Facebook Stops Irresponsibly Defaulting Privacy Of New Users’ Posts To “Public”, Changes To “Friends”

After years of putting new users at risk of oversharing by defaulting the visibility of their status updates and photos to public, Facebook is switching the default to “friends”. It will also start asking existing users to go through a “Privacy Checkup” flow where they can review and confirm their privacy settings. The changes should reduce the number of users accidentally exposing their content and personal information to a wider audience than they wanted.

Facebook Privacy Product Manager Mike Nowak admits to me that “Sometimes when people share things on Facebook, they feel like that info is more public than than they wanted or more people than they thought can see their posts. A lot of us have had the experience of sharing something and unexpectedly having it be more broadly visible [than we desired]” which he likens to hitting “reply all on an email”.

“We think oversharing is worse than under sharing”, Nowak claims.


An Era Of Broken Privacy

That’s a stern 180º from 2009 when Facebook first began defaulting new users’ posts to be publicly visible. Then in April 2010, Facebook rolled out sweeping privacy changes including “Recommended Settings” that were supposed to be reasonable defaults that matched the sensitivity of the data. Existing users were offered a chance to switch to the recommended settings, and new users were defaulted into them. While it rightly set personal and contact info to “friends only”, it brazenly set News Feed posts like status updates and photos, family and relationships, and bio and favorite quotations to “public”.


When I covered the defaults and changes back in 2010, I called them “risky”, because users who weren’t paying close attention might assume that since Facebook had launched for sharing with college buddies and was all about adding friends, that that’s who their posts would be seen by. That meant risqué behavior, sexy photos, crude jokes, or controversial opinions could be found by family members, employers, or random stalkers.

“We made the decision because we thought it was right for people and over time we’ve gotten the feedback that oversharing is worse than undersharing and that’s why we’re making this change to the friend setting now,” Nowak says.

These recommended settings were the nightmare incarnation of Facebook’s mission “to make the world more open and connected”.

Facebook CrestIt stemmed from a naive view that people should have nothing to hide — an easy perspective to take if you’re your own boss or have a high-value skill set in a progressive industry. It ignored the fact that many people don’t have the freedom to be so open, because they’re constantly judged by parents, teachers, and companies happy to hire someone else if they see you boozing it up, dancing, or spouting polarizing views. I hope one day we can all evolve past discriminating against people for how they recreate or express themselves and actually be more open, but there’s a difference between encouraging the world to embrace that future and dragging people into it.

The rotten defaults could be seen as the start of an ongoing push to get Facebook users sharing more publicly, in response to the rise of Twitter. Hashtags, Trending Topics, embedded posts, and the option for those under 18 to post publicly are the most recent product changes to that effect.

When I asked Nowak why the hell Facebook did this to the defaults, he said “We heard people wanted to share publicly and we observed this was an important trend on the Internet. We made the decision because we thought it was right for people.” But it wasn’t.

Making Privacy More Visible

In 2011, Facebook was forced to settle with the Federal Trade Commission and the Office of the Irish Data Protection Commisioner. The deals made the company subject to 20 years of privacy audits by the FCC, and forbid it from changing existing privacy settings without permission.

Thankfully since around the time of those settlements, Facebook has moved to making privacy controls easier to understand and access. Most importantly, it added an in-line privacy control button to the status composer in 2011 so users could choose their audience on a post by post basis.

Simplified Audience Selector WWW

Last month Facebook announced it was improving that privacy selector so it was more visible and immediately recognizable. You can see the new web design above and a before and after on mobile below. Facebook also redesigned the third-party app privacy settings, began reminding users posting publicly that everyone can see that content, and announced the option to log in to other apps anonymously to give users more control outside of Facebook.

Simplified Audience Selectors Mobile

But the public status update default for new users has been a necrotic vestigial wing of a more careless era of privacy fron before these settement. It’s good to see this finally excised.

Less Open For The Better

Now, new signups will have their News Feed posts defaulted to “friends”, but can change their audience to Public, Only Me, or a custom list at any time. This is a much better balance for privacy — start with a reasonably safe default and give people choice.

To educate new users about their options, Facebook says “First time posters will also see a reminder to choose an audience for their first post”, but the default will be Friends unless they switch it. Users can also change the privacy of past posts.

First time poster education

For existing users, nothing is changing about Facebook’s privacy system or how it works, but they will get some additional education.

Over the next few week, Facebook is rolling out the blue dinosaur privacy checkup tool it tested in March and April. Users posting publicly may see an alert apologizing for the interruption but reminding them they’re sharing with 1.28 billion Facebook users. Nowak tells me surveys showed that 80% of people who saw this privacy reminder found it helpful.

Public posting reminder

Now it’s roling out a more forceful “Privacy Checkup” that prompts users to review their existing privacy settings, as shown at the top of this article. This includes their News Feed post audience, the apps they share their data with, and the personal information they display on their profile.


Nowak tells me Facebook is trying to be “proactive about helping people get their privacy set up. We all heard the feedback that if people are sharing with more people than they intend to, it’s bad. Bad for them and bad for us because people feel less in control.”

Hopefully this is a sign that Facebook is turning over a new leaf when it comes to privacy. Two new features added this month, Nearby Friends and audio recognition that uses your phone’s microphone to tag photos and tv shows, both launching with a privacy-friendly opt-in model.

If you judge by monthly active users, you could say Facebook’s social network has conquered much of the world. But the company is hoping “Zuckerberg’s Law” comes true and people continue sharing twice as much each year. For that to happen, people can’t just accept Facebook as a utility they inevitably have to use. They have trust that the mission Facebook trumpets has an important clause implied at the end: “to make the world more open and connected…if it wants to be“.