Hey there, reddit! My name is Raylene Yung, and I’ve been working in Engineering at Facebook since Feb ’09. I support the teams that work on product privacy at Facebook, which includes both product features like privacy settings and tools but also the underlying infrastructure that executes privacy rules.

I often get questions and suggestions from friends and family about Facebook privacy, so wanted to take this time to ask you what you think and hopefully give you some answers! A few other engineers / PMs from these teams will be popping in and out to answer questions with me as well.

I’ll be here from 3p to 5p PST to answer your questions, and we’ll come back with more answers if we can’t get to them now.

Edit/Proof: https://www.facebook.com/photo.php?fbid=10100949194967473

Note: Questions about how privacy interacts with the product will be the best — I don’t work directly on security / data storage or use so while I can try my best it’s not my area of expertise.

Edit Thank you all so much for the great questions / hope I was able to answer some of them for you! Signing off & thanks for all the compliments to the team :) Working on privacy keeps us young and good-looking!

Edit Special shoutout to /u/m_pim a.k.a. Mary Pimenova, pusheen-holder & Engineering Manager of the Privacy Product Infra team for her answers here! I'll also go through this a bit more later to answer some last questions if I can.

Comments: 225 • Responses: 29  • Date: 

[deleted]31 karma

Has the NSA revelations changed anything at Facebook? (culture, the way people think about user data, etc)

rayleney5 karma

Hmm, honestly afaict not really? I think one great thing to come out of it is in general more awareness/transparency around internet security.

A few of people on the team wanted to help contribute to this too, so they actually helped make this tool: https://www.facebook.com/about/government_requests

TonyArnold25 karma

Do you think that would affect how you feel about privacy?

rayleney1 karma

Personally, I feel that the internet and a lot of technology in general has facilitated the sharing of a lot of information between a person and an entity or network, for years now, and with great power comes great responsibility (That's for my older brother who raised me on comic books)

Facebook is a piece of this for sure, but in a lot of ways it gives a clear purpose and voice to how that information is shared, and along with the extensive privacy controls and guarantees provided, it can be a safer place to share than many other forums. These discussions have just highlighted how important our privacy controls are / the work these teams do is in helping protect people.

In a lot of ways I feel like Facebook is a microcosm of the Internet, where anyone can join and connect with people and ideas, but you also get that feeling that there's a real person behind the "user" that you're interacting with. No offense f666 / TonyArnold2 :)

rayleney0 karma

What do you mean specifically? The gov't request tool? Or are you asking how the NSA has affected how I feel?

kyleGthatsme20 karma

Why does your android app need to have the capability to see my SMS messages?

rayleney-4 karma

Bsnargleplexis15 karma

I am not a Facebook user, largely because I don't feel I have any control over who sees what.

While I think the whole concept of "sharing" is awesome, I want to be able to selectively share. In my real life, I don't tell every person I know everything about my life. I pick and choose what I want people to know, because some people are more tolerant of certain things than others. My friends love my drunken antics, but my parents don't. I would like to show only my friends pictures of antics, but as I understand how Facebook works, that is impossible. ALL must be shared!

While the idea of a fully transparent life is a nice goal, it doesn't work in today's society. There is too much judgement, too much harsh reactionism. People today are just not tolerant enough for full transparency.

With that in mind, is there anything Facebook plans to do to allow me control over what people know about me? (Ex: Dave can see this photo, but Steve can't?)

Also, Charlie Deets is hot. Smoking hot!

rayleney6 karma

Hey, thanks for the feedback, and one thing that makes me happy when reading this (though still sad you're not on Facebook!) is that we actually already have all of the settings you mention :)

You most certainly do not have to share if you're on Facebook, either at all, and especially not publicly if that's not what you're into. I actually use the site much in the way you mention -- specific photos get shared with different people, and there's always the "All my friends except Mom" favorite privacy setting anyone can create.

You should sign up and give our privacy controls a whirl. Would love to hear what you think is still missing :)

rayleney3 karma

First response -- Charlie Deets is very flattered (he says hi)

adventurer78413 karma

From memory, it seems like Facebook used to have a terrible reputation for confusing / bug-ridden privacy things, but that it's been quiet for the last few years. Was there a turning point where Facebook realized that it had to take privacy seriously?

rayleney14 karma

Hmm, I've been working on FB privacy for about ~2 years now so maybe that's related? (Just kidding, don't quote me on that)

Real answer: I don't think there's been a "turning point" in that as long as I have worked here we have always taken privacy extremely seriously. It's baked into every change we make and every product we create, and that hasn't changed at all. Today, we care a lot about understanding how people on Facebook use our privacy tools and how best we can help them. That's one of the biggest/main goals of our team today.

bryansm12088 karma

So then why does Facebook just change privacy settings without any user input as to how that might relate to them, especially when taking away a privacy setting. Not trying to be an ass but users are important to Facebook so why not ask how much a particular privacy change might hinder our usage of the site.

rayleney6 karma

Totally, and you're not being an ass at all (that was a very nice way to ask! :P)

One thing is that we don't change which privacy settings we offer lightly / take both direct user feedback and broader research into account. One example of really listening to what people want is when we recently added the ability for minors (people < 18) to post publicly where they used to be limited to Friends of Friends at most. This was something people actually wrote in every day to ask for, and it was great to be able to give them the control they wanted.

On the flipside, as Facebook's changed over the years some settings have become less relevant. For example, with the "who can lookup my timeline by name" setting that we phased out last year, this made more sense when Facebook was primarily a directory of profiles without a feed and a search product. Today, with a bunch of ways you can see content from your friends or find them on the site, the setting only applied in very specific situations.

NotAnAfricanPrince12 karma

If I post a picture on facebook, can it ever be deleted from the internet? if not, why?

rayleney13 karma

Short answer = yes, we can delete your photo from Facebook, and it's something we commit to in our data use policy.

But, there's a lot of ways people can copy or share your photos on the internet, and there's not really a foolproof way to obliterate something entirely from the rest of the internet (especially if someone's posted it on other sites, etc.)

For FB specifically, we have really robust ways we store data including backups we can use if something gets lost, so it takes some time for the deletion changes to trickle out into our storage systems. (~90 days for deleting an entire account for example) The photo won't be accessible when this is happening though.

jontonsoup6 karma

Hi Alex / Raylene!

What do you mean by "the underlying infrastructure that executes privacy rules"?

Also, what is your favorite type of sandwich?

rayleney8 karma

oops, forgot the most important of the question!

Also, what is your favorite type of sandwich?

It just needs to have really good cheese / be grilled.

& Alex says: anything with pesto

rayleney7 karma


Good question -- basically when someone shares something on Facebook w/ a specific privacy setting, we run some code in our php codebase that enforces that the setting is properly expected. I.e. only the people who should be able to see something can.

This generally takes the form of individual privacy "rules", that are things like "If this photo is a public photo, anyone can see it".

TheCaliHaze6 karma

Hey there. How do you like your job? Something you have always wanted to do? Also, do you use Facebook often yourself? Is it something you trust with your information?

rayleney4 karma

Hey there, thank you for asking! :)

I love my job and think working at Facebook is a really unique experience as far as software companies go (though being a software engineer is a pretty cool profession in and of itself, and I'd recommend it to anyone who's choosing a new career and might be considering it!)

I've always wanted to help build things / solve hard problems (which I know is a bit cliche) and working on privacy @ fb pretty much fits the bill.

As for Facebook, funny thing but you can't actually work here w/o an active Facebook account, and even right now I'm furiously messaging people in another tab on the site. We use it for internal groups, sharing roadmaps and ideas, communicating across teams, pretty much everything.

On a personal note though, Facebook is basically the only / main social network I use, though I've been meaning to actually start using my twitter account at some point :p One reason why I signed up for the site early on / still use it so much for my personal info today is exactly because the privacy controls are so powerful. I don't know any other site that has both so many people on it and that lets you share with specific people or groups of people so fluidly. Plus, I know they work exactly as they should :)

taitapedro5 karma

I know this is a silly question, but I've always been curious. Is working for Facebook fun? What's a day like in a place like that?

rayleney5 karma

Working at Facebook is chaotically fun (in a good way)

A day here probably differs a lot from person to person -- for me, I get in / plug in and spend the day meeting with different people on my team and other product teams. I'm also an engineering manager so my schedule tends to be more people-meeting-heavy, while if you're an engineer that spends most of your time coding you're also spending a lot more time looking up memes to use in our internal diff review system :)

thetopthrow5 karma

How do you balance privacy features with Facebook's inherent need for people to share to exist?

Has there ever been a product/feature/update that didn't launch because of privacy?

rayleney0 karma

So, it's funny your question kind of implies there's a sense of conflict between the two, because in a lot of ways I feel like you can't have one (sharing) without the other (a sense of privacy and a control over who can see what)

Something we say here is that privacy is a part of every single product we build, and this manifests itself in the very way privacy code can be found all over / in every codebase. At last count we have hundreds of product object classes that have privacy checks baked in at the lowest level, and correspondingly hundreds of engineers who know how that code works :)

Has there ever been a product/feature/update that didn't launch because of privacy?

It's not so much a launch-or-not-to-launch, it's more like how do we build something with privacy always in mind all the way up until it launches.

serb75 karma

How do you feel about Facebook buying Whatsapp? Do you think Facebook will help with the Whatsapp team's design process or let them do their own thing?

rayleney11 karma

I actually just found out about it probably a few minutes before you did :)

I'm curious/excited to see how our companies will work together but I don't know much about it personally.

bristolcities4 karma

Why is Facebook so complicated. I would like to be able to delete my facebook history easily. One button to delete posts and comments older than a month. At the moment it seems like I have to do it one by one. Sometimes posts reappear. Also, I would like just my friends to be able to view my stuff. The only reason I stick with it is because so many friends are on it. It's great for organising meet ups. But the privacy settings are far too complicated. Also, the chat pop up is very annoying.

rayleney-2 karma

Thanks for the feedback, and I'm sorry if you've been having a lot of trouble here.

One way to easily change the privacy of past posts you've made is this handy feature we built a few years ago: https://www.facebook.com/help/236898969688346

Sometimes posts reappear.

This should never be happening if you delete something on Facebook -- if you have links to posts you've made where this has happened we can look into it more!

fluffydotvim3 karma


rayleney4 karma

++mary that the external perception can really get me down sometimes, especially when I know how hard the team works / how much we all care about respecting people's privacy and helping make the best product possible

even now I'm sitting in a room with 20 other people who want to help / care so much about this stuff. (hi guys!)

but, specifically something about why it's hard to work on it here is the fact that privacy really does touch every single product. this means it's a pretty fast flood of information that we need to stay on top of, and as a infrastructure team in a lot of ways other employees at facebook are our omnipresent (and very insistent) clients

ilikenewpasswords3 karma

Hi Raylene,

Thank you for doing this AMA.

When you are dealing with a concept like "privacy," how well do you work with lawyers, business people, and other non-engineers in helping Facebook achieve its goals?

If that question is too broad, then what are some product privacy issues that come up that maybe an engineer would not have thought about by him/herself, and, vice-versa, what are issues that non-engineers may not think about when it comes to product privacy? How do you work to resolve any such issues that may arise?

Also, at the end of day, what would you say Facebook is more likely to deploy: a product that has very strong privacy rules but is less marketable/profitable than a product with weaker privacy rules or a more marketable/profitable product with weaker privacy rules (though one that still complies with current privacy laws)? Do you even think that this is an appropriate trade-off paradigm applicable to Facebook?

Sorry if I asked too many questions. Thanks!

rayleney0 karma

When you are dealing with a concept like "privacy," how well do you work with lawyers, business people, and other non-engineers in helping Facebook achieve its goals?

Working cross-functionally is just the starting point when it comes to privacy, and there's even a special cross-functional team with people from legal/pr/policy/etc. that meets to work on hard privacy issues together.

rayleney0 karma

what are some product privacy issues that come up that maybe an engineer would not have thought about by him/herself, and, vice-versa, what are issues that non-engineers may not think about when it comes to product privacy? How do you work to resolve any such issues that may arise?

It's not so much engineer vs. engineer but just whether or not any small group of people building a product can really think of everything. This is why working cross-functionally is important, because it brings in knowledge from other teams and parts of the company.

Some things people might not think of initially are how privacy works when it comes to special or rare cases, like minors or people who have blocked each other. Another great example is the work a group at Facebook has done around compassion research, and improving the way we ask people questions. They've discovered a lot of things such as how a simple change in wording in our report/spam flows can give us much better information.

Here's some info from a related event last year: http://new.livestream.com/facebooktalkslive/events/2564173

rayleney0 karma

what would you say Facebook is more likely to deploy: a product that has very strong privacy rules but is less marketable/profitable than a product with weaker privacy rules or a more marketable/profitable product with weaker privacy rules (though one that still complies with current privacy laws)? Do you even think that this is an appropriate trade-off paradigm applicable to Facebook?

whew... long question! finally on part 3.

I answered something similar here: http://www.reddit.com/r/IAmA/comments/1ydy0w/i_am_raylene_yung_a_facebook_engineering_manager/cfjo3w7

tl;dr; it's not really privacy vs. product. it's product == privacy :)

ilikenewpasswords1 karma

Wow, thanks for taking the time to answer the questions. Much appreciated :)

rayleney1 karma

np :)

oemia2 karma

Why does your team look so young?

TJ097 karma

According to a 2012 article [1], the average age (of FB employees) was 31. Then in May 2013 [2], it was 26.

Assuming those numbers are accurate, Facebook employees will be infants in just five or six years.

[1] http://www.businessinsider.com/facebook-facts-you-didnt-know-2012-2?op=1
[2] https://www.facebook.com/careerbuilder/posts/10151661156526255

rayleney1 karma

Excellent use of the Princeton research paper's methodology! ;) ++

for ref: http://www.reddit.com/r/IAmA/comments/1ydy0w/i_am_raylene_yung_a_facebook_engineering_manager/cfjoqo2

zEr1k2 karma


rayleney0 karma


Someone else asked a similar question here, hopefully this helps? http://www.reddit.com/r/IAmA/comments/1ydy0w/i_am_raylene_yung_a_facebook_engineering_manager/cfjo5s1

Also, you most certainly can delete your account! (Though we really hope you don't!) https://www.facebook.com/help/224562897555674#How-do-I-permanently-delete-my-account?

Do_you_like_cats2 karma

Hi Raylene, and thanks so much for representing Facebook in this AMA! What kinds of information that users put on Facebook are stored there indefinitely, even after we "delete" them?

rayleney2 karma

Hey there! I'm not a huge fan of cats (sorry!) but no problem :)

For facebook, deleting something means removing all that content from our servers, which can take time to do as we make our way through the different storage / backup systems we have. (I touched on this a bit here: http://www.reddit.com/r/IAmA/comments/1ydy0w/i_am_raylene_yung_a_facebook_engineering_manager/cfjngp0)

I think the only exceptions to this rule would be when you've posted something that's attached to someone else's content (like you commented on their photo) or you sent the something like a message that got delivered to their inbox.

The Irish government did an audit of our deletion process a couple years ago, and wrote a public report on it. It's lengthy but detailed if you actually want to read it: http://dataprotection.ie/docs/21-12-11--Report-of-Data-Protection-Audit-of-Facebook-Ireland/1182.htm

JYJelli2 karma

Hi Raylene, I would like to give a shoutout to the handsome man in the glasses who is above you in the picture. He is THE man.

Now my question: Not a privacy question, but did you guys in Facebook have a good laugh when Princeton released that research study on you guys losing almost all your users in 2017?

rayleney0 karma

Haha I'll make sure he hears that! He is quite a nice guy too :)

I actually didn't see the Princeton study immediately, but I did see this when it went viral internally: https://www.facebook.com/notes/mike-develin/debunking-princeton/10151947421191849

^ I thought this (and the original study) were pretty hilarious. I also know Mike and a couple of the other data scientists personally and they do awesome work here (ironic / otherwise)

123choji2 karma

What's the most challenging privacy related thing to work with?

rayleney1 karma

Hmmm, good question... there's a lot of things that are challenging, but 2 things probably come to mind first.

1) Platform

There are just so many APIs we build and provide, both for internal (our own native mobile apps) and external clients (all y'all platform developers), that it's really amazing how much the platform team has to understand and support. Both because of the large number of APIs and the fact that a lot of engineers might not use the platform on a daily basis, we work really hard to get "platform privacy" into a great place.

2) Infrastructure

As mentioned in some other qs / by /u/m_pim, the infra is really the underlying code for all privacy checks on facebook. Our platform APIs , our main products, our own services such as news feed / ads / timeline, etc. all ultimately run through the code that we write as the source of truth for privacy. Important to get perfect == challenging. :)

dick_wool2 karma

Whats the most effective way Facebook users can protect themselves while enjoying Facebook?

rayleney2 karma

Whew, I feel like there are a lot of ways I can answer this question, and it sort of depends on what you use Facebook for. For example, some people use it mainly for gaming and they might have totally different use cases than me/you.

BUT, a couple things I'd start with:

  • Familiarize yourself with the tools we do have if you're privacy conscious.

Here are two cool tools the privacy team builds/supports: - Here's how you view your profile as an unconnected person ("viewing as a public user"): https://www.facebook.com/me?viewas=100000686899395 - Here's how you can look at public photos you're tagged in: https://www.facebook.com/me/allactivity?log_filter=photos&filter_privacy=80

  • Think about who you want to be "friends" with on Facebook.

A lot of people (including myself) primarily share with all of their Facebook-friends, so each time you accept a request be mindful that you may be sharing a bunch of information with them that you weren't before

  • Look for help if you need it.

We have an awesome help center, and a bunch of people who help create content for it / field questions when people write in. The search works pretty well for most things: https://www.facebook.com/help/


Damn, got here too early >.>

rayleney3 karma

I'm here now! :)

winchu1 karma

Hi! I am an engineering student and I would love an internship with Facebook. What are some things that would really stand out to you, personally, on an internship application?

rayleney1 karma

Hey there! Glad to hear you're interested in in working here :)

We hire primarily for engineering talent, so make sure your core algorithms and data structures are really solid, and that you have some solid coding experience (Either via coursework or side projects you can share with us e.g. github or open source projects)

We definitely notice when people have projects they've built outside of school, and demonstrate a real passion and initiative for solving problems with code.

Here's a link to more info: https://www.facebook.com/careers/university