Facebook privacy snafu turns out to be false alarm, but maybe it's time for some housekeeping

On Monday, some Facebook users were alarmed about what they thought was yet another privacy SNAFU by the social network: private messages from 2009 were showing up on their Timelines as public wall posts.

As it turns out, it was a false alarm. The "private" messages that were appearing publicly on people's Timelines were never private at all -- they were just old wall posts from 2009 that people had, well, forgotten about.

Facebook told TechCrunch that they have checked every report and have found no privacy breaches. Instead, users are just confused -- before 2009 there were no Likes or comments on wall posts, and so the posts look more like private message threads.

Facebook also says that there are technical barriers between the two systems that prevent such a privacy snafu from ever happening.

"The two systems are totally separate," Facebook said.

The issue was first reported in French newspapers, including Le Monde and Le Matin, and may have come to light because Facebook's new Timeline format was recently pushed to French users.

Though there's no real story here -- there's been no Facebook privacy snafu, and private messages are still private -- the fact that people actually forgot they'd posted personal-sounding messages on public walls raises a few questions. For example, how much of our online social lives are (still) on the Internet, ready to come back and bite us in the butt at any moment?

You see, Facebook's record-keeping process is like its frictionless-sharing process. In the same way that frictionless-sharing makes us bad sharers, Facebook's record-keeping makes us bad record-keepers. Certainly, it's nice to have a record, which includes major events and small, touching moments, of your life. But it's not quite as nice to have every moment of Internet-stupidity, such as the time you got kind of drunk and posted to 143 people's walls, recorded for posterity. Instead of giving us a digital scrapbook, Facebook gives us a digital transcript -- and it's usually not pretty.

And that's why it's a good idea to take another look at your Facebook Timeline, and what you've done over the past several years you've been on Facebook.

Here's what I recommend doing:

  • Limit your past posts. Though ideally you'd be able to get rid of your past posts completely, if that's not a viable option it's a good idea to at least limit them to friends-only status. To do this, go to Privacy Settings > Limit the Audience for Past Posts > Manage Past Post Visibility, and click "Limit Old Posts."
  • Cull your friends list. I don't mean you should post an "I'm trimming my friends list, post if you want to stay" message to your wall. I mean you should go through and look at the people you don't know very well -- such as old coworkers and classmates -- and determine if they're a security risk. For example, a loosely-affiliated ex-classmate who works at a company you're applying for might give up their Facebook login to their boss.
  • Routinely delete old wall posts. Delete anything that's older than two years (or so) -- you don't need it, they're not literary masterpieces, and if you find a gem you can just copy it onto a file on your hard drive.
  • Routinely delete old photo albums. Your 250-photo album of your trip to Spain was interesting and cool when you'd just gotten back from Spain. But now it's been four years and nobody cares, and at best the photos are a liability or stalker-bait. Get rid of the album (save it to your hard drive, of course), and perhaps post a "Travels" album with a couple of photos from each of your old trips.

It's hard to get rid of old Facebook posts, even if you know you're never going to look back on them and reminisce. It's also time-consuming, since you have to delete each post individually with the new Timeline format. To make the entire process easier, do it in chunks. Whenever you have an hour or two, fire up a Netflix movie and indiscriminately delete old posts.

Join the CSO newsletter!

Error: Please check your email address.
Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Sarah Jacobsson Purewal

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place