Facebook adds new feature that exposes personal info and then takes it away: time to check your settings
Update: Facebook has put this feature on hold.
This past Friday the following announcement was posted on the developers blog for facebook.
Platform Updates: New User Object fields, Edge.remove Event and More
User Address and Mobile Phone Number
We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.
Please note that these permissions only provide access to a user’s address and mobile phone number, not their friend’s addresses or mobile phone numbers.
You can request these permissions our SDKs (JavaScript SDK below)
As a reminder, the access and use of this data is governed by our Platform Policies which we recommend you review periodically.
As explained and pictured here, the premise is when you are using an application that is linked to Facebook, say posting a comment to a site that uses Facebook as a login method, you should get a popup window asking your permission to share your cellphone number and email address.
Update as of 2:25AM January 18, 2011
Improvements to Permissions for Address and Mobile Number
On Friday, we expanded the information you are able to share with external websites and applications to include your address and mobile number. With this change, you could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute alerts on special deals directly to your mobile phone.
As with the other information you share through our permissions process, you need to explicitly choose to share this data before any application or website can access it, and you can not share your friends’ address or mobile number with applications. Also, like other data you make available to third party apps and websites, you can always clearly see and control the ways your information is being used in the Application Dashboard.
Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks.
Edit (1/18/11): Mindless rant warning below. This part of my original post was wrong.
But what I found in checking the permissions in my account was a “contact” feature I’ve never recalled seeing the last time I made sure my settings had the appropriate privacy I wanted.
This includes physical mailing address, email addresses, and cell phone number.
Contact information
Mobile phone
Only Me
o Everyone
o Friends of Friends
o Friends Only
o Customize
Other phone
Only Me
o Everyone
o Friends of Friends
o Friends Only
o Customize
Address
Only Me
o Everyone
o Friends of Friends
o Friends Only
o Customize
IM screen name
Only Me
o Everyone
o Friends of Friends
o Friends Only
o Customize
me@isp.com
Only Me
o Everyone
o Friends of Friends
o Friends Only
o Customize
me2@ISP.com
Only Me
o Everyone
o Friends of Friends
o Friends Only
o Customize
My cellphone and email address were now settings I had to set. They were defaulted to “friends only” which means anyone I friended had access to my phone, address, and email.
Check your settings. This personal account setting may have been around longer than the developer blog announcement date, I know that every time I make a change, I opt for the most private settings on my account. There’s no way I missed this the last time I had to increase my privacy settings from the Facebook default because of a new feature addition.
Before posting this, googled “facebook adds contact info” and found nothing to indicate a date for this change. If I’m wrong, I’d appreciate anyone correcting me. I’ll edit this post appropriately.
If I’m correct, I’d like to add a message to Facebook. Screw you for having to make me constantly monitor my privacy because you default to “too much info” than I would normally give.
Edit (con’t):
My general rant still holds. Evolving features from web apps are great. Informing users of changes as they occur directly instead of having to read of changes via reporting in tech news is pretty shoddy.