Following another round of criticism over its privacy settings, Facebook is tinkering with its policies once again. But many users are starting to ask whether it's too little, too late. The site has struggled with negative user feedback, while continuing to court advertisers for the hugely popular social network.

"When people have control over what they share, they want to share more. When people share more, the world becomes more open and connected," Zuckerberg said. "Over the past few weeks, the number one thing we've heard is that many users want a simpler way to control their information. Today we're starting to roll out changes that will make our controls simpler and easier," says Facebook CEO Mark Zuckerberg.

Facebook currently has more than 400 million users around the world and recent statistics suggest close to one in four Canadians is a member of the site.

Read more

In the age of social media and chronic online oversharing, how can you maintain privacy on the web? Two communications experts took your questions on navigating the digital sphere, and managing your public persona.

Nancy Baym, PhD, is an associate professor of communication studies at the University of Kansas. She is the author of the just-released book Personal Connections in the Digital Age, which examines digitally-mediated language, community, relationships and social network.

John S. W. Spinda, PhD is an assistant professor of organizational communication at Murray State University in Western Kentucky. A great deal of his research and teaching activity revolves around social networking and computer-mediated communication.

CBC News Your Voice spoke with Baym and Spinda to get their tips for staying secure.

What is the number one privacy concern for people engaging in social networks?

Nancy Baym: People are often unaware of, or forget, who can read their messages. It's not that they are at risk of revealing something no one can know, but that something they want to keep to one group of people ends up being exposed to someone unintended like an employer, a co-worker, a parent, a community, and so on. This can happen through people posting things while thinking only of a particular subset of friends, it can happen because things are passed on from one recipient to others who weren't intended audiences, it can happen because someone else posts on your profile or tags you in a photo, it can happen because people don't realize exactly what their settings allow (so things end up repurposed as they are at http://www.youropenbook.org which pulls together public status updates using search terms like "playing hookey" or "prude").

John Spinda: I feel that the biggest privacy concern is not the Big Brother scenario where advertisers, or even governments, are able to extract detailed information about individuals, as has been hotly debated this week with Facebook and MySpace privacy loopholes. I think most people trust and believe that social networking sites will solve these issues. In talking to a lot of my students and in some of my research, it seems that people are most concerned that someone of high relevance to them, such as a family member, close friend, co-worker, or supervisor, will see information about them that they do not want broadcasted in the public arena of social networking.

How is personal information being used by social networks?

N.B.: Mostly it's being used to create highly differentiated marketing profiles that can be used to target ads. They also use it to recommend people and other things they think you ought to be connected with, presumably in order to get you more invested in the site and hence, a richer target for personalized ads.

J.S.: Personal information is being used by social networking websites to create very detailed targets for advertising purposes. This is hardly a new marketing practice, but the speed to which an advertiser can nail down segments of people is startling. Recently, I directed a student research project about Facebook at work. Our funding allowed us to use Facebook advertising. When we set the ads up, we were able to target particular groups of people in less than 30 seconds. Facebook even had an estimated number of people in your created profile that updated in real time.

Research is beginning to show that this question is way more complex than we ever imagined. We've known for about a few decades now that people will make judgments and attributions about people online, even though there tends to be personal information that is harder to gauge than in face-to-face interaction. But social networking is providing us new types of personal information that is used to make attributions and judgments about people. For instance, a recent set of experiments indicated that judgments are made on Facebook about things like the number of friends a person has, whether a person's friends say positive things about them on their profiles, and whether or not a person has physically attractive friends. In other words, we've evolved enough online that we trust third-person information more than first-person information, because we know that can be manipulated and twisted to a person's benefit. This is also why I feel that the quality of third-person information is the biggest privacy concern that is on social networks.

What is the best way to protect your privacy online?

N.B.: Know the privacy settings of the sites you use, don't post all that obvious information (phone number, address, government identification numbers, pictures of your underage self drinking alcohol, etc). People often say "if you don't want it public, don't share it," but that's unrealistic. People should be able to talk to small select groups and individuals without fearing public exposure, but the fact is that digital communication can be saved and replicated, so people should keep that in mind. If, for example, you are contributing to a support site for something you don't want people to know you are dealing with, you can use a pseudonym. You can also manage your reputation by sharing a lot of information about yourself publicly and then the bits you wish weren't out there get obscured by all that you chose to share. But the main things are to really understand how the sites you use work in terms of who can see what information, to think through who the potential audiences for your messages are before you post them, and to pay attention to what others say about you and on your profiles.

J.S.: In my experience, it's all about setting boundaries and compartmentalizing. In my communication technology course last semester, I formed a class Facebook group. In discussing it during class, I mentioned that as students, they were put into a separate group by me that filtered my information. They were upset with this. I had to explain to them that I simply cannot take the long-shot chance that someone may see my wife and close friends and decide to harass them should they have an issue in class or be upset with me. I set a boundary and explained it. In addition, I mentioned how putting particular users in groups allows them to have their "college" social life among those friends while still having a professional or other more clean-cut image for the rest of the online world. This is especially important to teach kids because of the potential for cyberbullying or online harassment that I have seen. Among some teenage girls, it is a sign of trust to allow a friend to have an email or IM password. Well, what happens when an argument occurs or someone gets jealous? Again, setting boundaries and maintaining them is important. You wouldn't want someone following you around all day a foot away from you, it would violate your personal space. Our online lives are so intertwined with our physical lives that not setting boundaries is a lot like this scenario.

Should governments be more involved in regulating privacy online?

N.B.: Internationally there are very different attitudes about privacy (for example, whether privacy choices should be opt-in or opt-out). The fact is that many countries already have laws about privacy and companies that want to operate in those nations will have to attend to those regulations. Just as governments are involved in regulating trade so that fraudulent sales are not allowed, they should have a role in assuring that online sites stick to the privacy promises they make.

J.S.: This is interesting because I believe that governments want to get involved, but with the slow-moving regulatory systems in place in western societies, they simply can't keep up. Also, I feel that many lawmakers are so busy trying to catch up to the latest issue, like sexting for example, that they lose focus of the big picture. By the time legislation is enacted, it may be way out of date. I believe that governments should have some involvement because the internet has fulfilled some of its "utopian promise," but has also allowed those who hate and bully a forum to unleash with less restriction. In my opinion, governments should get involved by generating a set of common sense ethics that guide the internet as a whole. I realize that the days looking at the "internet" as one entity are long gone, but it's simply impossible to regulate every single thing online. It would be almost like creating an online Magna Carta or Bill of Rights that guides legal interpretations.

Reader questions

Thehotbreadguy asks: I would like to ask to ask Nancy and John what they think the future holds for "open-source" social networking that has been previously attempted in the past, and has yet to prove its viability, especially with regards to privacy concerns. There's a lot of hype surrounding Diaspora, which isn't even in its beta phase yet but drummed up so much support. It seems great things are expected of it and its claims of security. The spotlight is definitely on Facebook and its privacy problems. Can smaller networks be held as accountable? Facebook grew so large so fast that it is easy to harshly criticize it, but if we start to see smaller open-source companies spring up, how do we ensure they are not going down the same paths?


N.B.: Whether Diaspora will work out or not is a big unknown, but I certainly agree it's burdened with great expectations. I think those reflect the hopes that there will be a good Facebook alternative more than a deep understanding of who the Diaspora people are and what they are seeking to design. I sent them a little money myself, but it looks to me like the system they are building will be too complicated for most people to adapt it. I doubt most people can handle running their own server, even if it isn't really all that hard. My sense is that if open source alternatives are going to work, and I hope they are, they will have to be very easy and will have to look and function like a centralized system if they're going to get widespread adoption. Making something "open source" is no guarantee of privacy either. That said, I do think it's realistic to expect something to compete with Facebook in the next few years, just as Facebook rose out of nowhere to compete with MySpace, Google and other things that dominated the market and seemed unbeatable. I don't know that we can ensure that smaller companies behave themselves and we may well have more to fear in terms of privacy from companies that operate below the radar of public opinion. Hopefully the pressure on Facebook will serve as a warning to those companies, but it will require users and critics remaining vigilant. Even with the best intentions, small companies can still fall prey to security holes and other lapses that lead to information leaks without consent.

J.S.: I am in agreement with this commentary in that privacy and openness are means to an end and not an end in and of themselves. So I would say that for open-source social networking to truly work, a platform will first need to have a "spirit" or theme like popular social networking websites. For example, Facebook seems to have the "yearbook" theme of social connectedness. It will need a theme that is catchy and effective. 

Next, the website will need to be simple. Even though younger adults are using social networking in high rates, they use default privacy settings quite often. Many simply don't take the time to customize settings. To me, a good analogy is cars. Nearly all of us drive one, but some want to tinker and alter the defaults to make the car faster, or more efficient, etc. However, a majority of drivers just assume the car will work with routine maintenance (or less). Those that are migrating to the open-source social network sites are like the mechanics. They want control over every aspect of their profile and want to have the autonomy to tweak. More importantly, they have the technology skills to tweak. However, many will just hope that Facebook solves the issues and will carry on as usual.

Finally, I think a big hurdle is know-how of users. Based on percentages, it seems like younger users are far and away the most populated age group online. However, it is important to note that 50 to 60 per cent of one generation, such as middle-aged adults is comparable in overall users to 80 to 90 per cent more recent generations that have lower population figures. To me, the ease of Facebook is why it achieved a rapid adoption, especially among adults with less technology skills. I am not sure if more complex social networking will work among the masses at this time.

Blochi asks: What's the best way to get a photo permanently removed from a social networking site?

N.B.: There's no guarantee that you can get something removed. Obviously, if you posted it, you can take it down, but there is no way to guarantee that it hasn't been copied and posted elsewhere. If someone else has posted it, you can ask them. If it is infringing content or libelous somehow (a trick if it's not altered), you can seek redress through the site as most sites ban infringing content and some kinds of images could be considered violations of some terms of service. However, there are no laws that allow people to control which images are posted by others, even if they are pictures of you, so there is no certain way to remove images.

J.S.: This is tough because each site would have different policies. As far as Facebook is concerned, it is complex. A first step is to remove your tagged identity on the photo. A second step is to ask Facebook to remove the photo from another person's website. Here is a link that explains this. Please review the first few topics.