A Free Educational Resource Created by Carnegie Mellon University to Empower You to Secure Your Part of Cyberspace

What Facebook Collects and Shares

What Facebook could know about you, and why you should care.

Facebook is a resource for opinions and hobbies, celebrities and love interests, friends and family, and all the activities that whirl them together in our daily lives. Much like other social networking sites, Facebook is free except for one thing that all users give up: a certain amount of personal information.

Facebook privacy policy provides extensive information about the use of personal data of registered users. It clearly specifies what personal information is collected, how it is used, parties to whom this information may be disclosed, and the security measures taken to protect the information.

By reading and understanding the privacy policy, a user is able to weigh the risks involved in trusting this popular Web site, before one enters any personal information into its pages or installs its applications.

Information Collected by Facebook

Facebook collects two types of information: personal details provided by a user and usage data collected automatically as the user spends time on the Web site clicking around.

Regarding personal information, the user willfully discloses it, such as name, email address, telephone number, address, gender and schools attended, for example. Facebook may request permission to use the user's email address to send occasional notifications about the new services offered.

Facebook records Web site usage data, in terms of how users access the site, such as type of web browser they use, the user's IP address, how long they spend logged into the site, and other statistics. Facebook compiles this data to understand trends for improving the site or making marketing decisions.

Facebook now has fine-grained privacy settings for its users. Users can decide which part of their information should be visible and to whom. Facebook categorizes members of the user’s network as "Friends" and "Friends of Friends," or a broader group, such as a university or locality, and "Everyone," which includes all users of the site. The categorization increases the granularity of the privacy settings in a user's profile.

Children: No one under 13 is permitted to register. Children between 13 and 18 require parental permission before sending personal information over Internet. A policy alone, however, does not stop children from using the site, and parents must be watchful of their children's online activities in order to enforce these policies.

Facebook stores users’ personal information on secure servers behind a firewall.

Sharing of Information with Third Parties

Facebook does not provide personal information to third parties without the user’s consent. Facebook also limits the information available to Internet search engines. Before accepting third-party services, Facebook makes the third party sign an agreement that holds it responsible for any misuse of personal information. However, advertising by third parties on Facebook can lead to their gaining access to user information, such as IP address or cookie-based web usage information that allows personalization of advertisements.

Precautions for Users

Facebook provides thousands of third-party applications for its users to download. Facebook further personalizes the advertisements of these applications on the user's profiles. It does this by mining through other sources on the Internet to information about the likings and interests of these users. Sources for such mined data are newspapers, blogs and instant messaging to provide services customized according to the user's personality. However, because these sources are not affiliated with Facebook, it raises a concern of data mining by these sources.

Facebook does not actually provide a mechanism for users to close their accounts, and thus raises the concern that private user data will remain indefinitely on Facebook's servers.

Over time, the CEO and Board of Directors of a company change, or the company may even be sold. Under such circumstances, a concern arises about the private information held by the company. Deactivation without deletion of a user's account implies that the data continue to be present on the servers. If a company is then sold, the data of those users who are currently deactivated may be subject to compromise.

Conclusion

Facebook has an explicitly stated privacy policy. It aims to enhance the social networking experience of users by reducing their concerns about the privacy of their data on the Web site. However, the more the Web site tries to incorporate open innovation by allowing third-party access and other such facilities, the more it puts personal information at risk, thereby increasing the probability of losing the trust of its users.

References

My home page