Facebook announced this weekend that it would begin offering third-party applications and websites a way to request that users share their "current address and mobile phone number." Simple enough, right?
While Facebook says that the move is intended to make it easier for users to take their information with them across the Web, members of the data portability community argue that its yet another move by Facebook to lock users in. At the same time, the question of how Facebook handles these permission requests and whether or not it's clear to the end user is a point of contention that further calls into question how a user's online identity should be handled.
We asked some experts in the field and here's what they had to say.
Update: Facebook has announced that it has suspended the controversial feature and will be "making changes to help ensure you only share this information when you intend to do so."
Facebook: It's All About Portability
First, Malorie Lucich, a Facebook spokesperson, told us that the impetus for the change comes down to enabling users to bring their information with them, rather than forcing them to type in the same information wherever they go:
We want to make it easy for people to take the information they've entered into Facebook with them across the web. This new permission gives people the ability to control and share their mobile phone number and address with the websites and apps they want to use for more efficient experiences. As always, no information will be shared with an app or website until a user explicitly chooses to share it.
David Recordon, a senior open programs manager at Facebook and member of the OpenID Foundation, commented yesterday that the feature was intended to offer precisely this portability. "Given that I trust Kickstarter enough to give them my credit card information, I also trust giving them with my address," wrote Recordon. "Why should I need to type my address in again versus them being able to ask me for it?"
Other members of the data portability community, however, see things differently and call into question Facebook's methods of data sharing.
A Central Hub or Cog in the Machine?
"The problem is not that the user can (and must be able to) choose to access their data from Facebook on a 3rd party site," said Chris Saad, co-founder of the Data Portability Project and VP of strategy at Echo. "The problem is that Facebook has architected the whole thing from the beginning to be an exclusive hub and spoke relationship with them rather than a peer to peer relationship on the open web."
According to Saad, Facebook's intentions are simple - to get third-party sites and apps to rely entirely on Facebook for user information. "It's like giving a taster," he said. "Paying comes later."
Alana Joy, an independent digital strategist, agreed with Saad that Facebook was vying to be the central hub, rather than another cog in the machine.
"Facebook seems to be more concerned with positioning themselves as the official global 'people registry', harvesting users' information for profit," said Joy, "than they are about providing a safe place for individuals to share their lives with only those they choose to."
Of course, Facebook founder Mark Zuckerberg has said rather plainly that the company wants to push people's boundaries and expand the idea of public versus private. A key point that the company stands behind is that the user is given the opportunity to decide whether or not they share this information, both in privacy settings and in the permissions dialog.
"We introduced the granular data permissions model last April to make it clear to users exactly what information an app or website is requesting, allowing them to make more informed decisions about whether or not they want to proceed," said Lucich. "That being said, we're always looking into ways to make the platform user experience as positive and clear as possible."
With Third-Party Apps, It's All or Nothing
"Something bugs me about the Facebook connect privacy options," said Bizannes. "When you connect, you see what permissions you have to give, but you don't have an option there to deny individual permissions."
According to Facebook, apps should only be requesting information they absolutely need and therefore, were a user to deny access, the app wouldn't be able to function anyway.
"The reason why people can't pick and choose what data to share is because the app needs the requested information in order to perform its core services, such as photo access for a photo app and birthday date access for a calendar app. Developers are required to only request the information it needs to provide a customized experience," wrote Lucich. "Ultimately, it's up to the user whether or not he or she wants to grant an app access to their information."
Bizannes argues that the current model of permission forces users to blindly accept and allow the sharing of their information, "because they know if they click 'no' they don't get any access to the app."
"Users should have the ability to decide upfront what data they permit, not after the handshake has been made where both Facebook and the app developer take advantage of the fact most users don't know how to manage application privacy or revoke individual permissions," argued Bizannes. "Data Portability is about privacy-respecting interoperability and Facebook has failed in this regard."
On The Other Hand...
Inside Facebook's Josh Constine takes a more tempered approach to the whole thing, suggesting that instead of kowtowing to fear, Facebook should "instead push forward while minimizing negative outcomes by helping users make [a] more informed decision."
Constine's article echoes Recordon's sentiments, reminding the fearful that Facebook has been diligent in other instances and made sure that third-parties were dealt with appropriately when they mismanaged user information. The new feature may ask users for more in terms of personal information, but "there are many benefits to allowing developers to ask users for their contact information," writes Constine. "Mobile phone number access could power apps that act as up-to-the-minute communication hubs between groups of friends, allowing members to be notified by SMS when friends are nearby, want to plan an event, or upload new content. Home address access could let ecommerce sites pre-populate delivery details during checkout, leveling the playing field so smaller merchants can compete with established giants like Amazon that have already forced users to type in their address manually."
Saad argues that Facebook continually ups the ante without properly notifying its users.
"It's obvious that most users don't understand the bargain they're making - and that's mostly because Facebook keeps changing it," said Saad. "The same prompt that once granted some basic permissions for authentication now grants permission to your whole life."
Pete Warden, a big data guru who recently found himself on the wrong side of Facebook's line between public and private, says that a big result of this new feature will be for third-party sites and applications to figure out who you really are.
"The most interesting part of this change is the ability it gives companies to connect Facebook accounts with information from offline databases," said Warden. "There's a treasure-trove of marketing data available for every household in the US that they'll now be able to use to profile their Facebook users for everything from buying habits to income, children and pets."
According to Warden, this sort of data will help sites connect your activities to your real identity in ways that were previously not possible.
While the word "privacy" has been a sore point for Facebook over the past year, is it that Facebook is entirely cavalier with user information or is it just that its scale provides an easy target? Warden said that Facebook isn't much different from many other sites. "They're just behaving like the rest of the marketing world, the only difference is that they're under a lot more scrutiny than everyone else."
To Share or Not to Share?
In the end, does this come down to the simple question of whether or not you should ever share this information if you don't want it to be public? This is a solution that many users advocate. On the other hand, should users be petitioning for a more granular control over their information, wherein they can make more individual decisions over when and where they share what information? The fact that Facebook wants to be your one true login is no secret and the company will continue to push the boundaries in this realm. How will most users react?
"Most people won't care until they personally are victimized by it," predicted Alana Joy. "Like the gentleman whose profile picture was used in a Facebook ad for singles when he is a married professional with a family. [...] It really does illustrate just how Facebook can and will do whatever they want with whatever you post there."