Wednesday, May 2, 2012

The Myth of Facebook Blocking

There’s a reason, and a damned good reason why the word “Security” appears exactly zero times at Facebook doesn’t want you to think about security and surely doesn’t care if you have a security problem.

One of the security myths on Facebook is that you can “block” a person. Sure, you can “unfriend” someone, but they can still see whatever part of your profile you make public. If you block a person, they can’t see your profile and they can’t message you either. The problem is that you cannot block a person. You can only block an account. A person can sign up for multiple Facebook accounts, so blocking an account is a relatively meaningless security measure that only has value as a symbolic gesture.

Note, I am not advocating that you sign up for another account to get around someone who may have blocked you. You need to respect that a person doesn’t want to hear from you or share information with you anymore. If you can’t do that then it is time to treat yourself kindly and get some professional therapy.

As a Facebook user it is important that you are not lulled into a false sense of security or privacy. If you really don’t want someone to be able to see your Facebook activity, then you need to make sure that you limit the audience you share information with. Unfriending and blocking are no substitute for controlling your own information.

If you have blocked someone and then they message you using a different account, you can try to find out how to report stalking, but if you go to help in Facebook, there is no answer to the question “how do I report stalking”. What you can do is “report” the conversation and maybe somebody at Facebook will take a break from scattering privacy settings across the site and take a look at your report. To report someone, click on the message and then at the top click “Actions” and then “Report Conversation” as shown here.

One thing that you have to keep in mind is that Facebook’s mission is “is to give people the power to share and make the world more open and connected” and blocking stalkers doesn’t really boost advertising revenue, so there is no easy way to do it. You can find Facebook’s mission statement at, but if you try to find it using help, here is what you will see…

When you block someone, they still can see everything that you share publicly if they use another account, so take a look at your privacy settings and make sure you have limited your information so that nobody in the public can see more than information you want someone you block to see.

A good place to start is in your privacy settings, found by clicking the down arrow by the “Home” button in the upper right corner of your screen.

Today I am not going to go through all of the settings. If you care enough you will explore them and you can always send a question through the blog comment link.

I’m not quite sure why Facebook doesn’t consider it a privacy setting, but in the same drop down menu where you see “Privacy Settings” there are also account settings you need to be aware of. In account settings you should definitely look at the “Subscribers” link. To anyone outside of the person who put subscribers in the account settings, it is first and foremost a privacy setting.

Another extremely important setting that is missing from the privacy setting is privacy. To be more precise, who can see who your friends are? Depending upon how you share information with your friends and how they share information, quite a bit can be learned from knowing who your friends are. I’ll show you where to find the settings for Timeline enabled profiles. First go to your timeline, then just under your banner and picture there are boxes titled “Friends”, “Photos”, “Map”, and “Likes”. Click on friends and it should look something like this…

You won’t see the drop down until you click “Edit” and then the little symbol to the right of “Who can see your full friend list on your timeline”.

If you are lucky and have not had Timeline imposed upon you, the click on your name at the top of the screen, next to “Find Friends” and “Home.” Next, to the right of your profile picture it lists your birthday, where you work, where you went to school, and there’s a link to “Edit Profile”. Click that link and then you can change the audience for who can see your friends as shown below. (You can also search for "edit profile" to get there).

This is potentially a very, very important setting. If you are afraid of someone stalking you, or have blocked someone and want to better limit what they can find out about you, then don’t let the public see who all of your friends are. One can potentially see information you don’t want them to see by visiting your friend’s pages logged in as someone other than what you blocked.

Perhaps I will compile a more comprehensive privacy guide, but it really is problematic as Facebook changes things and doesn’t understand privacy well enough to put the privacy settings in the section titled privacy settings.

Frankly, if I was visiting Mark Zuckerberg’s house and he told me to feel free to help myself to a beer, I’d check the microwave oven and all other nonsensical places first! What if his house is organized like Facebook privacy settings?

Remember, you do not block people on Facebook, you block accounts. The only way to limit what a person can see is to make sure that you limit what the public can see!

If you have any questions on the privacy settings once you have tried to understand them, I am happy to help, but you have to make a real effort to review the information. If you tried and have questions, you can send a comment on the blog. If you don’t want the comment published, be sure to tell me.

©2012 Randy Abrams - Independent Security Analyst