Social network site Facebook began informing its members Wednesday that it will open users’ basic profiles to non-members searching the site. In addition, over the next few weeks, the site will begin allowing search engines access to the public profiles in its database.
The social networking site had previously blocked access to member’s profiles by unregistered users and search services.
The policy change, according to Facebook, is optional — members may choose whether they want their profiles to be searchable — and will “help more people connect.”
“We’re expanding search so that people can see which of their friends are on Facebook more easily,” Philip Fung, a Facebook engineer, stated. “The public search listing contains less information than someone could find right after signing up anyway, so we’re not exposing any new information, and you have complete control over your public listing.
“In a few weeks, we will allow these Public Search listings — depending on users’ individual privacy settings — to be found by search engines like Google, MSN Live, Yahoo, etc.,” he continued. “We think this will help more people connect and find value from Facebook without exposing any actual profile information or data.”
The expanded “Public Search” functionality comes as Facebook experiences a tremendous rate of growth since it opened its virtual doors in September 2006, inviting users outside of college and university settings to create profiles for themselves. The new policy essentially opened the site to the public at large, a significant change considering for the first two years of the site’s existence, only users with a college or university e-mail account could register as members.
In the six months since the open policy was adopted, according to Facebook, it has added on average 100,000 new users each day, nearly doubling its size from 12 million active users in December to 23 million in May.
The summer of 2007 has brought even more growth to the site. The number of memberships has grown by some 63 percent since May, increasing to more than 39 million active users. Facebook experienced an average of 3 percent weekly growth since January, with an average of 150,000 new registrations each day.
The post-college crowd — those aged 25 years or older — are now the fastest growing demographic on Facebook, and the site hosts more than 47,000 regional, work-related, collegiate and high school networks.
For the company to maintain this level of growth, it needs to be visible. The most effective method of marketing the site to new users is to allow members names to be “searched,” Ron O’Brien, a security expert at Sophos, told TechNewsWorld.
“This search function [currently] is enabled for members but not for non-members,” he explained. “Extending the search function to non-members and using popular search engines will turn up additional results. “This is good for Facebook in terms of adding potential new members but may be bad for persons who have privacy concerns.”
Facebook will expand its public search capabilities to initially allow unregistered users to search for members’ public profiles via a search box on the site’s homepage, and it will eventually expand to include searches from mainstream search engines such as Google and Yahoo. Meanwhile, those concerned about risks to their security and privacy can chose not to participate and opt out or pick and choose which information they do want revealed.
Facebook stands out among social networking sites because of its rather detailed opt-in/out privacy settings. To the company’s credit, O’Brien said, the issue regarding the availability of personal information on the Facebook site has not been attributed to Facebook.
“The user bears the ultimate responsibility for setting the security parameters on each individual profile,” he stated. “When asked by Facebook to provide information at registration, the user needs to be aware that information including birth date, home address, home phone number and IM address are able to be viewed by ‘friends’ from who you have accepted an invitation.”
Members have the option of blocking any of this information from being seen, he continued. However, it will take a trip to the site’s security settings and a reset to default settings. Users can check out information on Facebook’s security settings here and the best practices recommendations for Facebook from Sophos here.
A recent security breach reported by Monster.com, in which the job search site revealed that the personal information of some 1.3 million job seekers had been illegally downloaded, highlighted the challenges Web sites face in terms of protecting users’ sensitive data.
Only Facebook members whose search settings are set to “Everyone” will show up in the “Public Searches,” and then the only information provided will be the user’s name, a thumbnail picture and links to the site’s communication applications. In order to contact a user, the searcher will have to log in or register to poke, send a message, add to their friends list or view the user’s contacts.
Although the company has limited the amount of information released as a result of a public search, it creates the potential for more spamming and increases the likelihood that even with limited information, criminals could attempt to scam Facebook users, Rob Ayoub, a Frost & Sullivan analyst, told TechNewsWorld.
“There is an increase in risk,” he explained. “It is not a huge increase because it isn’t like they are opening the whole profile, but it does increase it more because it exposes who is on the site.”
The public search capability does not make it easier for hackers and cyber criminals to access users’ private data, but it does present it as a target, Ayoub continued.
“The minute that that information is even out there, then you do open up the possibility that someone can start to go after it,” he conceded.
However, every person who posts their personal data on a Web site runs the same risk, both O’Brien and Ayoub acknowledged.
“The potential risk to anyone whose personal information is posted on any Web site is the possibility that a phishing campaign could employ a social engineering technique that has a greater likelihood of success,” O’Brien noted. “There is also a danger that the information posted to a Web site could be used to ‘complete’ a person’s profile. A completed profile has a greater value to a person attempting to establish a fraudulent identity than a partial one.
“[Facebook’s plan] is not more of a risk that if the person’s information were already blocked from view,” O’Brien maintained.