Using Facebook means sharing personal information with at least some people, but Facebook sometimes makes changes to the way sharing works. Knowing exactly what you share and with whom can be hard to figure out. And at least some of your information is visible to everyone, even people who don't use Facebook, thanks to something called the Graph API. Confused? Fortunately, someone created a web tool that shows you what the Graph API reveals. Here's a sample of my Facebook information, as revealed by this tool:
How revealing is this? In one sense it is no revelation at all. It's no secret that I like Stagecoach Coffee. I've blogged about their great French Toast more than once. But in this screen shot I cropped the full report which shows I like a lot more than just these three things. Frankly, I was not aware that people who are not "on" Facebook could see this information and I am probably not the only person sharing this false assumption.
There are some potentially serious implications. What if you "like" something that is not liked by your boss or perhaps a prospective employer? Maybe you like the idea of legalizing marijuana. Some people could read that the wrong way. "Like" is the new Facebook term for "Fan" and maybe, perhaps a few years ago, you "fanned" some crazy stuff. Do you even remember all the things you fanned? (I had totally forgotten some of my likes).
So, my hat is off to Ka-Ping Yee, the Google.org software engineer and UC Berkeley graduate who created this little application that could have some big implications. (In that sense, he's a good example of a "white hat hacker," a gifted technologist who has shown us some of the pitfalls of a particular technology.) For example, thanks to Graph API you can check out people on Facebook without being logged into Facebook. You can just plug in their Facebook ID and look around. You can even enter random names and ID numbers. Some information is protected by privacy settings, some is not. And the reports that Ka-Ping Yee's web page displays contain live links (e.g. the report above shows a live link to the Stagecoach Coffee page) so you can just click your way from one piece of data to the next.
All of which is a little worrying when you factor in something I have blogged elsewhere, namely Facebook's founder Marc Zuckergerg's alleged indifference towards privacy. The various privacy missteps that Facebook has taken since its inception, and the difficulty many users have trying to keep up with changes to the way Facebook handles privacy settings, tend to add credence to the claim that Mr. Zuckerberg does not care about privacy. Consider what happens when you want to change your privacy settings.
Facebook makes you go through a two-step process if you want the most private of settings. When you want something to be visible to Everyone or Friends of Friends all you need is to select from a pull down list. But making something visible only to yourself is not visible as an option. You have to go through an extra step and choose Customize to see that choice.
That suggests the interface designers are not keen for you to get restrictive with your privacy. Of course, it could be a simple design flaw, but Facebook users are likely to be sensitive to such things these days, particularly when they learn that none of the settings can hide your "likes" from the Graph API and the outside world.
(If I have this wrong, please leave me a comment and let me know. I changed the privacy setting for "Things I Like" to "Only me" but they are still visible to the Graph API, as seen here: http://zesty.ca/facebook/#/stcobb/likes.)