I wrote this email to some friends about Facebook versus a personal password-protected website for photos and personal stuff. Thought it might be of use to others
Just wanted to write some things about Facebook.
First, putting photos onto Facebook is really dangerous as it regularly changes security settings without telling anyone. In the last 5 years, Facebook security has been regularly downgraded and people have had to make serious effort to lock their profiles down again.
http://flowingdata.com/2010/05/07/evolution-of-facebook-privacy-policies/ – a graphical representation of the EFF link above
The April incident where they implemented a service called ‘Social Graph’ meant that everyone’s profiles were open to the world. The idea from Facebook was so that you could be found anywhere easily and simply, your identity could be shared with ‘3rd party providers’ (that they had deals with) to advertise at you. Supposedly this meant you could just log in with your FB profile information and this would make things easier. In reality it meant everyone had to scramble to lock their profiles down from prying eyes.
Further, With Facebook, you might be able to lock your profile down, but you also have to consider the profiles of your friends — if they’re not locked down as tightly as yours, or if they’ve got apps which can see their profiles then there’s a security issue there too.
Apps are a problem. Any time you use one, you’re giving free access to your entire profile to a third party. There are no guarantees what they do with this information.
Last, Facebook owns EVERYTHING you post on their site. You can’t ask for your profile to be truly removed from their servers — you can only get it turned off.
The advantage you have with a website is that you can lock it completely down. No-one can see anything without the appropriate password. You own the content and you control who can go in and out. And if things go badly or something odd happens, you can take it down completely.
You can also implement a feature called ‘nofollow’ which means the site won’t be included in search — Ultimately, however, google needs to see the site and the text on the site to index (include the site in search results) which is impossible if it’s password protected as soon as you arrive and the site won’t even display without the appropriate username and password.
The bottom line is that on the web, it being an ‘information superhighway’, it is actually possible to run across the road without being hit — you just have to be very wary of the way you do it, otherwise it’s all-over!