This blog is no longer updated, and is here as an archive. To find out more about my work, visit jordanh.net →

May 10, 2010

The Facebook Problem

I’ve been on Facebook for a fair few years. Enough to find it extremely useful and great for keeping in contact with friends, and discovering new people through who I know. I’ve also been quite comfortable, at least to a degree, about sharing personal data, photos and more with my friends through Facebook, as I’ve always known the ‘ins’ and ‘outs’ of the privacy settings and held tight control over who can see what. Having finely-tuned privacy online is something I value quite a lot, and it’s fair to say that I wouldn’t share half of the things I have done if I could not have chosen exactly who can and can’t see it. So it’s no surprise that I was rather alarmed by the series of relaxations to Facebook’s privacy stance, from the push to sharing with ‘Everyone’ to the new default of showing location, events and friends to anyone online.

Now, as concerned as I am about my own privacy online, I am even more worried that there are many people out there who don’t understand the concept of sharing with ‘Everyone’ actually means everyone - not just their friends. Unlike me, many people will share anything and everything on their Facebook profiles, from basic things like their school or work to pictures of themselves drunk at parties – things that they would rather not let an employer or their teacher see. People haven’t yet realised that Facebook can happily share these things to search engines that will store links to them for years, and even if you decide to delete your photos, Facebook’s policies clearly state that they can keep the image itself online for as long as they find ‘reasonable’, so anyone still could find the image itself on Facebooks’ servers years down the line.

I can control who I share with all I want, but that’s just for things I share myself. What’s stopping any friends with lax privacy settings uploading photos of me to the web, and then tagging me in them? I can go as far as untagging myself in the photo, or stopping people from viewing photos like that of me, but beyond that there’s nothing I can do. Oh, and don’t forget, Facebook own all your data you share with them. All of it. Yep, everything. And their Terms of Use even go as far as saying that if you don’t keep it up to date, they have the right to delete your account.

Isn’t it worrying that one large company with questionable privacy ethics now has control over almost everything we share on the web? At anytime they could change their policies and everyone could be burned – what if, for example, they decided that all your contact details could be made public to ‘Everyone’, and stop you from changing that? Sure, it’s probably a far-fetched example, but it can happen, and Facebook are perfectly allowed to do it within the Terms of Use we agreed to when we signed up. Probably a more realistic example would be that of Facebook’s relationship with advertisers. What if Facebook sold your user data to advertisers who then used it to target products at you? Facebook have tried it already with Beacon (and automatically opted everyone into it), and had a fierce backlash from users. It was only after considerable complaining that they let you opt-out of the service.

It seems like they’re trying to do it again with Social Plugins. Even though they were only announced a few weeks ago, many sites have now added the ‘Like’ button to their pages, and Facebook will automatically share this back to your profile if you interact with it. Think about the tracking they can do with that – not only can they see what and who you interact with on Facebook, they are able to track what websites you visit even when you leave the Facebook site. And if that’s not bad enough, Facebook recently rolled out a feature where they will automatically share all your information to selected websites and services as soon as you visit them, without your consent. And those sites can store it forever – as they are no longer bound by 24-hour limits. They call this “instant personalisation” – but it’s an opt-out scheme which is hidden deep within the privacy settings if you want to disable it.

As I’ve described, Facebook plays games with your privacy, constantly pushing the boundaries on what they will do with it. Yet, as much as I want to join the people who are flocking away from the site, the service it provides is invaluable for keeping in contact with my friends. I think the amount of data (and the control of it) that Facebook has over its users is extremely worrying, but without a decent solution to the whole ‘one site’ problem, there’s nowhere else for users to go.

What I would love to see is a specification for social information along the lines of OpenID but with the flexibility of blogging – where all my social profile data would be stored on my own server at a web address, and then people can add me as their friends by entering my social address. The system would be completely open, so people could make clients or server-side software on whatever platform they liked, and for those who don’t have websites, they could sign up using an online provider – akin to how so many services allow you to sign up for an OpenID without the need for a server. The main problem with such a system is that it would seem over-complicated to users. Why would the average user, who may possibly not even know the implications of privacy, let alone care about it, move away from Facebook, a simple site to share content, to a strange system where they reference users by their web addresses?

However, to see an open platform like this be established would be great, and a positive step in the direction where we can truly be the exclusive owners of the content we share online, without the worry that one large service can hold all our photos, contact details, connections and our online activity, with no guarantees that they will look after it.

#facebook #privacy