An online tool will tell you how secure your settings are—does it work?

One wonders if Mark Zuckerberg and his fellow Facebook executives are wishing they could declare a do-over right about now, dating back to late April. That’s when Facebook held its developer summit and unveiled plans to make the social network even more ubiquitous on the Web—and that also raised a number of serious privacy concerns among Facebook users. Since then, Facebook has been the subject of what seems like a daily drumbeat of headlines about its privacy policies, whether it’s users quitting the social network service or pundits advocating for improved privacy rules.
The optimist in me hopes that the public uproar inspires Facebook’s management to spend less effort on spin and more on unraveling the Gordian Knot that is managing your privacy settings on the social network site. (It’s an oft-quoted tidbit, but this New York Times report bears repeating: to completely manage your privacy on Facebook, you’ve got to manage 50 settings with more than 170 options. That seems… excessive.) Until Facebook lets up the requisite puff of white smoke to announce what came out of last week’s privacy summit, however, when it comes to making sure your Facebook information is only seen by the people you want to share it with, you’re still on your own.
Well, not entirely on your own—ReclaimPrivacy.org, a privacy awareness group, has developed a tool that scans your Facebook privacy settings to tell you how secure your data is. The tool is available in the form of a bookmarklet that you drag to the bookmarks bar of your Web browser. Then you head to Facebook’s privacy settings screen—ReclaimPrivacy.org helpfully provides a link—and click on the bookmark. After the tool scans your privacy settings in six areas—Facebook’s Instant Personalization feature; your personal data; contact information; friends, tags, and connections information; what your friends can share about you; and whether applications can leak your personal data—it tells you what areas are secure and where you may want to consider tweaking your settings.
Hold on a minute, the privacy-focused among you might be saying: How do I know that ReclaimPrivacy.org will respect my privacy. The Website says it never sees your Facebook data nor does it share your personal information. It also publishes the source code for its scanning tool in the name of transparency.

I used the ReclaimPrivacy.org tool on my own Facebook account to see how it worked, testing it both on Safari 4 and Firefox 3.6. Running the scanner takes just a few seconds, and I got a green Secure label for Instant Personalization, as well as preventing friends and applications from inadvertently sharing my data. Three areas were flagged with a yellow caution label—my personal information, contact information, and friends, tags, and connections data. (According to reports elsewhere on the Internet, there’s a third label—a red “insecure” flag. That one didn’t appear in my tests, which I guess is a sign that my paranoia and distrust of my fellow man is good for something.) The ReclaimPrivacy.org tool provides helpful links for adjusting any settings it flags as problematic. To secure my personal information, I clicked on the supplied link and altered my biographical info so that only my Facebook friends could see it. Hitting the rescan button brought up a green secure label for my personal information.
Securing my contact information and friends, tags, and connections data proved more problematic. I’ve set my Facebook preferences to allow anyone to add me as a friend or send me a message. That apparently raises a caution flag for ReclaimPrivacy.org, though it’s one I’m willing to live with. (What’s the point of being on a social network only to make it difficult for people to find you? Besides, I figure I can ignore any friend requests or messages that strike me as hinky.) As for friends, tags, and connections, I can only guess that ReclaimPrivacy is concerned that I’ve made my hometown, education, and work info visible to anyone. (No one must ever know that Philip Michaels is employed by Macworld!) While I can understand that some Facebook users may not want to share that specific data, I’m fine with having it out there just as I’m fine with ReclaimPrivacy.org letting me know that I may want to rethink that stance if I want to be completely secure.
There’s one thing about the ReclaimPrivacy.org tool that struck me as curious: When I scanned my Facebook settings in Firefox, I got the all clear on everything—even the categories still flagged with a yellow Caution label in Safari. My takeaway message? As helpful as the ReclaimPrivacy.org tool is—and it is very helpful—it’s not a silver bullet for every privacy concern you’ll have on Facebook. The best weapon you have is still your own common sense—though a little clarity from Facebook itself would be welcome, too.
[Macworld.com executive editor Philip Michaels requests that you keep his employment data under your hat.]