What You Need to Know About Facebook's New Privacy Settings

Facebook announced that it's rolling out a handful of changes to the social network at the end of the year. Looking to help you better manage its privacy and security settings (which have been time-consuming and confusing to use), Facebook is adding privacy shortcuts, a tool for managing multiple photos in which you're tagged and new navigation in the activity log.

Facebook Product Manager Samuel Lessin says these changes were made to give you more transparency and help you better understand who can see the things you share.

"We continue to strive toward three main goals: bringing controls in context where you share, helping you understand what appears where you use Facebook, and providing tools to help you act on content you don't like," he says.

While some of these changes--in particular the new privacy shortcut--are a step in the right direction, according to Naked Security blogger Lisa Vaas, some miss the mark.

Here's an in-depth look at Facebook's major changes and what it all means for you.

Facebook's New Privacy Shortcut

Facebook's privacy settings have never been easy to navigate. But a new privacy shortcut the social network is rolling out aims to easily direct you to answers to three common questions: Who can see my stuff? Who can contact me? How do I stop someone from bothering me?

By the end of the year, you'll see a new icon between your Home and Settings. Click the lock icon to view the drop-down menu, and select the option for the setting you want to change.

Facebook's new privacy shortcut is a positive change, Vaas says.

"Up until now, tweaking privacy and timeline controls required you to stop what you were doing and navigate through a separate set of pages. In the best of all possible worlds, the ease of access to Facebook privacy controls would increase their use," she says. "That's good. It's hard to imagine their use getting worse, at any rate."

Facebook's New App Permissions

Facebook is also tweaking the permissions you see when you install a new app. Traditionally, you were prompted to give permission to use your information to personalize your experience and to post to Facebook, all on the same screen.

Soon, these two permissions will appear in separate windows so you can better control what you share. For example, you can grant an app the capability to read your public profile and friends list to personalize your experience, but decline to allow it to post your activity on your behalf.

[How Secure Are Your Facebook Apps?]

Facebook Removes Search Setting, Adds In-Context Notices

One privacy setting that Facebook is removing is the "Who can look up my timeline by name" setting, which has controlled whether you can be found by typing your name into the Facebook search bar.

"Because of the limited nature of the setting, we removed it for people who weren't using it," Facebook's Lessin says. This setting will be removed in the coming weeks for the "small percentage of people who still have it," he says.

Rather than remove this setting, Naked Security's Vaas says it should have been fixed. "If the original setting was limited in scope and failed to do what it purported [...] why not rework it so as to actually protect people's privacy and give them the right to not be found?" she says.

Facebook says in its place, the social network has built "new, contextual tools, along with education about how to use them."

These in-context notices will appear throughout Facebook to help you better understand certain actions you take.

This series of in-product messages will appear when you hide content from your timeline, for example, to inform you where, if at all, the information still appears.

Facebook's Updated Activity Log

Facebook's Activity Log, which was introduced last year, tracks what you've posted on Facebook, lets you change the audience of past posts and lets you choose what appears on your timeline.

Facebook is updating the Activity Log with a new navigation that lets you review your comments and likes, photos of you, and posts you've been tagged in. It will also let you sort your information so you can see public photos you're tagged in and have hidden from your timeline, but which still appear on Facebook.

Facebook's 'Request and Removal' Tool

Within Facebook's updated Activity Log is a "Request and Removal" tool that lets you take action on multiple photos you've been tagged in. For example, you can ask people who posted them to remove them.

You can find this tool--once it rolls out to you--by clicking on the "Photos of You" tab, selecting multiple photos and then choosing the option you prefer: untagging all the photos or requesting that the photos be removed. You also have the option to include a message to the person who posted the photos.

Naked Security's Vaas says this change, while a step in the right direction, misses the mark:

"Rather than having to slog through a continual process of requesting that people untag them in photos, and that they please leave off the habit entirely in the future, and rather than simply blocking tagged photos from appearing on their timelines, many Facebook users want to simply block anyone from tagging them without having received express prior permission to do so," she says. "Unfortunately, Facebook has failed to give us this blanket tag-blocking ability in these recent privacy changes."

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicessecuritysocial networkinginternetFacebook

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Kristin Burnham

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place