Focusing public attention on emerging privacy and civil liberties issues

Facebook Places and Privacy

Introduction

On August 18, 2010, Facebook launched "Places," a tool that discloses Facebook user locational data to others often without the knowledge or consent of the user. The default settings of this new tool allow user data to be disclosed in a number of ways that are not immediately clear to users. Facebook has put a complicated set of new privacy settings in place to deal with the "Places" tool. Additionally, Facebook allows anyone to create a location on the system, which means anyone could add the location of a person's home or business to the website without the person's knowledge.

The implications of accidental disclosure of a person's location are significant. This is especially true for those in physically threatening situations, including domestic abuse victims and those with sensitive occupations.

EPIC has created this page to explain the default settings as well as provide instructions for how to effectively disable this sharing of information.

Top News

  • Facebook Uses RFID to Track Users' Locations for Advertising Promotion: At the Coca-Cola Village Amusement Park in Israel, visitors were recently issued bracelets with RFID chips that linked to their Facebook accounts, according to Adland. RFID readers scattered throughout the park updated the users' Facebook pages when the bracelets were scanned. On-site photographers also posted photos that were automatically tagged with the users' identities. Facebook had previously tested the use of RFID for location tracking at the f8 Developer Conference in April. Facebook has also just launched Places, which is designed to make users' location information widely available. For more information, see EPIC Facebook Privacy, EPIC Facebook Places. (Aug. 25, 2010)
  • Facebook "Places" Embeds Privacy Risks, Complicated and Ephemeral Opt-Out Unfair to Users: The recently announced Facebook service Places makes user location data routinely available to others, including Facebook business partners, regardless of whether users wish to disclose their location. There is no single opt-out to avoid location tracking; users must change several different privacy settings to restore their privacy status quo. For users who do not want location information revealed to others, EPIC recommends that Facebook users: (1) disable "Friends can check me in to Places," (2) customize "Places I Check In," (3) disable "People Here Now," and (4) uncheck "Places I've Visited." EPIC, joined by many consumer and privacy organizations, has two complaints pending at the Federal Trade Commission concerning Facebook's unfair and deceptive trade practices, which are frequently associated with new product announcements. For more information, see EPIC In Re Facebook, EPIC In Re Facebook II, and EPIC Facebook Privacy. (Aug. 19, 2010)

Default Settings

By default, Facebook has enabled Places for all users. If a user chooses to "check in" from a mobile device, that user's location is published to that user's news feed. If the option "Include me in 'People Here Now' after I check in" is selected, the user's location also appears on the public page of the location, available to everyone. This setting is enabled by default for those who have previously set some of their other information available to everyone.

If a user checks in, that user can "tag" a number of friends as also being at the same location. The default behavior for users tagged by their friends is very confusing. Those users who have taken no action with respect to this setting will receive an email and a prompt with the options to "allow" or "not now." Those who choose "allow" are automatically set to allow all future check-ins by friends. Those who choose "not now" are still tagged as being at the location, just not "checked in." Users are also tagged immediately when the check-in takes place, although the tags may be removed once users become aware of them. A user who has ever used Places to check in is automatically set to allow check-ins by friends.

By default, check-in information is also available to the third-party developers of applications that a user has authorized, as well as to the third-party developers of applications that a user's friends have authorized.

Comments from Experts

"From Facebook’s standpoint this makes sense, but it’s confusing as hell to users — generally when you opt out of being tagged somewhere, you’d probably expect not to be tagged there at all. For what it’s worth, Facebook knows this is confusing — they’re planning to release a video explaining it in the near future. Still, I think the site should hide any location tags until a user has explicitly said they want to be associated with them."
-Jason Kincaid, The Confusing Stages Of Opting Into Facebook Places, TechCrunch, August 19, 2010.
"But as I’ve played around with the service, I’ve uncovered a problem with Facebook’s assertion that “no one can be checked in to a location without their explicit permission.” While Places is largely an opt-in service — one needs to install and use it on a mobile device — anyone can be “checked-in” to any place by a friend. This can happen regardless of whether you use the service yourself. If you get checked into a place by someone, and you haven’t already authorized the service or these kinds of check-ins, you’ll receive an email asking if you want to allow check-ins by friends. Below is an email received by my wife when I tagged her as joining me at a local liquor store."
-Michael Zimmer, Facebook Places Privacy Falls Short: Non-Authorized Check-Ins by Friends are Visible, August 20, 2010
"In my tests, these settings worked fine. But I wished a couple of other settings were available. For example, you can’t keep check-in notices off your Facebook page, unless you broadly block other kinds of status updates. And you can't block merchants from including your check-ins at their establishments on their Facebook pages."
-Walt Mossberg, Facebook Checks In to the World of Locations, August 18, 2010
"Even if you never use Facebook's geo-tagging feature, be aware: thanks to a new Facebook feature, your "friends" can now post a map of where you are without your permission."
-Bridget Carey, Don't leave home without checking your Facebook geo-tagging, Miami Herald, August 24, 2010
"Any location-based service will instill some trepidation in users who see it as a stalker's best friend. Want to know where someone is? Check Places. Want to know when someone is away from home so you can break in and steal their flat-screen TV? Check Places."
-Sharon Gaudin, Facebook Places could spark new privacy fire, Computerworld, August 20, 2010.
"The most worry-inducing feature of Facebook Places is that in addition to letting you “check in” to a spot such as a store, a nightclub, a tourist spot, or an office, it lets your friends check you in if Facebook identifies you as being nearby."
-Paul Boutin, Keep Facebook Places From Driving You Crazy, New York Times, August 25, 2010

EPIC's Recommended Settings

For users who want to completely disable any sharing of their location information, EPIC recommends the following settings, which must be changed across Facebook's various settings pages:

On the Privacy Settings page.

  • Go to the "customize settings" page
    • Set "Places I check in to" to "Friends Only"
    • Uncheck "Include me in 'People Here Now' after I check in"
    • Set "Friends can check me in to Places" to "Disabled"
  • Click to "Edit your settings" under "Applications and Websites"
    • Click "Edit Settings" next to "Info accessible through your friends"
    • Uncheck "Places I check in to"
  • Finally, users will have to be vigilant about checking their application settings to be sure that their applications have not been granted access to their locational data. Each application will have its own setting, classified under "additional permissions."

Others' Recommended Settings

Other privacy groups and blogs make the following suggestions to modify Places privacy settings:

EPIC's Other Work on Facebook

Places is not the first Facebook program that EPIC has objected to on privacy grounds. EPIC has filed a number of complaints with the FTC over unfair and deceptive trade practices that the company has taken with respect to user privacy. These include

  • In re Facebook I (December 2009), in which EPIC and a number of other privacy organizations objected to new terms which forced users' information to be publicly available and available to third-party application developers, when its access had previously been under the control of users.
  • EPIC's supplement to In re Facebook I (January 2010), adding objections to the sharing of data with Facebook Connect partners, and to the undisclosed data sharing taking place with the new iPhone application.
  • In re Facebook II (May 2010), in which EPIC argued that further changes by Facebook to user profile information and the disclosure of user data to third parties through the "social plugin" and "instant personalization" functions without consent "violate user expectations, diminish user privacy, and contradict Facebook’s own representations."

News Stories