>Advice from Unofficial Guide to FB Privacy and Security – Tagging.

>Tweet Is Facebook asking you to breach your friends privacy settings? Unofficial Guide to FB Privacy and Security Explains

Facebook loves getting its users to tag, which increases their face-database, (now assisted with facial recognition software.)  However tagging can make your privacy settings meaningless if a friend tags someone you don’t know in one of your photos.  This article shows a lack of proactive controls on a feature which Facebook itself pushes its vast millions to use every day, and photo engineers who don’t seem to know their own rules.

First the basics. You are forbidden from tagging someone without their consent. It’s in the terms. Look ->

Protecting Other People’s Rights. We respect other people’s rights, and expect you to do the same.  You will not tag users or send email invitations to non-users without their consent.

That’s right.  Every time you tag someone without asking them first, you’re breaching Facebook’s terms. So how is Facebook responsible?  Well for a start, it’s Facebook that keeps pushing us to tag people…

Ok let’s say you decide to upload a photo of someone onto the internet and put their name on it. That’s your responsibility. You had the idea, you made the choice, and you did it. But how would the people they know find it unless by pure chance?

The Facebook tag creates specific link back to a user which can be seen by anyone who is authorized to see it.  And much of the time it’s Facebook which puts the idea into users heads.

For instance when we browse a friend’s album, Facebook often presents a little tag prompt like this:

When we sign in Facebook challenges us to use their tag product some more in Ads like this:

And Facebook also now prompts users to tag people in their information sections like this:

If we visit Mark Zuckerberg’s profile for example, we can see he has tagged several people with whom he has worked and studied alongside. Clicking on those name tags will then take you directly to their profiles.  I would hazard a guess that Mark didn’t email them first to ask if they minded.

Ok so this is how tagging someone can negate their privacy preferences.

Carlos and Miles aren’t Facebook friends and Carlos has set his photo privacy so that only friends can see them.  So when Miles clicks on Carlos’s photos, the page is blank.  All good so far.

A mutual friend tagged Miles in one of Carlos’s photos.  Miles gets notified and can now see the photo which previously had a viewing restriction.  This is Carlos’s photo page to Miles now:

For the purpose of this article, the photo was a screenshot of Carlos’s photo privacy setting preferences:

So even though Carlos’s photo privacy settings are ‘friends only’,  Miles can now see a photo which Carlos uploaded to his wall just because someone placed a tag.

Once Miles was untagged, the album privacy settings were restored and Miles was unable to view the photo either via URL or Facebook’s tag notification.

And there you have it.  Carlos’s privacy settings blown apart in one small move.  If you upload some photos for ‘friends only’, and Facebook asks one of your friends to tag people while they browse, all you can hope is that they only tag people on your friends list.  If we hadn’t followed the ambiguous consent rule in our test, Carlos wouldn’t have had a clue that a total stranger was able to see one of his private photos until the next time he signed in.  No, we don’t think it’s right either.

Facebook’s answer to all this?  “Perhaps you shouldn’t be friends with people who tag you without consent”.

Seriously.

So when Mark Zuckerberg tagged his friends in his work and education sections, I guess they should have clicked ‘unfriend’?   If Facebook knows that people need to give consent before being tagged, it’s Facebook’s responsibility to make sure that consent is gained.  Instead of giving smart responses they should create smart solutions.

If you upload a photo and set it so that only friends can see it, that preference should be respected.  Facebook shouldn’t allow one of its products to create a back door.   If you someone tags you in a photo which you aren’t authorized to see, the tagger should simply be informed ‘Sorry we cannot authorize this tag’.

Or better still, if someone tags a photo you uploaded then you should get a notification and then approve or deny it.  After all, it is your photo.  And if you tag someone else, they should be given the same courtesy of being able to approve or deny the tag.

Facebook doesn’t seem to want to remind its users at all that they need to get permission to place a tag.  Facebook’s photo engineer Justin Mitchell published a blog called ‘Making Photo Tagging Easier’:

At no stage does Justin inform users that they must gain consent before tagging others. Instead he just advises on how to remove a placed tag.  And then he gives incorrect information proving even he doesn’t remember the rules:

“As always, only friends can tag each other in photos.”

Actually Justin, this is Facebook’s official response to that question at the Help Center,

“Can I tag people who do not use Facebook in photos?” “You can tag anyone in a photo, regardless of whether they have a Facebook profile. While tagging your photos, if you type in the name of someone who is not on your Friend List you have the option of listing their email address. When you are done tagging, they will receive an email that provides a link to the image. They will be able to see the photos in which they are tagged, but nothing else on the site unless they register.”

Ok so firstly, if Facebook engineers can’t remember the rules, how are the users expected to remember they are supposed to get permission every time Facebook prompts them to tag someone?

And secondly, why is Facebook prompting users to tag photos and then emailing people who don’t even have a Facebook account with a link back to a photo that you wanted to be seen by YOUR friends only?

Yes the photo owner can remove the tag, but only when they know it’s happened.

Interestingly Justin is very prominent on the Q&A site Quora, lending his expertise on many photo-related Facebook questions.  A friend shared a particularly intriguing example in which Justin explains eight rules of photo privacy in the form of a checklist.  The 8th rule is to “Obey the photo album privacy”.

Well we’ve proved here that tagging someone in a photo can totally disobey the album privacy.

One of the most frequently asked questions at Facebook’s Help Center is:

‘Is there an option to approve a photo tag before I am tagged in it?’

“The functionality of approving a photo tag is not available. When you are tagged in a photo by one of your friends, or when they tag someone in one of your photos, the tag request will be automatically approved. However, you can: Customize your privacy settings so that “Photos and videos I’m tagged in” is set to “Only Me.” Set your notifications so that you always know when someone tags you in a photo or tags one of your photos. You can control this setting from the “Notifications” tab on the Account Settings page.”

Facebook notifies us when we get a friend request, which we can Accept or Deny first. So the tech is in place and already being used. Why won’t Facebook use that same functionality so we can simply say ‘yes’ or ‘no’ to a tag first?

The only privacy control is for the convenience of the person tagged, in the form of setting ‘Photos and videos I’m Tagged in‘ to ‘Only me’. But that then also means that no one will see the photos you have tagged yourself in, and it doesn’t stop you seeing photos that you shouldn’t be authorised to see.

I would like someone at Facebook to answer the following:

• Why doesn’t Facebook remind users of the terms that they must gain consent before tagging when Facebook prompts users to tag?
• Will Facebook allow users to approve any form of tag on them before it is placed?  If not, why not?
• Will Facebook allow photo owners to approve a tag placed by someone else before it is effected?  If not, why not?
• Will Facebook place restrictions on tags so that when Facebook prompts users to tag people in photos, those who aren’t authorised to see that photo at that time cannot be tagged?  If not, why not?

Anybody can copy or share anything we upload to the net.  But when a company urges its users to use one of its own products, the company becomes partially responsible for that person’s decision to use it.  If the product has terms of use to obey then the company should remind users of those terms if the company asks them to use it. Facebook’s Privacy Policy states “We cannot guarantee that only authorized persons will view your information.” Well yes clearly, when Facebook itself is doing its best to make sure that unauthorized persons will see it.

If you upload a photo and you only want your Facebook friends to see it, that choice should be respected.  Instead Facebook is becoming a master of deception and contradiction by creating secret passageways to your data, and in some cases to people who don’t even have an account, while at the same time preaching how good its privacy control is by engineers who don’t seem to have an understanding or a clear memory about the bigger picture.

Do you think Facebook should allow your photos to be seen by people you didn’t authorize?  And do you want the chance to approve being tagged first?

Join  Unofficial Guide to FB Privacy and Security at www.facebook.com/privacyguide

The BULLDOG Estate