Facebook’s Privacy Move Violates Contract With Users

Your name, profile picture, gender, current city, networks, Friends List, and all the pages you subscribe to are now publicly available information on Facebook. This means everyone on the web can see it; it is searchable.

This represents just the latest instance of Facebook violating the contract it holds with its users. This is no small matter, either. Lots of people will have very real and valid objections to this arbitrary change to what’s public and what’s private on Facebook.

This guest post was written by Kaliya Hamlin, also known as Identity Woman, who has been working on cultivating open standards for user-centric identity since 2004. She co-founded, co-produces and facilitates the Internet Identity Workshop, the primary venue for collaboration on identity standards amongst large Internet portals, large enterprise IT companies and small innovators.

Personally, very early on I made my friends list explicitly not viewable. Why? Because I didn’t want everyone to be able to see who I am friends with. This change is a violation of the social contract that the service had with me. I should, at the very least, have been given warning of this impending change and been allowed time to “defriend” people.

Pitfalls of Being Public

Why do friends matter? Because they reveal information about you – like your sexual orientation – even if this information is not explicitly shared or public anywhere on the web.

The Boston Globe wrote about this MIT project named “Gaydar”:

Using data from the social network Facebook, they made a striking discovery: Just by looking at a person’s online friends, they could predict whether the person was gay. They did this with a software program that looked at the gender and sexuality of a person’s friends and, using statistical analysis, made a prediction. The two students had no way of checking all of their predictions, but based on their own knowledge outside the Facebook world, their computer program appeared quite accurate for men, they said. People may be effectively “outing” themselves just by the virtual company they keep.

The pages you follow are now public information, too. What if you were HIV positive and followed a page for a group that provided services to people like you? What if you had not told your work colleagues about this health condition? Now with your pages being public, your health status is completely public.

Or maybe you belong to a religious organization that isn’t super mainstream in the area you happen to be living in. Say you are Buddhist in a small town that is mostly conservative Christian. You are following the page of several Buddhist teachers and voila your religious preference is outed to your neighbors.

Different Sites Have Different Contracts With Users

Isn’t this information all public anyways? What is the big deal? Isn’t it just like Twitter? You can see all the people you follow there, and they can see everything you post.

The social contract I and all users have with Twitter is clear. What you say on an open account is public and linkable. It is called microblogging for a reason. When you blog on the open web anyone can see or link to what you say. I know that everyone can see who and what I follow. I make a choice to be “seen” by following the Twitter accounts I choose to follow.

The social contract with Facebook has changed constantly since it started. When it began it was only for Harvard students. The application went viral in that environment when it launched in January 2004. They decided to extend the site to other schools in March 2004, but you couldn’t even see other students at other schools. Students on Facebook had a very clear sense of who could see them: fellow students. They “performed” in this social context with that in mind.

Facebook then opened up to high schools in September 2005, and then to companies like Apple and Microsoft. In September 2006 it opened to everyone.

So right here – this is where the social contract for those first university students was broken. People and particularly potential employers were now in a space that the college students never expected them to be. So the whole contention that students should not have put pictures of themselves having fun with their friends (drinking, etc.) in a space where they only thought their peers (other university students) would be is backwards. Facebook should not have changed the social contract in the space by allowing employers in.

The way users saw what their friends were doing was to click to their profile pages and to write on their walls. Introducing the NewsFeed changed the social contract yet again. Now everything a user did on the site was pushed to their friends. It let everyone know when you wrote on someone’s wall and what you said. (Previously they had to go to the wall and see what you said.)

Last week’s privacy enhancement’s change the social contract yet again and this time it stripped you naked.

There has been such a hullaballoo about this, and Facebook responded saying:

In response to your feedback, we’ve improved the Friend List visibility option described below. Now when you uncheck the “Show my friends on my profile” option in the Friends box on your profile, your Friend List won’t appear on your profile regardless of whether people are viewing it while logged into Facebook or logged out. This information is still publicly available, however, and can be accessed by applications.

Facebook is Preparing a Social Graph API

This move is all about supporting the forthcoming Social Graph API (see below), and with it people will be able to create a query that will retrieve your friends list.

The big change in all of this was to suggest that posts – including status updates, links, photos, videos and notes – will all be shared with everyone on the open web. Most people have shaped their behavior on Facebook with the understanding that friends could see what they were doing. This is a different audience then the whole web. I checked with one of my roommates, a preschool teacher in her late 40s. She said she just clicked through assuming all of the changes were “good”. I explained that now all of her status updates were now public. She gasped: “I didn’t know,” she said.

Zuckerberg decided to open up to the new privacy settings by completely sharing 290 photos of himself, and other information, in effect saying to users, “If I can be socially nude so can you – come on everyone is doing it!”

Why is Facebook doing this?

Friends have to be made public because Facebook is working on a Social Graph API to be available in the second quarter of 2010. “The Social Graph is where the gold is,” as a user interface designer said at a Christmas party I was at last night. Facebook and others want to mine this data to figure out who you know and what you are interested, and then target you. Maybe they will even figure out your credit worthiness based on who your friends are.

Google is working on a Social Graph API, but one based on publicly available social links and references made by users on their public blogs and public friends list on social networks like Flickr and FriendFeed. There are issues in doing this. Ben Laurie, Monica Chew, Dirk Balfanz – all at Google – wrote a paper called (Under)mining Privacy in Social Networks. I am sure there are more Easter eggs in the Facebook Developer Roadmap on where things are going with Facebook privacy, features and business models.

I think Facebook believes it can do anything with users because it believes they will never leave because “all their friends are there”. Friendster was this arrogant too. Facebook blocks users from scraping their friends’ data out of the service, which would allow them to easily find and reconnect with them elsewhere. It claims it prevents us from getting this information to protect our privacy. Really, it is all about locking users in.

I wonder how many more times they will get strip us down, leaving our familiar social clothes and underwear on the floor, and leaving us socially nude.

I think it is unethical and I agree with the concern that Jason Calacanis raises about how this will affect other Internet companies. “Facebook’s reckless behavior is… simultaneously making users distrust the Internet and bringing the attention of regulators.” This change will affect all of us working on building the new techno-social architecture of our society via the web.

Photo credit: David Fulmer

Facebook Comments