After the Cambridge Analytica data scandal broke in March, Facebook repeatedly promised to make reforms, saying in one blog post that the company would “put people more in control of their privacy.” But three months later, research by Consumer Reports privacy experts finds that some of Facebook’s privacy settings remain confusing and hard to use.

The researchers found that the design and language used in Facebook's privacy controls nudge people toward sharing the maximum amount of data with the company.

In addition, they say, one privacy setting works differently in the iOS and Android versions of Facebook's app. And the iOS version could mislead consumers into believing that certain privacy protections are on when they are off, according to Katie McInnis, policy counsel for Consumers Union, the advocacy division of Consumer Reports, who led the research. That could prevent consumers from making informed choices.  

"What we found concerned us," says McInnis. "The way Facebook handles consumer privacy still seems complicated and confusing, and we think consumers can come away believing they have more control than they really do."

More on Facebook

Consumers Union is sending a letter today to the Federal Trade Commission, urging the agency to investigate the matter. The letter states “our research found that Facebook uses [various] interfaces to steer users to the least private options when creating a Facebook account.”

Other privacy experts agree with that evaluation. “The deck is stacked,” says Pam Dixon, executive director of the World Privacy Forum, an advocacy group, when informed of CR’s findings. “It takes an extraordinarily diligent consumer to make informed privacy choices on Facebook.”

According to the Consumer Reports analysis, users can’t make changes to default settings before completing the sign-up process. Facebook also directs new users through a confusing dashboard of policies to learn how to change settings, and in some instances users need to perform a dozen or more clicks and swipes to find and adjust the appropriate settings.

“Facebook has a lot of privacy controls, and they’re not organized in a way that’s easy to find,” says Lorrie Faith Cranor, professor in the School of Computer Science at Carnegie Mellon University and an expert on digital design as it relates to privacy. Facebook says it has worked to make its settings more accessible with its new Privacy Shortcuts feature.

The Consumer Reports findings are being released at the same time as research by the Norwegian Consumer Council, which reviewed the pop-up boxes announcing updated privacy policies that were displayed by Facebook, Google, and Microsoft in the wake of the May rollout of the European Union’s sweeping new privacy standards, the General Data Protection Regulation. The NCC found that Facebook and Google both put up hurdles that hindered users in Europe from choosing privacy-friendly options, as mandated by the new rules.

Consumer Reports’ own investigation in the U.S. found privacy problems with Facebook that it didn’t encounter with Google, according to McInnis.

Like most websites, CR.org also collects user data. You can get the details in our privacy policy.

Allowed or Not Allowed?

Screenshots from Facebook privacy settings.
In the Facebook app for iPhones, a default setting reads "Not Allowed" on one screen but "Allowed" on another.

One issue cited in the Consumer Reports letter to the FTC is a confusing inconsistency in the company’s Ad Preferences setting. This problem arises in the iOS version of the Facebook app. (We didn’t see it in the Android version of the app or in the browser version of the platform.)

When you navigate to Facebook’s ad preferences menu on an iPhone, there’s a subhead titled “Ads based on data from partners.” And right below it the words “Not Allowed” appear. That seems to imply that the setting is turned off, and Facebook won’t be using data from mobile apps and the websites you’ve visited to decide what ads to show you.

However, if you do click on the right-facing arrow, and swipe through a couple more screens, you get to a slider for this setting that is switched to “Allowed.” That contradiction is confusing, and might lead consumers to think the more privacy-protective option was already in place.

After being informed by Consumer Reports about the issue, Facebook says it is looking into it. 

The Sign-Up Process

More broadly, Consumer Reports researchers highlighted a number of issues with Facebook’s privacy settings.

The platform requires first-time users to sign up with default privacy settings in place, while revealing important information like your birthdate, gender, cell phone number, and/or email address in your public-facing profile. If you attempt to change those settings before completing the sign-up process, the Facebook mobile app redirects you to a confusing array of policies, which ultimately leads you back to an interface that requires you to sign-up before making changes.

Consumer Reports urges companies to make default settings—the ones that appear when a consumer first signs up for a service—as privacy-friendly as possible. This is one of the principles in the Digital Standard put forward by Consumer Reports and several partners who study security and consumer privacy.

“Facebook should be offering privacy by default. But if they don’t, they should at least make it easier for consumers to change privacy settings to protect their data,” McInnis says.

Consumer Reports reached out to Facebook executives for comment, and the company disagreed with our conclusions, pointing to recent remarks by Rob Sherman, deputy chief privacy officer.

 “Security and a strong privacy foundation are the baseline of everything we do,” said Sherman. As an example, he said that users need to give the Facebook app permission to use a phone’s camera. According to Sherman, not everyone feels the same about privacy. “Take a simple example like the audience selector for your Facebook posts—options like public, friends, only me,” he explained. Sherman described how Facebook research shows that almost half of new users wanted to share their posts publicly, rather than keeping them more private and restricting the audience to friends only.

Not all technology platforms work this way. For instance, you can set up a Google account using just your name and a birthdate. The service asks for gender and phone number, just like Facebook, but prominent text explains that providing that information is optional. And you can change privacy settings before you finish opening your account. 

Data Collection by Design

Screenshots from Facebook privacy settings.
Facebook lets you turn facial recognition on or off, but warns of risks if you opt out. You can't allow facial recognition only for security.

Facial recognition provides a prime example of how Facebook’s design and language steer consumers’ decisions. You can opt out of letting Facebook use facial recognition, but the platform has a stern warning if you do: “If you keep face recognition turned off, we won’t be able to use this technology if a stranger uses your photo to impersonate you.”

“It’s rigged,” says Dixon. “If you turn the setting off, you have a privacy problem with identity theft. If you turn it on, you have a privacy problem with Facebook’s data collection. Consumers are in a no-win situation.” But, typically, Facebook only warns consumers about the dangers of the option that allows them to collect less data.

Consumer Reports researchers also found that Facebook’s privacy disclosures imply that users have more control over data collection than they really do.

Screenshots from Facebook privacy settings.
Facebook says that users are in control but provides them with few options for limiting data collection by the company.

For instance, a screen entitled Privacy Basics uses big type and two colorful graphics to reassure readers: “You have control over who sees what you share on Facebook.” However, if you flip through several more screens that describe how data is used for targeting ads, eventually you can find a setting for controlling whether Facebook can use data based on your use of other apps and websites to show you more personalized ads. At the bottom of the screen, in type that’s both smaller and fainter than the rest of the text, is a disclaimer that reads in part: “Turning off this setting doesn’t delete any data.”

In other words, the setting doesn’t affect the volume of data Facebook collects. But, according to privacy experts, that may not be clear to consumers. “It’s ‘steering,’” says Dixon of the WPF. “When there’s an unreadable font or language that’s contradictory, that’s a policy choice that Facebook has made” to discourage people from delving into the details.

In fact, according to CR's study, Facebook users apparently can control whether the company collects facial recognition data and location data from their smartphones, but not much else. The platform’s privacy settings primarily affect what other individuals can find out about you, not the vast amount of data Facebook itself gathers.

When asked what other ways people can use to limit the platform’s data collection, Elisabeth Diana, Facebook’s director of corporate communications, said, “You decide what you share with Facebook, which means you have control over what we collect. For example, the information you share in your profile, what you post, comments you make.”

In other words, if you don’t want Facebook to use information about your private life, don’t share it with your friends on Facebook.