My friends and I were some of Facebook's earliest adopters. We signed on in 2004, at a time when only those with email addresses ending in ".edu" from a few select schools were allowed access to the social networking site. Only one picture was allowed: your user profile photo.
We were true believers back then. Evangelists. Returning home over holiday breaks we talked incessantly about the newest fad to hit campus and to pull us away from our studies. We cultivated our profiles, our friends lists, and handcrafted our online personas. But the gloss has come off the Gospel -- call it Facebook Fatigue -- and there are whispers of "Facebook farewells."
In the beginning, we intimately understood the meaning of "communities" in the context of this new social media platform. Most of us shared openly with both our Facebook friends and our university network, which we accepted as a limited, closed community of trustworthy individuals. When the "News Feed" feature was released, we protested: changing our relationship status to signal a break-up was painful enough, but no one wanted Facebook broadcasting the fact quite that loud. Later Facebook let us decide which types of information could show up on the News Feed and we quieted down; we simply wanted control over how our information was shared. We wanted to believe.
As we prepared to graduate we closed off our profiles, keeping our friends inside, but locking out the public at large. We sanitized the entire place, deleting those embarrassing photos and factoids. All along, we clung to the idea of Facebook as a walled garden in which we could selectively share a slice of our lives with people we trusted. Even as Facebook slowly opened up - allowing us to choose to have our profiles indexed by Google, creating the "everyone" privacy setting -- we understood the rules of the game: private by default, public with effort. We had other outlets -- MySpace, blogs and eventually Twitter -- that could serve up our information to the public in a kind of "all you can eat" style, but those weren't the services we sought.
Fast-forward a few years. Today's Facebook has evolved to be both public and commercial by default and semi-private with effort. Today, Facebook is a different beast, with new and exciting ideas for changing the Internet and building a profitable business. And that is Facebook's prerogative.
But during this transformation, Facebook has played fast and loose with the sensitive information its users have entrusted to the company's care, and it has obfuscated its messaging to make it difficult for users to understand what Facebook actually is - and what it isn't.
Just this week, Techcrunch reported that a security hole made it possible for some users to view their Facebook friends' past, private chat sessions. This flaw was not the first for Facebook. In the past three months alone, Facebook has accidentally exposed users' private messages to strangers, accidentally revealed users' email addresses through a flaw in its friend request emails, and accidentally made users' private email addresses public to the world.
Facebook's security flaws are just one piece of a larger puzzle. In the words of Senators Chuck Schumer, Al Franken, Michael Bennet, and Mark Begich, the (non-accidental) changes that the social network has rolled out over the past five months also beg questions about the seriousness with which Facebook takes its responsibility to "protect the sensitive personal biographical data of its users and provide them with full control over their personal information."
Back in December, Facebook revamped its defaults, essentially leading non-savvy users -- which are the majority of its user population -- into sharing profile data with a broader audience; Chris Conley of the ACLU of Northern California has reported that gay college students who had come out at school but not at home were outed by one of these changes.
And just two weeks ago, Facebook revealed it would begin forcing users into a "Hobson's choice" of removing information from their profile or publishing it to the world. Facebook also announced that the activities of any user who visits a "pre-approved third party website" while inadvertently logged in to the social network would now, by default, have her activity on that site associated with her profile. Here's how that might work: Imagine pseudonymously reviewing a Planned Parenthood listing on Yelp, a site that lists reviews by users of local businesses -- only to discover that, without your consent, Facebook has shared your real name with Yelp, shared the review with your Facebook friends who visit Yelp, and publicly "connected" the review to your profile.
But the privacy risks aren't limited to users' actions on these pre-approved third party Web sites (of which there are currently three). As Wired reported two weeks ago, "logged-in Facebook users will also be transmitting information about their travels around the Net to Facebook servers whenever they visit a page deploying the 'Like' button, regardless of whether they actually click that button or not." This practice is barely addressed in Facebook's privacy policy or on its help page and it radically diverges from user expectations about the anonymity of their behavior on the Web. One has to wonder how Facebook is protecting this data and what plans the company has in store for it.
Meanwhile, even the act of logging out of Facebook, one affirmative step in the process of disassociating your behavior on third party websites and your Facebook profile, is unintuitive: Facebook has hidden its logout button. Facebook home pages have room for all types of information -- a link to the user's profile, friend suggestions, event suggestions, and ways to "get connected" -- but apparently there's no room for a button that can turn Facebook off. Earlier this year, the logout button moved from the user's home page to a spot buried within a drop-down menu, only visible to the user who clicks on the "account" tab.
Meanwhile, a Facebook spokesman told the Associated Press in an email that, "None of these changes removed or reduced people's control over their information and several offered even greater controls." This claim epitomizes the type of "straight talk" that Facebook consistently offers its users. I certainly hope that Senator Schumer, his colleagues, and the Federal Trade Commission, will continue to pay attention to these inconsistencies.
As Facebook continues to put a positive spin on dubious privacy practices, we early adopters are feeling rather queasy. We've started to throw around the term "Facebook Stalking" -- once used to describe how we would silently monitor our friends' activities on the social networking site -- in a new context: to describe the way Facebook stalks us. We find ourselves wondering, if this company wants to become a trusted identity manager for the Web, why aren't they more careful with our trust? Meanwhile, talk of "Facebook fatigue," which began when privacy settings became difficult to understand and control, is slowly morphing into whispers of Facebook farewells.
Erica Newland is a policy analyst for the Center for Democracy & Technology, a Washington, DC-based, non-profit public interest group.
Great article Erica. Better than the ones Gizmodo has been putting out.
Thanks so much for that good article. It's great to see that even enthusiasts are not drones. I like FB to an extent, and that's the only reason I haven't bolted already. But I gutted my profile. And the statement that the user has full control of their info is extremely misleading at best, a lie at worst. Anybody who has tried to navigate those settings can attest to their opaqueness.
I take a fairly cynical view of this. Despite his callow pronouncements about how people don't care about privacy anymore, I think that Zuckerberg actually knows full well that there are multitudes who object to the new security holes. But money is all that matters, and he has promised advertisers that he will continue this erosion of privacy to their benefit, and is being paid handsomely for doing so. Accordingly, he and his lawyers will simply figure out how much they can get away with.
Zuckerberg also figures that he has reached sufficient numbers that people will be reluctant to leave, and he may be right about that. So it's time for him to mint money.
I'm genuinely concerned and rather irratated at how Facebook now wants to link to everything I do online: link to HP comments? No way. Link to Sephora purchases? Why the he((?!
I'm looking to plan a reunion in England for my uni friends and I can't see this being pulled off successfully without Facebook. It's true that it has become something of a modern necessity. For me at least.
Sources include the Electronic Frontier Foundation, readwriteweb.com ("ACLU: What Facebook Quizzes Know About You"), rocket.ly, wired.com, boingboing.net ("Choose Privacy: video from the American Library Association") and others, including instructions on how to _DELETE_ your FB account instead of simply "de-activate" it, which leaves all your data intact.
Opt out!
If people are going to start trusting them with personal data such as your location, they have to get people comfortable.
I feel about the same way about google tracking my searches. If I paid them, I'd be really pissed if they did something without my permission because our relationship is defined as a fee for service. But, they are spending a lot of money to provide a service with the goal of making more money by selling demographic info in facebook's case, or with ads in google's.
You have a right to use a company's service, you have a right not to use a company's service. But there is no inalienable right to have the log-out button in an easily accessible place.
Fortunately Facebook provides an excellent platform to complain .
I found the way to do that was OK, however the final dialogue box pushed at me before I left was words to the effect - you can re-establish your account simply by using your old user name and password.
In other words from Facebook's perspective you can never scrub your details. The best you can negotiate is to be archived - and presumably still be used as a source of demographic analysis.
Shouldn't we have a right to disapear as well as appear at will? Maybe it's time that the ownership and right to access a person's life data is explicity defined so that we can teach new generations what boundary management is going to mean for them?
Or put the other way round, what does the bait of free access entitle the provider of that facility to assume they can take in return?
How do you like that "X will miss you" box, though? Rather effect bit of heartstring-tugging! It is just a cold script doing the work, but still.
Some say "don't use FB if you don't want to expose your personal information." But this ignores the fact that one can not live a modern life without using social networks. SN has become like the credit industry -- necessary to modern American life, yet controlled by a few oligopolistic corporations. Like the credit industry, some minimal regulation to protect the public is in order.
We do that by creating real-social-networks of face to face interactions and paying cash.