“There’s No Hiding on Facebook”
Posted: October 6th, 2009 | Author: alicetiara | Filed under: social networking | Tags: facebook, privacy | 2 Comments »I was asked to write an editorial for the Guardian’s Comment website about Facebook and privacy. Here’s an excerpt:
Facebook has been repeatedly criticised on privacy grounds. While the company claims it doesn’t sell user information, details are made available to third-party application developers, who account for much of the site’s profits. And researchers have found that personal data can be “leaked” to advertisers and data aggregators, who already collect browsing and behavioural information about people as they move about the web. Just last week, Facebook announced a multi-million dollar deal with Nielsen, known for their meticulous tracking of television ratings and internet metrics.
Even without these partnerships, Facebook makes privacy advocates uneasy. University of Wisconsin professor Michael Zimmer accurately identified an “anonymised” Facebook dataset from the description that it was a private college in the northeast (spoiler alert: it was Harvard). Similarly, the “Project Gaydar” research team at MIT found that gay men’s sexual orientation could be identified based solely on their friends. It’s not just information you make explicitly available – age, partner’s name or favourite film – that identifies you on Facebook. Close analysis of a network of friends can reveal deeply personal details, even with a private profile. These studies suggest that it’s impossible to retain complete control over personal information within a detailed, publicly available network.
I’m happy with how it came out and I look forward to hearing everyone’s comments. The Guardian website right now has a majority in favor of “if you post your personal info on Facebook you deserve whatever you get,” so if your understanding of online privacy is slightly more sophisticated, feel free to leave me feedback.
That type of commentisfree comment doesn’t surprise me: I get the impression that the site is skewed towards men and IT geeks.
The thing about Facebook that I’ve always found disturbing is the invitation to the apps-developers to come in and use the data – yes, you’re using a popular social network, but at the same time, your data is being mined, examined, harvested and all of that by whoever is paying Facebook for that service. What makes Facebook very, very attractive to those organisations is the hard link between real identity and Facebook identity. If I were more paranoid I’d call it ‘social control’.
It’s easy for someone like me (and the CIF types) to bypass Facebook altogether, if few of our friends are on there. If your entire social circle is on there (as it often is at school or university), it’s rather more difficult to avoid it. The only protection, perhaps, is the protection of the crowd, but that’s not much comfort when you are being screened for a job.
I haven’t been on Facebook much recently, but I always found its privacy settings very hard to understand, beyond the concept of the limited profile. It’s true that surfing behaviour is being monitored by organisations too, but that feels a little different to a company listening in on your social interactions. So far, people seem satisfied with the exchange of social space for shared data, but as Facebook users mature, I wonder if they’ll start to look around for the next thing (and I bet when they do, that privacy issues will form part of the argument for moving).
Bruce Schneier had an interesting comment about security a few months ago. He was talking about risk, and users’ tendencies to circumvent security measures:
“It seems to me that his co-workers understand the risks better than he does. They know what the real risks are at work, and that they all revolve around not getting the job done. Those risks are real and tangible, and employees feel them all the time. The risks of not following security procedures are much less real. Maybe the employee will get caught, but probably not. And even if he does get caught, the penalties aren’t serious…
‘Fire someone who breaks security procedure, quickly and publicly,’ I suggested to the presenter. ‘That’ll increase security awareness faster than any of your posters or lectures or newsletters.’ If the risks are real, people will get it.”
By the same token, you can’t reasonably expect Facebook to start complying with any (admittedly reasonable) privacy policy you can suggest until there exists a very real risk associated with _not_ complying. I really can’t tell if legislation is a more effective deterrent than a $9.5M class action lawsuit, but I would point out that you pile up enough $9.5M invoices and pretty soon you’ll get their attention. I’m loathe to suggest that users can’t reasonably expect their information to stay private on Facebook, but honestly: Facebook is a company valuated at $3B one year ago. There aren’t any 18-year olds writing code in Birkenstocks in their Moms’ basements. If you want them to respect user privacy, compel them to do so in a language a $3B company is likely to understand: Money.
Otherwise, you don’t shoot a duck for quacking.