Open Source Utilities For Facebook Privacy

dward90 writes "Two online projects will scan and edit Facebook privacy settings for maximum protection: ReclaimPrivacy (reclaimprivacy.org) and SaveFace (untangle.com). The article says: 'Several new applications have launched this week that are designed to easily reset a Facebook member's privacy settings, following new changes from the company that make a sizable chunk of profile content public by default when it was once kept under lock and key.'"

Is It Just Me ...

[WrongSizeGlass]

... or is it just a bad idea to be able to change privacy settings via Facebook's API? Couldn't some other site/service "open the flood gates" instead of locking them down?

Re:

[Anonymous Coward]

Just about everything about Web 2.0 sites is a bad idea.

The privacy problems are well known.

The general stupidity of the users is well known (and often exploited by both the sites themselves and others).

The technology the sites use is often shitty (NoSQL, mainly).

Web 2.0 sites are about doing things as wrong as possible, but becoming popular thanks to the stupidity of people as a whole.

Re:

[K. S. Kyosuke]

What is so wrong with not using SQL? Even if you do use relational databases, SQL as such should have been replaced by a proper relational query language ages ago.

Re:

[Anonymous Coward]

Is that a serious question?

Relational databases can do anything and everything that any NoSQL "database" can do. But unlike NoSQL "databases", relational databases don't go randomly losing data, don't go corrupting data, allow for proper normalization, allow for much better performance, allow for transactions, and in general are always a much better idea.

The only reasons people gravitate to NoSQL databases and architectures are:
1) They're ignorant of how to properly use a relational database.
2) They're doin

Re:

[MoralHazard]

In other news, YHBT. HAND.

Re:

[K. S. Kyosuke]

I'm not talking about non-relational databases, I'm talking about relational databases not using SQL. You can't query a true relational database using SQL, simply because SQL does not support constructs that a true relational database should, and on the other hand, SQL does things that don't belong to the relational model. And BTW, SQL isn't 40 years old.

Re:

[kdemetter]

SQL was developed in the early 1970's . So that's exactly 40 years old.
I know , time flies by quickly.

Not sure what you mean by "constructs that a true relational database should support" though .

Re:

[icebraining]

The technology the sites use is often shitty

Says the guy posting in a site written in Perl.

Re:

[bami]

You're putting the emphasis wrong.

"Says the guy posting in a site written by complete idiots with no understanding of usability"

Re:

[bertoelcon]

Says the guy posting in a site written in Perl.

Not just the site, some of the editors are Perl scripts too.

Re:Is It Just Me ...

[0100010001010011]

You can't. And neither of these tools do.

You have to drag them from their website to your toolbar. Go to facebook, click on them. The javascript scrapes the website and either validates the settings (reclaim) or just sets everything to 'friends only' (save face).

I've tested both and they seem to work just fine.

I bet facebook releases a change in the html to break the scraper soon though.

Re:

[commodore64_love]

RECLAIM doesn't seem to work. It tells me I have vulnerabilities, but when I click "fix" it doesn't fix the problems.

SAVEFACE - I'm not sure. It does something, but whether or not it actually worked is a mystery.

Re:

[Pvt_Ryan]

I ran them in the following order:

reclaim
saveface
reclaim

on the 2nd run recalim reported everything as "good"

Re:

[commodore64_love]

Ditto. It appears reclaim didn't really change my settings (hence why it still showed red). Saveface did all the work.

Re:

[bill_mcgonigle]

RECLAIM doesn't seem to work. It tells me I have vulnerabilities, but when I click "fix" it doesn't fix the problems.

Same here. The underlined link did bring up the right page and I unchecked the right boxes. Then it verified the change correctly.

Re:

[eleuthero]

...except that they wont actually delete your account without running through a massive number of hoops - one site [stevenmansour.com] and another [nytimes.com] among several that pop up with a "delete facebook" search on google

Re:

[Locke2005]

You're missing the point... if any app can update your privacy setting, it is trivially easy for a trojan such as a game to update your settings as well.

Re:

[0100010001010011]

And it couldn't before? Any trojan could go and change your settings for any website that you're currently logged into. It's not like this is something new with facebook.

Heck, the fundamental way they work is the entire idea behind GreaseMonkey & UserScripts (for Chrome/Opera)

Re:

[facebook]

It's a good idea, just trust me. Most of you dumb fucks already have.

Re:

[Hognoxious]

How much difference does changing the settings actually make? The words "stable", "door" and "bolted" spring to mind.

Open Source Warning

[AnonymousClown]

Before creating a facebook account, please consider this:

• Facebook must exploit your personal info in order to make the mega bucks that they've grown used to.
• A Facebook page may make you unemployable.
• All Facebook privacy safeguards will be circumvented.

Re:Open Source Warning

[Abstrackt]

A Facebook page may make you unemployable.

This one thing from an otherwise good post really bugged me. You may make yourself unemployable by posting things you shouldn't in public because despite Facebook's atrocious privacy policy they can only work with data you give them.

Re:Open Source Warning

[dcmoebius]

they can only work with data you give them.

Not true, actually. They can also work with the information your "friends" give them.

Re:

[Animaether]

At which point it doesn't matter whether you, yourself, are on Facebook - as long as that 'friend' puts your name in an entry, you could be flagged in such an internet query. I.e. if you're laying face-down in vomit with a half-empty bottle of Absolut in your hands, it doesn't really matter whether that somebody 'tags' that photo with the 'friend' account 'dcm' or simply jots down 'lol dcm after a FUN night out!'

Re:Open Source Warning

[icebraining]

In fact, it's the reverse: being on Facebook is better because it alerts you when people tag you, so you can ask them to take it down/edit it; if you aren't registered you probably will never know until it bites you.

It *doesn't* suck you in!!

[Torodung]

Insidious, ain't it? The only way to see if someone's posted Photoshopped naked pics of you in Facebook is to be on Facebook.

I liked Web 1.0 better, where Photoshopping people on nude bodies was only done to celebrities, who had decided to give up all their privacy in their choice of career, for considerable fringe benefits. That or banished to some obscure part of the Internet.

Web 2.0 is all the disadvantage of celebrity, with none of the benefits.

--
Toro

Re:

[syousef]

they can only work with data you give them.

Not true, actually. They can also work with the information your "friends" give them.

Here's a thought. Don't get yourself photographed doing crazy illegal shit. Hell another thought don't do crazy illegal shit. If you're letting your friends photograph you smoking pot, having sex with hookers, putting graffiti on public walls etc. YOU are making you unemployable.

Re:

[smash]

Actually, they can only work with the information you give your "friends" to post. Don't want to be pictured face down in a pool of vomit? Don't do it in public? :D

Re:Open Source Warning

[nacturation]

A Facebook page may make you unemployable.

This one thing from an otherwise good post really bugged me. You may make yourself unemployable by posting things you shouldn't in public because despite Facebook's atrocious privacy policy they can only work with data you give them.

"Damn Abstrackt, you sure had a fun time with those hookers last night. I can't believe they happened to have marijuana on them... you sure went to town on that bong! [pic attached] I'll be on IRC tomorrow... you've gotta tell me all about that Windows bug you exploited to crack into that .mil site." -- written on your wall

Re:

[John Hasler]

> You may make yourself unemployable by posting things you shouldn't in
> public because despite Facebook's atrocious privacy policy they can only
> work with data you give them.

I mostly agree. There's nothing wrong with using Facespace or any other free, ad-supported service as long as you understand that anything you put there might become public (or be lost in a crash or be deleted when the service is discontinued). As to their privacy policy, well, hell. They have no contract with you (nor you

Or friends

[DrYak]

You may make yourself unemployable by posting things you shouldn't in public {...} they can only work with data you give them.

Or, some idiot might post un-appropriated stuff about you.
In fact, you don't even *need* to have a facebook account to get embarrassed by people you made the mistake to consider as friends.

I disagree.

[AnonymousClown]

Many employers and definitely for security clearances will look at your page and all of your friends. Guilt by association.

See here under "Yes, Facebook can get you fired." [wsj.com]

Mr. Fulmer and his wife made fun of a local church sermon in a podcast they posted online in 2005. Mr. Fulmer says it got so much attention, his boss listened to it, thought it was offensive and fired him.

The thing is, sharing things about yourself can be objectionable to an employer - and you don't know what they could be.

What may be completely harmless or even your God given right to say or do, may make you unhirable for an employer or even fired. Against the law in some cases - prove it. They can always find a legitimate and legal exc

Re:

[BobMcD]

The article you linked says that 27% of orgs have a policy and that 2% of them have actually fired someone over things like this.

It seems to me having an objectionable Facebook page might be an asset. It would definitely keep you away from employers who do not understand that you're there to earn a paycheck, and then you go home. Now if you're the sort that actually wants to be micromanaged without pay, heed the advice, but for the normal among us, maybe it isn't such a big deal. Take this:

That happened to a friend of mine. She was out with friends and wasn't drinking. Someone passed her shots to pass down the table. Of course, someone was taking pictures and guess what? Yep, the picture of her with the two shots got on her friends Facebook page. She had a Facebook page too which was linked to her friends .... Oy!

Maybe you want

Re:Open Source Warning

[Hognoxious]

You may make yourself unemployable by posting things you shouldn't in public because despite Facebook's atrocious privacy policy they can only work with data you give them.

Gibberish. I could post a picture of two drunken idiots dancing naked in the street on my page - and tag one of them as you.

Re:

[tabdelgawad]

Um, you can do that anyway - Facebook or not.

Re:Open Source Warning

[SatanicPuppy]

I was in an amusing job interview the other day:

Interviewer: "So, I'll need to see your Facebook page"
Me: "I don't have one."
Interviewer: "I know it's probably not something that you want all employers to see , but we're not 'narcs', we just want to know if you're a 'culture' fit."
Me: "No, really. I don't have one. I never understood the draw."
Interviewer: "You know, this is really not the sort of attitude we look for in a potential hire."
Me: "...If you Google my name, you get one hit, and it's not Facebook."
Interviewer: "I'm not going to show anyone."

Damned if you do, damned if you don't.

Re:

[budcub]

If anyone ever asked me in a job interview to show them my facebook page, I'd laugh out loud. If they persisted, I'd tell them to kiss my ass and go to hell. I'm not kidding.

Re:

[dbIII]

Yes but people do that sort of stuff all the time (eg. the "drunken pirate" teacher fired over an innocent costume party photo) and annoying HR types use that as an excuse to play with facebook all day instead of doing any work.

Re:

[hitmark]

Facebook must exploit your personal info in order to make the mega bucks that they've grown used to.

maybe grows used to, but that do not mean entitled to. If i grow used to getting $1000000 onto my account each month, and then it stops, am i then entitled to having that start again?

Re:

[LWATCDR]

What always shocked me is that anybody ever thought that data you posted on a social networking site was private to begin with?
Really?
Of course there will always be the problem of someone tagging you in a photo where you are making an ass of yourself but then it has always been wise to avoid making an ass of one's self in public.

Re:Fool's Gold Warning

[Overzeetop]

Before creating a Facebook account, please consider this:

Everything that you put into Facebook is public. If you don't want people to know, don't post it.

Re:

[The Fanta Menace]

A Facebook page may make you unemployable

Seriously, if some dumbarse business won't employ you because they found something on your Facebook page, they would be a god-awful place to work anyway. There will be plenty of better employers out there who will employ you no matter what's on your page, and they will be far more pleasant places to work.

Re:

[smash]

Facebook privacy settings recently got changed, and people lost their settings which were set to "private". So, if you just ignore your facebook account, it may not actually stay private.

Copy

[mehrotra.akash]

What prevents these apps from keeping a copy of the info in their databases before changing the settings?

Re:

[Anonymous Coward]

The fact that they are open source and you can view the code before you run it? If you're not comfortable with it, don't use it.

Re:

[mehrotra.akash]

Considering that many of the people who need to use an app to change their privacy settings and are on facebook will not be able to understand code.
Example: so many people grant full profile access to apps just to view a video(and that app just spams the wall of their friends)

Re:

[pjfontillas]

But with the source code available people who do understand code can analyze the code for just such a thing. We don't need to have everyone understand how the code works we just need some that find any flaws that then help spread the word to everybody else.

Re:

[CannonballHead]

We don't need to have everyone understand how the code works we just need some that find any flaws that then help spread the word to everybody else

There is no guarantee that that has happened, is there? With a small project that apparently has, at this time, one developer? I have not read anyone that has reviewed the current codebase and told me that nothing bad is in there.

Re:

[Myopic]

There doesn't need to be a guarantee. There only needs to be sufficient basis for trust. Your interlocutors are claiming that, for them, there is sufficient basis for trust. You can make your own decision.

Re:

[CannonballHead]

My argument is that the framework is there for trust, but simply being open source doesn't automatically mean it is trustworthy in its current form (i.e., current code).

In other words: it's open for review, but that does not mean that someone has reviewed it.

(that said, I would tend to trust an open-source one more than closed-source with no external review, simply because the open-source one is openly inviting review at any time... if that is your point, then I agree :))

Re:

[fbjon]

Oh just look for yourself. [reclaimprivacy.org] But to ease your pain, I already looked through the relevant code (I'm assuming the jQuery code is fine), and found nothing sinister. It's less than 1000 LOC, well-formatted, and half of it is just CSS.

Re:

[blueg3]

For Reclaim, at least, your data doesn't go through their servers. It's a bookmarklet that causes JavaScript to be executed. The JavaScript file can be downloaded and reviewed, and you could even change the bookmarklet to run your local, reviewed copy instead of the one from their server. It doesn't appear to communicate with anyone but facebook.com.

Are these tools in the article safe?

[Anonymous Coward]

They run javascript on the facebook page, can they be used to steal my facebook password?

Re:

[c-reus]

Losing the account wouldn't matter. However, losing the password would, since a lot of people use the same password for a lot of other sites

Other websites knowing your facebook account

[HockeyPuck]

I've noticed recently that many non-facebook accounts (cnnmoney.com for example) know about my facebook account. Usually I see a link/graphic at the bottom of the page that says "click to 'like' this" or something similar.

Anybody know how to keep these third party sites from knowing about your facebook account?

Re:Other websites knowing your facebook account

[mehrotra.akash]

Account->privacy settings->Apps and websites Disable "Instant Personalization Pilot Program"

Re:Other websites knowing your facebook account

[TimmyDee]

I wish it were that easy. I have the "Instant Personalization Pilot Program" disabled on my account, but FB Connect popped up on CNN Money this morning.

What did I do? I specifically blocked any URL containing "fbconnect". Problem solved. OmniWeb let me do this using RegEx, but I'm sure the same can be done with AdBlock.

Re:

[mehrotra.akash]

My mistake, that is only for 2-3 sites that use your FB id to store profile settings

However, the other sites seem to be taking the data with explicit permission from FB. See http://www.microsoftteched.in/ [microsoftteched.in]
On the bottom right there is a FB app click on the privacy button in it, there is a 4-5 page long document, but since it is on facebook.com, I assume that it is only for selected partners, so it should be as safe as your data is on FB itself

Re:

[mcb]

The CNN issue really bothered me. From my research, you can also prevent it by disabling third party cookies.

In Firefox it's in Tools->Options->Privacy->Use custom Settings for history

Re:

[Fnkmaster]

Here [slashdot.org] is a very helpful post from a few weeks back. Easy enough to set up Adblock to block all that stuff out.

Alternatively, if you log out of Facebook after use, most of this stuff doesn't show up. However, that doesn't block all the Facebook content on third party websites according to some.

The Adblock solution seems to be 100% effective for me.

Re:

[Locklin]

For privoxy, I added the following to my user.action file:

{ +block{Facebook privacy invasions} }
http://api.facebook.com/restserver.php
http://www.facebook.com/connect.php/js/FB.SharePro/
http://www.facebook.com/ajax/connect/
http://www.facebook.com/plugins/
http://www.facebook.com/connect/
http://connect.facebook.net/

and saved.

Re:

[Landshark17]

You can, Lifehacker just posted this article about doing that today:

http://lifehacker.com/5542041/block-sites-from-using-your-facebook-login-with-adblock-plus

Re:

[HockeyPuck]

I've always had that disabled, but it still shows up on cnnmoney.

Re:

[Anonymous Coward]

You should sprinkle a lot of obscenities, pornographic pictures, and the most distastful things that you can find on your facebook pages. It will insure that other sites cannot use your information without losing their "safe for work" designations.

And now for something completely different!

[Anonymous Coward]

And that, my liege, is how we know the Web to be banana-shaped.

This new learning amazes me, Sir Zuckerberg. Explain again how a series of tubes may be employed to eliminate privacy.

Oh, certainly, sir.

Look, my liege!

[trumpets]

Facebook!
Facebook!
Facebook!

It's only a website.

Shhh!

Friends, I bid you welcome to your new home. Let us ride... to Facebook.

[singing]

We're Friends of the round table
We Poke when e're we're able
We do Farmville and play Mob Wars
With mousework impecc-able
We lurk around on Facebook
We tag an

Re:

[Culture20]

Zuck: Yeah so if you ever need info about anyone at Harvard
Zuck: Just ask.
Zuck: I have over 4,000 emails, pictures, addresses, SNS
[Redacted]: What? How'd you manage that one?
Zuck: People just submitted it.
Zuck: I don't know why.
Zuck: They "trust me"
Zuck: Dumb f***s.

I usually mask out dirty words too, but if you're quoting someone directly, and are doing so to make a point, altering their words doesn't help.
Zuckerberg, in that last exchange, called all Harvard Facebook patrons...

Dumb fucks.

Re:

[himself]

(Cue raucous applause, pounding on tables, wolf whistles, and shouts of "bravo!" and "huzzah!")

Looking forward

[Spad]

Cue an endless series of phishing sites: "Did you know that anyone on the internet can see things you post on your Facebook page? Just type in your username and password and we'll scan your profile to see if it's secure..."

Re:

[IamTheRealMike]

No it's even better. "Just drag this bookmarklet and click - it's totally safe!". Why do the Reclaim folks claim this is somehow better when it's clearly not? Their script is not only compiled (ie, pita to read) but could change at any moment or even change by IP address!

Re:Looking forward

[fbjon]

They claim that because they're right. Here's the entire code for the bookmarklet, with some formatting inserted:

javascript:(
function(){
var script = document.createElement('script');
script.src = 'http://static.reclaimprivacy.org/javascripts/privacyscanner.js';
document.getElementsByTagName('head')[0].appendChild(script);
}
)()

And the script itself [reclaimprivacy.org] is nicely formatted. Look towards the end for the actual code that matters. Have fun.

It's really not that difficult.

[UncHellMatt]

I work in IT for a small police department, and recently have begun doing presentations for parents on Facebook and general online privacy, what steps can be taken and how to watch out for warning signs of problems. I'd say at least half the parents I talk to are completely unaware of what information is freely available online about their kids, if allowed to use such a site, or how much information their kids are making available online.

It only takes about 20 minutes to educate a neophyte, if they're willing to learn, how to lock down privacy on Facebook.... He said with a pained expression. One thing which never ceases to boggle my mind is the number of parents (and people in general) who really don't understand and don't CARE what information is out there, or what it can mean. ID theft, home intrusion, stalking, all that pretty much is "someone else's problem", producing enough SEP power to cloak an average sized nation.

While products like this are certainly useful, the bigger issue is education. If you're aware of the changes to FB and the like, setting security takes all of a minute. If you're unaware and someone tells you, and if you're not particularly inclined toward looking over security settings, it might take someone 10-20 minutes to go over them with you. If you just plain don't care, no amount of open or closed source software is going to make any difference whatsoever.

Offtopic

[mehrotra.akash]

What is SEP Power?

Re:

[Hognoxious]

It only takes about 20 minutes to educate a neophyte, if they're willing to learn

Ummm, stop. I see the problem, right there.

Re:

[Mashiki]

We do something similar via the RCMP and MP's from the military and RAD [rcmp-grc.gc.ca] here in Canada, but it's aimed for kids and takes 7mins. If you're interested look up, but 20mins is far too long. If you can do it in under 10 and make it easy enough a grade schooler can figure it out then you're all set.

Re:

[UncHellMatt]

Hey, thanks for this! I'm googling it now.

And yes, 7min for kids... "easy enough for a grade schooler" to figure out doesn't translate into easy enough for (unfortunately) many adults. Particularly ones who are in there hoping that I'll have some magic wand that'll take away all their problems surrounding FB and maybe do their parenting for them.

Re:

[Culture20]

It only takes about 20 minutes to educate a neophyte, if they're willing to learn, how to lock down privacy on Facebook....

Until Facebook changes it again. Two years ago, I had everything locked down to friends only. Since that time, they've forced profile picture, current city, home town, likes/interests, work history, education history (and approximate age by proxy), to be public. There are still options to prevent non-friends from seeing some of those things via Facebook, but the Facebook Connections API allows anyone on the internet access to all those things for every user (further confusing the issue, because people are

Re:

[Culture20]

Sorry for replying to self: I forgot about a couple forced public changes: Networks, Friend list (but only if you have a friend list on your profile).

Facebook is a Gossip

[ObsessiveMathsFreak]

Facebook is the world's worst gossip. You tell them anything, they will tell it to every one of your friends, their friends (marketers), and probably anyone else who so much as passes by.

All these tools essentially do is add a "and please don't tell anyone" onto your data entries. The real solution is not to tell the gossip anything in the first place.

Re:

[commodore64_love]

That's why most of my facebook is blank. I listed my High School and College so I could reconnect with friends, and that's it. And from time to time I go through my profile and delete 90% of my older, obsolete postings.

Re:

[onemorechip]

Kind of irrelevant. Posting and tagging of images of me can be done whether I'm on FB or not. And if I don't have a wall they can still talk about me (only then it will be behind my back).

Re:

[CannonballHead]

The real solution is not to tell the gossip anything in the first place.

Pft. You and your common sense may go elsewhere. What I want is to be able to tell anyone I want anything AND force them to be quiet and not tell others! ...

Seriously though, you're right - but it seems that most people would rather gossip and take the risk than have to live without. And only when they "get burned" do people suddenly find out that their privacy is important, perhaps more important than the gossip-entertainment. And Farmville.

Re:

[Myopic]

That sounds like the market (the privacy market) at work. Some people take too much risk and get burned; some take not enough, and lose out on certain benefits.

Please note that I am not a market ideologue, I just wanted to comment on how this instance seems to be working out.

Re:

[CannonballHead]

Hum. That's a good point, I hadn't thought of it that way before.

In general, I don't think FB is doing anything wrong necessarily. I don't know all of what their doing, of course. And, in general, privacy settings are your own things to choose, and you agree to various terms. Everyone just checks the I Accept box, clicks submit, and then complains when something they accepted happens :)

Anyways. Interesting thought about the "privacy market."

Warning about SaveFace

[Anonymous Coward]

SaveFace automatically goes through and sets your privacy to "Only Friends" for everything. This may undo certain privacy measures you've already taken. For example, I set up a Limited Profile friend list for people who don't need to have access to my e-mail addresses, screen names, etc and blocked those items for them. SaveFace went through and removed those restrictions, so any of my friends could see my e-mail addresses, screen names, phone number, etc.

This tool would work fine if everyone on your friend

Third Option

[WarpedCore]

http://www.facebook.com/help/contact.php?show_form=delete_account [facebook.com]

Is it really that hard?

[Bambi Dee]

Is it really so hard to simply go through Facebook's privacy settings yourself and consciously set them to whatever you want (as far as that's possible)? Same with all these warnings people pass around through status updates. I keep seeing suggestions to the effect of "click this, then that, then that, then 'wet your pants in public', then 'no'" only to find that I've already done that anyway. If you're really concerned about your Facebook privacy, what's been keeping you from checking out the relevant opti

Re:

[Todd Knarr]

It's not hard, just involved and convoluted. Facebook's settings are many, and some of them aren't in the obvious places. These tools make it easy to do what's time-consuming to do by hand.

Re:

[Bambi Dee]

I see your point. I think I'd just start worrying about my grasp of the tools' "reach" and trustworthiness in addition to worrying about Facebook's admittedly huge "options hierarchy".

Re:

[Aladrin]

When they change every month and you have no idea what changed? Yes, it's really that hard.

I was 99% sure I was covered before I ran ReclaimPrivacy the other day. It found 3 sections that had data that was more open than I intended.

Re:

[Bambi Dee]

It came up all "good" for me. But I "shared" it nonetheless.

Re:

[JustinOpinion]

Is it really so hard to simply go through Facebook's privacy settings yourself and consciously set them to whatever you want (as far as that's possible)?

Yes, it really is "so hard". Intentionally so. Take a look at this NY Times graphic [nytimes.com] showing all the privacy settings options that exist throughout a Facebook profile. (Or, at least, the options the NY Times was able to find.) You can see that the options behave in inconsistent ways. You can set "maximum privacy" on one page without realizing that an option at a different level over-rides this (e.g. third-party ads may still have access).

To really insure maximum privacy, you not only have to navigate this

Re:

[Bambi Dee]

On the one hand, I do think it's good that people in general are becoming more aware of privacy issues, and this article is a symptom of that.

On the other hand, I wonder if external tools aren't just catering to or perpetuating a sense of helplessness in the face of Facebook's (certainly convoluted) settings: "Oh, you can't trust yourself to understand how to do it right, you need this third-party utility to be safe."

But I guess I'm not really trying to make sense of the settings either. I just go thr

Application Boundary Enforcer

[johndoe42]

Even if you turn off instant personalization, facebook still knows every time you visit one of those partner sites. But NoScript (I leave scripts enabled globally) has a cute feature called Application Boundary Enforcer. Here's (some of) my config:

Site .facebook.com
Accept from .facebook.com
Deny

Site .fbcdn.net
Accept from .facebook.com
Accept from .fbcdn.net
Deny

Enjoy!

Re:

[uniquegeek]

thanks; I hadn't poked in there for a while, and had forgotten about it
(mod parent up)

SaveFace warning

[Rune64]

Using the ReclaimPrivacy page worked great, made appropriate suggestions and allowed me to one-click fix select privacy settings. After running my profile through the SaveFace tool, however, it actually loosened my privacy settings automatically (changed some things which were set as "Only Me" to "Friends Only"), and did so without allowing me to interact and with no prompt telling me what it was doing in advance, with no way to stop it.

Ran into an issue with Reclaim...

[BLKMGK]

It doesn't finish the scan for some reason - hangs on "scanning". Might be just me, might be FireFox which is damned goofy and crashes often for me, or it may be Fluff Busting Purity (which kills the animal and Mafia postings etc. via Greasemonkey). Other than it hanging on those two things it does look to be the better tool in that it examines settings and warns vs setting them to whatever the other tool thought was most appropriate when it was written.

A very nice concept though!

My idea for facebook privacy...

[Jah-Wren Ryel]

Instead of using facebook's privacy settings which they can arbitrarily ignore as they see fit at any point in the future, I say be proactive.

1) Create social-group specific facebook accounts - one for high-school, another for college, another for people you meet professionally, another for hook-ups, etc.
2) Use different browser profiles dedicated to each facebook account - see firefox's command line options " -no-remote -ProfileManager "
3) Add plugins to differentiate the profiles - "User Agent Switcher" t

Re:

[dave562]

You should turn that into a PowerPoint presentation and sell it to the CIA as a training program for agents looking to cover their tracks.

Re:DO NOT use UNTANGLE.com

[iamhigh]

RTFM you moron. It plainly states on the download page that it resets all your settings to friends only.

Re:

[jonpublic]

This is slashdot. People never RTFM.