EFF on New Facebook Privacy Policies

by on Oct.07, 2010, under general

Grimmelmann passed along the EFF’s take on the Facebook privacy changed I blogged about yesterday. The EFF had a much better breakdown, critique, and set of recommendations – it’s a good read.


Facebook Privacy Changes

by on Oct.06, 2010, under general

It’s been a month or so, so Facebook has announced some new privacy changes. CDT has the breakdown:
(continue reading…)


Thoughts on Facebook Privacy Reform

by on May.28, 2010, under general

Two days ago, Facebook rolled out new privacy tools in a blog post by Mark Zuckerberg.

On balance, the privacy revamp represents a net benefit from where we were in the last few months. For example, Facebook has finally returned to users the ability to control basic information such as whether or not complete strangers can see your hometown.

Additionally, their new privacy dashboard (as illustrated below with a picture from the site):



Is a helpful way for people to begin to visualize what is available to whom if they select one of Facebook’s settings.

But – as is so often the question in policy problems, from health care reform to financial reform to Facebook – the question is not whether the reform is better than what we had, but actually “good enough” to be truly praiseworthy. By way of analogy, of course it’s better to throw a rope to a drowning man than to not throw one at all, but if he is 10 feet from your boat and the rope is two feet long, the effort may not be as laudable as it initially appears .

What more could Facebook have done? It could’ve made Instant Personalization Opt-In. It could’ve integrated some of the great tools like the Facebook Privacy Scanner or Zesty.ca profile mirror. It could’ve shown people what they currently are sharing and tweak it from there on the Dashboard, as opposed to simply giving them four options to pick from (although the four options are good for simplicity’s sake). Finally, it could’ve announced these changes in a big box on everyone’s News Feed – or forced them to visit the new privacy page the next time they visited the site – rather than hiding it in plain sight on the Facebook blog, which almost none of its users read.

I’m not pointing these things out just to complain about Facebook – I’m pointing them out to demonstrate how much Facebook didn’t do in their privacy reform. That doesn’t mean I don’t approve of the changes they did make – I do. But to understand the full context of Facebook’s actions, one must understand what they did and didn’t do. And in that respect, it’s still the latter that is far more striking.


Facebook Privacy Scanner

by on May.17, 2010, under general

Great tool:

Screen shot 2010-05-17 at 11.00.18 AM


Still More Updates on Facebook Privacy

by on May.12, 2010, under general

Nothing stems the flow of the Facebook privacy catastrophe.

    • via TechCrunch: Facebook’s Check-In Functionality And New “Places” Tab

      Based on the code, this is what it seems that Facebook is about to launch: A mobile version of the site using the HTML5 location component to grab your location information from your phone. Once it does that, you’re taken to this new Places area of Facebook that presumably will have a list of venues around you. From here you can click a button to check-in. Yes, there will be check-ins.

      But it’s slightly more interesting than that as well. Facebook will record not only your latitude and longitude, but also your altitude, heading, and speed, according to this code (and assuming they can get all of that information). It will also record the accuracy of the location measurement. I’m just speculating here, but perhaps that will help curb cheating that has begun to run rampant on other location services like Foursquare.

      via PCWorld: How Facebook Pulled a Privacy Bait and Switch

      When it first arrived on the scene, Facebook’s main appeal was how well it protected your personal information. Those days are long gone.

      In other words, if you joined Facebook in 2005, most of the stuff you thought you were sharing only with your closest college buddies is now being shared amongst the entire InterWebs.

      Yes, Facebook is free. Yes, it offers many unique and useful services, as well as a lot of useless dreck. Yes, it needs to generate revenue for these free services. But what Facebook is offering now isn’t what most of us signed up for. This isn’t the original agreement. It’s mutated, and not in a survival-of-the-fittest way — more like a ‘slime mold that’s threatening to eat the earth’ kind of way. The future does not bode well.

      via AllFacebook: How Your Friends Can Expose Your Facebook Data

      Do you want everyone on Facebook to see your status? Your information may already be getting shared via another area deep in privacy settings called “Application and Websites.” Many users aren’t aware that there are privacy settings called “Application and Websites” or even “What your friends can share about you” which dictates what your friends can share about you whether or not they realize it. Depending on which friends ‘like’ and comment on your status others on Facebook or friends of friends may be able to see your information.



      Imagine your grandma seeing your status about last night’s epic times because your brother or sister ‘liked’ your status. Think hard, then double check what you are comfortable with “What your friends can share about you.”

      (emphasis added).

        via BoingBoing: Go ahead, quit Facebook, but they’ll retain and data mine your info

        Still, even if you do manage to truly delete your account once and for all, John reports: “You’ll never see that data again. But Facebook will. They still have that information and will continue to use it for data mining.” Will the data at least be anonymized, the reporter asked? The Facebook rep wouldn’t say. Caveat Facebooker.

        via NYT: Four Nerds and a Cry to Arms Against Facebook:

        How angry is the world at Facebook for devouring every morsel of personal information we are willing to feed it?

        They announced their project on April 24. They reached their $10,000 goal in 12 days, and the money continues to come in: as of Tuesday afternoon, they had raised $23,676 from 739 backers. “Maybe 2 or 3 percent of the money is from people we know,” said Max Salzberg, 22.

        Working with Mr. Salzberg and Mr. Grippi are Raphael Sofaer, 19, and Ilya Zhitomirskiy, 20 — “four talented young nerds,” Mr. Salzberg says — all of whom met at New York University’s Courant Institute. They have called their project Diaspora* and intend to distribute the software free, and to make the code openly available so that other programmers can build on it. As they describe it, the Diaspora* software will let users set up their own personal servers, called seeds, create their own hubs and fully control the information they share. Mr. Sofaer says that centralized networks like Facebook are not necessary. “In our real lives, we talk to each other,” he said.

      On this last point, I’ve also been meaning to check out Hibe, a new social network that claims to be explicitly based on the principles and suggestions of my article“Losing Face”. Nice to know someone liked it!


    • More Updates on Facebook Privacy

    by on May.10, 2010, under general

    The sustained blowback from the Facebook community has been as powerful as I’ve ever seen it, which is really quite inspiring.

    AllFacebook calls for Facebook to “make instant personalization opt-in immediately”, calling its practices “unethical” otherwise:

    It’s pretty outrageous to watch Facebook defend something which is obviously unethical. I’m talking about the company’s “Instant Personalization” program which the company forces users into, whether they like it or not. Despite the ongoing public criticism about the service, and a number of other products, Facebook is standing strong, arguing that users “love” what Facebook is doing.

    Not only is [Facebook’s position that users love the service] a complete lie, but it’s a violation of the trust of the hundreds of millions of users who support the service.

    Plus, Matt McKeon has a great graphic illustrating the EFF’s timeline of how Facebook has opened up.

    Don’t want to leech his graphic, so click through and check it out.

    As Vonnegut would say – strong stuff.


    Must-Read Recent News About Facebook Privacy

    by on May.06, 2010, under general

    A lot has tumbled out of the woodwork about Facebook privacy over the last week, so here’s a quick review:

    • via PCWorld: Facebook’s New Features Secretly Add Apps To Your Profile.

      If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don’t have to have a Facebook window open, you don’t need to be signed in to these sites for the apps to appear, there’s no notification, and there doesn’t appear to be an option to opt-out anywhere in Facebook’s byzantine privacy settings.

    • via AllFacebook: Why Is Facebook Dead Set On Pushing Limits of Privacy?

      Does this mean that this is the way the world is going? Or does it simply mean this is the way that internet startups have chosen to “innovate”? I’d argue that it’s the latter and ultimately, Facebook will win when users have complete control of all their information.

      While sharing information has become an integral component of our daily communication, who we share that information with differs from person to person. With close to 450 million users, Facebook has plenty of opportunities to make money while simultaneously releasing new innovative technologies. None of this need to violate users’ privacy.

      Despite this, Facebook continues to release products that violate the users’ trust and ultimately, that’s going to be more damaging to the company than anything else.

      Nick is totally correct about this, and I think it’s telling that AllFacebook – which for a long time has seemed to be a simple fan front for Facebook – is calling them out pretty hard here.

    • via AllFacebook: Chris Kelly Does Not Like “Instant Personalization”

      Facebook’s former Chief Privacy Officer, Chris Kelly, made a public statement against Facebook’s new “Instant Personalization” service, days after the program came under attack from a number of Senators. In a public statement, Chris Kelly distanced himself from Facebook saying, “Facebook’s recent changes to its privacy policy and practices with regard to data sharing occurred after I left the company.”

      Even Chris Kelly – who was in charge of privacy during Beacon – thinks this goes too far.

    • via DeObfuscate: Facebook’s Anti-Privacy Monopoly

      • The biggest response I get from people when I point out these arguments is that “you can just delete your account”. But really, no, I can’t. Nor do I want to. I like using Facebook too much, and not having an account would feel like being a hermit. Facebook use is becoming a somewhat integral part of our society. But that doesn’t mean I can’t argue and fight against what I see as harmful anticompetitive conduct that destroys the bargaining relationship between Facebook users and Facebook, Inc.

      facebook_G_cropped

    • Rocket.ly and PrimeVector on why they (and you) should cancel your Facebook account.
    • PeteSearch on how Facebook threatened to sue him for revealing some of their data practices.


    Facebook Places Privacy Settings

    by on Aug.19, 2010, under general

    When Facebook announced its places feature, you may have wondered “hrm, how long will it be before this undermines my privacy?”

    Nick O’Neill at AllFacebook has some observations:

    One feature that has attracted a fair amount of buzz is the ability for your friends to tag you in different places. That means you may not actually be somewhere, yet your friends will tag you as a joke and now you’re showing up at a random strip club.

    While you may be fine with Facebook’s existing Places privacy settings, I know there are plenty of friends on Facebook who I don’t want to track my location.

    One strange thing about Facebook Places is that despite controlling who can view your location information from within your profile with the previous setting, anybody who visits a location will potentially be able to view that you’ve been there before.

    Nick runs through the ways to change your privacy settings. It’s worth the read, but here’s the short version:

    • Go to the Privacy Tab and click “Customize Settings”
    • Change your settings. For example, I disabled allowing my friends to check me in elsewhere, and noone can see where I check in.

    I’m not big on the whole locations movement. Maybe you are, and that’s fine. But if you aren’t, Facebook just pitched you a curveball by opting users into the Places feature, so here’s how you opt out.


    Two Key Tools For Privacy on Facebook

    by on Apr.27, 2010, under general

    In “Losing Face” I mention the technology of “privacy mirrors”, a concept which has been developed in the HCI literature over the last decade or so. Briefly put, a “privacy mirror” works just like a real mirror – by reflecting how your profile/data/etc appear to others.

    There are two great privacy mirrors now available for Facebook users.

    The first is Facebook’s ViewAs functionality, which has been available for some time but has been refined recently. It allows you to assume the “mask” of any Friend and see how they see your profile.

    The second, by Berkeley student Ka-Ping Yee, doesn’t have a name, but it does the same thing for your open graph. Type in your username and this tool will show you all of the data that are available to everyone on the web with the new change. Most people will want to look closely at their Likes, Status Updates, and Photos, since they tend to get pretty squirrely.

    Good luck!


    Facebook Kills More User Privacy – And It’s Not Even Clear What’s Gone (Yet)

    by on Apr.21, 2010, under general

    The EFF had a good article up the other day about the new “Community Pages” functionality that was announced in a recent blog post. It’s a bit complex, but the upshot is that from now on, whenever you “Like” a Page (because “Becoming a Fan” is too involved and procedurally onerous for Facebookers), your “Liking” of that page is totally public.

    Facebook has, in other words, restricted your privacy to your sphere, and redefined the sphere as being your profile. They say this in a way that sounds nice and community-centric:

    Community Pages are a new type of Facebook Page dedicated to a topic or experience that is owned collectively by the community connected to it…Keep in mind that Facebook Pages you connect to are public. You can control which friends are able to see connections listed on your profile, but you may still show up on Pages you’re connected to.

    But this is largely a way of reframing a loss of control such that users don’t even know they’ve lost what they once had the ability to control. Even the shills (and I say that with love) at AllFacebook recognize this as “New, Half-Functional Privacy Settings.”

    That’s annoying – I went through and “Unliked” all of the Pages of which I had previously become a Fan – but not totally debilitating.

    Today, though, Master Zuckerberg posted an update – with the anthematic title of “Building the Social Web Together” – outlining the new “Open Graph” initiative Facebook is undertaking.

    Open Graph will allow website partners to detect your Facebook information and relate the data on their site to your social network. So, for example, if you are reading an article on CNN, you can see which of your other friends have also Shared that article, like this example from WaPo:

    facebook_network_news_post

    If it seems a little like Beacon, that’s because…it seems a little like Beacon, except somewhat the mirror-image. Rather than tracking what you do on other websites and importing it in to Facebook, Facebook is tracking what you do in Facebook (and, by extension, on other sites) and exporting it to other sites.

    Now, it’s not yet clear what the extent of this will be. It could be that this only exports links you’ve shared, in which case it’s less offensive – after all, they’re simply locating your action (sharing content) with the content more directly, which can be a nice service, and may add some serendipity to the web.

    It potentially gets scary pretty quickly, however. What if you simply read an article or access a webpage? And, potentially more subversively, how closely will the Open Graph respect the convoluted (and in many cases multilayered) privacy preferences of Facebook?

    This is a question I myself just emailed to Facebook:

    Hi –

    I’m in need of clarification on the new Social Graph:

    So suppose I go to CNN.com, and I share a link on Facebook.

    Now, I’ve set up my privacy preferences carefully. I know that my friend Alice, who is on my “Trusted Friends” Friends List and can see my wall, can see that I have shared that link on Facebook.

    And I know – or at least hope – that complete stranger Bob CANNOT see that I have shared that link – I’ll be one of the anonymous number of people who shared it.

    The question I have, though, is about Carl. I’m Facebook friends with Carl, but he’s on my “Scrubbed” Friends List. Carl can’t see anything on my Facebook – no pictures, no video, and definitely no wall or status updates.

    If Carl goes to CNN, would Carl see me as being one of the people who has shared the website? On the one hand, I am his friend; on the other hand, he can’t see my status updates on Facebook.

    In other words, does the new Social Graph functionality respect the Friends Lists or only Friendship/NotFriendship?

    Thanks. This is very important to me and the answer will affect whether I (and I imagine others) will continue to use Facebook (or at least its social functionalities).

    I hope that whatever answer I (do not expect to) receive will tell me that they respect Friends Lists. If not, I don’t think I will be able to continue to share links or content through Facebook, because there will be no way for me to differentiate between my social contexts outside of the Facebook environment. If that happens, it will remove tremendous utility for me, and I expect many others as well.

    Which brings me to my next point – why am I still using Facebook? I’m wearying of it. Every time something new is introduced, I find that I have to go through great lengths to reestablish my environmental equilibrium, if indeed I can at all. I can’t be the only person who feels this way: trapped between the network effects of Facebook and the concern that it’s leading you down the garden path to privacy catastrophe.

    Something’s got to give.