As many as 13 million Facebook users in the United States may not be aware of or are not using their privacy controls, security firm Sophos said citing a survey by Consumer Reports which showed Facebook doesn't make it all that easy.
Among the findings are:
- 39.3 million identified a family member in a profile
- 20.4 million included their birth date and year in their profile
- 7.7 million "liked" a Facebook page pertaining to a religious affiliation
- 4.6 million discussed their love life on their wall
- 2.6 million discussed their recreational use of alcohol on their wall
- 2.3 million "liked" a page regarding sexual orientation
Sophos said CR surveyed 2,002 members of its interactive consumer online panel who were over 18 and had a home Internet connection.
"CR found that some people are sharing way too much, including an estimated 4.8 million who've potentially tipped off burglars where and when they're going on given days and 4.7 million who've 'liked' Facebook pages about health conditions that can be used against them by insurers," it noted.
It quoted CR as saying that while some privacy or security issues arise from poor choices Facebook users themselves make, "other problems can stem from the ways the company collects data, how it manages and packages its privacy controls, and the fact that users' data can wind up with people or companies with whom they did not intend to share."
Also, CR said some users might be surprised to know that Facebook gets a report every time they visit a site with a "Like" button, regardless of whether or not they click on that button, have a Facebook account, or are even logged in.
"Those factors, taken together, have created a privacy free-for-all where users publish all manner of personal data from which can be extrapolated religious affiliation, sexual orientation, alcohol usage proclivities and more," Sophos quoted CR as saying.
Restricted to friends
Sophos said the privacy situation is bad even for those of us who restrict information to be seen only by friends, "given that friends using Facebook apps can allow our data to be transferred to a third party without our knowledge."
It said the CR survey showed privacy-related problems caused by Facebook are on the rise: 11 percent of households using Facebook reported trouble on the site last year, ranging from someone using a log-in without permission to being harassed or threatened.
"That percentage projects to some 7 million households - 30 percent above figures from last year's State of the Net report," it said.
CR acknowledged Facebook's claims that it takes privacy and safety issues seriously, including CEO Mark Zuckerberg's assertion that the company checks privacy access tens of billions of times every day.
Facebook had also pledged to offer users greater access to records of their Facebook activity.
Hard to understand
Sophos said Facebook's commitment to privacy may not be enough, as Facebook's privacy controls are too hairy for many people to understand.
It said CR referenced a recent study from consultants Siegel+Gale that finds that Facebook's and Google's privacy policies "are tougher to comprehend than the typical bank credit card agreement."
Also, it said US online privacy laws are feeble in comparison to those of Europe.
"To address all these issues, CR has put out a call for a national privacy law, asked Facebook to fix what it sees as a security weakness around passwords, as well as a collection of tips to help users understand and use Facebook's privacy tools," it said.
Sophos said Consumers Union, the advocacy arm of Consumer Reports, wants a national privacy law that holds all companies to the same privacy standards and lets consumers tell companies not to track them online.
It also supports the Obama administration's effort to bring industry and privacy groups together to set clear rules for how personal data is collected and used.
Also, Consumers Union launched a petition urging Facebook to improve privacy controls and address concerns about sharing practices.
CR also wants password security lapses fixed, noting Facebook could fix a security lapse that permits users to set up weak passwords including some six-letter dictionary words.
"And it could help users avoid inadvertently sharing status updates with the public, either by alerting them more prominently when they are about to do so or by changing the default audience for posts to the user's preferred audience," it said.
Other tips include:
- "UnPublic" the wall. Set the audience for all previous wall posts to just friends.
- Turn off Tag Suggest. If users would rather not have Facebook automatically recognize their face in photos, they could disable that feature in their privacy settings. The information will be deleted.
- Block apps and sites that snoop. Unless users intercede, friends can share personal information about them with apps. To block that, they should use controls to limit the info apps can see.
- Keep wall posts from friends. Users don't have to share every wall post with every friend. They can also keep certain people from viewing specific items in their profile.
- When all else fails, deactivate.
CR also advised users to think before typing, saying even if a user deletes his/her account, some information can remain in Facebook's computers for up to 90 days.
Users should also check out how their page looks to others and review individual privacy settings if necessary. — ELR, GMA News