facebook entries
December 11, 2007
Facebook's "opt-out" precedent
I've been watching the public outcry over Facebook's Beacon (social ads) program with great interest. For those who managed to miss this, Facebook introduced a new feature called Beacon. Whenever you visit one of their partners' sites, some of your actions were automagically sent to Facebook and published on your News Feed. The list of actions is unknown, although through experimentation folks have learned that they include writing reviews on Yelp, renting movies from Blockbuster, and buying things on certain sites. Some partners were listed in the press release. When a Beacon-worthy action takes place, a pop-up appears in the bottom right, allowing you to opt-out. If you miss it, you auto-opt-in. There was no universal opt-out, although they've now implemented one (privacy - external websites - don't allow any websites). Furthermore, even if you opt out of having that bit blasted to the News Feed, it didn't stop sponsors from sending it to Facebook.
MoveOn started a petition, bloggers cried foul, and the media did a 180, going from calling Facebook the privacy savior to the privacy destroyer. Amidst the outrage, Facebook was also declared Grinch when unassuming users failed to opt-out and had their gifts broadcast to the recipients, thereby ruining Christmas. Privacy scholar Michael Zimmer also pointed out that the feature was peculiarly named because beacons give warning when danger is about to take place. Not surprisingly, the company was forced to adjust. Zuckerberg apologized and additional features were provided to let people manage Beacon. While this appeases some, not all are satiated. StopBadware argues that Facebook does not go far enough and New York Law School Professor James Grimmelmann argues that Beacon is illegal under the Video Privacy Protection Act.
For all of the repentance by Facebook, what really bugs me is that this is the third time that Facebook has violated people's sense of privacy in a problematic way. I documented the first incident - the introduction of the News Feeds - in an essay called "Facebook's Privacy Trainwreck." In this incident, there were no privacy adjustments until public outcry. The second incident went primarily unnoticed. Back in September, Facebook quietly began making public search listings available to search engines. This means that users' primary photos are cached alongside their name and networks on Google. Once again, it was an opt-out structure, although finding the opt-out is tricky. Under privacy settings, under search, there is a question of "Which Facebook users can find me in search?" If you choose "everyone," that includes search engines, not just Facebook users. The third incident is Beacon.
In each incident, Facebook pushed the boundaries of privacy a bit further and, when public outcry took place, retreated just a wee bit to make people feel more comfortable. In other words, this is "slippery slope" software development. Given what I've learned from interviewing teens and college students over the years, they have *no* idea that these changes are taking place (until an incident occurs). Most don't even realize that adding the geographic network makes them visible to thousands if not millions. They don't know how to navigate the privacy settings and they don't understand the implications. In other words, defaults are EVERYTHING.
Like most companies, Facebook probably chose the "opt-out" path instead of the "opt-in" path because they knew that most users would not opt in. Even if they thought the feature was purrrfect, most wouldn't opt-in because they would never know of the feature. Who reads the fine print of a website notice? This is exactly why opt-out approaches are dangerous. People don't know what they've by default opted-in to. They trust companies and once they trust those companies, they are at their mercy.
Most lofty bloggers and technologists argue that if people are given the choice, that's good enough. The argument is that people should inform themselves and suffer the consequences if they don't. In other words, no sympathy for "dumb kids." I object to this line of reasoning. Most people do not have the time or inclination to follow the fine print of every institution and website that they participate in, nor do I think that they should be required to. This is not simply a matter of contracts that they sign, but normative social infrastructure. Companies should be required to do their best to maintain the normative sense of privacy and require that users opt-in to changes that alter that normative sense. In other words, what is the reasonable expectation for privacy on the site and does this new feature change that? Of course, I also understand that this would piss companies off because they make lots of money by manipulating and altering everyday users' naiveté and sense of norms. Still, I think that the default should be "opt-in" and "opt-out" should only be used in situations that would protect users (i.e., a feature that would limit users' visibility).
I kinda suspect that Facebook loses very little when there is public outrage. They gain a lot of free press and by taking a step back after taking 10 steps forward, they end up looking like the good guy, even when nine steps forward is still a dreadful end result. This is how "slippery slopes" work and why they are so effective in political circles. Most people will never realize how much of their data has been exposed to so many different companies and people. They will still believe that Facebook is far more private than other social network sites (even though this is patently untrue). And, unless there is a large lawsuit or new legislation introduced, I suspect that Facebook will continue to push the edges when it comes to user privacy.
Lots of companies are looking at Facebook's success and trying to figure out how to duplicate it. Bigger companies are watching to see what they can get away with so that they too can take that path. Issues of privacy are going to get ickier and ickier, especially once we're talking about mobile phones and location-based information. As Alison wrote in her previous post on respecting digital privacy, users are likely to act incautiously by default. Thus, what does it mean that we're solidifying the precedent that "opt-out" is AOK?
Tags: privacy optout slipperyslope
Posted by zephoria at 8:39 PM | Comments (13) | TrackBack (0)
October 31, 2007
change of plans wrt Facebook... please forgive me
A few months ago, I publicly declared a loss of context with respect to Facebook. I gave up and accepted people that I knew from the interweb, those who have been so kind to me, and many others that aren't part of my intimate social circles. Unfortunately, this messed up some other things and due to a personal situation, I've decided to rescind on this.
One of the problems with SNSs is that it's all about the networks, not the individuals. By opening up the doors with my Facebook, I exposed many of my friends and colleagues to unwanted observation by people that they didn't know and people that I couldn't vouch for. I don't want my visibility to affect my friends.
The worst part about this is that I need to now make "cuts." There's nothing more horrible than having to classify "real" friends and not. And I'm going to fuck up. To make this somewhat better, I decided to take the advice of previous commenters and make a more "public" Facebook profile that will be visible to anyone who is interested. I will also accept friend requests there from people that I want to get to know. Right now that profile is pretty empty, but I will fix it shortly. I'll actually play with Apps on the new profile while I've been ignoring and rejecting them mostly on my other profile.
I apologize to those that I offend in this process, but I need to do this to be a good friend to those that I care dearly about. Please forgive me for cutting you - I don't mean harm by this but I need to separate those who I know through my professional life from those who are part of my personal worlds. If you want to friend me on Facebook, please friend this profile.
Also, I still don't respond to FB email so please don't write me there. I can barely keep up with one queue so I refuse to add others to the situation.
Category: facebook
Posted by zephoria at 1:07 PM | Comments (12) | TrackBack (0)
September 6, 2007
confused by Facebook
Social network sites have become powerful tools and platforms for all sorts of content and cultural producers. Starting with Friendster, artists leveraged the network capabilities to communicate with their fans. This took on a new level with MySpace, resulting in the explicit creation of artist profiles. Even within the constraints of Facebook, artists built groups and found other ways to collect and communicate with their fans.
Unfortunately, artists are continually learning that when they rely on someone else's platform to distribute their message, they're under their control. Friendster did everything possible to discourage bands from communicating with fans on their site. MySpace reversed this trend by supporting artists, generating all sorts of kudos from the artistic community. Unfortunately, Facebook seems to have taken on a more Friendster-esque policy. My friend Baratunde was recently burned by Facebook. In an effort to curb spam, they killed off legitimate uses of mass messaging, silencing those well-intentioned users that adored them.
I am utterly confused by the ways in which the tech industry fetishizes Facebook. There's no doubt that Facebook's F8 launch was *brilliant*. Offering APIs and the possibility of monetization is a Web 2.0 developer's wet dream. (Never mind that I don't know of anyone really making money off of Facebook aside from the Poker App guy.) But what I don't understand is why so much of the tech crowd who lament Walled Gardens worship Facebook. What am I missing here? Why is the tech crowd so entranced with Facebook?
I'm also befuddled by the slippery slope of Facebook. Today, they announced public search listings on Facebook. I'm utterly fascinated by how people talk about Facebook as being more private, more secure than MySpace. By default, people's FB profiles are only available to their network. Join a City network and your profile is far more open than you realize. Accept the default search listings and you're findable on Google. The default is far beyond friends-only and locking a FB profile down to friends-only takes dozens of clicks in numerous different locations. Plus, you never can really tell because if you join a new network, everything is by-default open to that network (including your IM and phone number). To make matters weirder, if you install an App, you give the creator access to all of your profile data (no one reads those checkboxes anyhow). Most people never touch the defaults, meaning that they are far more exposed on Facebook than they realize. zrven a college network is not that secure. MySpace on the other hand is rather simple: public or friends-only. Friends-only is far more secure than the defaults on Facebook. And public is well-understood to mean anyone could access it (and often this is the goal). But I know all too well that privacy has nothing to do with reality - it's all about perception. And Facebook *feels* more secure than MySpace, even if it's not. Still, I can't wait to see how a generation of college students feel about their FB profile appearing at the top of Google searches. That outta make them feel good about socializing there. Not.
It seems odd to me that Facebook is doing all sorts of things to go against what gave them such strength: group support for people who wanted to gather around a particular activity, tightly controlled privacy defaults, and simple/clean profiles (which have been made utterly gaudy by Apps). I think I'm missing the logic here. ::scratching forehead::
I guess it's that they're trying to attract a new audience. There's no doubt that the 30+ crowd has jumped on board over the summer (although many seem already sick of it). Is that crowd sustainable? Is it worth it monetarily? Is it affecting the college participation?
To all you professors out there... what are your students' attitudes towards Facebook this fall? Are college students still super enamored with it or has it lost some of its appeal?
Category: facebook
Posted by zephoria at 12:08 AM | Comments (35) | TrackBack (0)