Facebook’s open disdain for privacy

Facebook’s open disdain for privacy
By John Gapper
Copyright The Financial Times Limited 2010
Published: May 12 2010 22:05 | Last updated: May 12 2010 22:05
http://www.ft.com/cms/s/0/a967d5e4-5dfa-11df-8153-00144feab49a,s01=1.html


Facebook is among the most powerful internet companies – maybe the most powerful together with Google – in the world.

It has 400m users, 35m of whom use it at least once a day. It is the most visited website in the US. Its initial public offering, which is expected within a year or two, would be the biggest Silicon Valley event since Google’s IPO in 2004.

Facebook is thus important not only to investors but to everyone interested in the future of the internet, which is practically all of us. If it decides, in Google’s phrase for deceiving or messing around with its customers, to “be evil” then millions feel the effects.

Unfortunately, Mark Zuckerberg, the 25-year-old who founded Facebook as a private social network for Harvard students, has recently been displaying a disregard bordering on disdain for Facebook users’ right to maintain control over personal information.

Not only has Facebook gradually eroded the privacy rights of its users, but it has done so in a confusing and opaque way. Facebook’s privacy controls are now so complex and hard to understand that many have been nudged into “sharing” a lot, just as Mr Zuckerberg wishes.

“We are building towards a web where the default is social,” he declared to a developers’ conference last month. In practice, he meant that Facebook will share users’ data with some websites, initially including Pandora, the music service, and Yelp, a small business recommendation site, unless they jump through hoops to stop it.

Mr Zuckerberg was at least speaking plainly, unlike last December, when he wrote in an open letter that “our work to improve privacy continues today”. He failed to mention that, eight days later, it would turn six aspects of each user profile, including gender, location and the friends list, into “publicly available information”.

If Facebook users were allowed a free choice, they might well tick the box to accept anyway. His vision of the “open graph”, in which Facebook’s users engage more with websites they visit and applications they use because the services are tailored to them, has allure.

For the sites in its pilot programme, that means Facebook users will, for example, automatically see restaurants recommended by friends when they visit Yelp, or hear music from bands they like when they go to Pandora. The software “cookie” placed on their computers by Facebook will automatically identify them to partner websites.

Facebook users might in future find books that have been read by their friends or gifts based on their location recommended when they visit an online retailer such as Amazon. If Facebook does not encounter too many protests, this pilot is likely to expand.

Some will find this useful and others abhorrent, depending on their view of software surveillance and data sharing. What is indisputable is that consumers need to be given a clear, comprehensible choice about how their personal information is used, so they can decide.

By this standard, Facebook is failing dismally. It is arguably complying with the law (although several privacy groups have argued to the Federal Trade Commission that it is not) since no private data are being provided to advertisers, but it is being far from transparent.

Apart from the difficulty of keeping information private and the barriers to doing so, it is breaching former understandings by getting millions hooked on its services with a promise of strict privacy controls, and then informing them that stuff happens and they must adapt.

The Electronic Frontier Foundation has published a good timeline of how Facebook’s privacy policy has weakened from its pledge in 2005 not to share data with anyone but a defined set of friends and groups, to today’s Orwellian warning that “when you connect with an application or website, it will have access to General Information about you”.

Mr Zuckerberg has defended this by claiming that privacy standards online are changing and young people want to share more than in the past. This is at best disingenuous and does not justify a failure to inform and consult people.

Even if Facebook users invest the considerable amount of time and effort needed to understand Mr Zuckerberg’s gradual changes of policy and decide to trust him with their data, how can they be sure he will not alter the rules again with similar insouciance?

He is not alone in Silicon Valley. Social networks and internet companies often give away services free to users and only retrospectively address the challenge of “monetising” their users in order to satisfy the venture capitalists that have funded them.

Even highly-profitable Google used dubious tactics this year when it tried to compete with Facebook and Twitter by launching its Google Buzz social network. At launch, it set the default to link G-mail users to people they had frequently e-mailed, and it only backed down under protest.

Facebook needs to do basic things to act responsibly and regain trust. It should provide simpler and more intuitive privacy controls, and retain them. It must explain clearly how it will distribute “publicly available information” and what the limits on that use will be, not until it changes its mind but for good.

As it is, Mr Zuckerberg, who turns 26 tomorrow, gives the impression of not caring a hoot about privacy. Whether by protest, legal action or regulation, he should be made to.

john.gapper@ft.com