Further findings from the Privacy Mirror experiment

I find that I rely on my debugging skills in almost every aspect of my life: cooking, writing, martial arts, photography… And it helps when you’ve got friends who a good debuggers as well. In this case, my friends lent a hand helping me figure out what I was seeing in my Privacy Mirror.

The following is a snapshot of the Application Privacy settings I have set in Facebook:

Facebook Application Privacy Settings

Given these settings, I would expect that the Facebook APIs would report the following to a 3rd party application developer:

  • My name
  • My networks
  • My friends ids
  • My profile status

With that in mind, I asked two friends to look at my information via the Privacy Mirror. They sent me screenshots of what they saw which included:

  • My name
  • My sex
  • My networks
  • My activities
  • Books
  • Location
  • Education history
  • Hometown info
  • High school info
  • Movies
  • Music

With this latest test, I think I can safely say that my privacy settings are being ignored via API calls to the Facebook platform.

Given that next week is Catalyst, I am not going to have a lot of time to devote to Privacy Mirror, but here’s my plan of attack for the week following:

  • Talk to the original complainants in the report issued by the Canadian Privacy Commissioner.
  • Reach out to the Privacy Commissioner’s office to see if we can compare notes.
  • Start working on my network to find a way to talk to Facebook.

In the meantime, I’d ask you to share Privacy Mirror with your friends to start raising awareness about this interesting issue.


There is one condition that I have yet to test. It may be the case that because I have authorized Privacy Mirror on my profile, my friends can see more of my profile. I’ll repeat this experiment later after removing Privacy Mirror and see if we see the same results.