Facebook, privacy, and you

May 19, 2010

I’ve wanted to write a post about Facebook and privacy for some time now, but the more I thought about it the more I wanted to say. Social networking, privacy, and the way people’s behavior changes between real life and online activities is endlessly fascinating. But this isn’t the place for a 5000-word essay (and you wouldn’t read that anyway), so instead I hope this will serve as an introduction to why you should be thinking about your privacy if you use Facebook.

I mean seriously

Erin sees Facebook as being on the cutting edge of integrating social networks into our real lives. While these new developments are exciting because more and more bits of our lives are being connected, and those bits are all being connected to our pre-existing social graphs, our expectations of privacy (even our understanding of what privacy is) and our ability to protect it are slipping away. But why should you care about privacy in the first place?

In “The Newest Way to Screen Job Applicants: A Social Networker’s Nightmare” (2008), Carly Brandenburg reports that 10-12% of hiring managers screened potential applicants by searching for them on social networking sites. And that was when Facebook only had about 50-100 million users–in January it reached 400 million users and is more accessible to more people, meaning recruiters and managers are only more likely to be using it to get to know the real you beyond your resume.

But maybe you’re not looking for a job or you think your privacy settings are under control. Are you sure? How do you know? Default privacy settings on Facebook have been changing over time; in short, more of your data is available to more people than ever before. Matt McKeon, a developer with the Visual Communication Lab at IBM Research’s Center for Social Software, put together a great interactive chart showing just how much things have changed. For example, here’s 2005:

Click through to see more detail and recent developments

Now, by default, your name, gender, profile picture, likes, photos, wall posts, networks, friends–everything except your contact information and birthday–are available to anyone on the Internet. Before, employers would have to know someone in your network or one of your friends to get any real information about you, but now all they need to do is Google you. It’s up to you to manually change your settings to keep anything private.

And that would be bad enough on its own, but what makes it worse is that changing your privacy settings can be tricky. The New York Times ran a piece earlier graphically demonstrating “the bewildering tangle of options” that is privacy in Facebook. They say you have to go through 50 settings with more than 170 options to get it all.

They also point out that Facebook’s privacy statements have exploded in length: in 2005 the statement was a mere 1004 words (two-thirds the length of this post); today it is 5830 words. For comparison, Flickr’s is 384, Twitter’s is 1203 (that’s less than nine tweets), Friendster’s is 1977, and MySpace’s is 2290 words. Have you read Facebook’s privacy policy? What about the Statement of Rights and Responsibilities (i.e., Terms of Use)? Surely you read those–you had to agree to them when you signed up for Facebook!

And how do you know if those terms change? They certainly don’t message everyone to let them know. Facebook is slightly ahead of other online services in that rather than reserving the right to change the terms of use immediately and without notifying anyone–making it your responsibility to periodically review the Terms of Use for changes–they at least offer a Page you can follow to be notified of updates. (As of the time of this writing, 1,498,639 people are doing so–about 0.4% of the total population of Facebook users.)

Facebook is also improving its attitude toward intellectual property. We talked a lot in my Seminar on Intellectual Freedom last spring about how Facebook used to retain ownership of the photos you shared even if you deleted them; they’ve since changed their policy so that you retain the rights to your content, but

For content that is covered by intellectual property rights, like photos and videos (“IP content”), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (“IP License”). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.

When you delete IP content, it is deleted in a manner similar to emptying the recycle bin on a computer. However, you understand that removed content may persist in backup copies for a reasonable period of time (but will not be available to others).

So if Facebook wants to create a commercial to air during the Superbowl with photos of you and your friends completely wasted at a party, they have the right to do so–and they don’t have to pay you to use those photos. And it doesn’t matter how you’ve set your privacy settings; just by uploading the content to their servers, you grant them the license to use it. And if your friends copy and share that photo, too, then deleting your copy doesn’t do anything.

There are a lot of people who have no idea that what they share on Facebook is so widely available. Will Moffat created Openbook, which searches people’s status updates for what could be compromising public confessions (e.g., “I hate my boss,” “cheated test,” “stupid customer“–be careful, some of the things other people are searching for are more rude than these examples). So remember this when you post a status update: by default, the entire Internet can see it unless you change your privacy settings.

And even if you’ve managed your privacy settings well, you should still be careful about what you post because as your online social graph more closely mirrors that of your real life, there will be people who have access to your profile that you won’t want knowing everything about you. Failbook collects user-submitted screenshots of drama playing out on Facebook; one of the more serious ones I’ve seen is that of David, a student who posted graphic death threats aimed toward his principal and teachers… and was Facebook friends with his principal.

So you want to better protect your privacy and not ruin your life by what you do on Facebook. With such a complex set of privacy options, you may need some help with the basics. GigaOM recently featured “Your Mom’s Guide to Those Facebook Changes, and How to Block Them” by Matthew Ingram (he quotes a librarian, hooray!). I like that this article doesn’t just tell you what to do, but why you’re doing it and what you’re preventing.

If you want something that’s faster and more automated, use ReclaimPrivacy.org’s Facebook Privacy Scanner (independent and open source!). It’ll check the major ways in which your data might be leaked to the outside world and give you a one-click way to fix most of them. Do note the limitations, though: it doesn’t check your photos and status updates. You’ll have to secure those manually.

If you want it really easy, Untangle’s SaveFace automatically sets your privacy settings for your contact information, search settings, friends, tags, connections, personal information, and posts to “Friends Only.”

Facebook announced yesterday that they would soon launch new privacy settings where users will have “simplistic bands of privacy that they can choose from.” No word yet on what that actually means, but I suppose they’re at least trying in some way to respond to user concerns.

However, whatever advances Facebook makes in its privacy settings, Mark Zuckerberg does not care about your privacy. He thinks you are stupid for trusting him with your data. In an early IM chat with a friend shortly after he launched the original Facebook, he wrote:

Zuck: Yeah so if you ever need info about anyone at Harvard

Zuck: Just ask.

Zuck: I have over 4,000 emails, pictures, addresses, SNS

[Redacted Friend's Name]: What? How’d you manage that one?

Zuck: People just submitted it.

Zuck: I don’t know why.

Zuck: They “trust me”

Zuck: Dumb f***s

(via Wired)

It’s possible that Zuckerberg’s attitude toward privacy has changed in the intervening years, but after the fiasco of Beacon, the increasingly complex and hidden privacy settings, and the continued expansion of access to your data, I have a hard time believing that.

There are some interesting developments going on in social networking that decentralizes all of that data. Four students at NYU are working on Diaspora* (their punctuation), which has been funded by donations through Kickstarter and will let users keep all of their data on servers they control.

It’s going to take a lot to challenge Facebook, though, so in the meantime, please think about what you’re posting and make sure your settings protect your privacy at a level with which you’re comfortable. And tell other people.

Share this post:

Filed under: Uncategorized

Tags: facebook, intellectual freedom, privacy, social networking