By Larry Magid
This article originally appeared on CNET News.com

Facebook’s privacy settings enable users to customize who sees where you are.
(Credit: Facebook)

In designing its new Places geolocation service, Facebook seems to have learned from its past privacy blunders. The new service has multiple layers of privacy control, but as with other aspects of Facebook privacy, users need to put some thought about whether and how they want to disclose their location. Facebook has also created an extra level of privacy for its under-18 users, prohibiting them from displaying their location to anyone other than their friends.

The first thing to know about Places is that it’s not fully automatic. You have to “check in” or be tagged at a location for Facebook to display where you are. Because location is a particularly sensitive issue, Facebook, by default, shows only your location to people designated as friends, even if you have more open privacy settings for posts or other types of information.

Check-in vs. tagging
The difference between being checked-in and being tagged can be confusing. If you’re checked-in by yourself or by a friend, your presence at the location is visible to anyone that either you or your friend allows, based on your friend’s and your privacy settings. Your name will show up on the location’s Places page, if there is one, so everyone at the location can see that you’re there. If you are tagged by a friend, your presence at the location is seen by your friends or whoever they allow to see their posts, subject to their (not your) privacy settings.

You can be outed, if you don’t disable friends’ ability to check you in
It’s also important to know that once you’ve used the service and agreed to its terms, any Facebook friend of yours can check you in to a location that displays that you are there, just as if you had checked yourself in.

Even if you don’t agree to those terms, and even if you’ve never used Places or don’t even own a mobile phone, any Facebook friend can tag you as being at the location, and who sees that information is subject to that person’s privacy settings, not your privacy settings.

Facebook representatives are quick to point out that this is the same as with any form of tagging, such as in status messages and photos. It has long been possible for a Facebook friend to type “@LarryMagid is with me at Anotnio’s Nut House.” The difference with Places is that it makes it a lot easier, and you no longer have to type in the location because Places knows where you are.

You can opt out of being checked in or tagged
Although the privacy settings don’t say this, I was told by a Facebook employee that if you disable the ability of friends to check you into Places, that also disables the ability for anyone to use Places to tag you as being at a location. Even if someone does tag you, you can always untag yourself, but between the time you’re tagged and the time you untag yourself, people may be aware that you are at the location.

For a friend to tag you, that person must be checked into the same location, so it’s not possible to “out” someone for being in a place that you’re not checked into as well. You get a push notification, if someone has checked you in or tagged you, but if you’re in a noisy bar and don’t check your cell phone, you might not know it right away.

Options on who can see where you are
Adults have the option to share their location with a wider group of people, including “friends of friends” or “everyone,” but you can also further restrict who can see your location. However, if you allow Facebook to include you in Places’ “Here Now” display, your presence at a location might show up on that establishment’s Places page.

A Facebook representative said “seeing the people checked in to a location is consistent with the experience of seeing people there in real life.” You can, however, opt out of participating in “Here Now” via your privacy settings.

Special provisions for “minors” (under 18)
If a Facebook user is registered as under 18, the following restrictions are in place:

• Only friends will see that the minor is checked in. There isn’t even an option to extend that beyond Friends
• If someone tags a minor at a location, the minor’s name will only be shown to the minor’s friends
• A minor’s name will not be seen on a place’s “Here Now” page by anyone other than the minor’s friends.

How to configure settings
Facebook members should consider configuring privacy settings in advance to prevent any unwanted disclosure of your location. To control who can see the places you’ve checked in, click on Account in the upper-right corner, and then on Privacy Settings. Then select “Customize settings.”

To the right of where it says “Places I check in,” it probably has the default setting of Friends Only. You can change that by selecting another option, including Customize, which lets you further limit who can see your location to specific people, lists of people, or even “just me.” You can also opt out of “Here now” by unchecking “Enable.”

Below the “Things I share” section is a section called “Things others share,” and this is where you can disable “Friend can check me into places.”

Location-sharing tips:
Know who can see your location: You may have Facebook “friends” who aren’t really close friends, but even if they are, you might not want them to know where you are.

Think about disabling the ability for others to “check you in”: If you don’t want to give others the ability to check you in, now is a good time to disable that option.

Even if you don’t use Places, remember that you can be tagged, unless you opt out. If you are concerned about your friends’ ability to use Places to reveal your presence at a location, configure your privacy settings to disable “Friends can check me into places.” That also disables their ability to use Places to tag you.

Consider using lists to limit who can see your location: You don’t have to stick with Facebook’s default that allows all your friends to see where you are when you check in to a location. Consider creating a “list” of friends with whom you wish to share your location. You might have different lists, depending on location. For example, you could have “drinking buddies” who get to know which bars you’re in and “work friends” who can see if you’re visiting certain business-appropriate locations.

Ask before you tag: It’s a good idea to talk with your friends before you tag them at a location. Being comfortable about your friends knowing that you’re there doesn’t necessarily mean that your friends feel the same way.

Revisit your settings: If you are allowing people to check you into places, consider changing those settings, if you are about to go to a place that you don’t want others to know about. You can always change your settings temporarily and then change them back.

Talk with your kids about location services: Parents should discuss with their kids how they might use or avoid location-sharing services. Kids need to be reminded that “checking in” reveals their location to everyone on their friends list, including people they might not wish to share their location with.

Disclosure: Facebook provides financial support to ConnectSafely.org, a nonprofit Internet safety organization where I serve as co-director. ConnectSafely also serves on Facebook’s Safety Advisory Board, which was briefed on Places in advance of the announcement and advised the company on safety features for minors.

ConnectSafely co-director Anne Collier posted more Places safety advice for parents.

More location-sharing safety tips from ConnectSafely.org.

by Larry Magid

Facebook’s announcement last week that it passed the 500 million mark reminded me that the concept of a “face book” is not unique to Facebook.com.

Long before computers and the Internet, the term was used to describe printed books that included pictures and brief descriptions of students. I’ve read that founder Mark Zuckerberg’s high school, Phillips Exeter Academy, had a printed publication called “The Photo Address Book,” which students referred to as “The Face Book.”

My children’s elementary school didn’t have a face book but it did have a printed student directory. And probably because it was in print, and not online, I never heard parents express concern about the possible negative implications of having a printed book with the names, addresses and phone numbers of young children and their parents. Perhaps that was because we all appreciated how the book made it easy for us to reach other families who were part of our school “network,” or maybe it was because we weren’t quite so sensitive about privacy issues back then.

While Facebook.com might not look much like those original photo books and directories, it does help us find and communicate with people who share a common bond. Indeed, based on “friend” requests I’ve received on Facebook from former classmates in college, high school and even elementary school, it truly is a replacement for that old printed ”face book.” It’s also starting to replace those venerable high school yearbooks, and its impact on alumni inspired Time magazine, last year to run a story “How Facebook is Affecting School Reunions.”

To commemorate its 500 millionth member, Facebook launched “Facebook Stories,” where members are encouraged to share their experiences. Although it’s clearly a self-serving move on the part of the company, it’s nevertheless a revealing glimpse into how people are using the service to connect. Stories are organized by location and by theme, including crime fighting, grief, movements, pets, causes, lost and found, religion, natural disasters and, of course, love. Kevin’s story is not uncommon: “Because of Facebook I found my long lost crush since grade 4 “… now I’m 23 years old. She’s now my girlfriend and soon to be wife.”

Look at Privacy from Both Sides Now

My guess is that Kevin was able to find his long-lost crush because she made at least a little personal information available either to everyone with access to Facebook or to friends of friends. I say this because Facebook has received a lot of negative publicity (including from me) about its privacy policies, which, by default, expose some personal information to everyone.

While I understand why a lot of people object to these defaults (I have argued that the disclosure of most personal information should be opt-in rather than opt-out), I can also see the other side to this. The default settings that disclose users’ photos, posts, bios and family connections makes it easier for people like Kevin to make sure that the 23-year-old woman he found on Facebook is the same person as that fourth-grader he once fancied. This is especially the case for people with common names.

I met my wife a long time ago by one of the old-fashioned methods — at work. But I’ve certainly unearthed a lot of old friends on Facebook. In many cases, we found each other because we were “friends of friends.” For example, someone I worked with in the late ’70s “friended” me last year, and once I accepted him as a friend, I started browsing through his friends and came across a number of people we knew in common.

As a result of this one friend, I ended up “friending” several of our mutual friends and — two weeks ago — my wife and I spent the night on Cape Cod with one of them and her husband. I had posted a note on my profile that I was visiting Cape Cod and because she had access to my “news feed,” she knew I was nearby and sent me a message inviting us to stay with them.

That little reunion on the Cape would never have happened if my friend and I had maximum privacy settings turned on. We would have never found each other had either of us restricted our basic information to “friends” only. And had I used the “customize” feature to further restrict access to my news feed, she might never might have known I was on the Cape.

None of this is to suggest that watchdog groups and public officials shouldn’t continue to scrutinize Facebook’s privacy policies, or that people should uncritically accept Facebook’s default privacy settings. I think it makes sense to look at your settings periodically and think about what you want to expose and to whom. To that end, I created a tutorial on Facebook privacy that you can view here.

Disclosure: Facebook is a supporter of ConnectSafely.org, a nonprofit Internet safety organization where I serve as co-director.

After months of negotiations, Facebook has reached an agreement with the U.K’s Child Exploitation and Online Protection Centre that will result in a new safety application aimed at British 13-18 year olds.

CEOP, the UK government’s police agency responsible for protecting children against sexual exploitation, had been pressuring Facebook to install what many in the media called a “panic button” on every page for young people to report online crimes including sexual behavior and grooming.

The solution has nothing to do with “panic.” It’s about providing young people in the UK with the option of accessing a resource that provides internet safety messaging and links to places where they can report a variety of different abuses including cyberbullying, hacking, mobile problems, harmful content and “sexual behavior grooming.”

The big difference between the solution and what was first proposed by CEOP is that the “button” is optional. It’s really an application that helps CEOP build its brand on Facebook.

Facebook will donate advertising to promote the application but will not install it by default and will not place the so-called “panic button (actually a link to CEOP’s Advice, Help and Report Center) on each page.

The police agency and Facebook had been engaged in a very public dispute over the button. In April, CEOP’s CEO Jim Gamble told me that he felt the button would act as a deterrent to would-be predators, letting them know that Facebook was working with law enforcement to protect children. Facebook was concerned that the button could create as false sense of insecurity, making it appear that the problem is greater than it actually is. Facebook was also unwilling to turn over its abuse reporting process to a government agency, arguing that it was in a better position to police its own service.

The agreement does provide CEOP with a presence on Facebook, but Facebook will continue to operate its own reporting system. And, rather than a mandatory “panic button” on each page, it’s now an application that young people can install if they care to.

Facebook helped CEOP create the application and is donating advertising to promote the application, including an ad that will appear on the home page of every UK Facebook member under 18 along with ongoing advertising.

Except for Facebook’s donation of the advertising space, it’s like any other brand campaign. CEOP still has to promote its brand and its messaging on the service. “It’s up to CEOP to use Facebook to promote its brand,” said UK Facebook spokesperson Sophy Silver. “This is a different way to use Facebook than they initially anticipated but we’re convinced that with the viral nature of the social graph on Facebook that this will be a good solution for them.”

CEOP now has a Facebook page from which UK youth can install the CEOP application to their home page.

Stranded by the Icelandic volcano, I spent nearly a week in London in April talking with officials from both Facebook and CEOP.  That included a visit to CEOP’s London headquarters where I met several staff members who are doing an impressive job helping to protect British youth from all sorts of sexual abuse on and off the Internet. I was especially impressed by the agency’s educational outreach program and is work with non-profit organizations and social services.  Even though CEOP is a law enforcement agency, it understands that you can’t  arrest your way out of child endangerment.  The agency has an educational program that reaches out to schools across the country.

(Disclosure: Facebook provides financial support to ConnectSafely.org, a non-profit Internet safety organization where I serve as co-director)

by Larry Magid
(this article first appeared on News.com)

The headline of the press pitch I received a few days ago read “McAfee to release shocking findings of teen’s online behavior,” but the actual data from the study, “Secret Life of Teens,” are far from shocking.

McAfee’s study (PDF) is actually a reassuring portrait of how most young people are exercising reasonable caution in their use of technology. The study, conducted by Harris Interactive, included interviews with almost 1,400 10- to 17-year-olds.

The survey reported that “almost half of youth (46 percent) admit to having given out their personal information to someone they didn’t know over the Internet,” but when they break it down, the survey reveals that “when they do reveal personal information online, youth are most likely to share their first name (36 percent), age (28 percent), and/or e-mail address (19 percent). Only around 1 in 10 have given out slightly more personal information like a photo of themselves, their school name, last name, cell phone number, or a description of what they look like.

Considering that Facebook (used by 82 percent of the survey’s 16- to 17-year-olds and 66 percent of 13- to 15-year-olds) actually requires use of real names and encourages posting photos and such information as school name, I don’t find this at all shocking. If anything, I’m surprised at how little personal information young people are posting online.

And it’s also reassuring to read in the study report that “youth draw the line at giving out personally identifiable information such as their parents’ names, home address, or school address, and virtually no teens report having given out their Social Security number.”

The one statistic that I do find disturbing is that 37 percent of 10- to 12-year-olds are on Facebook, which not only violates the site’s policies, but requires the kids to lie about their age to get an account.

Cyberbullying on the decline
When it comes to cyberbullying, the report also paints a more optimistic picture than we’ve seen from some other studies.

Only 11 percent “admit to ever engaging in some form of cyberbullying behavior.

And even though the press release about the report says “Cyberbullying on the rise,” the report itself shows that the percentage of teens reporting that they have “ever been bullied or harassed online decreased substantially from 15 percent in 2008 to 8 percent in 2010. Far from an increase, that’s an impressive 47 percent decline in two years.

The press release on the report also says that “Nearly 50 Percent of Teens Don’t Know What to Do if Cyberbullied,” yet the report itself says that “1 in 4 teens say they wouldn’t know what to do if they were bullied or harassed online” and that a “a significantly higher proportion disagree with this statement in 2010 than in 2008, suggesting that teens may now be better equipped to handle cyberbullying.”

It further points out that “many youth who have been bullied or harassed online say they have made some adjustments to their online behavior as a result (72 percent).”

I would be interested to know what proportion of that “1 in 4″ who don’t know what to do have ever been cyberbullied. My sense is that most kids would figure out what to do, though it’s important to remember that how young people respond to bullying varies greatly. Some can deal with it while others find it extremely disturbing.

What do parents know?
Finally, there is the issue of what parents know about their kids’ online behavior. Some 91 percent said that their parents “trust me to do what’s right when I’m online,” though 56 percent of all kids in the survey and 70 percent of 16- to 17-year-olds specifically say that their parents and guardians “know some of what I do online but not everything.” A heading in McAfee’s press release interprets that as “Teens Hide What They’re Doing Online,” but as a parent of two former teenagers, I call that part of the process of growing into young adulthood.

Final report of the Online Safety Technology Working Group

Youth Safety on a Living Internet (PDF), the final report by the Online Safety Technology Working Group (OSTWG), found that the best way to assure youth safety on the Internet “points to the growing importance of online citizenship and media-literacy education, in addition to what has come to be seen as online safety education, as solutions to youth risk online.”

Before I go on, I have to say that I was a member of the Task Force and Chair of the Education Subcommittee and Anne Collier, my co-director at ConnectSafely.org, was co-chair of the Task Force itself along with former MySpace chief security officer Hemanshu Nigam.

Our goal in putting together the report was to look not only at the history of online safety efforts over the past nearly 20 years but also the emerging research that shows how young people use social media.

What we concluded is that we need to go beyond worrying about predators and pornography and start thinking about young people as active participants – true citizens – in an increasingly interactive online environment where young people are just as likely to create content as they are to consume it.

The title of the report, “Youth Safety on a Living Internet” says a lot about the thinking of its authors, “The Internet is a living thing reflecting all of life and, where children are concerned, that includes a spectrum of issues – from learning, child development, sociality, and entertainment at one end to crime and victimization at the other.” We urge Congress and other policy makers to “Please recognize this reality and draw upon diverse expertise in all policy making.”

The report finds that “civil, respectful behavior online” is less conducive to risk” and recommends “digital media literacy” as a powerful force towards reducing risk online and off. We recommend avoidance of scare tactics and we promote the social norms approach to risk prevention.

The report calls for solutions that are “fact-based, not fear-based” and recognizes that minors themselves “have a role to play in improving their own safety online and that of their peers.”

The Online Safety and Technology Working Group was mandated by Congress in 2008 when it passed the Protecting Children in the 21st Century Act. The unfunded group, which has been convening since June, 2009, worked out of the Commerce Department’s National Telecommunications and Information Administration (NTIA).

Recommendations include:

• Provide targeted online-safety messaging and treatment.

• Avoid scare tactics and promote the social-norms approach to risk prevention.

• Promote digital citizenship in pre-K-12 education as a national priority.

• Promote instruction in digital media literacy and computer security in pre-K-12 education nationwide.

More resources

CNET’s Elinor Mills summary on CNET

Blog post by OSTWG member Adam Thierer of Progress & Freedom Foundation

The Report

Online Safety and Technology Working Group Final Report

This 5:20 video shows how to configure Facebook’s new simplified privacy settings. Including: Using the new one-page simplified privacy controls, limiting what the world can see about you, opting-out of Instant Personalization and an introduction to customizing privacy settings.  Also see the more advanced video Facebook’s Granular Privacy Controls:  Who Can See What.

This video shows how to use Facebook’s more advanced granular controls. It’s a sequel to the introductory video, “Facebook’s Simplified Privacy Controls.”

This 10 minute video not only shows how to configure Facebook’s latest “simplified” privacy settings but also how to customize your settings for maximum control.  It also describes changes to their privacy policy.

On Wednesday May 27th, Facebook CEO Mark Zuckerberg announced that the company would simplify its privacy settings and require that less information be made available.

That afternoon, I spoke with Zuckerberg in a recorded interview for CBS News and CNET.  Here are some clips from that interview as well as links to the entire interview and an article about the interview on CNET.

Zuckerberg on kids under 13 on Facebook (57 seconds)

Zuckerberg on schoos banning use of Facebook & social media (54 seconds)

Entire interview (13 minutes)

CNET article & interview

In response to recent widespread criticism over changes made to its privacy policy in April, Facebook announced today that it has modified its user controls to make it easier to configure privacy settings and to retroactively control access to content that has already been posted. The company also said that it has “drastically reduced the amount of information that is available to everyone.”

Facebook also promised to “carry over people’s privacy choices for new products that facilitate sharing” and the company pledged to make fewer privacy changes in the future. “Facebook recognizes that the many privacy-related changes over the past year may have caused confusion, and the company will work within the framework announced today as it continues to innovate new features and products,” it said in a release.

The company announced the changes at a 10:30 AM (PST) press conference at its Palo Alto, California headquarters and wrote about it on the company blog.

New Privacy Control Center

A new “one click” privacy control center will make it easier to limit access to information to friends, friends of friends or everyone with a single click. A single grid displays all settings which makes your personal privacy profile a lot easier to understand. The company will continue to offer granular advanced settings to people who want more control.

A new “main setting” makes it easy to share on Facebook with friends, friends of friends or everyone — “all with just one click.” The corresponding settings are immediately applied and displayed in a grid. At the same time, Facebook has maintained its more granular settings for those who want to customize their level of sharing. These settings now all appear on a single page for easier access.