So in the end, I had to completely disable the "friends" privacy in the database table "sys_privacy_groups" and I had to enable the members privacy by selecting active=1 and visible=1. The only reason that I enabled members is so that it is understandable on the "who can contact me" field on the persons and organizations apps. If it says "public" they will be confused. This is the only viable setup and I am not happy with it. 

P.S. 

I am also concerned about the speed of the loading time with the timeline. I am considering taking away the timeline and going back to when the internet was fast. Just plain and simple to get the message across.

EDIT: I changed it again to disable the members privacy and keep the public privacy enabled, so I just removed the friends privacy. This seems to get rid of all the access denied messages.