Saturday, January 10, 2009

Facebook Privacy: Beyond The Blacklist - Whitelists

in the previous article on this topic (Facebook Privacy: The Limited Profile Blacklist) i described a simple blacklist model of privacy control... it's good for when you have very simple needs but if you find you have different groups of people that each should be seeing different things then you may find using a blacklist method difficult to manage - especially if you, like me, don't find blocking access to be a natural way of thinking...

in real life, rather than sharing everything in my life with everyone save for a select few i make a mental note to block, i selectively share different things with different people... it turns out that with facebook's privacy controls, not only can you configure something so that people on a particular list can't see it, you can also configure something so that only people on a particular list can see it... this is the opposite way of doing things from a blacklist and so it's called a whitelist...

you can use a whitelist model like this:
  1. go to the friends page and make a new friend list called "Real Life Friends"
  2. now make another list called "Online Only Friends" (you can actually call these 2 lists anything you want, these names are just an example based on my usage)
  3. goto "Settings->Privacy Settings"
  4. now if you're like me you have a deeper level of trust with your real life friends than you do with people you only know online so for each item under "Profile", "Contact Information", "Applications", and "Photo Album" choose the "Customize" option and then enter "Real Life Friends" in the "Some Friends" box (some of the items don't have a "Some Friends" box so you won't be able to whitelist access to these, but there are only 4 that i know of and they're all pretty basic/fundamental profile items)
  5. for your online only friends select which of those items you want them to be able to see and customize the privacy settings to add "Online Only Friends" to the "Some Friends" box on those items
  6. finally, save all your changes for each group of items (profile, contact, etc)
now when you add a new friend they won't be able to see any of this stuff unless you specify them as either a real life friend or an online only friend... also, although in this example the two lists were mutually exclusive you can have many lists and some of them may have overlap (ie. a person might be in more than one list) - with this method if they're in any of the lists that is allowed to see a profile item they'll get to see it...

in essence this is a method of granting permission to things... it's very much like how a system administrator might set up permission to computer resources (which is why in reality my privacy-related friends lists start with ACL, not only does it make them easier to find amongst other friend lists, ACL stands for access control list)... i moved to the whitelist method when i realized i might need to control access for multiple separate groups of people and that doing so with blacklisting wouldn't be as intuitive for me... i found it easier to be less restrictive with things when i was granting permission than when i was blocking access...

related posts:
Facebook Privacy: The Limited Profile Blacklist
Facebook Privacy: Beyond The Blacklist 2 - Sandboxes