Analysis: Some Facebook Privacy Issues Are Real, Some Are Not
Facebook has consistently pushed its users to make more personal information public over the last several years. It believes doing so will allow it to offer better products to users, and the marketers and developers who want to reach them.
But some users, privacy groups and politicians have matched its moves with vocal protests, lawsuits and more recently, official investigations. The controversy only appears to be intensifying.
Below, we’ll closely examine the Facebook privacy issues being debated, from social plugins to Instant Personalization, to the terms of service changes, and many others besides. We’ll provide a straightforward description of what each change was, followed by our analysis of how serious the issues are around each change.
We’ll follow up in a separate article with our broader conclusions about the changes, the issues and what they mean for Facebook, its users, and everyone else. Before we delve into the specifics, here’s a quick overview of the new risks, and some background.
Some criticism of certain aspects of these launches seems fair, like the way that Facebook directed users to make profile interests public. But some people also seem bewildered by the sheer number and complexity of the changes, and are assuming the worst about all of them as a result.
Fairly or not, critics are advocating for regulations or other forms of restrictions on how Facebook handles user privacy, and are even recommending that users leave the site.
The issues are creating new risks not just for Facebook users, but for the company and its ecosystem of developers and marketers.
One risk is that a significant number of people actually do stop using Facebook completely, possibly out of fear of how their data might be used, but also because they are fatigued by the constant changes. This hasn’t happened yet, despite many critics predicting that it would over the years. But there could still be a tipping point, where the build-up of issues finally convinces people to leave en masse.
The other risk is that agencies from national governments, particularly the United States’ Federal Trade Commission, impose stiff new regulations on what product changes that Facebook can make going forward, thereby limiting its ability to improve its products.
This Is Not a New Debate
This round of Facebook changes is arguably not any more significant than past privacy-related ones — like the launch of its news feed, Connect, the application platform, Beacon, the altered publisher tool, and the regularly edited terms of service, to name a few. But the stakes have risen.
Facebook has grown to be the largest social web sevice in the world, with nearly 500 million monthly active users by our most recent estimate. It has turned a profit, and now it appears to gradually be moving towards an initial public offering.
The company is typically aggressive about how it is trying to become more open. Sometimes it moves hastily, or provides an unclear interface, or pushes users to do things that some of them don’t want to do. It has had these sorts of problems before and it has gotten a lot of criticism as a result — Facebook’s critics of today have had years to hone their techniques.
The news feed was met with user outrage when it launched years ago, because Facebook aggregated data about users’ activities in an easy to view way. Even though the data it used was available already, users felt betrayed because that availability became far more obvious. But everyone got used to it, and the news feed has become Facebook’s main avenue for sharing information; in fact, it has been so successful that many other companies have built similar products to help users process information more easily. Facebook overcame users’ gripes, and that success seems to have given it the confidence to keep pushing regardless of criticism.
But Facebook has not been entirely successful in blowing through criticism. Its doomed Beacon advertising system, for example, tracked users’ activity across the web and shared it with their friends without asking permission to do so. The idea sounded promising — but the product itself violated user privacy. Facebook dropped the service eventually, after damaging months of public attacks and multiple ongoing lawsuits (some frivolous, of course).
The company has not been immune to governmental pressure over the years, either. It was forced to accommodate changes from the Canadian privacy commissioner last year. The changes to privacy features in December and the streamlined permissions dialogue introduced last month were, in part, efforts by the company to comply with the commissioner’s requirements.
Facebook’s moves in December set the stage for the current controversies. The main issue was that it required users to go through a transition tool (pictured) that set them up with new privacy settings. The process was confusing to many, and it directed users to make more information public in ways they might not have understood.
Privacy groups had a field day at that point — issues like these allow them to show themselves as fighting for the public good against powerful, selfish interests. Following waves of press coverage, ten of them filed a complaint with the FTC against Facebook. The FTC said it was looking at the situation, but it hasn’t said much since. Meanwhile, other governmental bodies, like the European Commission, have begun investigating on their own.
But these issues, like all the ones before them, have yet to hurt Facebook’s traffic. The most recent measurements from March and April show it booming in the US and around the world, as we’ve covered here and here.
So far, none of the late April changes have had significantly bad results, either. There are no reports of users being harmed as a result of them, and Facebook itself tells us that traffic is up by nearly every measure following the launch.
We examine what the specific changes were below. Then we look at how people have responded, and whether their complaints are well-supported or not. In a follow-up article, we conclude with our view of how all the issues add up to impact Facebook — or don’t.
Personal Profile Information and Privacy Settings Change
The changes: On April 19, two days before major product launches at its f8 developer conference, Facebook introduced a significant update to how people can express interests in their profile.
Some users have extensively filled out their profiles with a wide variety of personal information, including their work and education history, and interests like music, movies and books. The company suggested that users automatically re-categorize their interests (though not other private personal information) into publicly-available Pages, so that a user from San Francisco, for example, would display that city’s Page.
If users didn’t want to do this, their other option was to delete the information completely or re-add it in the “Bio” field — neither of which were clearly pointed out.
Users were presented with a transition tool that asked them to add these Pages to their profiles. It featured two big buttons on the lower right: “Link All to My Profile” and “Ask Me Later.” The third option, “Choose Pages Individually,” was relatively de-emphasized. It was a link without a button, in smaller text than the other two, and over on the lower left part of the window. Explanatory text at the top of the tool said that the information would be public.
Adding a layer of complexity to this change were two more that Facebook pushed out at the same time. It re-arranged user privacy settings, a move based on the terms of service change it introduced at the beginning of April (we’ll look at the terms further down). Facebook made what it calls “General Information” public, with no option to hide it, as part of that terms change. This includes your and your friends’ names, profile pictures, gender, connections, and any content shared using the Everyone privacy settings. The only other option is to not provide this information in the first place, or delete it if you already had.
What Facebook did decide to keep private for users is key personal information — everything not defined as General Information — which it moved to a new category in its privacy settings, called Personal Information and Posts. This includes users’ biographies, birthdays, sexual preference, religious and political views, photo albums, your own posts, the ability for friends to post to your wall, the visibility of friends’ posts on your wall, and comments on posts on your wall.
The other category in privacy settings includes what Facebook has newly defined as “Friends, Tags and Connections.” This information can be private in nature, but it includes a social element; your friends also can decide whether or not to reveal the fact that you’re friends with them. They can decide to tag you in a photo or video, and so forth — you can decide to untag the photo, but you can’t delete the photo itself because it belongs to them. The complete list of information in this section includes: friends, family, relationships, photos and videos of yourself, current city, hometown, education and work, activities, interests and things you like.
Facebook makes this information public by default. You can hide it on your profile from anyone who visits, but you can’t hide it on the Page you’re connected to.
Finally, Facebook created a new category of Pages called Community Pages. These are non-commercial Pages for things like causes, ideas or internet memes, and they are more limited in nature. They don’t have owners and do not include some options, such as publishing to fans’ news feeds. Users who had items in their personal information section that did not match with existing Pages had those items converted to new Community Pages.
The point of all of this is to make it easier for users to find and share their interests with each other — which is what Facebook exists to do in the first place.
The issues: The three changes — the profile transition, the privacy settings switch and Community Pages — resulted in what appears to be a high level of user confusion, and criticism from privacy groups and politicians, including four US senators.
From some users’ perspectives, it was not clear why lists of personal interests and other details should suddenly turn in to Pages. Facebook users have already had the option to become fans of Pages, but that process was purely opt-in because you had to go to a Page and select the option yourself.
Facebook purposefully minimized the option for users to individually edit the Pages within the new transition tool. Instead it directed them to convert everything. If users did not read the tool carefully — which is a reality of how most people use the web — they clicked through and then discovered what had happened.
The company does not provide flexibility for them to do anything besides make the information public in its transition tool and privacy settings, or remove the information altogether, or re-add it in the user “Bio” section (which can be kept completely private).
“We recognize there has been confusion on this point and are creating more material on the site to explain all of the options people have,” Facebook tells us.
The other catch here is that some users had previously selected some of this information to be private. The transition tool did clearly warn them that the information was going to be public, but it did not state that their privacy settings would be automatically altered to reflect this fact, an issue we noted at the time.
The addition of Community Pages further confused the situation. Some users, for example, said they had previously listed their own businesses as interests, only to discover that they inadvertently created a Community Page for their business that they now have no control over. They can’t delete it and they need to go through an appeal process to make it an official Page they can control.
When we asked Facebook about the transition process, the company says that less than 20% of its users had filled out the profile information, while more than 70% had already connected to Pages about their interests. It says this is one of the main reasons it made the changes. It also notes that users who had filled out interests before had not had the option to add them as Pages, instead.
The changes do not amount to outright deceptions, but they are misleading to the portion of users who have filled out their interests assuming everything would stay private. Facebook’s rationale is understandable but so are the negative reactions.
Social Plugins and the Open Graph
The changes: Facebook introduced new ways for other web sites to integrate site features at f8 through a set of five widgets, each with specific functionality. If you’re logged in to Facebook, you can immediately see information about your friends and what they’re up to on other sites. You can go to many news sites today, like CNN, to see the widgets in action — or “plugins” as Facebook calls them — and then see what news articles your friends are sharing.
Facebook’s intent is to allow users to get more value out of other web sites by seeing what their friends are sharing, and by sharing more information with their friends — and in doing so, it is also trying to make the sites themselves more valuable.
The plugins also allow you to share information back to Facebook. The main one is called the Like Button. It takes Facebook’s Like feature and allows developers to provide it on any web site. So you can be reading a news article, click on the “Like” button above the article, and immediately share a link to it on your wall and in your news feed.
Facebook does not provide user data to sites that use the Plugin. It keeps everything on its own servers, similar to how embeddable YouTube widgets show videos that are hosted on YouTube.
It also launched what it calls the Graph API. This allows developers to access a wide range of user data. General Information and other data that users have disclosed is readily available, and developers can request more through special permissions.
Developers can also get additional access to users through the Open Graph Protocol. They can publish updates to any user who has Liked an item. And they can create their own version of the Like button that doubles as a way to have users become fans of their Page.
The issues: Seeing a friend’s profile picture and shared stories appear in a widget on another site might surprise some people. Much of the controversy over this issue revolves around what data is being shared with third party sites.
However, the plugins are designed so that no data is shared with third party sites by default. Some people have misunderstood how the plugins work, though, and claim that data is being widely shared.
Facebook does track users who visit sites that have its widgets, but it has had various widgets available for years that it tracks, and it has not done anything differently with the new plugins, at least in their simplest implementations.
The company, along with Google, Yahoo and many other market leaders, tracks users through browser cookies and a range of other legal methods. Some other web companies have provided more transparency around this process, but only after governmental pressure — most of the industry is still opaque about its practices. However, proposed congressional legislation could more broadly impact how web companies use and share data.
So, Facebook is not doing anything especially controversial here, with some caveats.
All General Information (remember, your friends list, your gender, etc.) is available to third parties through the Graph API, for services like search. This includes anything that users have inadvertently made public. The privacy issue here is not about the Graph API — it’s about how Facebook requires or leads users to make information public in the first place. There’s no way to make General Information private. Users just have to delete it.
Facebook has been making more data available through altering its privacy settings, which it has given itself permission to do through changes in its terms of service. As we covered above, the transition tools in December and in April didn’t always clearly inform users of what they were making available. The term changes have been somewhat clear, as we’ll get into below, but it’s likely that many users didn’t pay attention.
The last point about how the Graph API works is also a cause for concern. Developers can get access to publishing to a user’s stream, for example, even though users are not told about this.
In sum, Facebook should not be criticized for the fact that it offers these new social plugins. But it does deserve criticism for not clearly explaining to users how the features can be used by developers.
The fact that “Like” has more than one meaning is also a real issue here.
The Meaning of Like
The changes: Facebook first introduced the “Like” feature as a way to show your appreciation for things like a friend’s smart status update, last year. However, it broadened the meaning of “Like” along with its other changes. Instead of a button on Pages that invites users to “Become a Fan,” it asks them to Like Pages.
This means that users are not just sharing links to the Page on their wall and news feed — the actions that clicking “Like” has generated up until this point. Instead, users are becoming fans of the Page. Anyone can view all of a Page’s fans. The result is that some users might see a Page and click Like because they think they are simply sharing the Page with their friends, when it reality they are becoming fans of the Page. Users’ other option is to end their connection to the Page.
The point of the change is to make “Like” a universal term for expressing interest and sharing information, cueing users to do so more often.
The issues: There has been limited concern about this redefinition among those critical of other changes. However, it is not clear if users understand or appreciate the difference. Along with the confusion about Community Pages, users may be reacting by actively “Unliking” Pages, as we recently covered.
The confusion is compounded by the fact that using the Like Button to like a page can make the user a Fan of the page or enable the page to share items to their stream, without informing users first.
The changes: Facebook is also testing a way of pre-approving third parties to get access to user information, something it calls “Instant Personalization.” You can see the service live on Yelp, Pandora and Microsoft’s new Docs online word processor service; it is set to expand to other parties.
The point is to make sites valuable to users through providing relevant social context, without asking them to do anything first.
The default for Instant Personalization is that Facebook automatically shares users’ General Information with partner sites. When they go to one of these sites for the first time, they’ll see a blue bar at the top of the site that includes links explaining how the service works, and a button that lets them opt out, which requires a few steps. Unless they go through the process of opting out, they’ll also see each site populated with their General Information, including views of information their friends are sharing on the site.
Opting out isn’t easy. You first need to go to Privacy Settings, then Applications and Websites and the Instant Personalization Pilot Program link. Once there, you need to unclick the box at the bottom that says “Allow select partners to instantly personalize their features with my public information when I first arrive on their websites.” When you do this a pop-up will ask you to confirm your decision. The other option is to visit each of these sites and opt-out individually by clicking “No Thanks” on the blue bar.
The issues: A number of privacy groups and politicians have come out against the move. This is hardly surprising because Facebook is clearly sharing some data without user permission. And, since launching the feature, Facebook has made the process for opting out more complicated, as the Electronic Frontier Foundation details.
However, the company carefully manages the data-sharing process, and it has made serious efforts to tell users exactly what is going on and what they can do about it. The move is bold on Facebook’s part. But it prepared itself legally through publicly altering its terms of service around the concept, earlier in April (see below). And, the user interface does clearly explain what users are seeing.
It also says it has no plans to expand this test at present.
The changes: Facebook previously required that developers not store user data for more than 24 hours. It has now changed its policies to allow them to store data indefinitely. If users want developers to remove the data, they are required to do so — except for anything that is public by default, like General Information.
The issues: This is another hot one for privacy groups and politicians. The concept of unlimited data storage sounds scary — who knows what those developers are doing with that data?
But the reality is that Facebook users already decide to share data with third parties when they do things like install social games or other applications, or sign in to a web site using their Facebook identity. The new policy might sound scary, but it’s not much different than how the platform has worked for years.
The change is more of a technical decision to make development easier. Many companies lack the resources to constantly ping Facebook servers for data; some, without intending to do anything wrong, have already stored data for longer than 24 hours.
The bigger issue, as we’ve mentioned before, is that there are increasing reports of rogue applications and others who scrape and store Facebook user information then resell it on the black market for any number of purposes, from online lead generation to phishing and other scams. The extent of the problem is not well-understood, but Facebook appears to lack means to control third party redistribution of its data beyond doing things like suing companies or kicking them off of its platform.
The changes: Along with other launches at f8, Facebook added a simplified user interface for developers to request private information from users. Before, users had to click through a series of dialog boxes to approve data-sharing. Now, developers can list all of the data they’re requesting in one box, and have users approve it with a single click. If the developer asks for their email, users can edit which to provide in the interface.
The idea is help users more easily see and approve data sharing.
The issues: By simplifying the user interface, Facebook has removed some of the barriers to users rushing through and sharing information they might decide not to if the process were more deliberate. We’ve heard some developers bring this issue up, although generally a cleaner, centralized interface is seen as a superior form of web design.
Terms of Service Changes
The changes: Facebook has steadily altered its terms of service over the years to be more open. In 2006, for example, the fledgling social network said that “No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.”
Facebook has also evolved its methods of communicating about the changes with users. After a controversial change in early 2009, the company began a new way of introducing changes: It announced proposed changes to users in very obvious ways, like messages at the top of users’ news feeds, and asked for their input. It has since added features that users requested, such as red-lined versions that showed exact edits between drafts.
We’ve covered the recent changes in more detail already. The most relevant one was proposed in late March and finalized in early April. While Facebook had not yet fully launched its social plugins, instant personalization and other privacy-related features, the changes then were meant to reflect them. It said it would share what it calls “General Information” — “your and your friends’ names, profile pictures, gender, connections, and any content shared using the Everyone privacy setting” – with “pre-approved” third parties without asking for user permission first.
The issues: The changes have come under attack from privacy groups and politicians for being a bait-and-switch, considering that the site started out entirely closed and has since gone in the opposite direction.
This is true in a very conceptual sense, but the argument implies Facebook should never be able to change how privacy works on its site, even if it thinks its changes are in the best interest of the users. Many users appear to be fine with terms of service changes that make their data more public if it means they get a better product to use, judging by the results so far.
On the other hand, Facebook’s changes have made some information open that users likely assumed would stay private, such as General Information. Some users don’t want to share who their friends are, their other connections (including which Pages they’re a fan of), or other items on this list.
Changing the terms of service, then, is a paradox in a way that is reflected in Facebook’s product launches. Some portion of users will rightly be upset, yet the changes are necessary if Facebook is going to be able to create products that best serve users. One’s perspective on the matter comes down to whether one thinks the company should prioritize privacy or innovation.
We believe that the company should choose innovation, as we’ll discuss in our follow up article, even though we recognize the inherent issues in doing so.
Also, given the complex trade-offs, Facebook should get credit for its efforts to communicate the changes it does push through. Most companies do not try to explain such changes to their users. While not everyone is going to agree with the specific changes themselves, it is going out of its way to give users the chance to look for themselves, including notices on users’ home pages. This means users can provide comments, or protest, or even quit Facebook before the changes take effect, if that’s what they conclude is best.
Facebook has had a number of bugs pop up over the last several weeks. This is the reality of the company rapidly developing and pushing new products, and something that often happens at growing web companies. While innocent, they reveal some user data, hurting user trust in the company’s ability to preserve their privacy. However, no bugs that we know have have been widespread.
Here’s a quick look at each.
Facebook chat reveals too much: A bug popped up in the company’s instant message service that accidentally allowed users to view the live chats of their Facebook friends, as TechCrunch Europe spotted. They could also see friends’ pending friend requests, and which friends you have in common with the pending friends. We don’t know how many users were exposed, but Facebook took the entire Chat service offline for an hour or so as it fixed the problem. Everything is now working as normal.
Facebook secretly installing apps (or did it?): Macworld discovered that applications were appearing within the “Recently Used” section of Facebook’s application settings without users first installing them. But the applications were only unauthorized in the sense that they were not supposed to appear in this part of the privacy settings. The “apps” were actually instances of users logging in to third party sites via Facebook Connect. The way the platform is structured, each Connect integration is considered an app, even if there’s no actual app on Facebook’s platform. Facebook did not make any change here, no data was shared with the applications that hadn’t been already, and no data was exposed, it said. The bug was so minor that it can not really be considered a privacy or security issue. Social Hacking has an in-depth look at what happened — and didn’t happen.
Yelp security hole reveals Facebook user data: Local review site Yelp is one of the three companies using Instant Personalization, and today it had a security hole that helped make the concept look more dangerous. A web security consultant discovered a way that a malicious site could harvest some personal Facebook user information that Facebook shares with Yelp by default, including name, email and data shared with “everyone” on Facebook. As with every other security issue having to do with third parties accessing Facebook data, it makes the entire concept look dangerous.
We’ll be analyzing the significance the changes and the issues around them in a follow-up article, providing our view of where Facebook and its ecosystem may be headed.