Facebook privacy settings are great. Just a few minutes of tweaking allows you to create complex rules that makes sharing on Facebook easy AND safe.

Or so we thought.

I’ll start by prefacing this with two recent developments. The first is that Facebook is now one of Americas most trusted companies, and the second that around 65 million users are now accessing Facebook from mobile devices. It’s these two factors that make the following so concerning.

Have a look at the privacy settings below:

These settings allow friends to see wall posts with the exception of the “Employees” group. This group has specifically been removed rights to see wall posts. Or so the setting says…

This setting is does not work correctly and does NOT work at hiding any wall posts made from Facebook mobile (including the Facebook iPhone app). This bug is a massive privacy concern.

A friend of the above account in the “Employees” group could not only see wall posts from mobile devices, but also post to the wall, clearly against the privacy settings that were in effect. Wall posts from non-mobile devices were not visible.

The following screenshot shows a wall viewed from an account which has been added to the ‘Employees’ group with the privacy settings as above.

We have no way of proving we haven’t ‘shopped the screenshots above but feel free to try the settings with a friend to prove it to yourself. We also hope the previous hole we uncovered should give some credibility to our claims.

So there you have it. If you have your boss hidden from seeing wall posts, you’d better stop your friends posting on your wall from their phones…

On a side note, the privacy setting does work for status updates made from mobile devices. For concerns about your social networking posts showing up on search engine results, you may want to look into a service like Reputation.com which can help clean up your personal image

Since the beginning, Facebook has always had a desire for “real connections”, encouraging users to create a profile using their real name, and connect with people they already know.

The introduction of Facebook Pages in November 2007 added a whole new level to this “real connections” model and has become a great way for businesses, bands and celebrities to connect and interact with their fans. Unfortunately, it has also become a cesspool for spam, ridiculous Pages and unrelated advertising.

A quick skim through the biggest Facebook Pages shows a high number of generic Pages (such as “Pizza”, “The Beach” and “Massages”). A lot of these Pages – while against Facebook’s Terms of Use – are harmless, but there are also many that have been using (and abusing) their large fan bases to advertise tenuously related websites or products.

In May it was reported the creator of the “Kisses” Page auctioned off and sold the Page (and it’s one million+ fans) for an undisclosed sum. The winning bidder, OraBrush, has now turned it into an advertisement for stopping bad breath, the emphasis on kissing now just a memory.

Two weeks later, Facebook decided to tackle these generic Pages head-on by taking away their ability to update their statuses. Whilst it was great to see Facebook finally take some action, it was too little too late, and they’ve failed to follow through since with unscrupulous Page owners still breaking the Terms of Use.

The minor offenders simply encourage their fans to join their other Facebook Pages, but the worse offenders have completely changed their Pages from everything to do with the original topic, with only the name remaining.

We don’t expect Facebook to police every page created, but some of these Pages have fan bases in the millions. Facebook needs to spend some time cleaning out these Pages that are now exploiting the fan bases they’ve built up with unrelated advertising.

To be clear, the purpose of Pages is for advertisers to connect with Facebook users, but these Pages build up fan bases under misleading pretenses of “fun” topics before converting their content and spamming their users.

Although just a small sample of the problem, these Pages have over 3.3 millions fans between them.

Besides their flagrant abuse of the service and disregard for Facebook’s Terms of Use, it’s surprising that these Pages are still around for another reason: by allowing these Pages to operate, Facebook is taking money away from its own advertising sales. Why pay Facebook for ads, when you can create a generic Page like “cuddles” or “sleeping” that’s viral enough to advertise itself?

In our next article we will be explaining how we at FBHive think Facebook could drastically (and easily) overhaul the system for all, but while you wait, tell us: what you think Facebook should do with Pages like those above, and what could be done to improve the system for the future?

Ever copied a Facebook link from your address bar and pasted it to someone? If you have, there’s a possibility you also sent that person a snippet of your Facebook browsing history. In this article, FBHive explains how and why this happens, and what can be done to prevent it.

Facebook uses AJAX technology to allow users to navigate around the site without having to reload every page. This creates a more streamlined user experience, allows Facebook Chat to work more smoothly and, I suspect, reduces the server load for Facebook. There is however, one major flaw with the way Facebook implements this system.

It wasn’t long after we published our post that noted and speculated on Facebook’s recent Publisher redesign that our prediction was confirmed. Facebook just announced on their blog that they’re launching a beta version of an “improved Publisher” today.

The new Publisher is described as being more streamlined and, most notably, includes a “Publisher Privacy Control”, the official name for the “Everyone button” feature that both TechCrunch and All Facebook described a week ago.

It’s been less than 24 hours since we published our first feature article, ‘Private Facebook info accessible with a simple hack’. The Facebook Security team contacted us early on and have since fixed the exploit, so what we’re about to show you is no longer achievable. (Which in our opinion is a good thing.)

The exploit involved fooling the “Edit Information” section of your profile to display another user’s Basic Information when you finish editing your own. This was the only section that had this loophole, with the hack failing to work with Contact Information, or any of the other details listed on the page.