Friday, April 30, 2010

More on Facebook and Privacy

It seems all the buzz this week is focused on Facebook's continued aggressive anti-privacy activities, and the new effort to regulate them by better protecting consumer control over their data.

I want to hone in particularly on the post by the Electronic Frontier Foundation laying out Facebook privacy policies over the years - in its own words. Pretty shocking. Also check Tuesday's post for more details about this week's news and Facebook's sordid privady history.

First though, some of the recent revelations discovered by Facebook users. As reported in the UK's Guardian, "Facebook's new system for connecting together the web seems to have a serious privacy hole, a web developer has discovered.

Some people report that they are able to see the public "events" that Facebook users have said they will attend – even if they person is not a "friend" on the social network. The discovery was made by Ka-Ping Yee, a software engineer for the charitable arm of Google, who was trying out the search query system known as the "Graph API" released by Facebook last Friday. In some cases – though not all – it will let you see the public events that people have said they will attend, or have attended.

Yee demonstrated the flaw by showing how the API – which plugs directly into Facebook's databases – can show you a list of Facebook founder Mark Zuckerberg's planned public events.


The discovery will intensify the debate over Facebook's new system – which has drawn complaints that it makes it far too difficult to keep personal information private.

The implications of being able to find out the movements of any of the 400m people on Facebook are potentially wide-ranging – although the flaw does not seem to apply to every user, or every event. Yee says that the simplest way to prevent your name appearing in such lists is to put "not attending" against any event you are invited to.

The problem mirrors that which Google ran into when it created its new Buzz systems, which aimed to create a Twitter-like social network – but annoyed people because it assumed that anyone with whom you had exchanged email would want to be part of your network. But the example of a wife who wanted to stay away from her abusive husband – but with whom she had once swapped an email – showed that Buzz had a flawed approach to privacy.

Similarly the Facebook API system may turn out to be crucially flawed. "What can your event list say about you? Quite a bit," wrote Yee. "It might reveal your home address, your friends' home addresses, the names and groups of people you associate with, your hobbies, or your political or religious activities, for example. "

As I mentioned on Tuesday, Facebook's effort to spread its online social network to other websites has been noticed by lawmakers and FTC regulators looking into privacy concerns.

Four senators said Tuesday that Facebook needs to make it easier for its 400 million users to protect their privacy as the site opens more avenues for them to share their interests and other personal information.

As detailed by Business Week, "Having built one of the Web's most popular hangouts, Facebook is trying to extend its reach through new tools called "social plug-ins." These enable Facebook's users to share their interests in such products as clothes, movies and music on other websites. For instance, you might hit a button on indicating you like a certain style of jeans, and then recommend a movie on another site. That information about the jeans and the movie might be passed along to other people in your Facebook network, depending on your privacy settings.

Facebook says all this will help personalize the Web for people. It stresses that no personal information is being given to the dozens of websites using the new plug-ins.

Still, it means that information that hadn't been previously communicated could get broadcast to your friends and family on Facebook.

And Facebook is indeed sharing some personal information with three websites that Facebook hopes will demonstrate how online services can be more helpful when they know more about their users. The sites with greater access to Facebook's data are business review service Yelp, music service Pandora and Microsoft Corp.'s for word processing and spreadsheets.

Facebook users who don't want to be part of the company's expansion have to go through their privacy settings and change their preferences.

Now we have Senator Schumer, and other lawmakers, pledging to introduce legislation that would expand the FTC's powers over Facebook and other Internet social networks if the regulatory agency doesn't feel it has the authority to require more straightforward privacy controls.

The political pressure could undermine Facebook's ambition to create a more social, open Web that could make it easier to aim online advertising at consumers based on their presumed interests. Facebook would probably thrive in a more communal Internet because it has amassed a huge database of personal information since Zuckerberg set up its website in a Harvard dorm room six years ago.

Wired magazine highlights Facebook CEO Mark Zucerberg's seeming disdain for privacy and the uncomfortable place this puts those of us - me included - that enjoy the social service, stating, "Zuckerberg’s apparent disregard for your privacy is probably not reason enough to delete your Facebook account. But we wouldn’t recommend posting anything there that you wouldn’t want marketers, legal authorities, governments (or your mother) to see, especially as Facebook continues to push more and more of users’ information public and even into the hands of other companies, leaving the onus on users to figure out its Rubik’s Cube-esque privacy controls.

Facebook has been on a relentless request over the past six months to become the center of identity and connections online. The site unilaterally decided last December that much of a user’s profile information, including the names of all their friends and the things they were “fans” of, would be public information — no exceptions or opt-outs allowed.

Zuckerberg defended the change — largely intended to keep up with the publicness of Twitter, saying that people’s notions of privacy were changing. He took no responsibility for being the one to drag many Facebook users into the net’s public sphere.

Then last week at its f8 conference, Facebook announced it was sending user profile information in bulk to companies like Yelp, Pandora and Microsoft. Thus, when users show up at those sites while logged in to Facebook, they see personalized versions of the those services (unless the user opts out of each site, somewhere deep in the bowels of Facebook’s privacy control center).

Facebook is also pushing a “Like” button, which lets sites put little Facebook buttons on anything from blog entries to T-shirts in web stores. Clicking that button sends that information to Facebook, which publishes it as part of what it calls the Open Graph, linking your identity to things you choose online. That information, in turn, is shared with whatever sites Facebook chooses to share it with — and to the sites you’ve allowed to access your profile.

With all that said, let's get to my featured post from EFF on Facebook's remarkable transformation over the past 5 years. EFF notes, "When it started, it was a private space for communication with a group of your choice. Soon, it transformed into a platform where much of your information is public by default. Today, it has become a platform where you have no choice but to make certain information public, and this public information may be shared by Facebook with its partner websites and used to target ads.

To help illustrate Facebook's shift away from privacy, we have highlighted some excerpts from Facebook's privacy policies over the years. Watch closely as your privacy disappears, one small change at a time!

Facebook Privacy Policy circa 2005:

"No personal information that you submit to The facebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.


Current Facebook Privacy Policy, as of April 2010:

When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection."

Viewed together, the successive policies tell a clear story. Facebook originally earned its core base of users by offering them simple and powerful controls over their personal information. As Facebook grew larger and became more important, it could have chosen to maintain or improve those controls. Instead, it's slowly but surely helped itself — and its advertising and business partners — to more and more of its users' information, while limiting the users' options to control their own information.

Click here to see this transformation for yourself.

Needless to say, I think a strong case can be made that Facebook EPITOMIZES the direction social networking sites, and the web in general, is headed...and new laws and protections are needed immediately...

No comments: