Chris Peterson

A lot has tumbled out of the woodwork about Facebook privacy over the last week, so here’s a quick review:

• via PCWorld: Facebook’s New Features Secretly Add Apps To Your Profile.
  

  If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don’t have to have a Facebook window open, you don’t need to be signed in to these sites for the apps to appear, there’s no notification, and there doesn’t appear to be an option to opt-out anywhere in Facebook’s byzantine privacy settings.

• via AllFacebook: Why Is Facebook Dead Set On Pushing Limits of Privacy?
  

  Does this mean that this is the way the world is going? Or does it simply mean this is the way that internet startups have chosen to “innovate”? I’d argue that it’s the latter and ultimately, Facebook will win when users have complete control of all their information.

  While sharing information has become an integral component of our daily communication, who we share that information with differs from person to person. With close to 450 million users, Facebook has plenty of opportunities to make money while simultaneously releasing new innovative technologies. None of this need to violate users’ privacy.

  Despite this, Facebook continues to release products that violate the users’ trust and ultimately, that’s going to be more damaging to the company than anything else.

  Nick is totally correct about this, and I think it’s telling that AllFacebook – which for a long time has seemed to be a simple fan front for Facebook – is calling them out pretty hard here.

• via AllFacebook: Chris Kelly Does Not Like “Instant Personalization”
  

  Facebook’s former Chief Privacy Officer, Chris Kelly, made a public statement against Facebook’s new “Instant Personalization” service, days after the program came under attack from a number of Senators. In a public statement, Chris Kelly distanced himself from Facebook saying, “Facebook’s recent changes to its privacy policy and practices with regard to data sharing occurred after I left the company.”

  Even Chris Kelly – who was in charge of privacy during Beacon – thinks this goes too far.

• via DeObfuscate: Facebook’s Anti-Privacy Monopoly

The biggest response I get from people when I point out these arguments is that “you can just delete your account”. But really, no, I can’t. Nor do I want to. I like using Facebook too much, and not having an account would feel like being a hermit. Facebook use is becoming a somewhat integral part of our society. But that doesn’t mean I can’t argue and fight against what I see as harmful anticompetitive conduct that destroys the bargaining relationship between Facebook users and Facebook, Inc.



• Rocket.ly and PrimeVector on why they (and you) should cancel your Facebook account.
• PeteSearch on how Facebook threatened to sue him for revealing some of their data practices.
  

In “Losing Face” I mention the technology of “privacy mirrors”, a concept which has been developed in the HCI literature over the last decade or so. Briefly put, a “privacy mirror” works just like a real mirror – by reflecting how your profile/data/etc appear to others.

There are two great privacy mirrors now available for Facebook users.

The first is Facebook’s ViewAs functionality, which has been available for some time but has been refined recently. It allows you to assume the “mask” of any Friend and see how they see your profile.

The second, by Berkeley student Ka-Ping Yee, doesn’t have a name, but it does the same thing for your open graph. Type in your username and this tool will show you all of the data that are available to everyone on the web with the new change. Most people will want to look closely at their Likes, Status Updates, and Photos, since they tend to get pretty squirrely.

Good luck!

The EFF had a good article up the other day about the new “Community Pages” functionality that was announced in a recent blog post. It’s a bit complex, but the upshot is that from now on, whenever you “Like” a Page (because “Becoming a Fan” is too involved and procedurally onerous for Facebookers), your “Liking” of that page is totally public.

Facebook has, in other words, restricted your privacy to your sphere, and redefined the sphere as being your profile. They say this in a way that sounds nice and community-centric:

Community Pages are a new type of Facebook Page dedicated to a topic or experience that is owned collectively by the community connected to it…Keep in mind that Facebook Pages you connect to are public. You can control which friends are able to see connections listed on your profile, but you may still show up on Pages you’re connected to.

But this is largely a way of reframing a loss of control such that users don’t even know they’ve lost what they once had the ability to control. Even the shills (and I say that with love) at AllFacebook recognize this as “New, Half-Functional Privacy Settings.”

That’s annoying – I went through and “Unliked” all of the Pages of which I had previously become a Fan – but not totally debilitating.

Today, though, Master Zuckerberg posted an update – with the anthematic title of “Building the Social Web Together” – outlining the new “Open Graph” initiative Facebook is undertaking.

Open Graph will allow website partners to detect your Facebook information and relate the data on their site to your social network. So, for example, if you are reading an article on CNN, you can see which of your other friends have also Shared that article, like this example from WaPo:

If it seems a little like Beacon, that’s because…it seems a little like Beacon, except somewhat the mirror-image. Rather than tracking what you do on other websites and importing it in to Facebook, Facebook is tracking what you do in Facebook (and, by extension, on other sites) and exporting it to other sites.

Now, it’s not yet clear what the extent of this will be. It could be that this only exports links you’ve shared, in which case it’s less offensive – after all, they’re simply locating your action (sharing content) with the content more directly, which can be a nice service, and may add some serendipity to the web.

It potentially gets scary pretty quickly, however. What if you simply read an article or access a webpage? And, potentially more subversively, how closely will the Open Graph respect the convoluted (and in many cases multilayered) privacy preferences of Facebook?

This is a question I myself just emailed to Facebook:

Hi –

I’m in need of clarification on the new Social Graph:

So suppose I go to CNN.com, and I share a link on Facebook.

Now, I’ve set up my privacy preferences carefully. I know that my friend Alice, who is on my “Trusted Friends” Friends List and can see my wall, can see that I have shared that link on Facebook.

And I know – or at least hope – that complete stranger Bob CANNOT see that I have shared that link – I’ll be one of the anonymous number of people who shared it.

The question I have, though, is about Carl. I’m Facebook friends with Carl, but he’s on my “Scrubbed” Friends List. Carl can’t see anything on my Facebook – no pictures, no video, and definitely no wall or status updates.

If Carl goes to CNN, would Carl see me as being one of the people who has shared the website? On the one hand, I am his friend; on the other hand, he can’t see my status updates on Facebook.

In other words, does the new Social Graph functionality respect the Friends Lists or only Friendship/NotFriendship?

Thanks. This is very important to me and the answer will affect whether I (and I imagine others) will continue to use Facebook (or at least its social functionalities).

I hope that whatever answer I (do not expect to) receive will tell me that they respect Friends Lists. If not, I don’t think I will be able to continue to share links or content through Facebook, because there will be no way for me to differentiate between my social contexts outside of the Facebook environment. If that happens, it will remove tremendous utility for me, and I expect many others as well.

Which brings me to my next point – why am I still using Facebook? I’m wearying of it. Every time something new is introduced, I find that I have to go through great lengths to reestablish my environmental equilibrium, if indeed I can at all. I can’t be the only person who feels this way: trapped between the network effects of Facebook and the concern that it’s leading you down the garden path to privacy catastrophe.

Something’s got to give.

When the NYT linked to Saving Face (my thesis), I saw thousands and thousands of downloads from my server – I think I calculated at the time that it would’ve made it the 7th most downloaded article ever from SSRN.

A few days ago, I was informed that Losing Face (my revised article) had made the top ten list for (recent) articles in the eBusiness & eCommerce eJournal.

I also found out that Losing Face has been already cited in three peer-reviewed papers, including one in First Monday and two law review articles.

While I’m honored that so many folks have found my writing to be interesting and useful, it is a bit ironic that Losing Face appears to be good enough to be widely read and well-cited but not good enough to merit publication on its own, at least judging by the stream of rejections from law reviews to which I’ve submitted. Guess not having a J.D. is a bigger issue than I’d hoped…

Via AllFacebook:

While you may never have signed up for a specific site, Facebook may begin giving away some of your data without your permission according to a new privacy policy change the company is considering. While it may not be a Beacon fiasco yet, it’s a similar idea. As the company writes, “In the proposed privacy policy, we’ve also explained the possibility of working with some partner websites that we pre-approve to offer a more personalized experience at the moment you visit the site.”

…

Granted, we are not totally clear about the instances in which Facebook will share your information, but it’s pretty clear that this is another sort of “opt-out” feature that led to a heated privacy debate years ago. In addition to potentially sharing your data with participating sites the moment you visit them, Facebook is announcing some other privacy changes, including a previous emphasis on adding “a location to something you post.”

So it’s Beacon, except launched with a savvier approach to avoid the Beacon backlash.

I’ve met profoundly deaf people who are more on pitch than the Facebook privacy people.

I’ve been pretty haggard with work lately, so I’m a bit late on this, but James Grimmelmann has written a great paper called “Privacy as Product Safety”, to be published in the Widener Law Journal. It’s an adaptation of his “Myths of Privacy on Facebook”, and it’s quite good.

In his “Saving Facebook”, Grimmelmann explained the “social dynamics” of privacy problems on Facebook. He canvassed the social science literature to explain how and why people used Facebook, and what their behavior could tell us about proper regulation and privacy protections.

But in this article, he’s honing in on what I’ll call the “design dynamics” that he explored in his first article – that is, how the design of Facebook (or other such services) relates to its privacy problems. This idea isn’t new – he calls them “privacy lurches” in Saving Facebook, and they’re somewhat the focus of my “Losing Face” – but what is really great about this article is how Grimmelmann maps product liability law onto the scaffold of social network sites.

For example, on Google Buzz:

“Buzz as a whole is a powerful, possibly revolutionary product—but it also launched with a serious design defect. Just as an otherwise-useful buzzsaw is still unreasonably dangerous to life and limb if it sports a flimsy handle, the auto-add feature made the otherwise-useful Buzz unreasonably dangerous to privacy.”

In “Losing Face”, I mostly gave up on law as a tool to fix the defective designs of social network sites. I’m interested, and excited, by Grimmelmann’s effort to adapt liability law to achieve an admirable end.

Yesterday, I submitted Losing Face: An Environmental Analysis of Privacy on Facebook to a variety of science and technology law reviews. Its abstract is as follows:

This Article contributes to the ongoing conversation about privacy on social network sites. Adopting Facebook as its primary example, it reviews behavioral data and case studies of privacy problems in an attempt to understand user experiences. The Article fills a crucial gap in the literature by conducting the first extensive analysis of the informational and decisional environment of Facebook. Privacy and the environment are inextricably linked: the practice of the former depends upon the dynamics and heuristics of the latter.

The Article explores possible interventions. It explains how regulatory solutions and market forces are themselves hindered by the the deficient privacy environment of Facebook and can’t solve all of its problems. This Article recommends renovating the design of Facebook to privilege privacy practices and proposes specific interventions drawn from the computer science and behavioral economics literature. It concludes with a message of cautious optimism for the emerging coalition of engineers, academics, and practitioners who care about privacy on networked publics.

The Article is a heavily revised adaptation of the thesis I conducted for Ethan Katsh and Alan Gaitenby at the University of Massachusetts, Amherst. If you’ve read my thesis (entitled “Saving Face”; title changed to avoid confusion with James Grimmelmann’s excellent Saving Facebook, recently published in the Iowa Law Review), then you’re familiar with the broad contours of the idea.

Losing Face, however, has been both greatly refined in its argumentation and noticeably reworked in its format (bah Bluebook) over the last year or so. I received invaluable feedback and assistance over the last from many people during this drafting process, including Helen Nissenbaum, researchers and interns at the Berkman Center for Internet and Society, but most indispensably James Grimmelmann, who helped me navigate the convoluted and mystified norms and logistics of the publication process.

I’ve posted a copy of the Article here and on BePress for further comment while it wends its merry way through the editorial process. This is a draft only, and should not be used for citation. I’ve endeavored to make all references as clear as possible, though some are not as clear as they will be in the final version because I haven’t nailed down all the infras and supras yet. If you have any questions, comments, or concerns about Losing Face, please feel free to drop a comment here or shoot me an email.

One of the great things about working at MIT is that you have some incredible opportunities available to you. Soon after I started working here, I was approached by MIT student Paul Kominers. In addition to being brilliant, Paul is also hilarious, and is what we call a “glue” kid – the sort of person who really makes things happen, who glues a community together, etc.

Paul is involved in the administration of SPLASH. Here is the Splash description:

One weekend in November, thousands of students of all types flood to MIT just for ESP’s Splash program to learn anything they want. From fractal fun to Hungarian history to aircraft analysis, Splash participants are introduced to a huge variety of topics by over 400 classes taught by teachers from the MIT community. Want to take a class on Egyptian mythology? Origami? Chemical sensors? All are possible.

Over the course of 20 hours during Splash, you can get your feet wet with a short introduction to any number of subjects—things you always wanted to learn, or topics you never knew existed. Or you can dive head first into an in-depth seminar or intensive workshop. The whole thing happens over the course of two intense days on the MIT campus, with classes taught by MIT students and community members.

On this Saturday past, I spent two hours teaching 130 10th-12th graders about the privacy architecture of Facebook. It was a lot of fun. Bunch of great jokes, sharp kids, cool concepts that were mostly interesting and new to them. Caught Paul running around with a top hat on, making sure everything went as planned for all of the 2700+ local students who were attending dozens of classes.

Great opportunity, lots of fun, and I can’t wait to do it again.

Re-reading Marshall’s article, there is one clarification I want to make. After quoting me saying that Facebook information is decontextualized (as danah boyd has exhaustively noted), Marshall writes:

Perhaps no longer! The new Facebook publishing feature lets users share things with just a particular list of their friends. (Or with the public at large if they so choose.) The contexts are un-collapsed. Communication is human again. That’s a very big deal and is the kind of change that could make far more people comfortable sharing far more information about their lives on Facebook. It’s also a feature that no major competitor (namely Twitter) offers.

I share his hope, but I am not sure that the Publisher by itself reconstructs contexts. Certainly, it is a powerful tool with which one may take steps to rebuild the walls that separate social situations.

However, the tool itself doesn’t help much if it is to be exercised in an unhelpful environment. As I wrote on page 52 of my paper:

(continue reading…)

Marshall Kirkpatrick of ReadWriteWeb (syndicated to the New York Times) had a great article about Facebook privacy today that incorporated some stuff from my thesis/working paper. Marshall was nice enough to contact me before he ran the article to ask what I thought about the new Facebook Publisher.

Basically, Facebook is introducing a new Publisher that gives people easier access to (and more granularity over) what they publish to whom. While I don’t have access to the new Publisher yet, here’s what I told Marshall yesterday:

(continue reading…)