The Federal Trade Commission announced a settlement with Facebook this morning over charges that the social network deceived users by failing to honor privacy agreements.

Under the agreement, Facebook:

• cannot misrepresent the privacy or security of users personal information;
• must get user consent before releasing changes that override existing privacy settings;
• must prevent people from accessing a user’s material no more than 30 days after that user has deleted their account;
• has to establish and maintain a privacy program that addresses risks that come with “the development and management” of products and services and that protects the privacy of user’s information;
• and — within 180 days and every two years afterward for the next 20 — must seek out third-party audits verifying that the privacy program is in place and that it satisfies the FTC’s order.

The agreement comes nearly two years after the American Civil Liberties Union and the Electronic Frontier Foundation raised concerns over Facebook’s 2009 changes to its privacy settings that exposed personal information — namely profile name, profile picture, list of friends, current city, gender, networks, and Pages — to a larger audience than the social network previously allowed. Earlier in 2011, it was reported that Facebook would settle with the FTC over charges that these changes deceived users and violated their privacy — making any changes that retroactively expose user data an opt-in instead of a mandatory change.

At this point, Facebook would have to take pretty intentional steps against the terms of the agreement to cause the FTC to pursue action against it again. In the last year alone, Facebook has also added or changed many features that affect privacy in ways that address the FTC’s complaint — like protecting user IDs from falling into the wrong hands.

In a Facebook response post to the agreement, Mark Zuckerberg says that he feels the platform has a positive track record for providing transparency and control over privacy settings.

“That said,” his post reads, “I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done. I also understand that many people are just naturally skeptical of what it means for hundreds of millions of people to share so much personal information online, especially using any one service.  Even if our record on privacy were perfect, I think many people would still rightfully question how their information was protected. It’s important for people to think about this, and not one day goes by when I don’t think about what it means for us to be the stewards of this community and their trust.”

Zuckerberg also announced that Erin Egan will become Chief Privacy Officer, Policy and that Michael Richter will become Chief Privacy Officer, Products.

During a media call in session with the FTC, Chairman Jon Leibowitz, Bureau of Consumer Protection Deputy Director Jessica Rich, Division of Privacy and Identity Protection Associate Director Maneesha Mithal, and Division of Privacy and Identity Protection Staff Attorney Laura Berger explained carefully that the settlement does not count as a ruling that Facebook violated the law in changing its privacy settings or that it knowingly shared private user data with advertisers. They also stressed that, while this order is very broad, it prohibits any deception about privacy in the future whenever Facebook introduces changes or updates.

Facebook, Google Pair Up to Fight Anti-Piracy Law – The House Stop Online Piracy Act proposal has brought together Facebook, Google and other companies in an effort to prevent the passing of the law that companies say will place the onus of protecting against piracy on them.

Facebook IPO Rumors Swirl – Business Insider reported that Facebook employees are reporting that CEO Mark Zuckerberg has said the IPO is coming soon, as early as next month.

Porn, Violence a Recent Problem – Facebook acknowledged to ZDnet this week a series of problems with unwanted pornographic or violent content showing up in their news feeds. The Wall Street Journal reported that it was a “coordinated spam attack” coming as the company ramps up to release Timeline.

FCC, Facebook Settle Over Privacy Issues – The Federal Trade Commission and Facebook reached a settlement over privacy issues, even as the FTC encourages people to Like them on Facebook.

Facebook’s Name Policy Hones in on Salman Rushdie - Writer Salman Rushdie became a target for Facebook’s real name policy this week. After the author took to Twitter to protest the deactivation of his account, the company restored his profile. The New York Times writes about the dilemmas caused by this policy in today’s world. [Image Via david_shankbone]

Google+ Works with Page Management Companies – Google announced last week the creation of Google+ Pages for brands to share information with users on Google+ and Page management companies like HootSuite, Context Optional, Vitrue and Buddy Media are set to work with brands on managing this new platform.

Orange Launches Facebook Phones – Orange is set to release three affordable Android smartphones for customers who heavily use Facebook.

Dems, GOP Participating in DC Hackathon – Congressional members from both parties are set to participate in the first ever DC Facebook Hackathon to find new ways to use social media in the political process. [Image Via Facebook]

Creepy Zuckerberg Fan Appears at Carnegie Mellon – A student at a recent Mark Zuckerberg appearance at Carnegie Mellon University instilled fear in the audience, and CEO, when he made some creepy and cryptic comments. The student apparently snuck into the venue the night before to place some speakers under Zuckerberg’s seat.

PayPal Releases Facebook Payment App – PayPal released a Facebook app, Send Money, that allows users to send money to friends without a fee.

Other Announcements:

Coupons.com for Pages – Coupons.com released its Brandcaster Social platfor to allow brands to create secure, printable coupons directly on their Pages in 48 hours or less.

Napkin Labs Brings Crowdsourcing to Pages – Napkin Labs’ Brainstorm app allows brands to gives brands a way to get feedback from fans anything from new products to coming changes.

NASCAR, ESPN to Livestream Driver’s Camera -  NASCAR and ESPN announced that the two will provide a livestream of driver Tony Stewart’s live in-car camera on Facebook during the season finale on Sunday, November 20.

Facebook is close to settling charges by the Federal Trade Commission that it deceived users about privacy changes, The Wall Street Journal reports. The settlement would “require Facebook to obtain ‘express affirmative consent’ when it makes ‘material retroactive changes’” to private user data. In other words, sharing-related privacy changes will now be up to users to opt into — Facebook won’t be able to force people to either make more data available, or have to “opt out” of using Facebook.

The specific issue is that Facebook changed its privacy policies in late 2009, forcing all users to make some information public that it had previously said would not be made public. Until that point, Facebook’s policy had said that “you choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the Privacy page.”

That November, it announced that some of this information – profile name, profile picture, list of friends, current city, gender, networks, and Pages — would be made public as part of a privacy policy change. And it was, that December, causing an outcry among some users and privacy advocates, and getting the FTC’s attention.

While both the November policy change and December product update stated what the changes were, many users still didn’t comprehend what was going on — especially because Facebook had not previously told them to expect such changes. Further issues, like Facebook making all Liked Pages public in April of 2010, or more recently offering a face-targeting service, have added to the perception among some that Facebook is not prioritizing privacy.

The settlement, which Facebook isn’t commenting on right now, appears to create new limits around what Facebook might launch in the future. It would be precluded from doing anything like that December 2009 product change, for example. In addition, Facebook will be subject to independent privacy audits for the next 20 years, although it’s currently unclear who the auditors would be or how they would hold Facebook accountable.

Facebook’s side of this story is that it has needed to revisit out the right balance of public/private as its service has evolved, and as cultural expectations around privacy have changed. When the company first launched on college campuses, the whole point was to offer a private community. Today, some use the site for sharing content more publicly.

If the FTC had acted earlier, maybe it would have precluded Facebook from creating more value for users (a key risk that the company created for itself due to its decisions). For example, if some large portion of users had chosen not to make their profile photos and names public, Facebook’s social plugins would be able to show significantly less relevant social information to other users.

But at this point, Facebook appears to have gotten its main privacy changes completed, and we’re left wondering what the FTC will have left to enforce.

Swedish Govt May See All Data in New Servers – Sweden’s 2008 law, FRA, allows the government to see any Internet data passing its borders without a warrant. Since the company is set to build a data center there, this potentially means Facebook users’ data could become a target of this law, according to a report.

Cogenra Solar to be Installed at Facebook’s CA HQ – Cogenra Solar is set to install a renewable energy project at Facebook’s new headquarters in Menlo Park, California. According to a statement, the project will provide on site electricity production, hot water, and be integrated into the top of the building’s fitness center to power gym equipment, light and water for the showers.

Most Expect Candidates to be on Social Media – Digitas released a study this week noting that 61% of social media users expect to see candidates on social media platforms like Facebook.

Facebook Seattle Changes Offices - Facebook Seattle is changing office location. There are currently 60 employees but room for up to 200.

Facebook Not Worried About Messages Threat – CDW consultant Nathan Power found a way to send a malicious attachment to other Facebook users. Facebook responded that this threat is no different than the ones faced by other email providers, and requires “an additional layer of social engineering.“ Plus, there are easier ways to get malware to users.

Ceglia Ordered to Return to the U.S. – Paul Ceglia, who claims to own half of Facebook, had fled to Ireland but was ordered by a federal judge to return to New York in order to search for a missing flash drive which may contain pertinent evidence. Ceglia claims the flash drive was lost.

NATO Uses Facebook to Announce Libya Pullout Plans — The Libya commander for the North Atlantic Treaty Organization, Admiral James Stavridis wrote on his Page today that “I will be recommending conclusion of this mission to the North Atlantic Council of NATO in a few hours.” Wired has more.

Irish Government Considers Fine for Facebook’s Data Retention Policies – This follows revelations that Facebook has continued storing data that users had already deleted, as we covered in detail recently. A commission of the Ireland government (where Facebook’s regional headquarters are based) is investigating if any local or regional laws were broken, and may fine Facebook if it turns out that they were.

Facebook Preferred Developer Consultant Program Concludes Latest Round - The company says it will announce more details about the next submission round later this month. The program lets developers go through a voluntary approval process in order to receive its endorsement — “What separates a Preferred Developer Consultant (PDC) from most other development firms is the ability to understand social mechanics and technical possibilities on Platform,” in Facebook’s words — as well as a place on its Preferred Developer page.

Facebook’s Taylor Says Most Users Change Privacy – Most users of Facebook have altered their privacy settings, Facebook chief technology officer Bret Taylor said at a conference earlier this week.

Forum for Pages Mimics Facebook Discussions Apps – Forum for Pages is an app that allows Page admins to add a discussion tab to their Page, important since Facebook is set to remove this app from all Pages on October 31. The app allows users to import and save all existing discussions, too.

Sweepstakes With Grand Prizes Make Most Effective Contests – A single, big-ticket grand prize was the most effective incentive for marketers to get users to enter a Facebook contest, according to a study from ShortStack. Becoming “Fan of the Week” was also highly attractive. In terms of entry volume, simple sweepstakes received the most entries, while high-friction video submission contests received the fewest.

Randi Zuckerberg Profile - Randi Zuckerberg was profiled by The New York Times this week, in an attempt by her to establish her identity separately from the company that her younger brother founded.

Facebook Ups Lobbying Dollars in Q3 – The $360,000 is going towards the promotion of its views on a wide variety of issues. As TechCrunch details, this includes “global regulation of software companies and restrictions on internet access by foreign governments; patent reform, online safety measures, internet privacy regulations, freedom of expression on the Internet; discussion of location-based services, cyber security, discussing House, Senate, and Government rules to allow more Government and Congressional offices to access social media to engage with citizens, and lobbying for Oregon power and water needs to support high-tech growth and investment in Oregon.”

Other Announcements:

BranchOut Launches Recruiter Tool - Professional networking app BranchOut launched RecruiterConnect, allowing recruiting to search on Facebook for job candidates from those using the app.

GroSocial Raises $450K - GroSocial raised $450,000 in seed funding this week, led by Kickstart Seed Fund with additional contributions by Monarch Ventures, Rock & Hammer Ventures, plus other angels.

SNAP Interactive Launches Developer Blog – SNAP Interactive launched a developer blog this week.

Facebook is asking third-party Open Graph app developers to voluntarily add a private mode to their apps if necessary. Its developer blog post outlines how Spotify and Yahoo! News are tackling Open Graph privacy issues by giving users other options. Without a private mode, some users who initially opted in to sharing their activity may choose not to use an app to listen to an embarrassing song or read a controversial article rather than have that news published.

By getting developers to implement their own private modes, Facebook won’t have to build more privacy controls on its side that might add too much friction to apps that don’t require it, such as those that only share benign content or rarely share at all. An option to retract previously shared activity will also reduce the backlash from users who feel like Facebook infringed on their privacy even though they authorized what a third-party app could share and with whom.

It seems that Facebook’s “frictionless sharing” may have been too frictionless for some. The new app authentication flow announced at f8 lets users permit apps to publish all their future activity without asking them again. While this relieves users from constantly filling out sharing prompts, it occasionally could reveal somewhat sensitive information or cause a chilling effect where users opt not to engage with an app at all rather than share.

Users could always restrict app content to only be shared with certain friends.  The could also visit their profile’s activity log to delete past activity, but only after it had already been shared and possibly seen by friends in the Ticker. Facebook may now look to move away from the term “frictionless sharing” to reduce criticism around privacy.

Following f8, Spotify grew quickly thanks to listening activity published to the Facebook home page Ticker. It also heard user complaints about not wanting news of their listening to guilty pleasures shared to Facebook. It began rolling out a software update that lets users switch into “Private Listening” from the desktop app’s menu. Until they switched back, no listening activity would be shared.

Yahoo! News has implemented a more powerful privacy system that lets users turn “social” on and off, similar to The Independent’s privacy controls we reviewed earlier this month. Users can view a list of their recently read articles and delete that activity from Facebook right from the Yahoo! website. An option to be reminded of one’s privacy settings can also be enabled.

Facebook is taking a Platform-focused approach to privacy. Rather than overlay a one-size-fits-all privacy widget that wouldn’t adapt to different apps, Facebook is asking developers to build what’s right for their audience. This might mean strong controls for apps dealing with sensitive content, or no additional controls for those with a low risk of offending people through sharing.

Facebook already has its own Open Graph privacy controls. What was needed was controls right on the apps themselves, and this blog post should guide developers in that direction. However, if apps don’t voluntarily implement privacy controls when needed and Open Graph app sharing continues to hurt Facebook’s image, it may have to implement a mandatory privacy control system.

Echo Nest Points Out Flaws in Facebook Music – The CEO of Echo Nest, a music industry service provider, published a blog post this week outlining technical problems with Facebook’s music sharing system. It criticizes errors in how Facebook IDs songs that prevents music shared from one service such as Spotify from being played in a different service such as Rdio.

Wal-Mart Offers Localized Deals for Fans – Wal-Mart and Facebook have partnered to offer the retailer’s Facebook fans deals localized to its 3,500 locations in the U.S. Facebook is not working with other merchants in a similar way because of a lack of resources. We wrote about similar types of deals previously, when Facebook tested tools allowing corporations to administrate all the Places pages of the local instances of their business.

Ooyala Analyzes Facebook Videos – Ooyala recently released a video analysis tool, Custom Analytics with Business Dimension Reporting. The tool helps users segment audiences based on behavior on the Facebook platform.

Flowtown Acquired by Demandforce - Small business marketing firm Flowtown was acquired by Demandforce, a marketing solutions company.

BrightEdge Leverages Open Graph – BrightEdge released a new solution for Facebook Pages trying to improve their SEO, the S3 edition includes things like open graph tags, improved search rankings help, engagement measurement and more.

Other Announcements:

Buddy Media Opens San Francisco, Singapore Offices – Buddy Media has opened new offices in San Francisco and Singapore.

Votigo Launches Self-Service Platform, Offers – Votigo has launched self-service access to its social media promotions platform this week. As part of the promotion, the company is offering contest and sweepstakes apps for two cents to the first 2,000 businesses creating a promotion with the platform before the end of October.

Facebook is granting all developers access to a new application authentication flow today that was announced at f8 last month. Developers can now add a description of their app that will be displayed in a redesigned publishing permissions dialog. Extended permissions have been broken out into a second authentication step that explains why an app needs certain data, and lets users revoke specific permissions. Data about publishing permissions dialog impressions and accepts, sources of users, and extended permissions conversion rates are now included in Facebook’s app Insights analytics tool.

The changes will make it clearer to users what permissions they are granting applications, and give them more control of their privacy. The two-step authentication process could increase app install friction in a way that could hurt app growth. However, in the long-run, the revised authentication flow could increase user confidence in the Platform such that users become more comfortable experimenting with new apps.

Facebook has also changed the way it measures active user counts to only publicly report authenticated users, rather than all users. We’ve written a separate article discussing how this will cause a one-time dip in active user counts that does not actually mean apps have lost users, and explaining how this impacts our AppData tracking service.

Redesigned Permissions Dialog

Previously, users only had to accept one extended permissions dialog to give an application publishing privileges and access to their data. The permissions dialog didn’t explain what that data would be used for, or what the app would publish to a user’s profile. This meant users would sometimes grant privileges they didn’t understand and would get angry when they saw the app had published on their behalf.

The redesigned authentication flow aims to solve this problem. First, users see a dialog asking for permission to install the app and allow it to publish Open Graph activity. It shows users:

• The name  and logo of the app
• A tag line about the app
• A privacy selector for choosing who it can share with
• A list of the data types it requires
• An “About this app” description of its purpose
• Open Graph aggregations previews that show what it can add to a user’s profile Timeline
• A link to the Facebook terms of service and privacy policy
• A tiny link to report the app as spam
• Friends who’ve installed the app
• A “Log In and Add t0 Facebook” accept button

Developers can configure what appears in the dialog and the default privacy setting by entering the Developers app and selecting Settings -> Auth Dialog. Once they’ve properly configured the dialog, they can implement it by enabling “Enhanced Auth Dialog” in the Migrations section of the Developers app’s “Advanced Settings”. Facebook says all apps will be migrated to the redesigned dialog by the end of 2011, though it hasn’t released exact migration dates.

Open Graph app developers reorder the aggregation previews. These previews of what an app will publish represent a significant step forward in increasing transparency in the app install process. Facebook could further improve transparency by including a sample Ticker or news feed story from the app in the previews.

Separate Extended Permissions Dialog and Authenticated Referrals

Apps requiring additional, optional privileges such as the ability to publish check-ins or post to a user’s wall will display a second extended permissions dialog after users complete the initial install dialog. This step includes clear descriptions of what each permission means and the option to deny the app these non-essential privileges. Below, the dialog is an explanation provided by the developer for why it requires these permissions.

Before the redesign, users had to grant apps all the extended permissions and then dig into their app privacy settings to revoke certain permissions. This can now be handled as users install an app. Developers should reference the tutorial Facebook posted this week to ensure their apps run properly if some permissions are revoked.

This granular control may improve app install rates from users who are sensitive about a certain type of privacy, such those who don’t want to provide contact information or have content published to the stream on their behalf.

Authenticated Referrals is another option available in the Auth Dialog settings that when enabled causes users clicking a link to an app to see the authentication flow in-line being being brought to the app. This is useful for apps that require user data or permissions to function. It allows them to remove the awkward pre-permissions landing page and provide a personalized experience when users first arrive.

Authentication Data in App Insights

App Insights now displays impressions and accepts, sources of users, and the what privacy setting users are selecting for the authentication dialog and authenticated referrals. The authentication conversion rate will help developers determine if they are asking for too many or unnecessary permissions, or that they need to reword their their explanation for asking for permissions.

Extended permissions are each listed separately in Insights, and display their impressions, click through rate, and how many times they’ve been accepted. Developers can then identify extended permissions with low conversion rates that they may want to stop asking for.

The way applications use or abuse the permissions process has been a problem for Facebook in the past. Without enough transparency, some users would end up regretting that they installed an app that published or content or used their data in ways they didn’t want. They might then blame the Facebook Platform rather than the developer, leading them to avoid using applications in the future.

This increase in transparency and enhanced granular app privacy controls should give users a much clearer sense of what and with who they’re sharing. With time, Facebook may be able to remove the privacy stigma around apps and create a Platform more users want to engage with and more developers want to work on.

Several news outlets are testing different interfaces that let their readers opt out of sharing their reading activity to Facebook. Since gaining the ability at last month’s f8, many media sites and apps have begun automatically publishing what their users listen to, read, watch, or do in order to gain new users. Sometimes users don’t want to share this activity, though, and may restrict their own engagement with these apps if not given a way to temporarily opt out of sharing.

Here we’ll look at how privacy and frictionless sharing is handled by The Washington Post, The Guardian, The Wall Street Journal, The Daily, and The Independent. If news outlets can find a successful approach to activity privacy, they may be able to boost referral traffic from Facebook through auto-publishing without causing a chilling effect where users decide not to read articles because they don’t want to share them.

When users first install one of the new Open Graph apps with auto-publishing capabilities, they’re asked for persistent permission to report their activity back to Facebook through a system called “frictionless sharing”. They can set the privacy of their shared content to buckets such as “public”, or choose a specific friend list to share with. In most cases, though, users simply choose the default of “friends only”.

From then on, whenever users engage with the app or Facebook-integrated website, their activity is published to the home page’s Ticker, their profile or profile Timeline, and in some cases the news feed. Typically, there is no way to preemptively hide or opt out of sharing a specific activity, such as listening to an embarrassing song or reading an controversial news article. Users must go to their profile and manually delete the post, but by then some friends may have already seen the activity in the real-time Ticker.

This functionality has raised some privacy concerns, and led advocate groups to submit complaints to government agencies that could hurt Facebook’s image or lead to regulation. More pressing for third-parties such as news outlets, though, is that users might choose not to click on a link to an article because they don’t want to automatically share it with friends. This might be because the content is embarrassing or controversial, or it may be a curation issue where the user doesn’t want to share an article before knowing if it’s something they’d recommend.

While Facebook may develop its own solution to this problem, some third-party developers are taking the initiative and offering their users way to opt out of or retract sharing. Spotify recently began rolling out a software update which includes a private listening mode that can be temporarily enabled while users listen to guilty pleasures or other songs they don’t want to share. Here’s a look at how several major news outlets are approaching privacy and frictionless sharing

The Washington Post displays a “Mark as unread” link at the bottom of its articles that when clicked will retract the activity story published when users open an article from the Ticker and their Timeline. While the link is small, easy to miss, and doesn’t let users preemptively hide sharing, it’s easy to use and a step in the right direction.

London newspaper The Guardian has the most prominent of the privacy controls we’ve seen. At the top of each article is the option to “Remove from Timeline” the stories about reading that article.

The Wall Street Journal’s WSJ Social app, which we reviewed in-depth last month, doesn’t actually publish that a user has read a specific article, but only that they are using the app. There’s no way to retract the “Josh Constine is using WSJ.Com on Facebook” story from within the app, though.

Newscorp’s The Daily has the weakest privacy controls of the reader apps we’ve seen. It defaults sharing to public, reports the specific articles users are reading, and does not provide any way to preemptively opt out of or retract sharing,

U.K. newspaper The Independent’s website uses a more sophisticated privacy control. Users can click a login button to authorize the app, and they then see a Recently Read panel on the left side of the site. It defaults to article sharing being on, with a green light to indicate so. A Friend Activity tab shows what articles friends have read, and a Your Activity shows a user’s own reading history and allows them to retract the sharing of past articles.

Users can click the green button to turn sharing off. From then until they turn sharing back on, none of their reading activity will be reported to Facebook. Even if users close their browser and visit The Independent later, sharing will still be off, though it may default back to on if they switch browsers or computers. A “Learn More” link within the widget brings users to an page explaining how it works.

The Independent’s privacy widget is relatively prominent, offers granular control over past activity, and lets users preemptively disable sharing of their reading activity so it never reaches Facebook. The only issue is that users might accidentally leave it in the off position for long periods of time after trying to prevent sharing of a single article, costing the website referral traffic. Still, we see this design as a sensible balance between privacy and virality that other news and media apps would do well to mimic.

Privacy controls won’t be implemented by all media apps. Those trying to maximize referral traffic rather than trust may purposefully make it difficult to opt out of sharing. Media companies looking to foster long term relationships with their visitors and sell them on subscription plans will be better off letting users browse in private than risk them browsing elsewhere.

“We’ve tried to be mindful about the lessons we’ve learned” Facebook Product Manger Manager Carl Sjogreen told me this morning when we sat down to discuss Timeline, the redesigned version of the user profile that debuted at f8 last month. He says that as the product rolls out over the next few weeks, Facebook will be manually reviewing and approving new Open Graph apps to prevent the spammy experience that emerged when temporarily gave third-party applications a place on the profile years ago.

This approach is much more similar to how Apple must approve apps before they enter the App Store than the way Facebook allows canvas apps to launch on its Platform without pre-approval. Sjogreen also revealed more details about Timeline, including that users will be given a curation period to manicure the content displayed in their new profile before it becomes visible to friends. Facebook believes that through social content curation and new lifestyle apps, users will be able to express themselves in more nuanced ways than ever before.

Timeline’s Impact on Privacy

Facebook launched Timeline to allow users to tell their story not just through their most recent activity as the old profile wall did, but through all of the most important moments of their life. Users can also authorize Open Graph apps to automatically publish activity such as song listens to their Timeline. Sjogreen says “All the feedback is pretty positive. People have complimented the design aesthetic”, which includes a place for a big banner image and provides users the flexibility to feature or hide different content.

Since a user’s friends can easily navigate all the way back to their first Facebook posts through Timeline, a lot of content that was previously difficult to access will become readily visible. This content might include major life events, but also objectionable or inappropriate posts users might have forgotten about but wouldn’t want family or professional colleagues to see.

No privacy settings have been changed and all Timeline content could previously be found by scrolling far enough down a user’s profile, but Timeline does allow historic content to be accessed with one or two clicks rather than dozens or hundreds.

To address this, when users receive the rollout of Timeline, Sjogreen says they’ll be given a curation period in which only they will be abe to see their Timeline so they can go back and hide content or adjust its privacy controls. They can then publish the Timeline and make it visible when they’re ready. Developers were given a similar curation period when they first received access to Timeline at f8.

Still, Facebook will need to carefully inform users of the importance of this curation period or they might skip it and make content visible that they might later regret. Sjogreen said he wasn’t aware of plans for this kind of messaging, though.

Regarding less appropriate content becoming visible, Sjogreen reflected Facebook’s goals of people becoming more open as well as cultural norm changes (privacy relaxing over time). “Timeline will be seen in a broader context. I think people understand that everyone went to college, everyone has a photo they posted to Facebook from college.” Everyone’s employers might not be so keen on seeing such racy party pictures or controversial status updates, though.

Timeline Apps Will Be Reviewed by Facebook

From 2008 to 2010, Facebook allowed users to install applications on their profile. While some conveyed important information such as where a user had travelled, Sjogreen told me that users would install “clowny apps” that they’d soon stop using, that would retain a prominent place on the profile with the intention of spreading virally.

Facebook gradually hid then finally removed all profile apps in 2010. It is now applying the lessons it learned from its first attempt at profile apps to create a less spammy experience this time around. Timeline is designed to show more recent activity, but increasingly weed out less important content as users scroll backwards. Sjogreen says “apps don’t have a permanent place in the Timeline” meaning if a user installs an app but stops using it, it will quickly become less visible.

Along the same lines, Sjogreen tells me Facebook will not reward apps that publish more frequently than others. For example, say a user listens to 100 songs on Spotify and tracks one run using Nike’s running app in a single week. Timeline might give the two apps equal real estate by only showing a report of a user’s most listened to songs but still showing news of the one workout.

“We’ve learned a lot in hindsight, and built a lot of technologies to make sure we’re targeting users with info they find relevant” says Sjogreen. By using its new Open Graph app activity sorting algorithm Graph Rank and other systems, Sjogreen tells me Facebook has reduced Platform spam by 99%, up from the 95% reduction in spam Facebook CTO Bret Taylor cited at our Inside Social Apps conference in January.

Developers are helping with this process by structuring the data about user activity that the send to Facebook. They can select from official verbs and nouns such as “listened” and “song” to let Facebook know what kind of content they’re submitting. Facebook can then determine that each song listen might be less important to display in Timeline than actions that occur less frequently such as meals cooked or movies watched. Custom actions and objects can also be configured by developers.

However, to ”make sure the initial experience with Timeline is really great” Facebook is now manually reviewing the submission of new Open Graph apps to check out their nouns, verbs, and what triggers an activity to be published.

This approval process differs significantly from its Games Platform, where developers publicly launch an app without needing permission from Facebook; apps only get reviewed by the company if they receive negative feedback from users. Sjogreen tell me that “something publishing every minute will get shut down quickly or never be approved in the first place. We’re trying not to get in the business of making value judgements like that knitting app is good and this joke app is bad, but we’re making sure apps are only publishing legitimate activity.”

Such an approach might make it harder for developers, but it should work well to protect the user experience from spam apps that constantly publish low quality stories to the Timeline and home page Ticker. Regarding whether this approach would scale when more and more developers begin submitting apps, Sjogreen says “this level of approval is different than us playing every game on the Platform and making sure it meets some quality bar.”

Facebook is preparing to make a major change to how users express themselves with the rollout of Timeline. It will need to clearly communicate the privacy implications of ready access to old content in order to avoid backlash. It will also need to strike a proper balance between a clean user experience and an attractive Open Graph application development Platform. If Facebook can navigate these two pitfalls, Timeline could become the richest way to represent one’s identity online.