Friday, May 21, 2010

Unfriendly Facebook Indeed...

Okay, if all goes well I won't have to do another post about Facebook for at least a few weeks...I'm begging here...

Nonetheless, I want to alert people to a short, to the point, editorial by the San Francisco Chronicle entitled "Unfriendly Facebook" that is worth a look. The most notable fact about the editorial is that it was written at all. This signifies a growing outcry against the company due to there, how shall we say it...disdain for their customer's privacy maybe? The editorial, and the amount of press and legislative attention to the issue can only be viewed as a positive development! Now we need results.

On Wednesday I wrote a detailed post on how you can both send a message to Facebook that you want your privacy back, as well as a new site that allows you to "Reclaim your Privacy" on the social network (as I also point out, it matters what your friends do as well). To read a few recent posts on the host of privacy problems associated with the social network, just click here, here, here, and here.

Before I get to the Chronicle editorial, I do in fact have yet another breaking story about yet another Facebook violation of your privacy...I kid you not. As we know, Facebook promises, specifically, that it doesn't "share your information with advertisers without your consent." Only "non-personally identifiable" data, it says, are shared.

Well, they were lying. The social networking giant confirmed late Thursday that it has, at least in some circumstances, sent the user name of a Facebook member to its advertising partners. This in turn can be used to glean a person's name, interests, and list of friends. Say it ain't so!

Elinor Mills and Declan McCullagh of C-Net have more:

News of this data sharing, which appeared in the Wall Street Journal on Thursday evening, could prove embarrassing to the social-networking site, which is already on the defensive after Washington politicians have been calling for regulatory action on privacy grounds and over a dozen advocacy groups have charged that Facebook engages in "unfair and deceptive" business practices.

Facebook's admission also may conflict with its previous statements. In a blog post last month, a company official wrote: "We don't share your information with advertisers unless you tell us to...Any assertion to the contrary is false. Period."


Browsers typically send a Web site, in what's called a Referer: field, the location of the page you last visited. This lets Web operators know where their visitors are coming from, and it's viewed as a perfectly normal and commonplace practice.

The rub: if you're logged into Facebook, the Referer: field can reveal your user name to advertisers.

Ben Edelman, an assistant professor at Harvard Business School who has a background in Internet advertising, described the problem in a new essay that says: "When a user views her own profile, or a page linked from her own profile, the "?ref=profile" tag is added to the URL--exactly confirming the identity of the profile owner." Facebook could eliminate any privacy concerns by configuring a different type of Referer: set-up, Edelman said.


Other social-networking sites also included the Referer: field, but Facebook appears to be the only one that uses it--inadvertently or intentionally--to signal the identity of who's logged on.

Its becoming clearer and clearer that Facebook is kind of like the BP and Goldman Sachs of social networking...though to be fair, Chevron and Exxon are just as despicable as BP, and Bank of American and Citigroup are pretty notorious crimials themselves. Of course, I would never imply that what Facebook is doing even REMOTELY compares to the avarice, corruption and overall destructive forces that are Big Oil and the Big Banks.

No, I'm simply making the point that it is typical big business behavior...and that means the only thing that matters is the bottom line, regardless of how that line is reached. Facebook is simply following that typical corporate creed...(without of course, the same degree of destruction in their wake)

Now to the Chronicle:

It's ironic that Facebook initially branded itself as the "safe" choice for people who wanted to stay in touch with their friends without blaring their information all over the Internet. After an endless series of changes to its privacy policy to "encourage" users to share information, very little about Facebook seems safe at all.


And there's no doubt that the current uproar is Facebook's fault: When it came to institute all the new policies, it did just about everything wrong. It failed to explain to users how the new privacy policies would affect them. It made it impossible to understand how to opt out of the new settings. It has presented new settings constantly, forcing people to educate themselves and change their settings over and over again.


In the meantime, there are a few principles Facebook needs to keep in mind for the future.

-- Opting in is always better than opting out. Facebook's privacy policy is 5,830 words of legalese - longer than the U.S. Constitution (minus amendments). It's cruel and unrealistic to ask more than 400 million users to navigate it; far better would be to allow people to "opt in" to data sharing.

-- Be clear, consistent and concise. It might be a little inconvenient for its advertisers, but Facebook needs to stop forcing users to change their privacy settings every two weeks - and it needs to start explaining how any change affects users' data. And not in legalese, either.

Three cheers for the Chronicle for making the all important point regarding the distinction between Opt-Out (no!) versus Opt-In. Time and time again, that is what so much of this boils down to...who owns our information, us, or "them"? If its truly "ours", then people need to come ask us for it, just like for anything else we own and somebody wants to use.

No comments: