Wednesday, August 11, 2010

Article: "How Facebook Betrayed Users and Undermined Online Privacy"

Before I get to a really thorough, well thought out article in Alternet by author and writer Allan Hunt Badiner entitled "How Facebook Betrayed Users and Undermined Online Privacy" let's just briefly zip through a few of the reasons the social networking site has become synonymous with lack of privacy.

Privacy violation highlights include:

  • Made users' friends lists public - resulting in a complaint to the FTC and ultimately a modification.
  • Refused to allow people to permanently delete their accounts and personal information from the site.
  • Installed "Beacon" (no longer in use) - a technology that tracks user's online purchases and informed their friends without permission.
  • Released new privacy settings that are actually less private – allowing more "publicly available information" that can't be controlled, making it easier for it to collect location data on users and sell that data to third parties, including your list of friends and their information, as soon as you visit their websites—without asking your permission, recommending to users to loosen their privacy settings, default settings are all set to the LEAST private setting and remain buried behind too many layers of menus, and the new controls still fail to explain what the applications can really see.
  • Facebook reportedly receives up to 100 demands each week from government agencies seeking information about its users.
  • Even if your Facebook profile is "private," when you take a quiz or run any other application, that app can access almost everything in your profile: your religion, sexual orientation, political affiliation, pictures, and groups. And these apps may have access to most of the info on your friends' profiles too—which means if your friend takes a quiz, they could be giving away your personal information, even if you've never used an app.
  • The company recently admitted that in some circumstances – in direct contradiction to its promise – it sent the user name of Facebook members to its advertising partners. This in turn can be used to glean a person's name, interests, and list of friends.
    Some people report that they are able to see the public "events" that Facebook users have said they will attend – even if they person is not a "friend" on the social network.

So now you have some of the backstory, now let's get to some choice clips from the article:

Facebook is both an infomediary and an intermediary. It occupies a pivotal position as the preeminent hub in the new information economy, and it is also the primary custodian of more information than has ever before been collected about human beings. As intermediaries and hosts for our communications with lovers, family members, friends, and colleagues, social network providers have access to extremely sensitive information, including data gathered over time and from many different individuals.

Despite Homeland Security, Google Analytics, and Facebook’s Data Team, people still hold to the ideal that they are free and have choice in their own lives. It is reasonable to expect Facebook to respect this democratic ethic and voluntarily assume a kind of fiduciary duty to its users. This kind of duty has to come before the realization of Facebook’s dreams for reengineering mobile communications and the web to become a more people-centric and integrated community. The Facebook motto, “Making the world open and connected,” may need to be thought through more carefully in terms of how they “make” it happen, and in what ways the citizens of the world want it to be “open” and “connected.”

While Mark Zuckerberg may believe in a concept called “radical transparency,” Peter Eckersley, senior staff technologist at the Electronic Frontier Foundation, has called for Facebookto stop acting as if they have a mission to make all of our private lives public.”

Electronic Frontier Foundation is also promoting a Bill of Privacy Rights for Social Network Users, including the right to be clearly informed about the options for privacy, what information is being shared to whom, and notified when any legal entity requests information about them. The bill also declares that users retain control over the use and disclosure of their data, and that they should have the right to have all personal data removed from social network servers if they decide to leave the service.

Privacy is on the front burner for a reason: social network providers are eager to have the income from marketers and advertisers that help them sell their products in the most efficient way possible. This means that the data users are so eager to keep private has value. The Faustian bargain people make with social networks—your personal information for a platform to share it on—has been changing. Facebook and other networks are collecting far more information about their users than ever before.

That information, and aggregated versions of it, can and is being sold to marketers one way or another. Once you share your data on a network—even with your friends—you cease to own it. The social networks are scrambling to provide clever “products” and ways for you to input more and more personal information on their servers. In the scale of what they are collecting, the benefit to users who have given up most of their privacy is negligible.

Why should users give Facebook their information, preferences, relationship flow chart, and the ability to infer what it isn’t told directly? Users have almost no control over how information about them is used, or who ends up with the rights to use it in the future. But imagine how much users would share if they were building for themselves an income stream with their data. Imagine if Facebook revolutionized the industry and partnered with users to monetize their personal information, and in so doing the users took a share of it.

Trust is crucial for the sustained success of social networks. It may seem to Zuckerberg that Facebook users are tolerating the erosion of it well and keeping their accounts. But as soon as a viable alternative begins to pick up momentum, a mass exodus could ensue. Facebook could easily and quickly become the new MySpace. First, the early adopters achieve a critical mass at another new networking site. Then, the next wave of the techno savvy looking to bail start to migrate. And a little while later, only mom and dad are left on Facebook wondering where the kids went.

Viable alternatives are already springing up. A new network has been touted in the media that allows users to fully control the information they share by setting up their own personal servers, called “seeds.” Raphael Sofaer, co-founder of Diaspora, says that centralized networks like Facebook are not necessary. “In our real lives, we talk to each other,” he said. “We don’t need to hand our messages to a hub.”

Facebook’s growth curve is so strong that the recent privacy flaps seem not to have affected the numbers, but that can be deceptive. The biggest threat to Facebook is what Augie Ray, senior analyst at Forrester Research, calls “death by a thousand privacy cuts.” Messages about how Facebook has turned on its users and betrayed their trust are flooding the feed, and a new application called PrivacyDefender, a tool that automatically configures your Facebook privacy settings, is doing brisk business. The accumulation of lawmaker concerns, high-profile deleters, organizations raising consumer awareness, and security bugs (such as those found in Yelp) can create growing and important problems for Facebook.

Click here to read the article in its entirety.

If you're looking for specific ways Facebook could improve privacy, I suggest checking out the open letter sent to the company by a coalition that included the Electronic Frontier Foundation, the ACLU of Northern California, and the Center for Democracy and Technology, Center for Digital Democracy, Consumer Action, Consumer Watchdog, Electronic Privacy Information Center Privacy Activism, Privacy Lives and the Privacy Rights Clearinghouse.

The letter urged Facebook to make a host of important privacy improvements that would better protect users. Here's some specific examples of what the letter requested:

1) Fix the “app gap” by empowering users to decide exactly which applications can access their personal information.
2) Make “instant personalization” opt-in by default -
3) Do not retain data about specific visitors to third party sites that incorporate “social plugins” or the “like” button unless the site visitor chooses to interact with those tools.
4) Provide users with control over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks.
5) Protect Facebook users from other threats by using an HTTPS connection for all interactions by default.
6) Provide users with simple tools for exporting their uploaded content and the details of their social network so that users who are no longer comfortable with Facebook’s policies and want to leave for another social network service do not have to choose between safeguarding their privacy and staying connected to their friends.

Facebook: The Embodiment of the Opt-Out vs. Opt-In Debate

As I have written before, "This is a landmark privacy debate with broad implications. The company has been actively undermining user privacy in the name of the almighty dollar for years now. Its opt-out model embodies the current debate over privacy in the information age.

The real question that must be answered is whether the individual owns his or her private information, or do companies like Facebook? If our personal information is truly "ours", then anyone wanting to use it must come ask us for it first (Opt-In), just like when somebody wants to use something else that we own.

This growing privacy debate is all the more important because the public is entrusting increasing amounts of private information to websites and online social networks.

As a San Francisco Chronicle editorial noted a few months back, “Opting in is always better than opting out. Facebook's privacy policy is 5,830 words of legalese - longer than the U.S. Constitution (minus amendments). It's cruel and unrealistic to ask more than 400 million users to navigate it; far better would be to allow people to "opt in" to data sharing.”

No comments: