Facebook is still talking through their hat in response to the open letter sent by privacy organizations on June 16. The ACLU checks the facts in Facebook’s claims. Guess what? Facebook continues to cover up the facts: they are either lying, or don’t know how their own technology works.
Facebook Says: It has heard the concerns of the privacy groups and plans to address them in an upcoming revamped data permissions model.
The Facts: The announced plan is an incomplete solution that does woefully little to resolve the app gap. Your personal information may still fall through the privacy cracks when your friends run apps because, by default, Facebook will continue to treats apps your friends run like it treats your friends themselves, giving those apps access to most of your information without your notice or consent.
Facebook Says: Instant personalization is “widely misunderstood,” and that there is no privacy concern because the only information that instant personalization partners receive from Facebook is public information.
The Facts: When you visit an ordinary web site, the site doesn’t automatically know who you are. But when you go to an “instant personalization” site while logged into your Facebook account, the site knows exactly who you are, including your real name, profile picture, and other public information on your Facebook profile.
It’s like entering a store that automatically scans your wallet or purse when you walk through the door and then links everything you do in the store to your personal information—without first asking you for permission.
Facebook Says: Its social plugins are just like every other widget on the web.
The Facts: Social plugins are different from other widgets on the web because they can connect your online activity to all of the personal information attached to your Facebook account, creating an even more detailed profile of you. Facebook can track every time you visit a page with a social plugin, even just a “like” button, and connect this activity to your Facebook account—even if you don’t use the plugin or click on the button at all. Web site developers who don’t recognize this distinction may be violating their own principles or privacy policies unknowingly by using the like button and other social plugins.
Facebook Says: It has taken away privacy settings for information like name, profile picture, and network because “it has been [its] experience that people have a more meaningful experience on Facebook if they share some information about themselves.”
The Facts: Facebook’s refusal to give you control over every piece of information that they share is inconsistent with its stated principle that “People should have the freedom to decide with whom they will share their information, and to set privacy controls to protect those choices.” Not allowing users to choose for themselves is simply contrary to this policy.
Facebook Says: It imposes no restrictions on users that prevent them from exporting the content that they have posted themselves on Facebook and has open APIs that permit applications to export this information.
The Facts: Facebook does not provide its own tool to automatically export your data. Thus, if you want to port your data from Facebook to another service, you must rely on workarounds involving some “approved” automated third party application to export your own content and connections — or get Facebook’s permission to create your own tool to do so.
[and everytime someone invents such a tool, they block it.]
It’s time for the Justice Department to take a look at Facebook’s continued malfeasance.
I have yet to take the time to exhaustively review the new Facebook privacy settings, as well as various people’s musings about them, but I plan to do so this weekend. In the meantime, Miguel Helft recounts Mark Zuckerberg’s discomfort at the D8 conference yesterday:
Miguel Helft, Zuckerberg On The Hot Seat
About 20 minutes into his on-stage interview at the D8 conference, Mark Zuckerberg had to take off his hoodie, the black sweatshirt that has become his trademark and that he said he never took off.
Mr. Zuckerberg was being grilled about Facebook’s latest privacy flap, and he was visibly uncomfortable and sweating profusely. Mr. Zuckerberg was on the proverbial hot seat and he seemed to know it.
“There have been misperceptions that we are trying to make all information open,” Mr. Zuckerberg said at one point. “That’s completely false.”
The short, crisp statement contrasted with most of his other answers, which were long and rambling, prompting even more questions from Walt Mossberg, the 63-year-old conference co-host.
Mr. Zuckerberg, 26, appeared ill-at-ease with questions that he had answered deftly a week earlier when he admitted that Facebook had made mistakes by letting its privacy settings grow too complicated. At the time, Mr. Zuckerberg announced simplified controls and appeared contrite.
This time, Mr. Zuckerberg was on the defensive for much of the time, but he appeared to get some sympathy from his audience.
When Mr. Mossberg said he would move on from the privacy grilling to other topics applause broke out in the room. But others were less forgiving.
The veteran technology journalist Dan Gillmor, for instance, wrote on Twitter: “Walt Mossberg insists on an answer re FB’s unilateral privacy changes; nope, still no answer.”
I’m with Dan Gillmor on this one.
Theoretically, Mark Zuckerberg wrote a piece for the Washington Post responding (at last) to the privacygate furor that has been raging for weeks, since the latest turn of the screw when Facebook revised their terms of service once again. I don’t think so: this looks like a very crafted PR piece.
Mark Zuckerberg, From Facebook, answering privacy concerns with new settings
The challenge is how a network like ours facilitates sharing and innovation, offers control and choice, and makes this experience easy for everyone. These are issues we think about all the time. Whenever we make a change, we try to apply the lessons we’ve learned along the way. The biggest message we have heard recently is that people want easier control over their information. Simply put, many of you thought our controls were too complex. Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark.
We have heard the feedback. There needs to be a simpler way to control your information. In the coming weeks, we will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services. We are working hard to make these changes available as soon as possible. We hope you’ll be pleased with the result of our work and, as always, we’ll be eager to get your feedback.
We have also heard that some people don’t understand how their personal information is used and worry that it is shared in ways they don’t want. I’d like to clear that up now. Many people choose to make some of their information visible to everyone so people they know can find them on Facebook. We already offer controls to limit the visibility of that information and we intend to make them even stronger.
Here are the principles under which Facebook operates:
— You have control over how your information is shared.
— We do not share your personal information with people or services you don’t want.
— We do not give advertisers access to your personal information.
— We do not and never will sell any of your information to anyone.
— We will always keep Facebook a free service for everyone.
"We have also heard that some people don’t understand how their personal information is used and worry that it is shared in ways they don’t want." and "Simply put, many of you thought our controls were too complex. Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark." just demonstrate that they aren’t really listening.
The statements made above are counterfactual: Facebook users do not have full control over their information, since a lot of it is shared with the world and there is nothing users can do about it at present.
A number of people are taking the tack that Facebook is too ingrained in our web lives to be dropped (see danah boyd’s most recent piece, for example), or that the benefits outweigh the negatives (like Tim O’Reilly’s Contrarian Stance on Facebook and Privacy). I don’t buy it. If enough people howl, and enough of Facebook’s partners begin to question their motives and policies, things can be changed.
I don’t think Facebook is the future but it may take a few years for that to be obvious.
I am fairly late to this story, which I guess broke late yesterday, but once again Facebook is in a privacy mess, this time along with MySpace and other social networking sites.
Emily Steel and Jessica Vascellos, Facebook, MySpace Confront Privacy Loophole
Facebook, MySpace and several other social-networking sites have been sending data to advertising companies that could be used to find consumers’ names and other personal details, despite promises they don’t share such information without consent.
The practice, which most of the companies defended, sends user names or ID numbers tied to personal profiles being viewed when users click on ads. After questions were raised by The Wall Street Journal, Facebook and MySpace moved to make changes. By Thursday morning Facebook had rewritten some of the offending computer code.
Advertising companies are receiving information that could be used to look up individual profiles, which, depending on the site and the information a user has made public, include such things as a person’s real name, age, hometown and occupation.
Several large advertising companies identified by the Journal as receiving the data, including Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, said they were unaware of the data being sent to them from the social-networking sites, and said they haven’t made use of it.
Across the Web, it’s common for advertisers to receive the address of the page from which a user clicked on an ad. Usually, they receive nothing more about the user than an unintelligible string of letters and numbers that can’t be traced back to an individual. With social networking sites, however, those addresses typically include user names that could direct advertisers back to a profile page full of personal information. In some cases, user names are people’s real names.
Most social networks haven’t bothered to obscure user names or ID numbers from their Web addresses, said Craig Wills, a professor of computer science at Worcester Polytechnic Institute, who has studied the issue.
The sites may have been breaching their own privacy policies as well as industry standards, which say sites shouldn’t share and advertisers shouldn’t collect personally identifiable information without users’ permission. Those policies have been put forward by advertising and Internet companies in arguments against the need for government regulation.
If there was any doubt that privacy needs to be regulated, these last weeks have certainly proven the case.
[There is a bizarre back story to this. Apparently Marshall Kirkpatrick of ReadWriteWeb attacked the authors of the story for technical naivete, a point he lated retracted or at least ammended. As Alan Patrick comments on Broadstuff, “Sorry RWW, but the situation was pretty clear just from the WSJ article. Its just that the automatic position of the Silicon Valley A-List blogs seems to be to leap to Facebook’s defence these days. Quite why this is we can’t imagine.”
Yes, I agree. See Facebook Apologists Miss The Point: Facebook Isn’t The Future.]
As the Facebook ‘privacygate’ affair swells and swells, most recently fed by the leaking of Zuckerberg instant messages from years ago, various members of the tech commentariat are starting to come forward to defend Zuckerberg and suggest that the media have gone too far.
My sense is that these apologists are going too far in supporting Zuckerberg and the actions that Facebook has taken; for example, Michael Arrington [my comments are italicized.]
Michael Arrington, The Media Attacks On Facebook And Mark Zuckerberg Are Getting Out Of Hand
Friday is Facebook CEO Mark Zuckerberg’s 26th birthday. My guess is he’s won’t be enjoying it as much as he should, given that the top tech story of the day is a look at a private instant message exchange he supposedly had six or seven years ago at Harvard. The messages show a callous disregard for personal information added by early Facebook users. Given that Facebook is in one of its regularly scheduled privacy scuffles right now, the connection is just too juicy. The press has gone wild.
It’s completely out of hand, and it’s just another example of an online mob getting out of control. I’m embarrassed to see people I respect stopping one step short of calling for physical violence against Zuckerberg. And they certainly aren’t stopping short of calling him every nasty thing they can think of. The Huffington Post actually compared Facebook’s privacy issues to the BP oil spill. Shameful.
Why are you ashamed of your colleagues, who are justifiably incensed by Facebook’s actions and their ham-fisted response to the controversy? Just because a large group of people share similar concerns about Facebook’s policies doesn’t mean that this is ‘mob justice’ — some unthinking swarm of torch-bearing Jacobins hoping to murder anyone better off than them. It could simply be a growing awareness of serious problems; ones that need careful reflection and discussion by our tech pundits.
The Facebook privacy issue is a reasonable thing to debate. Whether or not Vice President of Communications and Public Policy Elliot Schrage gave a reasonable defense of the company’s privacy policies to the New York Times is also a reasonable thing to debate. Even a high profile person saying they’re going to close their Facebook account, obviously for competitive or for promotional purposes, isn’t going too far.
A more investigative analysis of Schrage’s Q&A on the NY Times by Dan Tynan shows that he is either misinformed as to how Facebook’s privacy system works, or he is intentionally misinforming us about it (“lying”). Even leaving Schrage’s Q&A aside, Facebook has clearly not done as much as it could to clarify their privacy position and what it means for users. And considering their market position, they have an obligation to do so.
This is one of the major issues: that Facebook seems determined to not be open and honest about privacy, and they are obviously not making it easy for users to understand the privacy system and the changes they are making, and most importantly, how a user should proceed to get they privacy they want.
One simple observation is that users will not be able to get the privacy they want (or think they already have, or at least had in the past) in today’s Facebook.
But what Mark Zuckerberg said or didn’t say six years ago isn’t relevant to anything. It isn’t an indication of his character, or how he views privacy today. It’s nothing, a snip of a private conversation without context and certainly without the benefit of knowing more about him as a person.
Who here hasn’t said something stupid when they were 19? Who here hasn’t done something dumb when they were 19? None of you. If you’re getting all self righteous, you’re lying to yourself.
On the other hand, Zuckerberg’s nefarious dealings with his former partners at UConnect, the actions he took to squelch the discourse about that, and so on — all actions that took place at the founding of Facebook — do reflect on his character and the company’s DNA.
Six years ago Zuckerberg had no idea what Facebook would become, or how much he’d have to change and mature to handle it. He’s the CEO of one of the most powerful corporations on the planet. He is leading a team that is recreating and redefining our culture as a society.
This line of argument just doesn’t make sense. On one hand, he was a young kid, who didn’t know he would one day be a powerful CEO, and he was unaware of how much he had to grow to handle that responsibility. Ok, granted. But now he is that CEO, and he must be judged on the actions he has taken as CEO of Facebook, even going back in time.
And frankly, none of what Facebook is doing privacy-wise should be a surprise to anyone. At a high level anyway. Facebook is trying to invent, on the fly, an entirely new way or organizing the Internet. 500 million people a month visit the site. They can’t do anything at all without angering some portion of them. And since the service is growing and evolving so fast there’s no way change won’t happen.
Facebook’s privacy misadventure may not be much of a surprise to market-watchers like you and me, Mike, but it is a surprise of some 17-year old in Poughkeepsie or a 35-year old secretary in Los Angeles who still don’t know about the privacy changes, and who are operating under the assumptions they had last year. And while those of us in the bubblicious tech world accept the nosebleed-inducing future shock of incessant and radical change on the web, most people do not. It is completely inadequate to say something like ‘you can’t make an omelette without breaking eggs’ when the eggs in question are people’s lives.
I am no fan of threatened violence (although I have yet to see any of that in this Facebook flare-up), but I believe that Facebook’s users have a solid basis for being seriously pissed off. Even though I am an advocate for publicy — living life in the open on the web — I am by no means an advocate for having it jammed down our throats by a unilateral change in the Terms Of Service agreement by a powerful corporation.
Facebook has shown a studious and callous disregard for the impacts that the company’s decisions are having on people’s lives. What Arrington never really addresses is the fact that Facebook is obviously involved in creating a business model that is strip mining information about users who believed that info would be kept ‘private’, where ‘private’ is a very slippery concept. The only recourse for users at this time is to stop using Facebook altogether, if they want to live a truly private life. This is exactly the fear that Zuckerberg and company are banking on: that users get so much from socializing on Facebook that they will not quit the service, even if they feel that they are being exploited.
Others (like Scoble and Venturebeat ) are softsoaping the flare-up and offering advice to Zuckerberg to get over this public relations hiccup and get back to conquering the world. Meanwhile, aside from the stories about the old IMs, new figures about dropping growth rates by Danny Sullivan suggest that Facebook defection is rising and that the furor may be stopping newbies from signing up.
It’s clearly a turning point for Facebook and the social revolution on the web.
I am an outspoken advocate for social connection and the rise of social tools to help us accomplish that. On the other hand, I am concerned about the centralization of too much control in the hands of a single company; and most especially, in the hands of a single company that seems to be uninterested in the needs of users, and completely motivated by a corporate and financial agenda.
At this point, I would suggest that Facebook’s management and Zuckerberg in particular are not equal to the challenges that confront them, and that even if they get this particular mess behind them, things will start to unwind. Large corporate partners who may have been heading down the road to integrate Facebook into their websites or applications will start to reconsider. Users will opt to spend more time in smaller, more specialized social networks, rather than a single, all-encompassing social context. Application developers will want to create more distance between themselves and Facebook, which increasingly looks like a competitor, not a platform.
And in the final analysis, the next generation of operating environments may turn Facebook into a quaint oddity (and tools like Twitter, as well), because the next generation operating platforms from Google, Apple, Microsoft and others will have sociality built in a fundamental level.
We will be able to ‘follow’ friends — where they are, what they are watching on TV, and what they think we should be reading — across all devices, applications, and contexts — obviously, subject to our own notions of privacy and publicy controls. But this advance — which will be as fundamental as the rise of the web has been to date — cannot be sparked by a player like Facebook. This will come from those who are busy on the foundations of the next generation web, which is not Facebook, despite its dizzying market valuation. Look to interoperable social standards — the future equivalent of HTTP, XMPP, and email protocols — to be forged by competition between Google, Apple, and other foundational players.
We are headed for a time when files and directories are all tidied up, and buried in the gearbox of operating platforms, but where social connection and social networking will be treated as a first class element of the web. This is the social revolution, at last. And Facebook will become a footnote in that history, like SixDegrees.com, Friendster, MySpace and, yes, even Twitter.
More logs for the privacy pyre:
Laura Holson, Tell-All Generation Learns to Keep Things Offline
Mistrust of the intentions of social sites appears to be pervasive. In its telephone survey of 1,000 people, the Berkeley Center for Law and Technology at the University of California found that 88 percent of the 18- to 24-year-olds it surveyed last July said there should be a law that requires Web sites to delete stored information. And 62 percent said they wanted a law that gave people the right to know everything a Web site knows about them.
That mistrust is translating into action. In the Pew study, to be released shortly, researchers interviewed 2,253 adults late last summer and found that people ages 18 to 29 were more apt to monitor privacy settings than older adults are, and they more often delete comments or remove their names from photos so they cannot be identified. Younger teenagers were not included in these studies, and they may not have the same privacy concerns. But anecdotal evidence suggests that many of them have not had enough experience to understand the downside to oversharing.
Facebook is the bogeyman in a Brothers Grimm passion play about what is — and is not — acceptable in the formation of our self-identity.
Gregory Galant, Business Insider