In November, users of social-networking site Facebook Inc. started seeing updates on what their friends had bought online. Then users of a Google Inc. news service began receiving lists of articles their friends and acquaintances had read online. And last month, Sears Holdings Corp. let people type anyone's name, phone number and address on a Web site to learn about their Sears purchases.
All three examples have one thing in common: The companies allowed Web users to access personal information about other people they know - sometimes without the knowledge of those people.
Online-privacy debates used to center on how Web sites share their users' information with the government, advertisers or complete strangers.
But in recent months, a new question has emerged: How much should your friends and acquaintances really know about you?
Internet-privacy experts, and in some cases the users themselves, are demanding more controls on how information is shared with so-called friends. Web sites, in turn, are taking steps to make it easier for users to change their privacy settings and determine which friends see what information.
The data-sharing issues grow as more companies take a page from popular social-networking sites like MySpace and Facebook that let their users create pages full of details like where they live and work, who they are dating and what their weekend plans are. People can share that information with other people by adding them as "friends," a term usually taken to describe anyone they know. As that idea has caught on, Internet companies have taken it further. If people like sharing basic information, the thinking goes, they'll love sharing even more particulars - like their shopping and reading habits.
"These companies think, 'Oh, neat, look what we can do,' but some consumers respond by saying, 'Wait, we didn't want you to do that,' " says Lillie Coney, associate director of the Electronic Privacy Information Center.
For consumers, there is no silver bullet to solving these privacy issues because each Web site shares information differently. So the onus is on individuals to protect themselves by painstakingly visiting each site to change their settings.
Facebook in November introduced a marketing program called Beacon to keep their users on the site longer. In this feature, Overstock.com Inc., Fandango Inc. and dozens of other companies agreed to notify Facebook every time one of its users made a purchase on one of their sites. In turn, Facebook began notifying those users' friends of the purchases.
Responding to criticism, Facebook changed its privacy settings in December, making it easier to opt out of the program. Still, because of the backlash, Overstock.com pulled out of the arrangement, although other retailers remain.
Jennifer King, a privacy researcher at the University of California at Berkeley, suggests several privacy-strengthening steps for people who use services like e-mail, photo-sharing and social-networking sites that allow users to create lists of "friends." King recommends adding someone to your list of "friends" only if you really know them. She also advises considering how sharing a message, photo or personal detail online could embarrass or harm you.
"Pretend you're sharing it with everyone at a party - and that they're all holding video cameras," King says.
Take control of your info
Don't want your friends knowing what you're buying or doing? Here's how you can stop it:
Facebook:Click on the "privacy" link at the site's top right-hand corner. You can click on the links to "profile," "search" and so on to determine who can see your information. Choose "only my friends," or put some friends on a "limited profile." To stop Facebook Beacon, click the link to the privacy page. Then click on "External Websites" and check the box labeled "Don't allow any Websites to send stories to my profile." ("Stories" are Facebook-speak for "updates about me.")
MySpace: Read about privacy settings in the privacy page accessible via a link in the top right-hand corner of MySpace.