check the page carefully!
Summary for keeping your photos private
- Set up Friend Lists to categorise groups of your friends
- Don't ever give out the "Public Link" to your photo albums
- Set all of your photo albums to a "custom" privacy setting
- Be aware of how tags work and inform your friends if necessary
- Don't ever click "Post this album to your profile" - this overrides all previous security!
- To be safe, remove tagged photo/video access for your networks
Reply #7 on : Wed January 28, 2009, 14:37:42
Reply #6 on : Wed April 15, 2009, 01:53:32
- Airline Entertainment company iPad app
- London Web Summit 2012
- Highly charged viral Facebook campaign
- Celerity now runs on solar power
- Joomla site management
- Large corporate site build with content population
- Our office now has a wood stove!
- Templating for Mailshots
- Energy usage at Celerity
- Templating work for Contact Lens site