Tip: Control Facebook exposure by friending folks you know

Question: What extra exposure do I risk with Facebook’s Graph Search? Can this tool be as useful as Facebook says, considering the nonsense some of my friends post?

Answer: The search option that Facebook introduced last month^[1] has, so far, neither flung open the curtains on my profile nor lent me any profound insights about my friends.

One reason is that Graph Search finds nothing that you can’t already look up on your own with enough clicking around. (Remember, the company pledged last summer not to open more user data without permission in a 20-year settlement with the Federal Trade Commission.)^[2][3][4]

At most, you may suffer an unexpected guilt by association^[5] if you turn up in searches like “friends of people who like Pol Pot.”

That query yielded three friends; I would like to think that their pals had only expressed a historical or ironic interest in the genocidal Cambodian dictator, not a genuine appreciation.

And in some key ways, Graph Search sees less than what you can. For now, it looks at^[6] where you and your friends have checked in, the things you all have liked, interests and other background data listed on your profiles, and photos you already have permission to see. But it ignores the massive amounts of data in status updates and in third-party apps.

For example, if your friends use an app like TripIt to track their progress on a vacation, then rave about shops and restaurants in updates, Graph Search won’t know.

And many people on Facebook are selective, creative or both when deciding where to check in and what to like. For example, I only check in to large public places — for instance, ballparks, airports and convention centers — where I might not otherwise know about nearby friends. That makes these signals less useful to Graph Searchers than you might expect.

That doesn’t mean you should assume that nobody will turn up anything salacious about you, especially in your use of the Like button. To see what you’ve endorsed on Facebook, log into your account, go to your profile and click the large “Likes” button. If you gave a thumbs-up to something or somebody as a joke or to be nice, consider how that might look out of context.

The usual privacy-settings advice^[7] on Facebook — use its recently simplified “who can see my stuff”^[8] controls to make sure none of your stuff is visible to the public or (my advice) even to friends of friends — applies here too. But the best thing you can do to control your exposure is to accept only friends you know reasonably well offline.

Facebook itself may be trying to get that lesson across; the last few times I confirmed a friend request, it popped up a dialog asking if I knew the person outside of Facebook^[9]. I followed that advice myself after an enlightening, enjoyable talk with Facebook product manager Tom Stocky in the company’s Washington, D.C., offices two weeks ago: I sent him a LinkedIn connection request.

Tip: Fire some Facebook (and Twitter) apps

When you’re done making your latest inspection of your Facebook privacy settings^[10], click that page’s Apps link^[11] to see which third-party applications have access to your info. My own profile showed 45, many of which I had not touched in years and some of which were from defunct sites. So why keep them around? Click the “x” to the right of each unwanted entry to delete it^[12].

(Bonus tip: If you’re not sure what a vaguely named app does, you click on its name to check and you see a “Secure browsing is not supported” alert, that means its developers disregarded Facebook’s security advice^[13]. Zap it immediately.)

You can also limit the app’s visibility to only yourself — useful if you want to grab a retailer’s social-media discount without publicly shilling for the company — by clicking its “Edit” link.

Then do the same in Twitter. Sign into your account online, click the gear icon at the top right of the page and select Settings, then click the Apps link. If you see an app you no longer use or even remember using, click “Revoke Access”^[14] to terminate its link to your account.

—

Rob Pegorarois a tech writer based out of Washington, D.C. To submit a tech question, e-mail Rob at rob@robpegoraro.com^[16]. Follow him on Twitter at twitter.com/robpegoraro^[17].^[15]

References

1. ^{^} introduced last month (www.usatoday.com)
2. ^{^} Graph Search (www.facebook.com)
3. ^{^} nothing that you can’t already look up on your own (www.facebook.com)
4. ^{^} a 20-year settlement (ftc.gov)
5. ^{^} an unexpected guilt by association (www.eff.org)
6. ^{^} http://www.facebook.com/help/481453195225441/ (www.facebook.com)
7. ^{^} usual privacy-settings advice (www.usatoday.com)
8. ^{^} recently simplified “who can see my stuff” (www.usatoday.com)
9. ^{^} asking if I knew the person outside of Facebook (sulia.com)
10. ^{^} your Facebook privacy settings (www.facebook.com)
11. ^{^} Apps link (www.facebook.com)
12. ^{^} to delete it (www.facebook.com)
13. ^{^} Facebook’s security advice (www.facebook.com)
14. ^{^} “Revoke Access” (support.twitter.com)
15. ^{^} Rob Pegoraro (robpegoraro.com)
16. ^{^} http://mailto:rob@robpegoraro.com/ (robpegoraro.com)
17. ^{^} twitter.com/robpegoraro (twitter.com)