Saturday, January 10, 2009

Facebook Privacy: Beyond The Blacklist 2 - Sandboxes

in the previous 2 articles on this topic (Facebook Privacy: The Limited Profile Blacklist and Facebook Privacy: Beyond The Blacklist - Whitelists) i discussed both selectively blocking access to certain things and selectively allowing access to certain things respectively... both of which have their place but both of which require a certain amount of trust in the person you're adding to your friend list...

if you participate in any of the social gaming on facebook then you know that the current game design du jour focuses heavily on rewarding the user for adding their facebook friends to the game... since it can be hard to find people amongst your real life friends who want to play the same games you do the easiest strategy for advancing in these games is to add strangers from within the game to your facebook friends list...

the social gaming is just an example, by the way, there are any number of reasons why you may be faced with need to add people you don't know well enough to call friend to your friend list and this can present a problem... how can you know the person is safe to add to your profile if you don't know the person yet? on the other hand, how can you get to know the person if you don't make a connection with them using the friend list?

it's a catch-22 situation but it turns out there is a solution which may or (as in my case) may not be obvious - make a second profile with nothing personal in it and connect to that person through this new non-personal profile... this non-personal profile is essentially a sandbox - bad things can happen with it and it doesn't matter because there is nothing sensitive, nothing of value in it... i don't just mean that you left out your real date of birth or your cell phone number or any of that stuff, it's also separate from your actual friends so if something bad does happen you won't be exposing them to any risk...

facebook may not like the idea of their users having 2 profiles a piece but they'll have to get over it because a sandbox profile fills a very important need - it gives users a tool with which they can build relationships from the very beginning, before knowing whether or not a person is trustworthy enough to add to their real profile, and without making the person jump through any hoops like getting to know each other via some alternate channel before adding them (i've done that, it's no fun being the difficult one)...

as i alluded to before, this was not an obvious strategy to me - which is a surprising considering i go on and on about the blacklist/whitelist/sandbox triad for malware protection - but it took a pair of ladies (laura ly and tammy vickery) to clue me in to this one... i suppose it shouldn't really be surprising, though... all things considered i actually would expect the fairer sex to have more experience protecting themselves from people online...

related posts:
Facebook Privacy: The Limited Profile Blacklist
Facebook Privacy: Beyond The Blacklist - Whitelists

Facebook Privacy: Beyond The Blacklist - Whitelists

in the previous article on this topic (Facebook Privacy: The Limited Profile Blacklist) i described a simple blacklist model of privacy control... it's good for when you have very simple needs but if you find you have different groups of people that each should be seeing different things then you may find using a blacklist method difficult to manage - especially if you, like me, don't find blocking access to be a natural way of thinking...

in real life, rather than sharing everything in my life with everyone save for a select few i make a mental note to block, i selectively share different things with different people... it turns out that with facebook's privacy controls, not only can you configure something so that people on a particular list can't see it, you can also configure something so that only people on a particular list can see it... this is the opposite way of doing things from a blacklist and so it's called a whitelist...

you can use a whitelist model like this:
  1. go to the friends page and make a new friend list called "Real Life Friends"
  2. now make another list called "Online Only Friends" (you can actually call these 2 lists anything you want, these names are just an example based on my usage)
  3. goto "Settings->Privacy Settings"
  4. now if you're like me you have a deeper level of trust with your real life friends than you do with people you only know online so for each item under "Profile", "Contact Information", "Applications", and "Photo Album" choose the "Customize" option and then enter "Real Life Friends" in the "Some Friends" box (some of the items don't have a "Some Friends" box so you won't be able to whitelist access to these, but there are only 4 that i know of and they're all pretty basic/fundamental profile items)
  5. for your online only friends select which of those items you want them to be able to see and customize the privacy settings to add "Online Only Friends" to the "Some Friends" box on those items
  6. finally, save all your changes for each group of items (profile, contact, etc)
now when you add a new friend they won't be able to see any of this stuff unless you specify them as either a real life friend or an online only friend... also, although in this example the two lists were mutually exclusive you can have many lists and some of them may have overlap (ie. a person might be in more than one list) - with this method if they're in any of the lists that is allowed to see a profile item they'll get to see it...

in essence this is a method of granting permission to things... it's very much like how a system administrator might set up permission to computer resources (which is why in reality my privacy-related friends lists start with ACL, not only does it make them easier to find amongst other friend lists, ACL stands for access control list)... i moved to the whitelist method when i realized i might need to control access for multiple separate groups of people and that doing so with blacklisting wouldn't be as intuitive for me... i found it easier to be less restrictive with things when i was granting permission than when i was blocking access...

related posts:
Facebook Privacy: The Limited Profile Blacklist
Facebook Privacy: Beyond The Blacklist 2 - Sandboxes

Facebook Privacy: The Limited Profile Blacklist

if you're a facebook user and have even the slightest inclination towards maintaining a certain amount of privacy you've probably run into the problem of having contacts you want to have on your friend list but who you want to share fewer details with than you do with others... maybe it's a friend who isn't as close as some of your other friends, maybe a spouse or other family member, maybe it's a work contact... whatever the reason is, you're in luck because facebook has privacy controls that are remarkably flexible...

the first method i encountered for doing this is called the limited profile method - the name and concept is a carry-over from when facebook's privacy controls were simpler but less flexible... what it used to entail doesn't really matter anymore, but what it entails now is this:
  1. you make a new friend list called "Limited Profile" (though actually you can name it whatever you like) and add to that list the people who you want to have only limited access to your profile
  2. then under "Settings->Privacy Settings" you go through all the basic profile, contact information, photo albums, and applications and for those things you want to keep secret you choose the "Customize" option
  3. then enter either a person's name or in this case "Limited Profile" (so that you don't have to do this over and over again each time you add a friend with limited access) in the "Except These People" box
  4. and finally don't forget to save your changes
now as an example, if there's a photo album you don't want just anyone to see and you've configured that album to with "Limited Profile" in the "Except These People" box then anyone in the "Limited Profile" friend list should be unable to see the photos in that photo album..

this blocking of people on the "Limited Profile" list is essentially an application of the blacklist concept (kind of like a list of banned people)... it's pretty simple but also pretty effective... this is the first model of privacy protection i played with and although i've moved on to other techniques for the most part i still use this for a very special person; someone i can't reasonably keep off my friends list but also someone i don't want knowing all my business - my mom...

related posts:
Facebook Privacy: Beyond The Blacklist - Whitelists
Facebook Privacy: Beyond The Blacklist 2 - Sandboxes

new meme: Here's what I do

alrighty then, it's a new year, we need a new meme - except like past memes this is an old meme... this is basically the word of mouth advice meme...

obviously a website isn't word of mouth, but hey, stuff that travels by word of mouth has to start somewhere, why not here?