I’ve been paying attention to the discussion regarding Facebook’s proposed changes to the privacy policy (so has Michael Zimmer, TechCrunch, RWW and VentureBeat). The most controversial is a proposal for Facebook to automatically share personal information with third party websites. The mechanics go something like this: If you’re logged in to Facebook, and you visit a third-party site that has an established relationship with Facebook, Facebook will provide the website with your General Information, which is:
“your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting.”
How would this work in practice? Let’s imagine that CNN and Facebook team up. If you’re logged into Facebook and visit CNN, the website would be able to welcome you by your full name, display gender-relevant content, show you recommendations from the people in your network who also visit CNN, and so on. Going a little further, if you share your interest information, CNN might be able to dynamically display stories that match your interests.
The level of disclosure proposed in this new policy is similar (or even identical) to the information disclosure required for use of a Facebook app. The critical difference in the new policy is that while applications require an opt-in, it appears that this new process will require an opt-out. Facebook spokesperson Barry Schnitt:
“The opt-out hasn’t been built yet. We just want people to know they’ll be able to opt out. We’ve made that commitment. There will be an opt-out right when the user gets to the site, and there will be some opt-out functionality on Facebook. But as to where the button will be or how it will look, I don’t know, because they don’t exist right now.”
In theory, there will be two opt-outs. The first will be the hypothetical button that Schnitt talks about. The second will be to log out of Facebook and remove the Facebook cookie. In reality, though, if you’re a Facebook user, you can never really opt-out, because any time a Facebook friend visits a third party site Facebook will share some of your information with that site.
Although it is a good sign that Facebook has gone on record regarding privacy control, the previous comment reveals Facebook’s cavalier attitude towards privacy. Quite literally, they’re talking about pushing identity information of 400 million people around, yet privacy is treated as an afterthought – something they’ll figure out later. When will companies like Facebook and Google start bringing privacy teams in at the beginning of the design process, rather than at the end?
Shifting topics a little bit, I see this move as notable because it marks Facebook’s first foray into large-scale warehoused behavioral targeting. Targeting companies like Doubleclick (owned by Google) routinely mine our travels around the web, allowing third-party consumers to generate targeted recommendations based on our habits. Because this happens behind the scenes, we’re less likely to notice it (which doesn’t make it any less troubling). Facebook’s move stands to confront us with behavioral targeting, and they should consider the boundary they’re confronting. It may not seem to be a big thing to have a third party website welcome you by your first and last name, but it is a paradigm shift on the web.
TechCrunch argues that it is time to sharpen the pitchforks, in preparation for the major backlash against the service. Let me explain why this is frustrating. In my opinion, the role of the privacy team is to navigate the necessary tension between our freedoms to disclose and how companies can ethically and morally profit from our data. Facebook’s failures with Beacon or Google’s failure with Buzz are not “wins” for privacy; rather, they are losses for companies, consumers, and the market.
This brings me back to what is troubling about the “sharpening pitchforks” mentality. It doesn’t and shouldn’t have to be this way. Compared to Doubliclick, Facebook’s move really isn’t any more troubling – if the system is implemented properly. And if the system is implemented properly, it could be a win – for consumers, for Facebook, and for third parties. So how can Facebook navigate this challenge? Let’s start with research, sensible design, and a different style of rollout than the traditional ask-for-forgiveness-later approach Facebook seems to believe in.
At Facebook’s current size and scale, they can’t afford to get this wrong. Through research, testing, and a willingness to put the customer first, Facebook could navigate the challenges of this new feature. But make no mistake, more than anyone, they are in the bulls eye right now. And if Facebook does decide to play cavalier with privacy, the mobs TechCrunch describe will be waiting.
I can see your argument that Facebook is attempting to monetize their investment with our data, and I agree that their typical communication regarding privacy has been tremendously, dishearteningly cavalier. However, given danah boyd’s anecdotal research that the majority of Facebook users do not understand Facebook’s privacy policy, the ethical ice gets dangerously thin with the proposed implementation of opt-outs.
Westerners in general desire/expect a certain sense of self-efficacy and autonomy, and currently, the web offers that. This move will challenge that. When you land on a website that seems to know who you are and *thinks* it knows what you want, you’ve entered someone else’s framework of your life. Your sense of who and what you are are now in the public domain. Business thinking such as this tramples on more than individual feelings, it tramples on established social norms and important cultural moorings. Technology implemented solely in search of profits depersonalizes that which makes us special to other humans: we are more than the sum of our parts.
Additionally, while many people use the web as a large mall, stocked with just about everything 24/7, its offerings are not solely for profit and consumerism. To think of it in that way (and only that way) dismisses many of the best aspects that the web has to offer us all: connection, relationships, knowledge, interaction, and yes, anonymity.
I can’t but applaud a sensible approach, although I don’t think Facebook “ask for forgiveness later” has been clumsy; if anything it showed Zuckerberg’s talent, or luck.
Opt-in seems to me to be the most sensible way to do it, and OAuth designs have very interesting ways of structuring that—just look at Fb Connect adoption and usage: this won’t slow the juggernaut. All this noise sounds a lot like “If you want to move two steps ahead, jump three, apologize and look like a good guy by going back ones step” that is now systematic in French politics: we have to look outraged every time, but I can’t really do it sincerely anymore.
One thing scares me, though: the “Fafebook” incident at ReadWriteWeb. If this actually was representative of the lack of understanding of a significant share of users, opt-in won’t help us, and might trigger drama. However, we can’t move forward without teaching those, so we might have to do it now, and be able to tell them “This was properly designed”.
I’d love for Facebook to use research to investigate
[...] Internet (from theharmonyguy) Yet Again, Facebook Misunderstands Privacy (from MichaelZimmer.org) Facebook Again to Test Privacy Boundaries (from Fred Stutzman) Is Facebook Unliking Privacy? (from the ACLU of Northern [...]
“The level of disclosure proposed in this new policy is similar (or even identical) to the information disclosure required for use of a Facebook app. The critical difference in the new policy is that while applications require an opt-in, it appears that this new process will require an opt-out.”
Not only is this new policy essentially identical with Facebook apps, the applications are not actually opt-in. When you visit a Facebook app for the first time, it automatically has access to your public information – just as external sites will now have under this new system. When you click “Allow Access” to authorize an application, it then has access to all of your private information – just as external sites can already do via a Facebook Connect authorization. The new system allows any web site to mirror the behavior of Facebook apps, and when it comes to your public information, applications are definitely not opt-in. In fact, there’s not really a way to opt-out of sharing any data with an application that still lets you continue to use the app.
doesn’t facebook already do some of this with advertisements?
being logged into facebook and visiting a website, a facebook-generated ad for that website’s facebook page will include my friends, for example. when i log out and delete the cookie, my friends are gone. poof!
i also don’t see there is much that consumers can do. sharpen the pitchforks and *then what*? facebook has learned, time and time again, that people weep and moan and never give up their accounts.
@calebtr: What you’re seeing on those sites is a page loaded from Facebook inside of a frame. The site itself does not have access to the contents of that frame, though.
btw, I’ve since learned that my comment about application behavior depends on a few factors – an application doesn’t always have automatic access when you first visit it, but there are definitely a number of cases where it does.
[...] these days everyone is discussing the FB privacy disaster (some of my favorites are Nancy Baym and Fred Stutzman), yet in practical terms, they have us hooked, there are actually very few people who will leave, [...]
With millions of registered members across the globe giving up Facebook to object its privacy policies, the community networking website faces new legal problem in Canada which was involved in forcing it to apply new privacy safeguards previous year.
Read more: http://www.dailylatestnews.com/2010/05/22/facebook-again-into-new-trouble-regarding-members%e2%80%99-privacy-concerns-023983#ixzz0oeYkkPkj
due some national security, govt. has postponded the facebook in bangladesh. many members are facing trouble who are useing fb for important requirements. but due some young person mis-use the fb, govt has bounded to stop.
have any alternate way to enter and can do work, which is totally legally ? pl confirm. thanks