

Facebook Privacy Scanner is launched - mjpizz
http://www.reclaimprivacy.org

======
oliveoil
The tool's great! Let's hope you have not collected all my data when I ran it.

I also checked out this link on your homepage:
[http://finance.yahoo.com/family-
home/article/109538/7-things...](http://finance.yahoo.com/family-
home/article/109538/7-things-to-stop-doing-now-on-facebook)

It says leaving your full birth date is not recommended (identity theft). So I
went to the info page and clicked "edit information" but instead of having
edit boxes on the Info page facebook recommends me to convert are my movies,
music, colleges itc. into a pages (so they can track it better.. or make it
more unified?). It's very hard to navigate away from that page (for a normal
user anyway) and when you select nothing and click save they threaten you
there's going to be none of the information in those sections on your profile
(wow! now I'm scared!). Seriously --- it's becoming worse and worse, how can
they be so disrespectful to their users, how can they not fear losing them??

~~~
mjpizz
thanks! The scanner definitely does not collect your data, privacy policy
pasted below for clarification

\------

Our privacy policy is not long:

* we never see your Facebook data

* we never share your personal information

Simple. The scanner operates entirely within your own browser.

------
wvenable
I'm I the only one a little wary of scanning for privacy by logging into
Facebook and then injecting someone else's scripting code into the page?

(Edited for the pedantic)

~~~
mjpizz
I doubt you're the only one - thats why I made the source code completely
open:

[http://github.com/mjpizz/reclaimprivacy/blob/master/javascri...](http://github.com/mjpizz/reclaimprivacy/blob/master/javascripts/privacyscanner.js#L6242)

The only compressed stuff is jQuery javascript, all other Javascript is
uncompressed and commented. Hope that helps.

[edit: updated line number]

~~~
thorax
For the source code, I wouldn't include the compressed jQuery if possible.
Speed isn't as important here as transparency and it's quite difficult to scan
to tell whether there are any issues. I know you don't want to take up a lot
of room with jQuery but it really will help increase my ability to recommend
to others if all the code is easy to read.

You might also want to put comments on slightly scary things like PARTNER_APPS
to be sure people don't believe Yelp are YOUR partners or something crazy like
that.

Some of these things sound paranoid, but I'd like people to feel 100%
comfortable using your bookmarklet.

It worked great for me and identified some things I missed somewhere. Nice
work.

~~~
mjpizz
done. I left the compressed version deployed for now, but the source code is
now 100% uncompressed and commented:

[http://github.com/mjpizz/reclaimprivacy/blob/master/javascri...](http://github.com/mjpizz/reclaimprivacy/blob/master/javascripts/privacyscanner.js#L6242)

thanks for the feedback, esp about the PARTNER_APPS constant (now called
BLOCKABLE_APPS for clarity)

~~~
seasoup
Instead of copying and pasting jquery into your js, you could pull it from
google's CDN, that way it would be cached for a lot of people and trustworthy.
Well, trustworty-ish. :)

------
sounddust
This is great, but two things that I would _really_ like to know about my
privacy on Facebook are 1) which photos I'm tagged in that are publicly
visible (even if I have elected not to display tagged photos to friends), and
2) which wall posts are accidentally tagged as everyone.

Those photos are indexed by Google and contain my name, even if I have chosen
not to share photos I've been tagged in. I want to be able to see the list of
public ones so that I can manually untag myself. Similarly, it would take too
long for someone with thousands of wall posts to find the ones that might have
accidentally been set to "everyone".

I think that it might have been better to wait until these were included
before officially launching the tool, because the photo issue affects almost
everyone on Facebook, and if people use this tool and everything checks out
ok, they probably won't return again if you update it later.

~~~
mjpizz
I completely agree with you about photo privacy, and I was hoping to keep it
soft-launched while I added photo and wall-post privacy checks (my free time
is limited). Lifehacker and RWW wrote about it this morning though, so not
much of a choice.

Facebook is constantly changing this stuff though, so I'm hoping that the
Facebook page and Twitter announcements will keep people up-to-date and re-
running new privacy checks.

Source code is open, think you might have free time to help add some of those
checks in tonight?

<http://github.com/mjpizz/reclaimprivacy>

~~~
jakarta
Awesome job -- I think this will be a great service when you add photo privacy
checks. Among my friends, that is usually their biggest concern.

------
paulsmith
I shared this on my wall and encouraged my friends to try it, and got a few
responses that might be useful feedback for you as you improve it.

Basically, it was too hard to use. :-) I had to post very simple, step-by-step
instructions as a comment to walk them through it, even down to the "click on
the link and hold, then drag the mouse to the toolbar and let go" level.
Several of them also didn't realize you needed to be on facebook.com to use it
-- they tried just clicking the bookmarklet link on the original page.

The kind of people who can most benefit from a tool like this -- i.e., not the
elite geeks who probably already have awareness of FB's privacy issues and how
to address them -- need extremely straightforward, "don't-make-me-think"
instructions to gain value from it.

These people aren't stupid -- they just don't have the same intelligences we
have or assume others to have.

~~~
mjpizz
yea I had the same sense - thanks for that feedback. Maybe a screencast? I
don't have much time to do a screencast at the moment, but if anybody makes
one I will gladly post it up :)

------
atlbeer
Brillant tool and quite easy to use.

My only suggestion is the "auto-fix" button, can you give me a preview as to
what settings your application is going to change?

~~~
dacort
I second this. At the very least, link to somewhere where you describe what
changes were made (and how to revert if I so choose).

------
mjpizz
also, a lesson: enable capacity billing on your AppEngine account _ahead of
time_ , you never know when you're going to wake up in the morning and find
out somebody launched your project :)

luckily AppEngine made it really easy to spring back, so it should be fine now
(hopefully donations cover costs)

~~~
dschobel
I'm happy to donate money towards hosting costs; any intention of posting
those numbers? (assuming you're not launching this as a money making venture).

~~~
mjpizz
right now I'm not sure what the numbers will be - AppEngine's estimate is
currently fluctuating a lot because of the big traffic draw.

Haven't decided about other things that might make money in the future (maybe
a Diaspora node?), but I fully intend to leave the current Javascript scanning
functionality open and free :)

------
adamengst
I tested setting all my contact information privileges to Everyone and then
re-ran the scanner, and it still claimed that my settings were good, which
doesn't seem right. Might want to look into that, since I think a lot of
people would tweak a setting, re-run the scanner, and see how it changed.

I'd also suggest that you post a human-readable list of the assumptions that
the tool makes, since providing source code isn't particularly user-friendly
for non-programmers.

cheers... -Adam C. Engst, TidBITS publisher

------
Rabidgremlin
Nice work. If you don't want to drag a bookmark into your browser then check
out this FB privacy checker: <http://www.rabidgremlin.com/fbprivacy> which I
created over the weekend...

------
pacemkr
I can't help but think that this is completely ass backward. If you are
worried about your privacy, close your FB account.

Facebook is not a necessity or a utility, it's still just a free service. I
disabled my account years ago for privacy reasons. Unsurprisingly, I haven't
lost a single connection or friendship that mattered to me. Facebook is not
what facilitates relationships, its people. I'm really baffled by the extent
to which people go to stick with this service when they clearly are concerned
about what FB is doing to their privacy.

------
ube
Neat tool - thanks for creating it.

One question - when I run it on my account there are 2 scans that never seem
to return (it keeps saying "scanning"). The scans are:

\- scanning personal information...

\- scanning friends, tags, and connections information...

Is there something on my end I need to do? (I tried running the scanner
multiple times and its on Mac firefox 3.5.9)

~~~
mjpizz
definitely, glad you like it.

That bug seems to be a problem periodically, looks like somebody already filed
it on the issue tracker:

<http://github.com/mjpizz/reclaimprivacy/issues/#issue/2>

if you know any Javascript pros who could help, point them at the source code
:) Hopefully get some patches tonight.

------
mrcharles
If you are serious about people getting to use it, consider putting the source
directly on the site, along with comments suitable for the layman. I'm sharing
this link and having people say "But what if it steals my info!" and while I
can tell them it's open source and they can look at the code themselves,
that's not something the majority of my friends can do.

------
omnivore
Used it earlier and got the link from someplace other than here. Great tool,
useful and should be great for people to use and help others with it as well.
I'd been wary of Facebook's wacky features before all of the hoopla began, so
I didn't have to change much but...I know lots of folks who just won't think
about it. Well designed and easy to view, too.

------
tokenadult
I see friends' settings reported as insecure, and then asked the application
to fix that, but those settings are still reported as insecure. Some more
documentation on what that's about would be interesting to me.

Thanks for the great external links on your site. A very interesting
application that I immediately told all my Facebook friends about.

~~~
klochner
The scanner appears unable to change those settings. If you click the link
(left of "fix this") you will be able to change the settings manually.

~~~
tokenadult
My page view may be nonstandard, because I zoom in on most pages to favor my
presbyopia. I don't see the link "(left of 'fix this')" to which you refer,
and would appreciate tips on what manual changes to make in my own Facebook
settings. Once you update that on your website documentation, I'll be sure to
deep-link my friends to those same tips. Thanks.

P.S. Friendly general advice for web developers who use JavaScript elements
that display on webpages: TEST those for users who have different font size
settings or zoom settings to favor their own vision issues, lest links or
other elements of your design overlap and become unreadable.

------
hsmyers
Lovely idea! That said, it failed on 'Instant Personalization' and 'Friends
Share'--- spotted the problems displayed the fixing message, then the scanning
message only to revert to the warning message...perhaps some sort of info on
how to do it by hand if the attempted fix fails?

------
thyrsus
The pledgie tool is either v e r y slow or misbehaving; it shows 0 pledges
even though there are believable comments that there are more than that.
pledgie took my e-mail address, but I haven't gotten anything from them yet.

~~~
up_the_irons
The campaign owner has not "accepted" any of the pledges, so Pledgie is not
getting an IPN from PayPal.

------
theycallmemorty
Out of curiosity, is this a violation of Facebook's terms of use?

~~~
bshep
IANAL, but it's not a facebook app so it should not need to follow Facebook
TOS.

There might be trademark or other issues though. I'm glad it's opensource ( in
case they get a take down notice ).

~~~
theycallmemorty
I just figured they wouldn't appreciate it because it 'harvests' data from
facebook... in the same way they didn't like that firefox extension that
converted the email address images into plain text.

~~~
bshep
I can see it going either way.

If they hate it, I'm sure they'll try to block the script somehow. Either by
changing stuff on the page or by threatening legal action.

If they love it (they might see it as a way to re-gain the trust of their
user...), they might integrate it into their page.

Either way, as I said previously, I'm glad it's out in the open, that will
prevent them from disappearing the project.

~~~
catch23
It's a bookmarklet though, which means it's all client side javascript, which
will make it pretty hard to block. It's basically a greasemonkey extension,
and if you look at all the GM extensions available on userscripts.org, there
are some that do pretty crazy things and are usually updated on the same day
the site owner changes something that causes the script to break.

------
MikeCapone
This is great. How long until facebook tries to block it?

------
nnash
Great bookmarklet, I thought I had made everything private but it looks like I
missed a few settings. I shared this on facebook. Thanks.

------
mcdowall
This tool rocked! I thought I was pretty closed out with my privacy but was
insecure on 2 elements, all sorted now! good work!

~~~
Daniel42
Same thing for me! Thanks!

------
hussong
Congrats on the launch, and enjoy the ride!

------
justlearning
would it be long before facebook comes out with their privacy-blocking tool.
They may be anticipating many tools with these features, so doing accordingly?

as a thought game; I foresee facebook coming up with their claim-n-search-
your-privacy app, which they would use to strengthen the privacy game. :)

------
aw3c2
Want a german translation?

~~~
mjpizz
absolutely, fork it and contribute :)

<http://github.com/mjpizz/reclaimprivacy>

~~~
aw3c2
Shall I just make a german version of the whole thing (the strings humans see,
not the debug stuff) or do you plan for internationalisation (argh, what's the
word) support? Don't do it just because I might do a translation, sometimes I
lose interest in things. ;)

edit: It's mostly the htmlContent array and lines with the word "message" in
them, correct? I don't know Javascript.

~~~
mjpizz
yes, that is pretty much all of the content. Probably easiest to copy it into
a variable called "htmlContentInGerman" or something, and then translate it.
I'll figure out how to switch languages later on. Thanks for helping!

------
sun
Very useful. Thanks for the post.

------
MPiccinato
Nice and useful, thanks

------
mjeason
great work. nice open source project.

