Analysis: Some Facebook Privacy Issues Are Real, Some Are Not

Facebook has consistently pushed its users to make more personal information public over the last several years. It believes doing so will allow it to offer better products to users, and the marketers and developers who want to reach them.

But some users, privacy groups and politicians have matched its moves with vocal protests, lawsuits and more recently, official investigations. The controversy only appears to be intensifying.

Below, we’ll closely examine the Facebook privacy issues being debated, from social plugins to Instant Personalization, to the terms of service changes, and many others besides. We’ll provide a straightforward description of what each change was, followed by our analysis of how serious the issues are around each change.

We’ll follow up in a separate article with our  broader conclusions about the changes, the issues and what they mean for Facebook, its users, and everyone else. Before we delve into the specifics, here’s a quick overview of the new risks, and some background.

The Risks

Some criticism of certain aspects of these launches seems fair, like the way that Facebook directed users to make profile interests public. But some people also seem bewildered by the sheer number and complexity of the changes, and are assuming the worst about all of them as a result.

Fairly or not, critics are advocating for regulations or other forms of restrictions on how Facebook handles user privacy, and are even recommending that users leave the site.

The issues are creating new risks not just for Facebook users, but for the company and its ecosystem of developers and marketers.

One risk is that a significant number of people actually do stop using Facebook completely, possibly out of fear of how their data might be used, but also because they are fatigued by the constant changes. This hasn’t happened yet, despite many critics predicting that it would over the years. But there could still be a tipping point, where the build-up of issues finally convinces people to leave en masse.

The other risk is that agencies from national governments, particularly the United States’ Federal Trade Commission, impose stiff new regulations on what product changes that Facebook can make going forward, thereby limiting its ability to improve its products.

This Is Not a New Debate

This round of Facebook changes is arguably not any more significant than past privacy-related ones — like the launch of its news feed, Connect, the application platform, Beacon, the altered publisher tool, and the regularly edited terms of service, to name a few. But the stakes have risen.

Facebook has grown to be the largest social web sevice in the world, with nearly 500 million monthly active users by our most recent estimate. It has turned a profit, and now it appears to gradually be moving towards an initial public offering.

The company is typically aggressive about how it is trying to become more open. Sometimes it moves hastily, or provides an unclear interface, or pushes users to do things that some of them don’t want to do. It has had these sorts of problems before and it has gotten a lot of criticism as a result — Facebook’s critics of today have had years to hone their techniques.

The news feed was met with user outrage when it launched years ago, because Facebook aggregated data about users’ activities in an easy to view way. Even though the data it used was available already, users felt betrayed because that availability became far more obvious. But everyone got used to it, and the news feed has become Facebook’s main avenue for sharing information; in fact, it has been so successful that many other companies have built similar products to help users process information more easily. Facebook overcame users’ gripes, and that success seems to have given it the confidence to keep pushing regardless of criticism.

But Facebook has not been entirely successful in blowing through criticism. Its doomed Beacon advertising system, for example, tracked users’ activity across the web and shared it with their friends without asking permission to do so. The idea sounded promising — but the product itself violated user privacy. Facebook dropped the service eventually, after damaging months of public attacks and multiple ongoing lawsuits (some frivolous, of course).

The company has not been immune to governmental pressure over the years, either. It was forced to accommodate changes from the Canadian privacy commissioner last year. The changes to privacy features in December and the streamlined permissions dialogue introduced last month were, in part, efforts by the company to comply with the commissioner’s requirements.

Facebook’s moves in December set the stage for the current controversies. The main issue was that it required users to go through a transition tool (pictured) that set them up with new privacy settings. The process was confusing to many, and it directed users to make more information public in ways they might not have understood.

Privacy groups had a field day at that point — issues like these allow them to show themselves as fighting for the public good against powerful, selfish interests. Following waves of press coverage, ten of them filed a complaint with the FTC against Facebook. The FTC said it was looking at the situation, but it hasn’t said much since. Meanwhile, other governmental bodies, like the European Commission, have begun investigating on their own.

But these issues, like all the ones before them, have yet to hurt Facebook’s traffic. The most recent measurements from March and April show it booming in the US and around the world, as we’ve covered here and here.

So far, none of the late April changes have had significantly bad results, either.  There are no reports of users being harmed as a result of them, and Facebook itself tells us that traffic is up by nearly every measure following the launch.

We examine what the specific changes were below. Then we look at how people have responded, and whether their complaints are well-supported or not. In a follow-up article, we conclude with our view of how all the issues add up to impact Facebook — or don’t.

Personal Profile Information and Privacy Settings Change

The changes: On April 19, two days before major product launches at its f8 developer conference, Facebook introduced a significant update to how people can express interests in their profile.

Some users have extensively filled out their profiles with a wide variety of personal information, including their work and education history, and interests like music, movies and books. The company suggested that users automatically re-categorize their interests (though not other private personal information) into publicly-available Pages, so that a user from San Francisco, for example, would display that city’s Page.

If users didn’t want to do this, their other option was to delete the information completely or re-add it in the “Bio” field — neither of which were clearly pointed out.

Users were presented with a transition tool that asked them to add these Pages to their profiles. It featured two big buttons on the lower right: “Link All to My Profile” and “Ask Me Later.” The third option, “Choose Pages Individually,” was relatively de-emphasized. It was a link without a button, in smaller text than the other two, and over on the lower left part of the window. Explanatory text at the top of the tool said that the information would be public.

Adding a layer of complexity to this change were two more that Facebook pushed out at the same time. It re-arranged user privacy settings, a move based on the terms of service change it introduced at the beginning of April (we’ll look at the terms further down). Facebook made what it calls “General Information” public, with no option to hide it, as part of that terms change. This includes your and your friends’ names, profile pictures, gender, connections, and any content shared using the Everyone privacy settings. The only other option is to not provide this information in the first place, or delete it if you already had.

What Facebook did decide to keep private for users is key personal information — everything not defined as General Information — which it moved to a new category in its privacy settings, called Personal Information and Posts. This includes users’ biographies, birthdays, sexual preference, religious and political views, photo albums, your own posts, the ability for friends to post to your wall, the visibility of friends’ posts on your wall, and comments on posts on your wall.

The other category in privacy settings includes what Facebook has newly defined as “Friends, Tags and Connections.” This information can be private in nature, but it includes a social element; your friends also can decide whether or not to reveal the fact that you’re friends with them. They can decide to tag you in a photo or video, and so forth — you can decide to untag the photo, but you can’t delete the photo itself because it belongs to them. The complete list of information in this section includes: friends, family, relationships, photos and videos of yourself, current city, hometown, education and work, activities, interests and things you like.

Facebook makes this information public by default. You can hide it on your profile from anyone who visits, but you can’t hide it on the Page you’re connected to.

Finally, Facebook created a new category of Pages called Community Pages. These are non-commercial Pages for things like causes, ideas or internet memes, and they are more limited in nature. They don’t have owners and do not include some options, such as publishing to fans’ news feeds. Users who had items in their personal information section that did not match with existing Pages had those items converted to new Community Pages.

The point of all of this is to make it easier for users to find and share their interests with each other — which is what Facebook exists to do in the first place.

The issues: The three changes — the profile transition, the privacy settings switch and Community Pages — resulted in what appears to be a high level of user confusion, and criticism from privacy groups and politicians, including four US senators.

From some users’ perspectives, it was not clear why lists of personal interests and other details should suddenly turn in to Pages. Facebook users have already had the option to become fans of Pages, but that process was purely opt-in because you had to go to a Page and select the option yourself.

Facebook purposefully minimized the option for users to individually edit the Pages within the new transition tool. Instead it directed them to convert everything. If users did not read the tool carefully — which is a reality of how most people use the web — they clicked through and then discovered what had happened.

The company does not provide flexibility for them to do anything besides make the information public in its transition tool and privacy settings, or remove the information altogether, or re-add it in the user “Bio” section (which can be kept completely private).

“We recognize there has been confusion on this point and are creating more material on the site to explain all of the options people have,” Facebook tells us.

The other catch here is that some users had previously selected some of this information to be private. The transition tool did clearly warn them that the information was going to be public, but it did not state that their privacy settings would be automatically altered to reflect this fact, an issue we noted at the time.

The addition of Community Pages further confused the situation. Some users, for example, said they had previously listed their own businesses as interests, only to discover that they inadvertently created a Community Page for their business that they now have no control over. They can’t delete it and they need to go through an appeal process to make it an official Page they can control.

When we asked Facebook about the transition process, the company says that less than 20% of its users had filled out the profile information, while more than 70% had already connected to Pages about their interests. It says this is one of the main reasons it made the changes. It also notes that users who had filled out interests before had not had the option to add them as Pages, instead.

The changes do not amount to outright deceptions, but they are misleading to the portion of users who have filled out their interests assuming everything would stay private. Facebook’s rationale is understandable but so are the negative reactions.

Social Plugins and the Open Graph

The changes: Facebook introduced new ways for other web sites to integrate site features at f8 through a set of five widgets, each with specific functionality. If you’re logged in to Facebook, you can immediately see information about your friends and what they’re up to on other sites. You can go to many news sites today, like CNN, to see the widgets in action — or “plugins” as Facebook calls them — and then see what news articles your friends are sharing.

Facebook’s intent is to allow users to get more value out of other web sites by seeing what their friends are sharing, and by sharing more information with their friends — and in doing so, it is also trying to make the sites themselves more valuable.

The plugins also allow you to share information back to Facebook. The main one is called the Like Button. It takes Facebook’s Like feature and allows developers to provide it on any web site. So you can be reading a news article, click on the “Like” button above the article, and immediately share a link to it on your wall and in your news feed.

Facebook does not provide user data to sites that use the Plugin. It keeps everything on its own servers, similar to how embeddable YouTube widgets show videos that are hosted on YouTube.

It also launched what it calls the Graph API. This allows developers to access a wide range of user data. General Information and other data that users have disclosed is readily available, and developers can request more through special permissions.

Developers can also get additional access to users through the Open Graph Protocol. They can publish updates to any user who has Liked an item. And they can create their own version of the Like button that doubles as a way to have users become fans of their Page.

The issues: Seeing a friend’s profile picture and shared stories appear in a widget on another site might surprise some people. Much of the controversy over this issue revolves around what data is being shared with third party sites.

However, the plugins are designed so that no data is shared with third party sites by default. Some people have misunderstood how the plugins work, though, and claim that data is being widely shared.

Facebook does track users who visit sites that have its widgets, but it has had various widgets available for years that it tracks, and it has not done anything differently with the new plugins, at least in their simplest implementations.

The company, along with Google, Yahoo and many other market leaders, tracks users through browser cookies and a range of other legal methods. Some other web companies have provided more transparency around this process, but only after governmental pressure — most of the industry is still opaque about its practices. However, proposed congressional legislation could more broadly impact how web companies use and share data.

So, Facebook is not doing anything especially controversial here, with some caveats.

All General Information (remember, your friends list, your gender, etc.) is available to third parties through the Graph API, for services like search. This includes anything that users have inadvertently made public. The privacy issue here is not about the Graph API — it’s about how Facebook requires or leads users to make information public in the first place. There’s no way to make General Information private. Users just have to delete it.

Facebook has been making more data available through altering its privacy settings, which it has given itself permission to do through changes in its terms of service. As we covered above, the transition tools in December and in April didn’t always clearly inform users of what they were making available. The term changes have been somewhat clear, as we’ll get into below, but it’s likely that many users didn’t pay attention.

The last point about how the Graph API works is also a cause for concern. Developers can get access to publishing to a user’s stream, for example, even though users are not told about this.

In sum, Facebook should not be criticized for the fact that it offers these new social plugins. But it does deserve criticism for not clearly explaining to users how the features can be used by developers.

The fact that “Like” has more than one meaning is also a real issue here.

The Meaning of Like

The changes: Facebook first introduced the “Like” feature as a way to show your appreciation for things like a friend’s smart status update, last year. However, it broadened the meaning of “Like” along with its other changes. Instead of a button on Pages that invites users to “Become a Fan,” it asks them to Like Pages.

This means that users are not just sharing links to the Page on their wall and news feed — the actions that clicking “Like” has generated up until this point. Instead, users are becoming fans of the Page. Anyone can view all of a Page’s fans. The result is that some users might see a Page and click Like because they think they are simply sharing the Page with their friends, when it reality they are becoming fans of the Page. Users’ other option is to end their connection to the Page.

The point of the change is to make “Like” a universal term for expressing interest and sharing information, cueing users to do so more often.

The issues: There has been limited concern about this redefinition among those critical of other changes. However, it is not clear if users understand or appreciate the difference. Along with the confusion about Community Pages, users may be reacting by actively “Unliking” Pages, as we recently covered.

The confusion is compounded by the fact that using the Like Button to like a page can make the user a Fan of the page or enable the page to share items to their stream, without informing users first.

Instant Personalization

The changes: Facebook is also testing a way of pre-approving third parties to get access to user information, something it calls “Instant Personalization.” You can see the service live on Yelp, Pandora and Microsoft’s new Docs online word processor service; it is set to expand to other parties.

The point is to make sites valuable to users through providing relevant social context, without asking them to do anything first.

The default for Instant Personalization is that Facebook automatically shares users’ General Information with partner sites. When they go to one of these sites for the first time, they’ll see a blue bar at the top of the site that includes links explaining how the service works, and a button that lets them opt out, which requires a few steps. Unless they go through the process of opting out, they’ll also see each site populated with their General Information, including views of information their friends are sharing on the site.

Opting out isn’t easy. You first need to go to Privacy Settings, then Applications and Websites and the Instant Personalization Pilot Program link. Once there, you need to unclick the box at the bottom that says “Allow select partners to instantly personalize their features with my public information when I first arrive on their websites.” When you do this a pop-up will ask you to confirm your decision. The other option is to visit each of these sites and opt-out individually by clicking “No Thanks” on the blue bar.

The issues: A number of privacy groups and politicians have come out against the move. This is hardly surprising because Facebook is clearly sharing some data without user permission. And, since launching the feature, Facebook has made the process for opting out more complicated, as the Electronic Frontier Foundation details.

However, the company carefully manages the data-sharing process, and it has made serious efforts to tell users exactly what is going on and what they can do about it. The move is bold on Facebook’s part. But it prepared itself legally through publicly altering its terms of service around the concept, earlier in April (see below). And, the user interface does clearly explain what users are seeing.

It also says it has no plans to expand this test at present.

Data Storage

The changes: Facebook previously required that developers not store user data for more than 24 hours. It has now changed its policies to allow them to store data indefinitely. If users want developers to remove the data, they are required to do so — except for anything that is public by default, like General Information.

The issues: This is another hot one for privacy groups and politicians. The concept of unlimited data storage sounds scary — who knows what those developers are doing with that data?

But the reality is that Facebook users already decide to share data with third parties when they do things like install social games or other applications, or sign in to a web site using their Facebook identity. The new policy might sound scary, but it’s not much different than how the platform has worked for years.

The change is more of a technical decision to make development easier. Many companies lack the resources to constantly ping Facebook servers for data; some, without intending to do anything wrong, have already stored data for longer than 24 hours.

The bigger issue, as we’ve mentioned before, is that there are increasing reports of rogue applications and others who scrape and store Facebook user information then resell it on the black market for any number of purposes, from online lead generation to phishing and other scams. The extent of the problem is not well-understood, but Facebook appears to lack means to control third party redistribution of its data beyond doing things like suing companies or kicking them off of its platform.

Streamlined Permissions

The changes: Along with other launches at f8, Facebook added a simplified user interface for developers to request private information from users. Before, users had to click through a series of dialog boxes to approve data-sharing. Now, developers can list all of the data they’re requesting in one box, and have users approve it with a single click. If the developer asks for their email, users can edit which to provide in the interface.

The idea is help users more easily see and approve data sharing.

The issues: By simplifying the user interface, Facebook has removed some of the barriers to users rushing through and sharing information they might decide not to if the process were more deliberate. We’ve heard some developers bring this issue up, although generally a cleaner, centralized interface is seen as a superior form of web design.

Terms of Service Changes

The changes: Facebook has steadily altered its terms of service over the years to be more open. In 2006, for example, the fledgling social network said that “No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.”

Facebook has also evolved its methods of communicating about the changes with users. After a controversial change in early 2009, the company began a new way of introducing changes: It announced proposed changes to users in very obvious ways, like messages at the top of users’ news feeds, and asked for their input. It has since added features that users requested, such as red-lined versions that showed exact edits between drafts.

We’ve covered the recent changes in more detail already. The most relevant one was proposed in late March and finalized in early April. While Facebook had not yet fully launched its social plugins, instant personalization and other privacy-related features, the changes then were meant to reflect them. It said it would share what it calls “General Information” — “your and your friends’ names, profile pictures, gender, connections, and any content shared using the Everyone privacy setting” – with “pre-approved” third parties without asking for user permission first.

The issues: The changes have come under attack from privacy groups and politicians for being a bait-and-switch, considering that the site started out entirely closed and has since gone in the opposite direction.

This is true in a very conceptual sense, but the argument implies Facebook should never be able to change how privacy works on its site, even if it thinks its changes are in the best interest of the users. Many users appear to be fine with terms of service changes that make their data more public if it means they get a better product to use, judging by the results so far.

On the other hand, Facebook’s changes have made some information open that users likely assumed would stay private, such as General Information. Some users don’t want to share who their friends are, their other connections (including which Pages they’re a fan of), or other items on this list.

Changing the terms of service, then, is a paradox in a way that is reflected in Facebook’s product launches. Some portion of users will rightly be upset, yet the changes are necessary if Facebook is going to be able to create products that best serve users. One’s perspective on the matter comes down to whether one thinks the company should prioritize privacy or innovation.

We believe that the company should choose innovation, as we’ll discuss in our follow up article, even though we recognize the inherent issues in doing so.

Also, given the complex trade-offs, Facebook should get credit for its efforts to communicate the changes it does push through. Most companies do not try to explain such changes to their users. While not everyone is going to agree with the specific changes themselves, it is going out of its way to give users the chance to look for themselves, including notices on users’ home pages. This means users can provide comments, or protest, or even quit Facebook before the changes take effect, if that’s what they conclude is best.

Security Issues

Facebook has had a number of bugs pop up over the last several weeks. This is the reality of the company rapidly developing and pushing new products, and something that often happens at growing web companies. While innocent, they reveal some user data, hurting user trust in the company’s ability to preserve their privacy. However, no bugs that we know have have been widespread.

Here’s a quick look at each.

Facebook chat reveals too much: A bug popped up in the company’s instant message service that accidentally allowed users to view the live chats of their Facebook friends, as TechCrunch Europe spotted. They could also see friends’ pending friend requests, and which friends you have in common with the pending friends. We don’t know how many users were exposed, but Facebook took the entire Chat service offline for an hour or so as it fixed the problem. Everything is now working as normal.

Facebook secretly installing apps (or did it?): Macworld discovered that applications were appearing within the “Recently Used” section of Facebook’s application settings without users first installing them. But the applications were only unauthorized in the sense that they were not supposed to appear in this part of the privacy settings. The “apps” were actually instances of users logging in to third party sites via Facebook Connect. The way the platform is structured, each Connect integration is considered an app, even if there’s no actual app on Facebook’s platform. Facebook did not make any change here, no data was shared with the applications that hadn’t been already, and no data was exposed, it said. The bug was so minor that it can not really be considered a privacy or security issue. Social Hacking has an in-depth look at what happened — and didn’t happen.

Yelp security hole reveals Facebook user data: Local review site Yelp is one of the three companies using Instant Personalization, and today it had a security hole that helped make the concept look more dangerous. A web security consultant discovered a way that a malicious site could harvest some personal Facebook  user information that Facebook shares with Yelp by default, including name, email and data shared with “everyone” on Facebook. As with every other security issue having to do with third parties accessing Facebook data, it makes the entire concept look dangerous.

We’ll be analyzing the significance the changes and the issues around them in a follow-up article, providing our view of where Facebook and its ecosystem may be headed.

Social Media 101

Mediabistro Course

Social Media 101

Get hands-on social media training for beginners in our online boot camp, Social Media 101! Starting September 4, social media and marketing experts will teach you the best practices to be successful on social. Hurry, this boot camp starts next week! Register now!

 

Leave a Reply

64 Responses to “Analysis: Some Facebook Privacy Issues Are Real, Some Are Not”

  1. Paul Bannister says:

    Great article, although a little TLDR. Would be great to have a short summary or chart that shows all of the main points as this kind of intelligent analysis has been missing from most of the debate.

  2. Why I think Facebook Has Gone Rogue | CloudAve says:

    [...] [...]

  3. Eldonttellmeno says:

    Eldon, you’re the man, but the Internet is stupid and I think they call this “a whitepaper.” You should definitely slap a price sticker on any analysis this long.

  4. Facebook and Zynga Battle Over Credits — and Bigger Platform Issues says:

    [...] has handled a user privacy around the plugins and a variety of other launches; critics say it has tricked users into revealing sensitive personal information, as we’ve just covered in detail over on Inside [...]

  5. Facebook Privacy Fodder says:

    [...] Eldon of Inside Facebook has a clarifying, level-headed walkthrough of what Facebook’s recent changes (and a security glitch or two) mean for privacy on the [...]

  6. Privacy Concerns says:

    Eric,

    With Facebook’s intentional or unintentional privacy issues (e.g., recent Yelp bugs), do you think users will push back on providing more information, especially financial information like credit card numbers to Facebook?

    How would this impact Facebook Credits?

    I hope no one has to suffer through their financial information being (un)intentionally exposed.

    Time will tell.

  7. Facebook Needs to Find Its Voice on Privacy says:

    [...] rollout of instant personalization features that are opt-out rather than opt-in. (It’s also setting itself up for another maelstrom over user data retention.) Facebook’s privacy controls continue to be way too complicated [...]

  8. Facebook Needs to Find Its Voice on Privacy says:

    [...] rollout of instant personalization features that are opt-out rather than opt-in. (It’s also setting itself up for another maelstrom over user data retention.) Meanwhile, Facebook’s privacy controls continue to be way too [...]

  9. SearchCap: The Day In Search, May 12, 2010 says:

    [...] Analysis: Some Facebook Privacy Issues Are Real, Some Are Not, Inside Facebook [...]

  10. Woody says:

    You say, “Facebook should get credit for its efforts to communicate the changes it does push through,” but you repeatedly write about how confused users are about Facebook’s changes, including not understanding what they are now making public, and what the word “like” means. So which is it? Is Facebook communicating effectively with its users or not?

    To me, this whole piece smacks as an apology for Facebook’s not-so-well-received changes.

  11. Eric Eldon says:

    Your comment smacks of someone who has made up their mind and doesn’t look at other perspectives, Woody.

    I specifically say where I think Facebook has done the right thing or not throughout the piece.

    My obvious response to you is that Facebook has not communicated effectively with its users in many instances, even though it has tried — in ways that go above and beyond what most companies do, regarding its term changes.

  12. Jan Simmonds says:

    This is not just an issue of privacy, it is an issue of ownership. Our data and the contributions made to Wikipedia which are also being raped with our privacy are in the continued gift of audiences/ users. Facebook’s only asset is the inconvenience of migrating to alternative places to communicate, which Google or maybe Diaspora will inevitably now improve. I still believe Facebook’s strategy is flawed in it’s attempt to monetize an ad model rather than accept it has merely and inadvertantly invented a new form of ubiquitious communication medium which we may all have to accept is chargeable. FB’s approach is like BT/ AT&T/ Skype/ Verizon etc. deciding to impregnate our telephone calls with ads based on what we discuss on the phone. I’m impressed though with those publishers who are challenging this as most US publishers are apparently sitting on their hands in case FB gets away with it and they need their ‘likes’. Facebook will inevitably IPO or more likely sell to Microsoft within months (probably to coincide with the ramping movie hype) and their momentum is overwhelming. In my opinion though, it is another Emporer’s new clothes model wherein the graffitti wall format is inelegant and therefore dumbs down any serious brand advertisers and for the social version of adsense, I think advertisers will eventually realise noone clicks on the ads at any serious level. On an 80:20 rule, FB is the 80% and the 20% is outside the platform… this will become increasingly apparent. Or FB is a Chris Anderson ‘Long Tail’ and ‘The Head’ hasn’t properly materialised online yet… (Trad media moving/ converging online…) – Bottom line, is it is our data and Facebook is cashing cheques in essence with something it doesn’t really own. It’s a bit like someone passing round photos of your daughter without asking first. They don’t own the photos and even if supplied in confidence under a relationship of trust, to distribute them without express permission is something I find highly distasteful. I think this is a PR catastrophe for Facebook and their scale may secure them from complete disaster, but they will now have Governments crawling up their backsides and noone will really trust them ever again. All for the sake of old fashioned manners and a little patience.

  13. Consecuencias de tantas reestructuraciones en las políticas de privacidad de Facebook | Facebook en español says:

    [...] Vía | insidefacebook [...]

  14. Spekkio says:

    I think that the profile switch (everything going to Pages) combined with the December privacy policy change (Pages can no longer be private) is the worst of the recent changes. In the USA, it’s totally legal to be denied employment or fired based on legal activities in your private life. And it’s well-known that employers are researching employees and applicants on Facebook. So either you stop using Facebook for legal discussion and activity (i.e. politics) or you risk having that out there and hurting you in the workplace.

    http://libraryomega.blogspot.com/2010/04/facebook-privacy.html

  15. Todd Gardiner says:

    Jan, your analogy about passing around a photo (or even owning data) is off target.

    As a photographer, if I take a picture of anyone, I own the picture. However, use of that picture for commercial or artistic reasons is limited by the model. If I want to make money, I must get a model release.

    In this case, before Facebook can “take your picture”, they have you agree to the terms of service. This is their “model release” and now you have given them permission to pass your photo around.

    However, Facebook does something beyond that. You can put additional conditions on what exactly can be shared and you can even change your mind at a later date. You can even delete your account. They actually give you more choice than the old fashion privacy model.

    As for owning our own data. Umm… I can look up more data on you, for free, with internet searches than Facebook will ever make public. Ever since credit cards were invented we’ve had to trade our privacy and control over our data to companies that make no promises regarding what they do with it. Why do you think you get junk mail in your name at your address?

  16. Why Facebook Can't Win In The Press | On the News | BNET says:

    [...] employment info or music preferences to the public, and yet they still exist for me and my friends. The author simply didn’t take the time or effort to separate fact from fiction. But at this point, facts have gone out the window. Facebook’s failure to get out in front of [...]

  17. Lea says:

    i could tell from the first few sentences that you’re pro fb. why read the rest of your (obviously biased) “analysis” then? best, lea

  18. Laura says:

    My problem is that it takes longer and longer to research to sort the good from the bad from fb anymore to find out what is and isn’t being shared without my permission. Is it really worth it to take so much time to find out exactly which of my settings which are marked private are private no more? I don’t know. I am still using my fb account, but I am seriously wondering if it’s worth my time anymore. I am whittling it down more and more everyday, and eventually, I may just pull the plug. Better to pull the plug now than to suffer the consequences later (and while I am not trying to buy into the privacy paranoia, off the top of my head, I can think of 2 major ways my life could become derailed by the wrong people having access to the things I once put on fb).

  19. FacebookとTwitterの過去と将来―宿命のライバルは衝突コースに入ったか? says:

    [...] 私はこの2週間ほどの間、Facebookのプライバシー問題について投稿された記事をかたっぱしからよんだ。その中にはScobleの極端なプライバシーなんて要らないという意見や、同じくらい極端なJason CalacanisのZuckerbergなんて要らないという意見もあった。TechCrunchではPaul Carrが「Facebookにプライバシー問題などはない、なぜなら始めからプライバシーなんかなかったのだから」と書いた。WiredのRyan Singelは「 Facebookのプラバシーは死んだ、Zuckerbergは自分の作ったものを壊している」と書いた。GigaOmのMathew Ingramは「Facebookのプライバシーは生きていると死んでいるとも言えない。問題は複雑だ」と言いたいらしい。 私の見るところ、Inside FacebookのEric Eldonの詳細な記事がもっとも事実に近いと思う。実際、非常に複雑な問題であることがわかる。 [...]

  20. Facebook’s Open Graph API and Online Privacy | Meshtop Blog says:

    [...] Facebook posted a great review of the current issues surrounding Facebook, Open Graph and privacy.  It’s pretty long, but if [...]

  21. Jan Simmonds says:

    Todd, that’s a fair point, but what concerns me is that the voting age for most countries is eighteen yet Facebook has attracted teenagers on the promise of privacy and then re-modeled the T’s & C’s to suit their cynical strategy. When you get a model release it is a face to face agreement based on a contract at that time, usually agreed in the case of a child, by their parents. Irrespective of whether it’s technically legal, it is certainly immoral. Either way for all of us, if we have to worry suffieciently that we now have to study T’s & C’s so closely then with the trust broken, our DEFAULT consumer choice will be the bird I suspect.

  22. Jay Cuthrell says:

    Eldon,

    First, this is a top notch writeup. The title inclusion of the word analysis is very appropriate.

    While this analysis does not change my decision to exit Facebook, it was thought provoking. Particularly, I agree with your “the company should choose innovation” view but find I cannot be along for that ride.

    The direction of engineering decisions under leadership will have to deliver on clarity and simplicity. The current pundit contrasts drawn of focus group innovation vs. internal vision innovation have to accept that a successful retail device or object is quite a bit different than a service that curates and monetizes transactional data.

    Thanks,
    Jay

  23. Eric Eldon says:

    Thanks, Jay.

    Your departure is Facebook’s loss. But I look forward to our Twitter exchanges, and hopefully more of your comments here.

    I agree that Facebook is doing something inherently different from a company like Apple. The company is still figuring out how to build the right products for how its users want to behave, and it has been a tough process for all involved. They do use focus groups, etc. but I’d imagine they’ll be refining their processes even more going forward to avoid the publicity hits.

  24. Jay Cuthrell says:

    Eldon – Oh, I’ll keep reading. :)

    Also, to be clear, I still have the professional account(s) on Facebook used for testing — be it A/B testing or otherwise — but my personal instance is deleted. Facebook can have digest and disseminate my business account as it represents no impacting information about /me/ as a person. It also allows me to monitor Facebook as I would any throw away email address commonly used as a spamrap [1] or a unique web identity moniker for vanity Google Alerts.

    I can’t ignore that Facebook will still be a marketing toolset used by my own clients for their own business needs — and some with measured success. That’s also why I’m keeping up with your coverage in this area. If they can turn the corner on the publicity hits (to be determined) it will be worthy of coverage and dissection by the tech press and PR firms.

    [1] http://en.wikipedia.org/wiki/Spamtrap

  25. Eric Eldon says:

    Good stuff, Jay.

    Well, I hope to get a Facebook wall post from you next year reminding me about Carousel.

    And please let me know if anything interesting turns up in the spamtrap ;)

  26. Mike Doe says:

    Thanks,

    I am sure now that I never use facebook or recommend it to anyone else. I have Cancer and was looking for a way to respond to many friends and love ones all at once on my progress. So I sit here after reading your break down on Facebook lack of privacy for its users and how it could effect the user in the future. I am so glad i just didnt jump into facebook and started spilling my life online to what I thought would be able to control who would see it.

    Thanks,

    Mike Doe … not even my real name… what sites can you trust these days.

  27. Tom says:

    Eric, as a web developer I really appreciate your site.

    I don’t think Facebook understands how angry their users are about all of the changes this year. If they react to this by assuming that people “just don’t understand” the changes, they will piss off people even more. Facebook users are not dummies. They understand that something has gone wrong. Most of them may not be tech savvy, but when the women start talking about how FB has opened up their information to stalkers and ex-boyfriends, you have a situation where Facebook changes are being discussed in offices, bars and everywhere else.

    Facebook will also delude itself that people aren’t quitting the site in droves. That metric may give the company some comfort, but it’s not the best indicator of how mad users are right now. If Facebook had been another social media service, I would have quit it by now, but with FB, everybody is there. It’s hard to just quit the service without suffering the effects in your personal and social life. But what people are doing is removing information from their profiles and using the service less. I’m seeing more and more of my non-tech friends removing personal info. I also see an increasing number of status updates from people saying that they “will be using FB less” or are “going on hiatus.”

    Facebook just doesn’t get it. Too bad, because they are killing the goose that lays the golden eggs.

  28. Michael Cromer says:

    Your analysis is detailed, and presumably thorough. However, the gist of what you are saying is that mistakes were made, and if Facebook would just communicate better there wouldn’t be a real problem with what they’ve done to date. You aren’t connecting the dots and extending the lines to see where all of this is going.

    Where it is going is pretty scary. A single company is amassing an incredible database of the likes and social relationships of 100s of millions of people. Clearly, their long-term business plan is to allow their partners to mine the database for targeted, exploitative marketing to those naive users. And it’s not clear there are enough laws to stop them.

    Most of the commentators on this subject are compromised because their own business models depend on Facebook’s continued existence. They have to be defenders.

  29. Facebook und die Privatsphäre – Eine Sammlung » tautoko weblog says:

    [...] Analysis: Some Facebook Privacy Issues Are Real, Some Are Not [...]

  30. Facebook: Privacy and Ownership « Steves's Blog says:

    [...] and have never claimed ownership of material that users upload.” (Razzed). But after facing governmental pressure, Facebook has made many changes to improve privacy on Facebook to become a more transparent [...]

  31. The problem with Facebook’s Open Graph isn’t privacy, it’s security says:

    [...] Analysis: Some Facebook Privacy Issues Are Real, Some Are Not (insidefacebook.com) [...]

  32. Does business still value privacy online « Lost Press Marketing Blog says:

    [...] that address some of the issues, but based on past behaviour its a matter of time before they revoke these privacy features and go back down the path of [...]

  33. Adding Facebook Likes and Shares to Your Site | AF-Design says:

    [...] Facebook is currently getting some negative press over privacy concerns, it is still the second most visited site in the US. An estimated 137 million [...]

  34. Facebook Privacy Issues: 5 Must-Read Articles | Get Social PR says:

    [...] Analysis: Some Facebook Privacy Issues Are Real, Some Are Not [...]

  35. New Facebook Privacy Settings To Be Announced Tomorrow « James Van's Career Blog says:

    [...] users to “like” pages. (analysis of this product and others are listed in this article here) While this could create a better web experience for users, it created a backlash amongst many [...]

  36. Facebook privacy? Perhaps. - Olivia's Blog - Butler University says:

    [...] Inside FaceBook Posted Sat, May 29 2010 3:10 PM by BUOlivia Filed under: BBC, technology, information, rant, privacy, Facebook, safety // // // // [...]

  37. Tim says:

    I left FB, Twitter, Myspace, and deleted myself largely from the net for privacy reasons before t FB issues were raised in the media. How many others left before this day? 1/3 of my friends have. I deleted myself from all social networking sites. By simply using the internet, were giving up far too many rights. I was using gmail to compose an email and typed the word “radio”. Before I hit send, adds for radios were everywhere on my side page. This concerns me that in real time my emails, even this comment could be scanned by bots and my data mined out, which it is from the spam mail I get, albeit far far less now. I also do not believe social networking like Facebook is really helping people socially. I would argue it is doing the opposite. People do less outside, they see each other less FACE TO FACE, they accomplish less – unless Farmville counts as an accomplishment these days.

  38. minnie says:

    hello and HELP!!

    after reading through all the various changes that FB has made december through april, i’m still a bit confused as to whether my relationship status was made public by default or not. can anyone confirm whether this is true? i’m facing a potentially frightening situation right now.

    if i linked to a page, did my relationship status become publicly displayed to others who also ‘like’ the page or was my status left for ‘friends only’ to view as i had it set to back in december? if i set it to ‘friends only’ in december, did FB change this to ‘everyone’ in april??

    i’ve had some very troubling activity occur recently, which would lead me to believe that perhaps it was made public, even though i had previously set that info to ‘friends only’. is there anyone here who might know for sure if relationship statuses were made public or not when FB made the changes in april??

    i am very afraid of what potentially could happen to me right now (i have a stalker) and i am *really* hoping that a lapse in FB privacy didn’t cause this. if anyone can offer a better explanation of what was made public, please let me know.

    i’ve pored through these posts on the new changes and can’t seem to find confirmation anywhere as to whether relationship statuses were made public. i am so sick and so scared over this and can’t seem to find the answer to my question anywhere.

    thank you for any help or insight you may have!

    minnie

  39. Killed My Facebook Account | Dreaming Of Beetles says:

    [...] a great analysis of the recent facebook privacy changes. [...]

  40. More Americans trust Tech and Social Media over Traditional Media | Dan Taylor says:

    [...] young adult number one pick Facebook has recently changed their privacy policy do to a backlash from users and privacy watchdog groups when the Palo Alto firm decided to start [...]

  41. Are Privacy Problems Finally Killing Facebook? : : system32.org.uk says:

    [...] finally seeing the backlash from heavy media attention to Facebook privacy issues – some of which were real, some the result of confusion and sensationalism. Regardless of the causes, the age groups that [...]

  42. Is your company an angel or devil online? | Tail Whip Consulting says:

    [...] can be useful to marketers, undisclosed profiling violates consumer rights. Take the debate around privacy on Facebook. For some, this is an evolution of the way we consider privacy online. For others, [...]

  43. AllenJFuller.com · The Hacker Ethic (circa 1984) says:

    [...] the recent Facebook privacy issues, the fact that Diaspora raised over $100k through Kickstarter to create a decentralized social [...]

  44. Facebook Application Authorization Issues - tokio.dish says:

    [...] results. What I do regret now is allowing all of them access to my information (especially when privacy concerns on Facebook are higher than [...]

  45. Mike Mittelstadt says:

    In the lower-left corner of my Windows screen is a “start” icon. When I click it, at the end of a row to the right, is a little arrow labeled “Shut Down.” If I want 100 percent privacy (which is and should be a right in this country) I stay the heck off the Internet.
    If I want electronic contact only with family members and others I have pertsonally hugged or shaken hands with–well, there’s e-mail. And even certain Web forums.

  46. Privacy on the Internet: Don't Blame Facebook and Google | Media Badger, Social Media Research & Consultants says:

    [...] Facebook’s privacy faux pas, they continue to grow rapidly. Google remains the top search engine. Hundreds of millions still [...]

  47. concerns with the internet! | mugz says:

    [...] facebook privacy issues, yes or no.. http://www.insidefacebook.com/2010/05/11/analysis-some-facebook-privacy-issues-are-real-some-are-not… [...]

  48. Jamison says:

    i want anyone reading this post to read all of section 2, 4, and the “Limitations on removal” paragraph in section 7. additionally, to wrap up this collage of legal information, read “To respond to legal requests and prevent harm” as the last title under section 6.
    in summary, section 2 in PP entitles FB to gather information you or your friends post on FB. this could be anything from your profile information to pictures, videos, posts, events, poking, statuses, relationships, pages, applications (platforms), ip address, browser info and location, type of computer (or phone), and pages you visit. lets also not forget that it gathers any information yours friends put on FB about you.
    before moving onto sect. 4, note that platforms (indp. of FB) and ads (even w/o clicking on them) can gather any information on you. however FB put in legal statement restrictions to prevent limitless information absorbing under penalty of losing partnership (this doesn’t stop them however once the deed is done)
    section 4, at the beginning allows websites you visit or applications your run to access your general Information. i bet the average (or below average (but aren’t they all?)) FB user doesn’t know this. intended or unintended information is being sent out to every website and application in existence regarding (or without regard to?) the users.
    now sect. 7 and then i have something that will blow your top off in sect. 6. “Limitations on Removal” clause allows FB to “retain certain information to prevent identity theft and other misconduct” after the request for account deletion. but isn’t that ambiguous? any information you put on FB can deter indentity theft like a freaking barcode! this allows FB to store any info indefinitely. but let us not forget that FB is greedy and is mutually partnered with ad campaigns and platform designers. FB subtly included a clause at the end of 7 that allows them to retain any info they have gathered about the user, this not only, but websites that already have your general information, LIKE YAHOO!!
    now for the section 7 center ring, keeping in mind all the powers listed previously. FB although american born feels like it has an obligation to other national powers. i quote: “We may disclose information pursuant to subpoenas, court orders, or other requests (including criminal and civil matters)…This may include respecting requests from jurisdictions outside of the United States where we have a good faith belief that the response is required by law under the local laws in that jurisdiction, apply to users from that jurisdiction, and are consistent with generally accepted international standards. This may include sharing information with other companies, lawyers, courts or other government entities.” So those of us with citizenship can have FB unknowingly disclose their information to foreign entities at their own discretion.
    i have presented the facts. but what harmfull things have/will happen/ed under FB legal PP jurisdiction? wider access to general information by stalkers, social engineering malware/spyware/viruses, direct lines of investigation by foreign powers (or any entity FB deems as necessary to have your personal information *cough* (blackmail or personal information bidding?))

  49. Duncan Marrufo says:

    Hallo Dude , i with Your site. LOL Please come to my blog

  50. The Social Network – what are the societal consquences? | The Wittman Technology Meme says:

    [...] are the consequences of such social connections and interactions? We know that privacy is a big issue with Facebook. Some people reveal all and then regret it. But in cyberspace, [...]

  51. Anon says:

    What about the ability to report abuse when someone violates the TOS by publishing identifiable information belonging to someone else?

    Case in point, someone took a picture of a person they met in a club and posted it online. The name, street, birthdate, picture, complete.

    I have reported it as abuse, but the abuse option doesn’t allow for explanation to person’s identity.

    In another instance, the same person posted a video of a child that was not hers. The video makes fun of the way she talks. Because the parents and the child are not on FB, FB chose to leave it because the parents never complained.

    Intellectual property seems to be ignored even though the FB user is asked if they have a “right” to upload a photo.

  52. Devv says:

    Facebook though is a great means to connect to friends and generate a network, nowadays it has become more of an instrument of show-off. Everybody is in a hurry to upload the information first, not with the intention of sharing but to get that hero’s credit. Wow what a guy!! Knows so much! And for some they are ready to flaunt their lives and its happenings, giving some interesting, spicy, peppy talk. When paparrazi isn’t behind, why not be your own news channel to give coverage. :)

  53. Cleo Weniger says:

    This is actually among the list of far better posts with people who Concerning stay with me that subject matter of late. Fantastic function.

  54. INFO Kappa » Stiri din lume IK 403 says:

    [...] Analiza problemelor de secret personal/intimitate de la Facebook: http://www.insidefacebook.com/ [...]

  55. Facebook Tests Engagement Ads for Charities | Charity Star says:

    [...] “Movember Connect Application”. This means Movember.com has effectively been given a form of Instant Personalization. Facebook has provided special privileges to non-profits in past, allowing Causes users to Like [...]

  56. Philips Kopen says:

    Small price to pay, can’t do anyting about it, can we?

  57. Goodbye Facebook! « Pray Live Love Breathe Write says:

    [...] Then there are the facebook discrepancies in what they say they do with your information and what is really going on behind the scenes. I am not going to bore you with all the details, but it is enough to make me nervous about my personal life going out in the vast openness of cyber space. The concern about privacy is as individual as all  the people using facebook. Some folks do not care about privacy, others do.  Educate yourself and decide if it is a concern for you. Here are just two of many articles discussing the topic Facebook Privacy Concerns and Inside Facebook. [...]

  58. Facebook’s Publishes Re-Imagined Privacy Policy for the Average User says:

    [...] April 2010, Facebook redesigned its privacy controls and pushed users through a privacy transition tool to make their interests public. Confusion and negative press led it to another redesign in May that [...]

  59. The Technology newsbucket: Firefox boss quits, Better government through code, Apple censorship and plenty of Oatmeal says:

    [...] Analysis: Some Facebook Privacy Issues Are Real, Some Are Not – Inside FacebookA great overview of Facebook’s long-running struggles. [...]

  60. Mark Zuckerberg’s Comment on Sharing (start at 0:26 – stop at 0:39) « brianonglw88 says:

    [...] Eric (2010), ‘Analysis: Some Facebook Privacy Issues Are Real, Some Are [...]

  61. The Future of Telemarketing | loweflow says:

    [...] mobile technologies such as the Iphones ability to record movements and locations. Combined with facebooks wealth of personal data, and tracking software such as google analytics . Targeted marketing will become much more aggressive than the telemarketers [...]

  62. Too many terms of service « The Journeyler says:

    [...] [Link] [Accessed: 10 February 2012] ↩Share [...]

  63. Innovation in assembly | Web 2.0 Applications says:

    [...] http://www.insidefacebook.com/2010/05/11/analysis-some-facebook-privacy-issues-are-real-some-are-not… [...]

  64. What Facebook's Facelifts Mean for Entrepreneurs | Noobpreneur.com says:

    [...] you react? Of course, the last thing you want is to lose a line of communication with customers. Understand the risks many now see in using Facebook and react [...]

Get the latest news in your inbox
interested in advertising with inside facebook?

Social Media Jobs
of the Day

Senior Social Media Strategist

Current
Chicago, IL

Community Manager

Uncharted Play
New York, NY

Social Media Editorial Fellowship

Brooklyn Magazine
Brooklyn, NY

Assistant Social Media Editor

The Daily Dot
New York, NY

Communications Specialist

National Nurses United
Oakland, CA

Featured Company

Join leading companies like this one and recruit from the nation's top media job seekers on the Mediabistro Job Board. Every job post comes with our satisfaction guarantee. Learn More
 

Our Sponsors

Mediabistro A division of Prometheus Global Media home | site map | advertising/sponsorships | careers | contact us | help courses | browse jobs | freelancers | content | member benefits | reprints & permissions terms of use | privacy policy Copyright © 2014 Mediabistro Inc. call (212) 389-2000 or email us