Windows Secrets

Subscribers: Sign in

Enter your e-mail address to get a free subscription.
We guarantee your privacy
Skip to content
  • Home
  • Newsletter Archives
    • Current
    • LangaList Plus
    • Patch Watch
    • Wacky Web Week
    • Security Baseline
  • E-Books
  • Lounge
  • About us
    • Refunds
    • Privacy Policy
    • Advertise
  • Contact
  • Your Account
    • Upgrade
    • Preferences
    • Bonus Download
    • Unsubscribe
Home>Tighten your Facebook privacy settings

Windows Secrets Newsletter • Issue 244 • 2010-05-20 • Circulation: over 400,000

Table of contents 
  • Top Story: Tighten your Facebook privacy settings
  • Lounge Life: Is segregating data and apps worth the effort?
  • Wacky Web Week: Beware the yellow liquid in the odd sink
  • LangaList Plus: Take charge of Windows’ User Account Control
  • Woody's Windows: Use Microsoft Office 2010 free for 180 days
  • Perimeter Scan: Free utility suite bundles over 100 tools
 
Top Story

Tighten your Facebook privacy settings

Scott mace By Scott Mace

In their hunt for market dominance, social networks Facebook, Google Buzz, and Microsoft Live are redefining what social means — and in the process, straining the bounds of personal privacy.

Facebook, the big daddy of these three, has made quiet changes to its privacy settings, ones that members need to understand if they are going to manage the distribution of their personal information.

I find Facebook useful, mostly as a way to stay in touch with a select set of my friends and former co-workers. It’s not my public soapbox nor a window into my personal life, left open to the world — for that, I have blogs and Twitter.

As much as I like Facebook, it has a flaw that I’ll never see in my blogs and hopefully never see with Twitter. It seems the proprietors of Facebook find it necessary, desirable, or profitable to change member privacy settings, usually with little notice to members. In every case I can think of, privacy settings have become more relaxed — more open, if you will.

What’s beneficial for Facebook, however, is not necessarily good for members — their personal information might end up in places they never intended. The world is filled with marketers who would love to know increasingly more about you. And if that doesn’t concern you, the world also contains stalkers and hackers who might use that personal information toward evil ends.

You should take your Facebook (or any other social network) privacy as seriously as you do protection from malware on your PC.

Keep in mind that all the big social networks continually tweak privacy settings. This is not just a Facebook problem.

Review and lock down your Facebook settings

In a typical good news–bad news scenario, Facebook’s privacy settings have become more granular over time — and consequently far more tedious and complicated to manage. Even more irritating is that, as Facebook adds new categories of settings, it often uses Everyone as the default. (And Everyone means just that — not only all Facebook members, but anyone viewing associated sites).

New Facebook members are especially likely to give out private information unintentionally. Working through a slew of privacy settings is not foremost in their thoughts as they first build their new Facebook wall. Unfortunately, that means they get the default, wide-open Everyone privacy setting.

When deciding what personal information to share, you have two choices. Either don’t put it on Facebook to begin with (no, you don’t have to fill out every personal information field), or put it up but restrict who can see it.

Start with the simple setting for personal info

If you’re going to post information you don’t want the whole world to see, or if you just want to generally tighten up your privacy settings, start with the following:
  • Personal Information and Posts: Most settings in this section default to Everyone or Friends of Friends. For a balanced level of privacy, I recommend selecting either Only Friends or Only Me, depending on your comfort level.

    Here, Facebook makes things difficult for new members. Initially, the settings dropdown list does not contain Only Me. You must select Customize and then Only Me from another dropdown list — for each privacy setting. (See Figure 1.)

    Facebook custom privacy setting
    Figure 1. If you want to use Facebook’s most-restrictive setting, Only Me, you must go into custom settings.

    Furthermore, some of these settings affect the level of your friends’ privacy when they interact through your wall. For example, when a friend posts a comment on your wall, Posts by Friends controls who else can see that post — everyone, friends of friends, and so on.

  • Contact Information: Facebook tightens its default settings for direct-contact information to Only Friends, but if you don’t care to share your IM screen name, mobile or other phone number, or current address, change it to Only Me.

    The last three settings on the Contact Information page — Website, Add me as a friend, and Send me a message — are all preset to Everyone by default.

    If you include your Web site URL on your wall but don’t want it showing up on a search engine list, consider adding a robots.txt file at your Web site. (Instructions for creating this file are contained on the robotstxt.orgs site.)

  • Friends, Tags, and Connections: This section controls what information people see on your profile, and the options are relatively simple. Items such as Friends, Family, Relationships, and Photos are set to Only Friends by default, and that’s probably how you’ll want to leave them.

    Some information (such as your Pages and list of friends) is still public and can be accessed by Facebook applications you and your friends use.

    Facebook Pages offer a convenient way to stay on top of your favorite interests from within your profile page. The key is to carefully consider which Pages you choose to Like and which applications you agree to run.

    Liking a Facebook Page is different from liking a post, photo, or link. When you like a Page, Facebook automatically subscribes you to a feed from that page — which often represents a commercial product or company.
Manage the murky realm of Facebook applications

How your privacy is kept or lost when using Facebook applications is probably the least-understood and most-worrisome aspect of this social network. The privacy controls for apps are found in the Applications and Websites section.

To put it simply, don’t run Facebook applications if you don’t want to distribute personal information beyond your friends. The following example shows what happens when you run an application. I’ll use Farmville, a popular game application, as an example.

When you first run Farmville from within Facebook, all your profile information and photos, your friends’ info, and other content it requires to work is pulled into the Farmville system. You have only two choices: Allow this to happen, or leave the application. If you let it happen, a vast amount of your personal information is now governed by Facebook’s privacy policies and by Zynga’s — the company that owns Farmville. Those policies may differ.

According to Zynga’s privacy policy, it generally doesn’t collect personally identifying information; in any case, it can collect only what you provide.

Bottom line: Each new application you link to in Facebook could add another layer of privacy management. This could be another argument for not posting sensitive information where it’s not fully under your control.

Facebook applications have no middle ground — if you run an app, you’re automatically sharing at least some information. You can’t run an application just for yourself, as you would a spreadsheet or database. For this reason, I subscribe to few of them.

The most-important app settings fall under What your friends can share about you through applications and websites. By default, nothing can be shared except your name, sex, and profile photo — plus any information that fell under the Everyone option in the other privacy categories. I leave all boxes unchecked.

Should you choose to run Facebook applications, consider changing the Activity on Applications and Games Dashboards control’s default setting from Only Friends to Specific People, or even to Only Me.

If you don’t want to show up in the search results of unknown Facebook members, tighten the Search setting from Everyone to Friends of Friends or Only Friends. Unchecking Public Search Results also helps keep unknown Web surfers at bay.

Aside from the obvious anti-stalker benefit Block List enables, it also has a Preview My Profile button that displays how most Facebook members see your profile. It gives a good view of how tightly you’re locked down.

New privacy leaks from Instant Personalization

Recently, Facebook opened up Instant Personalization, another way for strangers and outsiders to view your personal information. Currently, there is a setting at the bottom of the Applications and Websites page called Instant Personalization Pilot Program. If you opt into this service, selected Facebook partner Web sites can instantly personalize their applications, based on your personal information.

This list of partners is constantly expanding. Even if you opt out of Instant Personalization, your Facebook friends might still share Facebook information about you if they opt in. As far as I can tell, your only recourse is to block each of the application sites.

This could mean going to each apps page and clicking on Block Application, if it even exists. So far, the apps include the recommendation service Yelp.com, Microsoft Docs.com (a Web-based document creation and sharing system), and the music-streaming service Pandora.

No wonder so many Facebook users are annoyed. If Facebook adds dozens of these apps within the next month, a significant investment in time will be necessary just to tighten up these newly loosened controls.

For the tightest privacy, you should log out of Facebook before visiting these or any other Web sites partnering with Facebook through Instant Personalization. It’s certainly inconvenient to monitor whether you’re logged into Facebook, but people who wish to share as little personal information as possible with these third-party sites are forced to take these steps.

Other resources:

Zesty.ca’s page, “What does Facebook publish about you and your friends?,” shows you what — if anything — public Internet users can see of your Facebook activities. It’s a useful tool for managing the personal information other members are allowed to view.

Have more info on this subject? Post your tip in the WS Columns forum.

Scott Mace is a tech and health care journalist based in Berkeley, California. He hosts the IT Conversations podcast “Opening Move” and writes a blog at CalendarSwamp.com.
 
Lounge Life

Is segregating data and apps worth the effort?

By Tracey Capen

The debate over splitting your data and programs into separate partitions for easier backups goes far back into hard-drive antiquity.

It was never as simple as one might have hoped in Windows XP, and based on comments in a lengthy Lounge thread, it’s no easier in Win7.

In his post titled “Moving user folders off C: drive,” Lounge member Dick-Y asked for help in his quest to cleanly separate his data from Windows 7 and its applications. That initiated a spirited debate over how to do it — and whether he even should. More»

The following links are this week’s most-interesting Lounge threads, including several new questions that you may be able to provide responses to:

Office Applications
Word Processing 
 Word 2010 facing pages in print preview
☼
Spreadsheets 
 General Excel sorting question
 ☼
Databases 
 Background color of forms controls
☼
Microsoft Outlook 
 Outlook 2007 crashing
Non-Outlook E-mail 
 Thunderbird: Text files in documents
☼
Windows
General Windows 
 Unusual Windows Run commands
☼
Windows 7
 Create hidden Admin user on Windows 7 laptop?
 ☼
Windows Vista 
 What causes the spinning circle?
 ☼
Windows XP 
 CPU upgrade requires XP reinstall?
 ☼
Windows Servers 
 Document manager for the SBS?
  
Internet/Connectivity
Internet Explorer 
 Chrome loads but IE8 doesn’t
 
Third-Party Browsers 
 Mozilla spills plan for, yes, Firefox 4
 ☼
Networking
 Mysterious wireless network concerns
 
Other Technologies
Security & Backups 
 Your favorite antivirus software
 ☼
Other Applications 
 WAV file conversion to MP3
  
Light Relief
Puzzles
 Windows games cheats!
 ☼

 ☼ starred posts — particularly useful

If you’re not already a Lounge member, use the quick registration form to sign up for free. The ability to post comments and take advantage of other Lounge features is available only to registered members.

If you’re already registered, you can jump right in to today’s discussions in the Lounge.

The Lounge Life column is a digest of the best of the WS Lounge discussion board. Tracey Capen is technical editor of WindowsSecrets.com.
 
Wacky Web Week

Beware the yellow liquid in the odd sink

Unsuspecting hand washer By Stephanie Small

Visiting foreign places is exciting. New sights, sounds, and tastes give travelers an eye-opening view into life outside their home territory.

Just make sure you know the basics of the place you’re visiting! You don’t want to find yourself in a predicament similar to the one captured in this video. That’s the last time this tourist washes his hands in a funny-looking sink. Play the video
 
LangaList Plus

Take charge of Windows’ User Account Control

Fred langa By Fred Langa

Windows can be a terrible nag, and in Vista and Windows 7 it can be most annoying when popping up its User Account Control (UAC) security prompts.

UAC implementation proved clumsy in Vista, and it can still annoy in Win7 — but there are ways to make it less so.

How to rein in UAC warnings in Vista and Win7

Reader Larry McAspurn is frustrated by the UAC in Vista and Windows 7.
  • “Is there a way to tell Windows not to bring up UAC when I run certain programs?”
Yes, there is. In both Vista and Win7, you can choose among several different levels of UAC interaction.

The idea of UAC is great: it tries to ensure that no software has unauthorized access to administration-level privileges. If you’re interested in a quick refresher on UAC and what it’s supposed to do, Microsoft’s “Explore the features: User Account Control” Web page will help.

Here’s how to take control of UAC:

Vista: First introduced in Vista, UAC made the OS far more secure than XP. But it also made Vista frustrating to use — with security pop-ups erupting at every turn. Many experienced Vista users simply turned UAC off. That stopped the annoying security nags, but it also defeated the whole point of having UAC in the first place.

The following steps should make Vista’s UAC more tolerable without eliminating it altogether.

  • The hard, but fully controllable, method: Microsoft Technet’s article, “User Account Control Step-by-Step Guide,” shows several ways to configure Vista’s UAC. If you truly want to master the subject, you’ll find what you need in Technet’s excellent reference, “Understanding and Configuring User Account Control in Windows Vista.”

    This article is part of our paid content. Subscribe.

    Already a paid subscriber? Click here to login.

 
Woody's Windows

Use Microsoft Office 2010 free for 180 days

Woody leonhard By Woody Leonhard

Microsoft officially allows you to run the new Office 2010 — the whole enchilada — for up to 30 days, without entering an activation key.

Unofficially, there’s a little-known trick allowing potential Office 2010 buyers to rearm trial copies, thus letting them kick the tires for half a year without spending a penny.

Try-before-you-buy extends to Office 2010

In his Feb. 15, 2007, Top Story, editorial director Brian Livingston unveiled the secret incantation that allowed PC users to run a trial version of Windows Vista for up to 120 days gratis. The trick proved controversial, despite the fact that Microsoft had deliberately baked the capability into Windows.

I showed you how to use a similar trick to get 120 days out of Windows 7 — again for free — in my Aug. 20, 2009, Top Story. You had the whole product, with nary a nag screen or a hiccup, if you just knew the trick.

Now, Microsoft has built the same sort of rearm trick into Office 2010. If you perform the steps properly, you should be able to run any version of Office 2010 for up to 180 days, free, without raising any eyebrows at Microsoft. (Sorry, you still have to pay for a license if you keep it longer than that.)

But if you just want to thoroughly evaluate the latest version of the office software most businesses run on, you can do so for up to half a year — and it’s 100% legitimate.

Microsoft offers seven flavors of Office

On April 20, Microsoft announced that Office 2010 was released to manufacturing (RTM), the final step before release of the retail product. Microsoft then released a downloadable business version on May 12. But the release dates for the other versions are still somewhat murky, with “sometime in June” being about as precise as it gets.

This article is part of our paid content. Subscribe.

Already a paid subscriber? Click here to login.

 
Perimeter Scan

Free utility suite bundles over 100 tools

Ryan russell By Ryan Russell

A popular Windows utility maker offers its suite of apps as a single download with a new application launcher that makes picking and running a utility quick and easy.

The suite covers everything from an application-crash reporter to a Windows updates viewer — and over 100 other titles in between.

Make a portable troubleshooting toolkit

Software publisher Nirsoft is well known for its diverse selection of Windows utilities. Most recently, I wrote about its browser-inspection tool in my Jan. 21 column, and Windows Secrets has discussed other Nirsoft apps for the past several years. I’m fond of the company’s tools because they’re small, well designed, useful, and free!

Downloading and managing a bunch of small utilities can be a chore, but Nirsoft has packaged many of its most-useful apps into a single, 7.6MB download called NirLauncher (info page). To make selecting and running the apps as simple as possible, the company includes the NirLauncher app, which lists all the utilities in the suite and gives brief descriptions of what each does.

The launcher works on all Windows versions from Win 2000 on, though some of the individual utilities may have more-restrictive system requirements. Buttons at the top of the launcher display specific categories of utilities such as Network Monitoring Tools, Password Recovery Utilities, and Web Browser Tools.

These categories correspond roughly to the ones on Nirsoft’s Web site, so if you’ve downloaded a Nirsoft app in the past, it should be easy to find what you’re looking for in the launcher’s lists.

As the Nirsoft site notes, you can load the collection onto a handy USB drive and run any of the apps without actually installing them into Windows — ideal for your portable troubleshooting and Windows-management toolkit. I especially like this approach because I can quickly run through a bunch of tools to see which is most suitable to the task at hand.

Obviously, this column would become a tad lengthy if I covered all the utilities in the NirLauncher suite. So instead, I’ll highlight a few themes that will be particularly useful to Perimeter Scan readers.

It’s worth mentioning that Nirsoft is not the only prolific utility producer on the Web. Microsoft’s Sysinternals Suite is a single, 12MB download (page) of troubleshooting apps. The two suites have some overlap, but more tools are always better when you are trying to solve a Windows problem.

Pick the right specialized password-recovery app

In my April 22 column, I discussed boot CDs for recovering Windows system passwords. These are by no means the only passwords you will find on a Windows system, and you need different tools for recovering different types of passwords.

The typical PC user runs a number of programs — Web browsers and IM clients, for example — that save passwords. I use this handy sign-in feature as part of my personal anti-phishing strategy. If I get prompted with empty username and password fields when signing into a site I know I remembered in my browser, I immediately become suspicious.

But that rarely happens. So over time, relying on the application to automatically enter my sign-in information, I forget that all-important user name and password.

This is where some of the NirLauncher’s utilities save the day. Not only might you one day need these utilities to find a lost password, but you should run them now just to see what you have stored. NirSoft has tools that will reveal saved passwords in IE, Firefox, Opera, and Chrome.

If a program stores sensitive information in Windows’s Local Security Authority (LSA) — its so-called secure area — you can use NirLauncher’s LSASecretsDump and LSASecretsView tools to see what’s there. (I’ve seen some Bluetooth hardware vendors use the LSA.)

There are more password tools for specific programs such as PCAnywhere, Outlook PST files, and Virtual Network Computing clients.

Once again, the utility suite approach lets me run each of these tools in rapid succession. On some of my personal systems, especially ones that the kids use, I am often surprised what I can recover.

Get new tricks for easier network monitoring

I’ve written about network sniffers in Perimeter Scan, listing Wireshark as my top choice. However, that app is overkill for many simple jobs, such as sniffing passwords. And it’s difficult to use if you’re not well acquainted with networking and Wireshark. More-specialized network tools that get straight to the answer (without installing a lot of other pieces) can save time and effort.

SniffPass, for example, watches for passwords going by in cleartext on several network protocols. Just leave it running in the background and check from time to time to see whether it caught anything. If it does, consider switching to an encrypted version of that protocol.

You can also use SniffPass to verify that the Web sites you visit always send passwords over the more-secure Internet protocol, HTTPS.

Another useful tool, SocketSniff, pulls out network information in a different way — it works on sockets rather than packets. So it omits all the packet-header stuff and saves network text in much-more readable formats. If you’re troubleshooting network problems, you might want the individual packets. But if you just want to see the contents, the information gleaned by SocketSniff is more to the point.

SocketSniff also has one trick that regular sniffers don’t have. It can monitor traffic on Windows’ internal loopback interface. Windows programs sometimes communicate through network protocols, even when they are all running on the same machine. Because that internal traffic never touches the network card, most sniffers can’t see it.

Other useful NirLauncher apps include NetResView, which lets you explore the local Windows network; and CurrPorts, which tells you which networking ports each Windows process is talking through. Very handy.

Explore them all, and I’m sure you’ll develop your own favorites.

Have more info on this subject? Post your tip in the WS Columns forum.

The Perimeter Scan column gives you the facts you need to test your systems to prevent weaknesses. Ryan Russell is the Director of Information Security at BigFix Inc., a configuration management company. He moderated the vuln-dev mailing list for three years under the alias “Blue Boar.” He was the lead author of Hack-Proofing Your Network, 2nd Ed., and the technical editor of the Stealing the Network book series.
YOUR SUBSCRIPTION

The Windows Secrets Newsletter is published weekly on the 1st through 4th Thursdays of each month, plus occasional news updates. We skip an issue on the 5th Thursday of any month, the week of Thanksgiving, and the last two weeks of August and December. Windows Secrets is a continuation of four merged publications: Brian's Buzz on Windows and Woody's Windows Watch in 2004, the LangaList in 2006, and the Support Alert Newsletter in 2008.

Publisher: WindowsSecrets.com, 1218 Third Ave., Suite 1515, Seattle, WA 98101 USA. Vendors, please send no unsolicited packages to this address (readers' letters are fine).

Editor in chief: Tracey Capen. Senior editors: Fred Langa, Woody Leonhard. Copyeditor: Roberta Scholz. Program director: Tony Johnston. Contributing editors: Yardena Arar, Susan Bradley, Scott Dunn, Michael Lasky, Scott Mace, Ryan Russell, Lincoln Spector, Robert Vamosi, Becky Waring. Product manager: Andy Boyd. Advertising director: Eric Gilley.

Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, Support Alert, LangaList, LangaList Plus, WinFind, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of WindowsSecrets.com. All other marks are the trademarks or service marks of their respective owners.

 HOW TO SUBSCRIBE: Anyone may subscribe to this newsletter by visiting our free signup page.

WE GUARANTEE YOUR PRIVACY:

1. We will never sell, rent, or give away your address to any outside party, ever.
2. We will never send you any unrequested e-mail, besides newsletter updates.
3. All unsubscribe requests are honored immediately, period.  Privacy policy

HOW TO UNSUBSCRIBE: To unsubscribe from the Windows Secrets Newsletter,
  • Visit our Unsubscribe page.
Copyright © 2012 by WindowsSecrets.com. All rights reserved.

Table of contents

Top-scoring articles in the past 12 months
  • Leaving long cookie trails throughout the Web 5.00
  • Windows-like security for Android devices 5.00
  • Win7′s no-reformat, nondestructive reinstall 4.53
  • The sorry tale of the (un)Secure Sockets Layer 4.42
  • RPV: Win7′s least-known data-protection system 4.33
  • Recovery: the last step in total data security 4.30
  • Time for a .NET update we can’t ignore 4.30
  • Getting the most from Windows Search — Part 1 4.25
  • Revising printing habits saves money and trees 4.25
  • Upgrades end in erratic, partial hangs 4.25
  • Pros and cons of a ‘keyfile’ password 4.21
  • Beating back Duku and a plethora of other threats 4.20
  • Office 2007 gets its final service pack 4.19
  • Putting Registry-/system-cleanup apps to the test 4.19
  • One year and 99 security bulletins later 4.18
  • 1.8TB external drive goes down hard 4.17
  • Don’t pay for software you don’t need — Part 3 4.16
  • Internet Explorer gets another round of patches 4.15
  • Is your free AV tool a ‘resource pig?’ 4.15
  • Vacation’s over; it’s a big round of patches 4.15
  • Remote access leads to remote attacks 4.15
  • Keeping you up to date: say no to .NET — again 4.14
  • Take control of Google’s privacy policy settings 4.14
  • Office File Validation patch leads to problems 4.14
  • The advanced system-recover toolkit 4.13
  • New “419″ scam involves PayPal and Western Union 4.12
  • Readers’ best personal-privacy tips 4.11
  • Getting the most from Windows Search — Part 2 4.11
  • Re-examining Dropbox and its alternatives 4.10
  • Easily edit Windows’ right-click context menus 4.09
Connect with us Follow us on Twitter Connect with us on Facebook View our RSS Feeds
  • Home|
  • Newsletter|
  • About Windows Secrets|
  • Advertise with us|
  • Unsubscribe|
  • Sitemap|
  • Affiliates|
Trademarks: Microsoft and Windows are registered trademarks of Microsoft Corporation. The Windows Secrets series of books is published by Wiley Publishing Inc. The Windows Secrets Newsletter, WindowsSecrets.com, WinFind, Windows Gizmos, Security Baseline, Patch Watch, Perimeter Scan, Wacky Web Week, the Logo Design (W, S or road, and Star), and the slogan Everything Microsoft Forgot to Mention all are trademarks and service marks of iNET Interactive. All other marks are the trademarks or service marks of their respective owners.
iNET Interactive Copyright © 2011 iNET Interactive.
All rights reserved.
Terms of Use  |  Privacy Policy
Internet Services
  • Web Hosting Talk
  • HostingCon
  • Hosting Catalog
  • Host Voice
Web Development
  • Hot Scripts
  • DB Forums
Digital Marketing
  • ABestWeb
  • Search Marketing Standard
  • PayPerClickUniverse
  • SEMCompare
Consumer Tech
  • Windows Secrets
  • Overclockers
  • Mac Forums

Learn more about
advertising opportunities across the iNET Interactive Network.

LiquidWeb