the audit

Pushing Back Against Facebook’s Privacy Practices

The press and others bring needed new scrutiny to the social network
May 13, 2010

Sign up for The Media Today, CJR’s daily newsletter.

The press has begun an overdue backlash against Facebook, whose privacy invasions have grown increasingly brazen as its user base has grown and the company has looked for ways to monetize us.

I’ve been impressed recently by how well the press (and at least in a couple of cases, a blogger and an advocacy group) has illustrated the invasions of privacy by this $24 billion corporation.

Last week, Wired‘s Ryan Singel’s cri de coeur on how “Facebook’s Gone Rogue; It’s Time for an Open Alternative,” listed all the ways Facebook has backslid on privacy and user control. Here’s a small sample:

So in December, with the help of newly hired Beltway privacy experts, it reneged on its privacy promises and made much of your profile information public by default. That includes the city that you live in, your name, your photo, the names of your friends and the causes you’ve signed onto.

This spring Facebook took that even further. All the items you list as things you like must become public and linked to public profile pages. If you don’t want them linked and made public, then you don’t get them — though Facebook nicely hangs onto them in its database in order to let advertisers target you.

Let’s face it: This is a corporation run amok. I hadn’t read about these “Beltway privacy experts,” but a quick search shows tangentially that in March the company hired Bush’s Federal Trade Commission chairman to defend its privacy practices in D.C. The press needs to report the FTC angle here. Is the commission investigating Facebook?

Sign up for CJR's daily email

Facebook users can just quit if they don’t like it, you say. That’s true, but it misses the insidious nature of what Facebook is doing. To get why you have to understand the network effect, which describes how a service becomes more valuable the more people it has using it and vendor lock-in, which describes how users become dependent on one company.

To put it in more everday terms: Facebook has users over a barrel and Mark Zuckerberg, who “doesn’t believe in privacy”, apparently, takes advantage of that to creep into users’ lives. It’s a bait and switch.

These network effect and lock-in concepts are something the press hasn’t explored well enough.

With Facebook, you don’t own your own information. You can’t export your data to back it up or to use it on another social network. If you leave, you lose your information. The hundreds of comments I have on the 200 pictures I’ve put up of my three-month-old twins, for instance—I can’t keep those.

So, Singel’s idea of an open-source social network where you “own” your own information is an ideal result, as the Times reports this group of college kids is doing. Facebook is taking advantage of the fact that its hundreds of millions of users are locked in. Is that an abuse of trade worthy of FTC sanctions? I don’t know. But it’s worth exploring

If you want to see why—and I mean literally see—take a look at a couple of fascinating graphic explanations of Facebook’s privacy creep.

IBM employee Matt McKeon posted this interactive gem last week illustrating Facebook’s privacy settings and how Facebook has taken away user control over five years (click through to use it).

It’s worth noting that this illo owes a debt of gratitude to the Electronic Frontier Foundation’s timeline of Facebook’s privacy changes, which it published a couple of weeks ago and were key in taking the privacy story to another level.

The New York Times took on Facebook privacy yesterday with a story and this excellent graphic
showing the complexity of its privacy settings and policies:

Its a big graphic, so click through to see the whole thing, including this illustration of how its privacy policy statement has expanded:

It’s now longer than the Constitution, as the Times helpfully points out.

And even if you do take a principled stand and quit Facebook, American Public Media’s John Moe shows how the site makes that difficult. Also (emphasis mine):

Or you can go through a few more steps and actually delete your account once and for all. You’ll never see that data again. But Facebook will. They still have that information and will continue to use it for data mining.

Lastly, if you’re at all interested in this issue, you’ve got to follow Ryan Tate’s excellent coverage of Facebook. Make sure you read this one even if you think you’re not interested.

ALSO: Make sure you read John Gapper in the Financial Times this morning on Facebook’s “open disdain for privacy.” This is important—one of the best pieces I’ve read on the issue yet (emphasis mine):

What is indisputable is that consumers need to be given a clear, comprehensible choice about how their personal information is used, so they can decide.

By this standard, Facebook is failing dismally. It is arguably complying with the law (although several privacy groups have argued to the Federal Trade Commission that it is not) since no private data are being provided to advertisers, but it is being far from transparent.

Apart from the difficulty of keeping information private and the barriers to doing so, it is breaching former understandings by getting millions hooked on its services with a promise of strict privacy controls, and then informing them that stuff happens and they must adapt.

And:

As it is, Mr Zuckerberg, who turns 26 tomorrow, gives the impression of not caring a hoot about privacy. Whether by protest, legal action or regulation, he should be made to.

Indeed. Read the whole thing.

Ryan Chittum is a former Wall Street Journal reporter, and deputy editor of The Audit, CJR’s business section. If you see notable business journalism, give him a heads-up at rc2538@columbia.edu. Follow him on Twitter at @ryanchittum.