By VAUHINI VARA
January 30, 2008; Wall Street Journal
In November, users of social-networking site Facebook Inc. started seeing updates on what their friends had bought online. Last month, users of a Google Inc. news service began receiving lists of articles their friends and acquaintances had read online. And earlier this month, Sears Holdings Corp. let people type anyone's name, phone number and address on a Web site to learn about their Sears purchases.
All three examples have one thing in common: The companies allowed Web users to access personal information about other people they know -- sometimes without the knowledge of those people.
Online-privacy debates used to center on how Web sites share their users' information with the government, advertisers or complete strangers. But in recent months, a new question has emerged: How much should your friends and acquaintances really know about you?
Internet-privacy experts, and in some cases the users themselves, are demanding more controls on how information is shared with so-called friends. Web sites, in turn, are taking steps to make it easier for users to change their privacy settings and determine exactly which friends see what information.
The data-sharing issues grow as more companies take a page from popular social-networking sites like MySpace and Facebook that let their users create pages full of details like where they live and work, who they are dating, and what their weekend plans are. People can share that information with other people by adding them as "friends," a term usually taken to describe anyone they know. As that idea has caught on, Internet companies have taken it further. If people like sharing basic information, the thinking goes, they'll love sharing even more particulars -- like their shopping and reading habits.
"These companies think, 'Oh, neat, look what we can do,' but some consumers respond by saying, 'Wait, we didn't want you to do that,'" says Lillie Coney, associate director of the Washington D.C.-based Electronic Privacy Information Center.
No Easy Solution
For consumers, there is no silver bullet to solving these privacy issues because each Web site shares information differently. So right now the onus is on individuals to protect themselves by painstakingly visiting each site to change their settings.
Facebook in November introduced a marketing program called Beacon to keep their users on the site longer. In this feature, Overstock.com Inc., Fandango Inc. and dozens of other companies agreed to notify Facebook every time one of its users made a purchase on one of their sites. In turn, Facebook began notifying those users' friends of the purchases.
Rachel Hundley, a law student in Chapel Hill, N.C., experienced this firsthand. After the 24-year-old bought a dress and some shoes on online retailer Overstock, the online retailer notified Facebook of the purchase. Facebook in turn sent a message telling several of Ms. Hundley's friends about it. The next day, a friend commented on her "cute dress." Ms. Hundley says she was "disgusted" by the experience, saying she wanted more control over how her information was shared.
When she tried to fix the situation, she faced hurdles. She first checked a box on Facebook asking the site never to tell her friends about her Overstock purchases. But when she later looked over her privacy settings, she realized she also needed to check a separate box to keep the Web site from telling her friends about activities on other sites outside of Facebook.
Responding to criticism from Ms. Hundley and others, Facebook changed its privacy settings in December, making it easier to opt out of the program altogether. Still, because of the backlash, Overstock.com pulled out of the arrangement, although other retailers remain.
Jennifer King, a privacy researcher at the University of California at Berkeley, suggests several privacy-strengthening steps for people who use services like email, photo-sharing and social-networking sites that allow users to create lists of "friends." Ms. King recommends adding someone to your list of "friends" only if you really know them. She also advises considering how sharing a message, photo or personal detail online could later embarrass or harm you.
"Pretend you're sharing it with everyone at a party -- and that they're all holding video cameras," Ms. King says.
Here is a guide for some ways to take control of your information on some of these services:
On Facebook, start by clicking on the "privacy" link at the site's top right-hand corner. You can click on the links to "profile," "search" and so on to determine who can see your information. A surefire way to avoid showing information to strangers is to choose "only my friends." But if you want to hide details even from some friends, put them on what's known as a "limited profile," a bare-bones version of your profile.
To stop Facebook Beacon altogether -- as Ms. Hundley did -- click the link to the privacy page. Then click on "External Websites" and check the box labeled "Don't allow any Websites to send stories to my profile." ("Stories" are Facebook-speak for "updates about me.")
Tackling Privacy Concerns
Facebook plans to let users organize their friends into groups and choose exactly which information each group gets to see, says Chief Privacy Officer Chris Kelly. He says about 20% of Facebook users have tweaked their privacy settings in some way but declines to say what percentage has opted out of Beacon. "People have different tolerance levels, and the best way to address that is to give them more transparency about what's being shared and more control over what's being shared," he says.
News Corp.'s MySpace, like Facebook, notifies its users when one of their friends has a birthday, posts new photos or adds new information about themselves to their profiles -- though it doesn't tell users what their friends do on sites outside of MySpace, as Facebook does with Beacon. MySpace has its own privacy settings, which it details in the privacy page accessible via a link in the top right-hand corner of MySpace. The company declined to comment on privacy policies.
Review Privacy Settings
Beyond these companies, there are scores of other sites that allow users to share personal information, from photo-sharing sites like Hewlett-Packard Co.'s Snapfish to Amazon, which lets people share details with others about what they've been reading. Be sure to review your personal profile and read the sites' privacy policies.
Established Web companies like Google are also adding features to let people share their online activities with others. In December, Jonathan Rawle, a 28-year-old physics researcher in Didcot, England, logged onto Google Reader, a service that lets users keep track of new articles and blog posts and read them without leaving Google's service. The service also lets users "share" items with certain friends by clicking a button.
This time, Mr. Rawle saw a list of items that someone named Roger, who he didn't know, was sharing with him. Google had recently begun guessing who its Google Reader users' friends are, by tracking their habits in Google's instant-messaging service, Google Talk, and then automatically sharing items with those people. That meant if Mr. Rawle clicked the "share" button to send a news item to his real friends, Roger might see it, too. Mr. Rawle says he now refrains from sharing items altogether.
A Google spokesman says the company is considering adding more privacy controls, but for now, the only way to avoid sharing with a specific person is to delete that person from your address book in Google Talk. The company doesn't share the data with third-party companies.
At Sears, a spokeswoman says the purchase-tracking service -- which was available at ManageMyHome.com -- "was added to provide our customers with easy access to useful information about products they have purchased from Sears." Sears took down the feature, she says, after the company received privacy complaints.
January 30, 2008; Wall Street Journal
In November, users of social-networking site Facebook Inc. started seeing updates on what their friends had bought online. Last month, users of a Google Inc. news service began receiving lists of articles their friends and acquaintances had read online. And earlier this month, Sears Holdings Corp. let people type anyone's name, phone number and address on a Web site to learn about their Sears purchases.
All three examples have one thing in common: The companies allowed Web users to access personal information about other people they know -- sometimes without the knowledge of those people.
Online-privacy debates used to center on how Web sites share their users' information with the government, advertisers or complete strangers. But in recent months, a new question has emerged: How much should your friends and acquaintances really know about you?
Internet-privacy experts, and in some cases the users themselves, are demanding more controls on how information is shared with so-called friends. Web sites, in turn, are taking steps to make it easier for users to change their privacy settings and determine exactly which friends see what information.
The data-sharing issues grow as more companies take a page from popular social-networking sites like MySpace and Facebook that let their users create pages full of details like where they live and work, who they are dating, and what their weekend plans are. People can share that information with other people by adding them as "friends," a term usually taken to describe anyone they know. As that idea has caught on, Internet companies have taken it further. If people like sharing basic information, the thinking goes, they'll love sharing even more particulars -- like their shopping and reading habits.
"These companies think, 'Oh, neat, look what we can do,' but some consumers respond by saying, 'Wait, we didn't want you to do that,'" says Lillie Coney, associate director of the Washington D.C.-based Electronic Privacy Information Center.
No Easy Solution
For consumers, there is no silver bullet to solving these privacy issues because each Web site shares information differently. So right now the onus is on individuals to protect themselves by painstakingly visiting each site to change their settings.
Facebook in November introduced a marketing program called Beacon to keep their users on the site longer. In this feature, Overstock.com Inc., Fandango Inc. and dozens of other companies agreed to notify Facebook every time one of its users made a purchase on one of their sites. In turn, Facebook began notifying those users' friends of the purchases.
Rachel Hundley, a law student in Chapel Hill, N.C., experienced this firsthand. After the 24-year-old bought a dress and some shoes on online retailer Overstock, the online retailer notified Facebook of the purchase. Facebook in turn sent a message telling several of Ms. Hundley's friends about it. The next day, a friend commented on her "cute dress." Ms. Hundley says she was "disgusted" by the experience, saying she wanted more control over how her information was shared.
When she tried to fix the situation, she faced hurdles. She first checked a box on Facebook asking the site never to tell her friends about her Overstock purchases. But when she later looked over her privacy settings, she realized she also needed to check a separate box to keep the Web site from telling her friends about activities on other sites outside of Facebook.
Responding to criticism from Ms. Hundley and others, Facebook changed its privacy settings in December, making it easier to opt out of the program altogether. Still, because of the backlash, Overstock.com pulled out of the arrangement, although other retailers remain.
Jennifer King, a privacy researcher at the University of California at Berkeley, suggests several privacy-strengthening steps for people who use services like email, photo-sharing and social-networking sites that allow users to create lists of "friends." Ms. King recommends adding someone to your list of "friends" only if you really know them. She also advises considering how sharing a message, photo or personal detail online could later embarrass or harm you.
"Pretend you're sharing it with everyone at a party -- and that they're all holding video cameras," Ms. King says.
Here is a guide for some ways to take control of your information on some of these services:
On Facebook, start by clicking on the "privacy" link at the site's top right-hand corner. You can click on the links to "profile," "search" and so on to determine who can see your information. A surefire way to avoid showing information to strangers is to choose "only my friends." But if you want to hide details even from some friends, put them on what's known as a "limited profile," a bare-bones version of your profile.
To stop Facebook Beacon altogether -- as Ms. Hundley did -- click the link to the privacy page. Then click on "External Websites" and check the box labeled "Don't allow any Websites to send stories to my profile." ("Stories" are Facebook-speak for "updates about me.")
Tackling Privacy Concerns
Facebook plans to let users organize their friends into groups and choose exactly which information each group gets to see, says Chief Privacy Officer Chris Kelly. He says about 20% of Facebook users have tweaked their privacy settings in some way but declines to say what percentage has opted out of Beacon. "People have different tolerance levels, and the best way to address that is to give them more transparency about what's being shared and more control over what's being shared," he says.
News Corp.'s MySpace, like Facebook, notifies its users when one of their friends has a birthday, posts new photos or adds new information about themselves to their profiles -- though it doesn't tell users what their friends do on sites outside of MySpace, as Facebook does with Beacon. MySpace has its own privacy settings, which it details in the privacy page accessible via a link in the top right-hand corner of MySpace. The company declined to comment on privacy policies.
Review Privacy Settings
Beyond these companies, there are scores of other sites that allow users to share personal information, from photo-sharing sites like Hewlett-Packard Co.'s Snapfish to Amazon, which lets people share details with others about what they've been reading. Be sure to review your personal profile and read the sites' privacy policies.
Established Web companies like Google are also adding features to let people share their online activities with others. In December, Jonathan Rawle, a 28-year-old physics researcher in Didcot, England, logged onto Google Reader, a service that lets users keep track of new articles and blog posts and read them without leaving Google's service. The service also lets users "share" items with certain friends by clicking a button.
This time, Mr. Rawle saw a list of items that someone named Roger, who he didn't know, was sharing with him. Google had recently begun guessing who its Google Reader users' friends are, by tracking their habits in Google's instant-messaging service, Google Talk, and then automatically sharing items with those people. That meant if Mr. Rawle clicked the "share" button to send a news item to his real friends, Roger might see it, too. Mr. Rawle says he now refrains from sharing items altogether.
A Google spokesman says the company is considering adding more privacy controls, but for now, the only way to avoid sharing with a specific person is to delete that person from your address book in Google Talk. The company doesn't share the data with third-party companies.
At Sears, a spokeswoman says the purchase-tracking service -- which was available at ManageMyHome.com -- "was added to provide our customers with easy access to useful information about products they have purchased from Sears." Sears took down the feature, she says, after the company received privacy complaints.
