Making sense of Facebook’s “Fixed” Privacy

Even if you don’t read any more of this post, if you use Facebook and haven’t adjusted your Facebook privacy settings since April 2010, please go do so right now – Facebook has made your profile data and photos public for all to see, including law enforcement, corporations and creepers like me. Also, you will be safest if you treat everything you post on Facebook from now on as 100% public, as if it were your personal website or blog.

For weeks, the interwebs have been all a-twitter in anger over Facebook’s recent (as well as endemic) privacy changes. The full history is far too long to discuss here, but suffice it to say that Facebook is drawing heat for changing user data and photo privacy from being “private by default” to being accessible to the entire Web.

I think it’s important to make a distinction about exactly why this a problem. Over the last decade, the Web has become more and more centered on social interactions. The vast majority of this has happened in a totally public context – blogs, Flickr, MySpace, Twitter and many other services have all been public, though some offered the ability for users to take their information private. These services never received such blowback because their users approached all of their posts as public material, and knew how to post accordingly. But Facebook, on the other hand, started out as a 100% private network where only those specifically allowed by the user could access any profile information. But as Facebook grew beyond its initial exclusivity to college students and then to regional networks, the network quietly removed much of the privacy that was its very defining characteristic. (Matt McKeon posted a perfect visual graph depicting the devolution of Facebook privacy over time which helps understand Facebook’s many changes to privacy settings.)

Facebook users can’t be expected to follow the site’s ever-changing privacy defaults and change their personal settings accordingly. While Facebook’s privacy changes are certainly not malicious in intent, they are nevertheless betraying its users’ trust. As a tech professional, I hold myself responsible for everything I post online, but I don’t think it’s reasonable to apply the same standard to every user of a site which has become a central aspect to the social interactions of  so many people. Facebook has a particularly dubious track record when it comes to their user data – check out this gem from an instant messaging conversation with CEO Mark Zuckerberg during the Facebook’s launch:

Zuckerberg: Yeah so if you ever need info about anyone at Harvard

Zuckerberg: Just ask.

Zuckerberg: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend’s Name]: What? How’d you manage that one?

Zuckerberg: People just submitted it.

Zuckerberg: I don’t know why.

Zuckerberg: They “trust me”

Zuckerberg: Dumb fucks.

(credit: Silicon Valley Insider)

And yesterday, the same Zuckerberg announced an upcoming overhaul and simplification of Facebook’s privacy settings for his precious dumb fucks users. It’s a good change for sure, and one that Facebook couldn’t afford not to make while they prepare to go IPO. I am particularly impressed that they’re adding the ability to completely opt out of the third party Facebook Platform. But it doesn’t solve the key issue of much user data being public by default, including their profile information and photos.

New Facebook Privacy Settings

Facebook's upcoming new privacy controls: making it easier for you to lock down the profile that should have been private in the first place.

From here out, Facebook has simply lost my trust. I feel as though they’ve taken my online social interactions hostage for ransom money. I feel like it’s important to have both public and private social networks, and I would definitely trust a responsible company enough to keep my information private. But Facebook? Fat chance. I’m treating everything I post there as if it were open to the whole world to see, and eagerly looking for ways to remove myself from their attempts to own my social interactions. I’m not breaking up with you, Facebook, but it’s pretty safe to say that you’ve changed our relationship status to “It’s complicated.”

WordPress 3.0 Beta 1 Screenshots, Impressions

WordPress 3.0 gets a slightly tweaked administrative UI - but more work on this component will be made before the final 3.0 release.

The highly-anticipated WordPress 3.0 its first beta release. While the amazing core team of my favorite open source web app still have a long ways to go, I just couldn’t resist taking the beta for a spin on my test server. Below are my own first impressions of the new stuff- if you don’t care about my opinion, check out the beta announcement. Most of what I have to write about here is from the perspective of a site administrator who wants to properly manage their website content for their publishing needs, so please forgive me as I grossly overlook a lot of the more technical backend changes in 3.0.

WordPress 2.0 came out in February 2005. Several of the “point releases” since then have been major revisions, but none that the WordPress team has determined worthy of an increment in the major version number. When complete, WordPress 3.0 will accomplish a few major things that will take it into this new decade:

  • A new default theme
  • The merging of WordPress with the separate WordPress MU project, a complex customization of WordPress designed for sites hosting many users’ blogs at once ( is a WordPress MU hosted blog service.)
  • Custom post types and menu editor

New default theme: “Twenty Ten”

WordPress 3.0 will finally feature a new, customizable default theme.

WordPress has included a default theme based on Kubrick since 2005. To this day, Kubrick is a quite good starting point for a normal blog theme, and plenty of people more concerned with their blog’s content than presentation have opted to keep the default theme. WordPress has evolved to support a lot more than blogs over the years, though, and site managers have had to work hard to get the site to present their information in just the way they want it. While custom themes make this a nonissue for anyone with enough resources to implement one, the new default theme in WordPress makes the app much more flexible out of the box for customization of unique websites.

“Twenty Ten” is widgetized to the brim, allowing WordPress widgets to be created and moved with drag-and-drop ease. Widgets are great because it empowers even nontechnical content producers to control a large amount of their site’s visual presentation. Like Kubrick, Twenty Ten also has a simple way to upload a custom header image.

The new theme also uses the HTML5 <!DOCTYPE html> doctype declaration, which will have all new WordPress installations using the new doctype unless they then implement a custom theme.

Menu editor

WordPress currently contains little out-of-box control over site navigation features, leaving publishers to either hardcode their site navigation into custom themes, or use third-party navigation plugins or theme features. The 3.0 version will bring a menu editor into the core application:

The editor allows publishers to easily create multiple navigation menus with a mixture of internal WordPress pages, category listings, and external web links. This feature is still undergoing heavy redesigns, and includes warnings of more improvements and UI changes to come. Once finished, custom WordPress themes will need to add support for this new feature. Old themes will work fine without it, but won’t enjoy the added functionality.

Custom post types

WordPress currently segregates all content into two classes: “Posts” for blog-like content usually presented in chronological order, and “pages” for more static content. While WordPress started as a blogging web app, it developed more and more momentum as a legitimate Content Management System (CMS) for sites much more complex and customized than the traditional blog hierarchy and layout. Sites wishing to present a lot of different kinds of pages have trouble adapting WordPress to their needs, often going to other CMS products better suited to complex page taxonomies.

WordPress publishers, groan no more! The custom post types feature will allow custom post types instead of the default “post” and “page” types. Unfortunately, I couldn’t find any of this new functionality in the administrative UI – I assume that the feature must have yet to be added to the GUI. (Or that I am an idiot who just overlooked it.) Regardless, web developer Konstantin has a great preview of the current custom post functionality, which must be implemented at the PHP code level.

Other neat stuff

  • I noticed a few new lines in wp-config.php‘s unique keys section for salted hashes. If you think a “salted hash” is something you’d eat for breakfast, just trust me that it’s a good thing for security with your WordPress database. I don’t know if previous WordPress versions didn’t salt their password hashes, or if this is just refactoring of existing functionality.
  • The “Export” feature can now filter exported posts by date, author, category, content type, or restricted status.
  • My current site theme, a rather complicated one, didn’t break at all with WordPress 3 – it just didn’t support some of the new features that require hooks into the theme files.
  • Initial setup now asks for a custom admin password. Previously, there was a counterintuitive automatic generation of  a password followed by prompts to change it.

What’s missing / making me gripe

  • Most of the administrative interface is unchanged. While it has become very usable overall, and I have trained plenty of nontechnical content managers to use it with ease, it still has some sections that need revision.
  • As I mentioned before, custom post types must be implemented at the PHP level – meaning only skilled developers can do so.
  • I would like to see an overhaul and extension of WordPress’s really nice media library features.
  • Integrating custom forms and JavaScript is a real pain in WordPress, usually requiring the use of external plugins or tricky hacks.


WordPress has already been my favorite content publishing platform for a long time, and in the last few years it has become a legitimate and powerful CMS. Recent updates from the team have brought some awesome enhancements and new features, and WordPress 3.0 looks like it’s going to do even more of this than I’ve come to expect. I think that the custom posts and menu editor alone will propel WordPress to even higher popularity and usage on all kinds of websites.

VaultPress: WordPress cloud backup/monitoring/security updates

Automattic, corporate sponsor of the amazing WordPress web publishing platform, today announced the new VaultPress service and initiated a private beta.

VaultPress is, in short, a cloud service that provides automatic cloud-based backups, uptime monitoring, and security updates for any WordPress instance. They’re planning to charge about $10/month for the service, but will finalize the details at a later date.

As a WordPress administrator, blogger and consultant, I couldn’t be more excited about such a service. WordPress is one of the biggest Content Management Systems (CMS) out there, and powers everything from personal blogs (like to the New York Times. But like any web application, it requires backups, uptime monitoring, and quick responses to emerging security vulnerabilities. For people like me who administrate several clients’ WordPress instances, the overhead of such management is a serious challenge. VaultPress looks as if it will provide a great centralized way to do this for WordPress blogs of any size. And if the pricing turns out to be so low, it will be accessible to many, from the individual blogger to the biggest company.

Those wanting to get in on the private beta may apply for it here. While I’m not yet offering VaultPress as part of my custom WordPress consulting solutions, I’m keeping an eye on it for the future. And if you’ve been thinking about your own web strategy recently, (shameless plug alert) I love nothing more than putting people in command of their own web presence with tools like WordPress- feel free to drop me an e-mail at (my first name) .

What’s happened to Ubuntu?

Cloud storage SaaS. Music stores using unlicensed codecs in the OS. What happened to the days when the focus was on making a modern Debian desktop targeted at everyone, including nontechnical folks? I don’t feel like the Ubuntu OS has gotten any worse, but I fear that all of these new initiatives will eventually distract Ubuntu’s leadership from the desktop OS they’ve been so great at making. In my humble opinion, this makes it look like Canonical is getting desperate to find ways to make the Ubuntu project more financially sustainable, and is taking any form of revenue stream it can find, even to the potential detriment of the quality of its main product.

(For the record, I think openSUSE is currently the best Linux desktop, but really would rather have something Debian-based like Ubuntu.)

Real-life Babelfish: The Translating Telephone

This is nuts. (Skip ahead to 0:40 to ignore the SVP’s rant.) I think that automatic translation like this might be one of the single biggest advancements in technology during our lifetimes. I can see the language barriers crashing down now.

It’s also not surprising to hear that this effort is being run through Microsoft Research’s Beijing office. Pretty cool that they’ve got Australians and Germans working together on such a project- they even collaborate on the product’s development using this translation software!