Why I left Facebook

In a guest blog post, Graham Cluley, senior technology consultant at Sophos, explains why he walked away from the social networking site:

A few weeks ago I killed my Facebook account.

Years of pithy status updates, inconsequential conversations with friends and acquaintances and personal photo albums were consigned to the dustbin.

Or at least once I had downloaded an archive of my exploits from Facebook's servers first.

To be honest, I've been thinking of leaving Facebook for quite some time.

I've become increasingly uncomfortable with Facebook's morphing privacy settings and, as I'm someone who speaks and blogs about the importance of online privacy and security, it felt incongruous to use a service which I didn't feel confident I could appropriately manage.

In a nutshell, if I don't think that I can get my head around how to protect my personal information and updates on Facebook then - as someone who advises others on how to best remain private - I should quit.

As Facebook approaches 1 billion users, cyber criminals are finding it more attractive than ever to bombard the social network's users with malware attacks, phishing campaigns, rogue applications, survey scams, and attempts to steal identities. But none of these were a good enough reason for me to up sticks and leave.

What worried me was the very credible risk that Facebook would once again tweak its privacy settings one morning, or choose to roll out a feature without my permission that would make some of my personal information visible to others. I don't mind that if I have a choice, but there has been a long history of Facebook steadily eroding its members' privacy without asking first.

Facebook's attitude has nearly always been that you should 'opt out' of having your information shared rather than require users to 'opt in'.

As someone who makes a living describing how computer users can be safer online, it simply doesn't make any sense for me to risk having my reputation trampled over by Mark Zuckerberg's very different view on how people wish to maintain privacy.

When I signed up for Facebook a few years ago, it was a very different beast than it is today. The site has changed; its attitude to privacy and what it shares about you by default is different. It's all too easy to have created an account in the past and find - without your knowledge - that the rules have changed today.

Maybe I trusted Facebook then. But a series of goof-ups it has made alongside controversial features it opted me into without my permission means I don't trust it any longer.

The straw that broke the camel's back was not that I was fed up with invites to play FarmVille, or being poked by half-forgotten people I went to school with, or seeing unflattering pictures other folks had taken of me dancing at parties.

No, the thing which convinced me to leave Facebook once and for all was its new Timeline feature.

The timeline, Facebook's new way of representing your past posts, makes it easier than ever before to see just how much information you have shared with Facebook.

And it scared me. It scared me because I haven't actually been much of a Facebook user in the past four years. I'd ignored my own advice to never post anything on Facebook which I wouldn't feel comfortable with my mother-in-law or boss seeing, or broadcasting through a loudspeaker in the middle of Piccadilly Circus.

And I'm not alone. A survey of more than 4,000 people conducted when the Timeline was first announced discovered that over 50% said they were worried by it. A further 32% said they weren't sure why they were on Facebook at all anymore!

Yes, I had locked down my Facebook privacy settings to the 'nth' degree, but it's a full-time job trying to get your head around that labyrinth of options - and I'm all too aware that Facebook has made mistakes in the past, meaning that information you told it to keep private was available for anybody to see.

Quitting Facebook isn't for everyone.

Some people view the site like an embarrassing addiction - they want to give it up but feel they can't because so many of their friends are up there and they feel they will miss out if they leave. I can sympathise with that position.

Others still are much more laid-back about their personal privacy and security - and don't seem concerned about the information they are sharing on the site and the potential for abuse. This might be a symptom of the 'Oprah' generation - where social networkers feel no embarrassment about what others may read about them or photographs that may be shared - rather like a celebrity overcoming a drug addiction might have no shame about laying on the table their past misdemeanours.

I accept that my position is unusual. I'm quoted in the media discussing social media security, so I have a very good reason for not wanting a privacy screw-up to reflect badly on me.

But if you do also decide that you don't want to be on Facebook - because you're concerned about the time you're wasting on the site, or being spammed by games and rogue apps, or how the site might be making money out of the information you share - then be sure to permanently delete your account rather than deactivate it.

Facebook desperately wants to hold onto your data, as it allows it to target advertising towards you. So it strongly pushes anyone who says they want to leave the site towards deactivating their account rather than deleting it.

Deactivation puts your account on ice, making it invisible to the outside world. But if you ever log back into Facebook it will be revived in a heartbeat, with all your friend connections, photos and status updates back as if you were never away.

The correct way to zap your Facebook account is to request its permanent deletion (you can do this via a form hidden away on Facebook's site).

Even then, it's not quite over. Facebook gives you 14 days of 'grace' to reconsider your decision. During that time you must not log into Facebook, or 'Like' any pages, or sign up to any third-party sites using your Facebook credentials.

If you do, your Facebook account will be revived once more and it will not be deleted.

Facebook is a phenomenon and it would be a brave - and perhaps foolish - man who said it was going to go away anytime soon. But it needs to take greater care of its user community and reassure it that privacy and security are part of its DNA if it wants to present itself as a mature network.

Me? I'm not planning to return. I feel that I've thrown the dice and played Russian roulette with my personal information for long enough. I find Twitter a much more useful environment for sharing information and having meaningful, timely discussions with my peers, anyhow.

Obviously, my opinions and decision regarding my FB account are my own - rather than endorsed by all Sophos employees!

Graham Cluley, @gcluley, is a senior technology consultant at Sophos. He blogs at http://nakedsecurity.sophos.com.