Facebook revamps privacy settings – but misses opportunity to do so much more

Facebook privacy settingFacebook has announced that it is rolling out what appears to be a major redesign of its privacy settings.

Although they make privacy settings easier to access, and may encourage users to be more careful with how they share information online, it feels as if Facebook may be reacting more to Google+ rather than making a fundamental shift in its attitude to users’ privacy.

In a blog post published today, Facebook VP of Product at Facebook Chris Cox announced what he described as “a bunch of improvements that make it easier to share posts, photos, tags and other content with exactly the people you want.”

Redesigned privacy controls

The changes will begin to roll out to Facebook users in the coming days, but here’s a summary of what’s new:

* Inline controls – Previously the privacy settings for your Facebook content were buried away in a labyrinth of different pages. In the future, each post will have a privacy control alongside it, making it more obvious who you are sharing information with.

Facebook privacy inline control

This is a little like how Google+ operates, with users being able to choose at the time of post exactly which individuals or groups of friends (known as “circles”) they wish to share information with.

(Update: Thanks to the commenters below who pointed out that Facebook has actually had this functionality for sometime, albeit presented in a less visual fashion. What appears to be new is that you can now change a status entry’s privacy setting after it has been published).

* Inline profile controls – Previously if you wanted to choose who could see your phone number, your school, your date of birth, your photo albums and other personal information on your Facebook profile you had to navigate Facebook’s maze of privacy setting pages.

Now, content on your profile will be accompanied by a privacy control, making it simpler to see who you are sharing the information with and making it easy to change with one click.

Facebook inline profile controls

* Profile tag review – In the past, if someone tagged you in an embarrassing photograph (remember you were drunk at the company BBQ?) it would show up instantly on your profile. You will now be able to approve or reject any photo or post you are tagged in before it is visible on your profile.

Facebook photo tag approval

Note, that doesn’t mean that people can’t tag you in a photograph without your approval – it sounds like they still can, it’s just that it won’t then be visible on your profile without your permission.

Photo-tagging is, in the feedback Naked Security has received from Facebook users, one of the most unpopular elements of the site. It’s our belief that many Facebook users would like the ability to block anyone from tagging them in photographs without their express permission, rather than simply blocking the photo from appearing on their profile.

Instead, you’ll probably find yourself continuing to request that people untag you from photographs, and kindly learn not to do it anymore in future.

Remove tag

* Content tag review – In the past, anyone who had permission to see your photos or posts could add tags to them. You will now be able to choose whether you want to approve or reject any tag someone tries to add to your photos and posts.

* View profile as.. – You’ve always had the ability to see what your profile looks like from a different user’s perspective, but now Facebook will be making the facility much easier to access.

View profile as..

Google+ offers similar functionality for its social networking users.

* “Everyone” becomes “Public” – A terminology change by Facebook. In the past, users may not have been aware that if they chose to share information with “everyone” that actually meant “everyone, everywhere on the internet, forever”.

Is “Public” an improvement? Probably, but I suspect many folks still won’t realise its true implications.

Because even if you change your mind, it’s too late – and although Facebook say they will remove information from your profile if you choose to zap it, you and they have no control about how it is used outside of Facebook.

In fairness, Google+ uses the same terminology.

A step in the right direction, with possible inspiration from Google+


So, there’s lots of good stuff here. It sounds like Facebook has made efforts to simplify the way its privacy settings work, and make it more obvious to its users how their information is being shared.

Although they’ve denied it, there can’t be any doubt that the launch of Google+ may have influenced some of the design decisions here. Amusingly, some Google+ users are already having fun commenting on the similar look.

Google+ users comment on Facebook privacy settings

We’ll have to wait until the controls are live on Facebook users’ accounts before we can give them a gold star, but from the sound of things Facebook deserves some credit for the revamp.

However, Facebook doesn’t seem to have really addressed the more fundamental privacy issues on the site.

What’s missing?


Four months ago, Naked Security published its open letter to Facebook about safety and privacy, calling it – amongst other things – to adopt “privacy by default”.

By that we meant that Facebook should no longer share any more information without its users’ express agreement (OPT-IN).

Facebook and padlockFacebook, unfortunately, has time and time again eroded privacy introducing new features which share additional information about their users, assuming they want the features turned on.

In other words, the onus has been on users to keep a close eye on what Facebook is up to, and OPT-OUT when the firm introduces something they may not want to happen to their personal information.

Although I’m pleased to see what appears to be Facebook simplifying its privacy settings, and making them more visible, it has missed an opportunity to lead the way on privacy.

Facebook should become truly opt-in. Not just on the basis that a new user opts in altogether by joining Facebook in the first place, but on the basis that everything is locked down until a new user opens up each feature.

Facebook should not wait until the regulators in the world’s developed economies start legislating to make it do a better job. If they took the lead, people would love them all the more in the end.

Make sure that you stay informed about security and privacy issues on Facebook by joining the Sophos Facebook page, where more than 100,000 people regularly share information on threats and discuss the latest news.

View This Poll