privacy – Stay N Alive

Path’s Privacy Problems Aren’t Path’s – They’re Apple’s

The world is up in arms about how the mobile application Path, which I covered here as one of the next social networks to watch, has been sending users’ phone directory data back to the service. As someone that knows the founders and trusts what they’ll do with the data, I didn’t give it a second thought, but the concern is valid. I’d like to suggest that the problem isn’t Path’s though. In fact I warned about this before.

4 years ago, back in 2008, as Apple launched their own app platform and directory for developers to the public, the mobile app Loopt went through a similar controversy where it automatically sent an SMS to everyone in the user’s phone directory, without their permission. In this case, just like Path, the service assumed that users would be okay with sharing this data in order to make the service better. In both cases, there were many offended that this was happening.

I responded with an article of my own (again, this was in 2008!), suggesting that Apple needs privacy controls on their devices. Before any application can access phone numbers and other sensitive data from the phone, the operating system itself should be warning users that data is being retrieved, and ask the user’s permission. In fact, Android devices already do this to an extent, and services like Facebook do this before any application can access sensitive data about an individual.

It’s hard to believe that Apple has taken 4 years, and still hasn’t implemented any such controls. It’s, to me, not too much of a worry that apps like Loopt and Path are accessing this data, as both apps are good companies run by good people that have good intentions for this data. However, there are many applications out there that may not have such good intentions. In every case, it should be up to the user to decide, and know when their personal data is being transferred to a 3rd party application on their device.

So I’d like to turn the argument back around to Apple, not Path – why are you allowing 3rd party applications to access my data without my permission? It’s time well overdue to give users some control over their sensitive data.

Facebook to Google+: "Hey Look, We Have This Too – It’s Right Here!"

Facebook announced an expected update to its service today that is scheduled to be released on Thursday. It’s a simple one, which brings to the forefront features that Facebook has had all along and Google+ has been getting all the attention for lately: The ability to target posts and elements of a person’s Facebook profile to specific audience, and see what it looks like to that audience as a whole.

I wrote about the release of Facebook Friend Lists back in 2008 when Jason Alba and myself launched my first book, I’m on Facebook–Now What??? Soon after, Facebook made it possible to finely target posts to just those audiences – I use this feature often, although up until this Thursday, it has been buried under an interface that didn’t seem to put privacy and the realization of privacy at the forefront of the experience. For a network focused and invested in privacy and private social graphs, I always thought this was quite odd.

On Thursday, along with each post to your friends, you’ll be encouraged to select an audience for that post. That audience can be to public (there is no 100% “public” option on Facebook that search engines can see, with the exception of Facebook Pages), friends, and “customize”. It’s much more a part of the experience now, and with each post you share it will be abundantly clear who that post is being shared with. It is basically just an interface change from the functionality they had before.

Facebook has always had the ability to view your profile as other people (Google+ likely learned this from Facebook). It was just buried deep in your privacy settings (Account->Privacy Settings->Connecting on Facebook/View Settings->Preview my Profile). However, with the new change this button will be right on your profile page, just like the Google+ interface, in a nice, easy to find location. In addition, you’ll be able to click next to individual elements on your profile, much like Google+, and change your privacy settings right on your profile.

The only really new thing Facebook is rolling out with this launch is the ability to preview photos and posts you are tagged in before they appear to your friends or in the posts and photos themselves. This in and of itself is a very big change. However, the majority of changes, while very welcome changes in my opinion, are just user interface updates.

Google reacted to Facebook’s poor (yet still robust) privacy interface by launching Google+. Now Facebook has responded back by improving that interface, as I’m sure many expected. It seems as though Facebook is responding to Google, not with many new features, but a “Hey look, we have this too – it’s right here” response. Indeed, those features are there, and it will be great that everyone can finally find them and enjoy what has been my favorite feature of Facebook for the last  3 years.

To see what it looks like, you can view the screenshots below. Also, see this article on for a great overview of the new features. Here are all the new features being released on Thursday:

The Power of Google+: Privacy "Circles" the Entire Experience

Facebook has always had one strength that no other social network (other than perhaps FriendFeed) has seemed to fully get: The fact that you could add friends to lists, and target your updates so only those lists, and specific people you chose, can see the updates you post. I share this in my presentations often – it’s Facebook’s best kept secret. The problem is just that – it’s currently buried in the Facebook interface and not many people know about it.
With Google+ it’s different though. The entire experience is built around its equivalent to Facebook lists: Circles. From the very beginning you have to choose who will be in what circle, and every time you add a friend it automatically pops up your list of circles with little to no effort. To “friend” someone, you don’t friend them – you add them to one of your lists. It’s that simple.
Not just that, but the default privacy setting on Google+ is nothing. If I just post on Google+ without saying where I want it to go, no one but myself will see it. I have to specify a Circle just for anyone to see this. It forces me to make a conscious decision before I post as to who will be seeing my updates. I think it’s genius!
With Facebook, the friendship is always 2-way. This forces a much more intimate environment, but a closed one as a result. No one can just “follow” me and get the updates I want them to see. I have to let everyone into my network, and as a result, they have to let me into theirs. As a result this does cause closer relationships and more of a social contract, but it also keeps me from posting updates that Google and other 3rd party bots can index, or that just anyone can follow.
On Google+ it’s not that way – they take more of a Twitter approach, allowing anyone to “follow” anyone, no matter what. In a sense, this puts Google Circles at a greater risk to putting Twitter out of business, as it takes the Twitter follow model and lists, and adds privacy settings to it, using those lists to make that happen. I bet we’ll see Twitter do this in the near future as a response to Google Circles. 
Regardless, Google Circles, alongside a “follow” strategy removes the need for any type of Brand page like Facebook Pages, and allows the poster to completely decide who, and what sees the posts that they share on Circles. Not only that but they are 100% conscious of those decisions the entire way (as long as someone doesn’t reshare their private posts to a more public stream, which is possible right now if you don’t consciously turn off the ability to reshare, which is buried).
The biggest thing Google did right this time around is they did what no other social network was doing. They took privacy, and put it smack in the face of the user to make their own conscious decisions. There’s no avoiding Circles in Google+. It greets you every step of the way and that’s quite a pleasant thing to see in a world of growing privacy concerns.
I’m excited to see where Google goes with this. I’m extremely excited to see how Facebook and Twitter compete in this new game. The cool thing about it all is the game is no longer focused on who has your social graph or your content (although that is certainly a part) – it is now about who has the best privacy controls and that’s a great battle to sit between as a user.
As always, you can follow me on Google+ at

Authenticity vs. Anonymity: Would We Exist if the Constitutional Convention Met Publicly?

In a recent conversation surrounding my involvement with Utah’s FOIA equivalent legislation (called GRAMA) I brought up the point that this nation was built upon people willing to stand up for who they were and risk, quite literally, their lives for that decision. The point was brought up however, that the very premise of what founded the United States constitution was done so in a secret meeting, the Constitutional Convention. At the same time, secret societies such as the Boston Tea Party and other secret gatherings also led to the very public battle which led to this nation’s freedom from Tyranny at the time. So it got me really thinking – are there times when meeting in secret and more anonymous environments really can help and really do benefit society? I found myself rephrasing the question however, instead wondering, “Would we exist if the Constitutional Convention that lead to this great nation’s Constitution being framed did not meet in secret, but rather met in public, for all to participate and vote?”

I’m brought back to the discussion awhile back where the anonymous site 4Chan’s founder, Chris Poole suggested that “anonymity is authenticity, it allows you to share in an unvarnished, unfiltered, raw and real way. We believe in content over creator.” In a sense, that’s what the Constitution’s creators were doing. They were allowing themselves to participate in an anonymous (“Committee of the Whole” – taken from the Articles of Confederation which allowed groups to meet together in private if they participated as a committee) environment, free from scrutiny or criticism of those in their supporting states that were against forming new laws for the new nation. As a result, they, supposedly, were able to be more creative.

I’d like to paint that in a different light though. What would have happened if the Constitutional Convention instead met in public, allowing the public instead to have full participation in the activities? Would we have come up with the same document? That’s hard to tell.

Instead, in a meeting where the intended outcome was to just ratify what was in the then current Articles of Confederation, they instead ended up creating an entirely new document. In fact, when they finished there was quite awhile where several participating States were not in agreement with what happened and were angry such a major decision happened in private. In the end though, even those States agreed and we have what is now our Constitution, fully supported by every State in the Union. In the end everyone did end up agreeing. Even after grievances were aired, people still ended up at the same conclusion.

So I wonder – would there have been as many grievances after the fact if the Constitution weren’t written in secret? Would we have written a document that everyone could agree on faster, and have more people on board from the start if it was done in a public environment? Or would it have taken even longer and had much more argument from the public as a result of it being written in a public setting?

Now take that further. Let’s put this idea in a modern, 21st century environment. What would have happened if the Constitution were written, in Public, using tools that we have available today? What if everyone could collaborate and participate using their own name on social networks such as Facebook to communicate opinions and ideas en masse to their Legislators? What if we had collaboration tools for writing documents like Google Docs and Microsoft Word’s new collaboration features? Could we write such a document in public? Could the public come up with such a lasting document as what the original Founding Fathers of the United States came up with?

The truth is I don’t know the answer, but the Social Technologist in me wants to think that this is more possible than ever before today.

I’m a huge fan of authenticity. I hate anonymity. I don’t like things happening in secret. Chris Poole said, “To fail in an environment where you’re contributing with your real name is costly.” I think to fail in an environment where you’re contributing with your real name is brave, and where heroes are born. To me, those that do things in secret are cowards, and nations aren’t built on cowards. Our legislature, as well as the constituents that communicate with that legislature, should be doing their dealings in public in as many ways as possible, under their real names in an authentic manner. However, I’m still torn on whether there still might be times we need at least a little anonymity.

These are the things I’m dealing with right now as we contemplate the future of Open Records in the Utah Legislature. I’d like to make this a model for all to follow. How would you approach the issue?

Image courtesy

Huffington Post to Scare Users About Their Addresses, Phone Numbers

I decided I should prepare you for what is to come. You’re already seeing (hence my title – you can read more here), and will see over the coming weeks a hailstorm of critique, saying Facebook is sharing your phone numbers and addresses with third party sites and applications. Huffington Post’s (see the link above), and I predict many others to come, are, and will be absolutely incorrect. The truth is 1) we don’t know exactly what Facebook is going to do (and hence it’s too early to freak out anyway), and 2) we do know Facebook isn’t going to just share your phone numbers and addresses with 3rd party sites. Huffington Post makes this sound like they’re giving it away like candy.

Here’s what will likely happen:

  • Facebook will require 3rd party websites and applications to prompt users before they can access any information about you. This includes your phone number and address, and means websites and applications can’t just get this information WITHOUT YOUR PERMISSION.
  • Facebook will prominently display a warning when an application or website is trying to get your address or phone number, and you will be completely aware your address or phone number could be used by the application. IF YOU DON’T WANT TO GIVE AWAY YOUR ADDRESS OR PHONE NUMBER, DON’T GIVE ACCESS TO THE APPLICATIONS THAT ASK FOR IT.
  • There is also rumor that Facebook will be preventing minors from being able to give away their phone numbers and addresses to 3rd party applications and addresses. This is something only Facebook can do, unless a minor is posing as an adult – unlikely.

Let’s set the record straight. FACEBOOK IS STILL THE MOST PRIVACY FOCUSED WEBSITE FOR CONSUMERS ON THE PLANET RIGHT NOW. They will be even more so after this feature. What’s the other option? Applications can ask you to manually type in your address and phone number each time you log in. If you’re okay with that experience, maybe you shouldn’t approve applications to have your phone number and address. Heck, maybe you shouldn’t be on Facebook in the first place – at least Facebook is trying to make that process easier.

In the case you choose not to be on Facebook, be especially careful – Gmail, Yahoo Mail, Google Contacts, and even financial services like Paypal don’t even offer this level of granularity. If you give them access, 3rd party websites get access to all your information, phone number, address, and all. In fact, for many of those services I listed, not only do you give your own address and phone number, but you give your friends’ addresses and phone numbers as well. Facebook doesn’t even allow that.

So I caution you over the next couple weeks – don’t believe the sensational headlines. Be prepared to stand up for your privacy. Facebook’s next move makes things more private, yet accessible, not less. At the same time fight that Gmail, Google Contacts, Yahoo, Paypal, and others all offer this level of granularity to 3rd party websites. At least Facebook is doing something about it.

For more background, be sure to read Facebook’s post where they phased this out in preparation for a better version here.

Privacy is Not an On and Off Switch – "Do Not Track" is Not the Answer

Victoria Salisbury wrote an excellent blog post today on “Who’s Creepier? Facebook or Google?“.  I’ve been intrigued by the hypocrisy over criticism of Facebook’s own very granular privacy controls when sites like Google, Foursquare, Gowalla, Twitter, and others have an all-or-nothing approach with some things (location and email in particular) that are even more private than anything Facebook is currently making available at the moment (if you want some good examples read Kim Cameron’s blog).  The fact is that Facebook, despite the amount of private data available, will always be my last resort as a hacker when I want to track data about an individual online due to the granular control of data available, and lack of default public data.  However, despite all this, even Facebook isn’t at the ideal place right now in terms of privacy. The fact is my private data is still enclosed on Facebook’s servers, and with that, there will always be some level of risk in storing that data, no matter where it is.  So what’s the solution?

Browsers such as Mozilla and Chrome are now beginning to implement “fixes” around this problem of tracking data about users across online services (note my article on how even Wall Street journal is tracking data about users), called “Do not track.”  The extension, or in some cases native browser functionality, seeks to give users the option of completely turning off the ability for sites to track a user around the web, removing any personalization of ads and in some cases the removal of ads completely from the browsing experience.  This experience is fine and dandy – it gives the user an option.  But as my friend Louis Gray puts it, “all it does is ensure off-target ads with a crappy experience.”  It is clear an on and off approach is the wrong approach, and I fear those behind these extensions and browser integrations are missing out on an important opportunity.

So where can we go from here if “Do Not Track” is not the answer?  The answer lies in the problem I stated above – the problem being that individual user information is being stored on 3rd party servers, without the control of users and assumed risk of relying on a 3rd party.  We saw this as Facebook made a temporary mistake earlier in 2010 when they launched Instant Personalization on 3rd party websites along with other 3rd party website features, but in doing so accidentally opened up a majority of their users private information with little notice to users (I did get an email warning of the change, however).  Facebook quickly fixed the privacy problem with even better privacy controls than before, but by that point the damage was done.  It was proof positive that there is huge risk in storing private information on 3rd party websites.  The advice I give to customers and users and news organizations in interviews I give is, “if you’re not okay sharing it with the world, don’t share it at all, regardless of privacy controls.”  It’s an on or off solution at the moment, and I’m afraid there are no better choices.

There is a solution though.  Chrome, and Firefox, and IE, and every browser out there should be working towards this solution.  We need to take the granular controls that sites like Facebook provide, and put them in the browser.

Awhile back I spoke of a vision of mine I call “the Internet with no login button.”  The idea being that using open technologies (we already have Information Cards, for instance), the more private information about users can be stored in the browser, reducing the risk of that information being shared by accident with 3rd party websites.  Rather than something like Facebook Connect (or Graph API), for instance, a browser-driven version of OpenID would control the user authentication process, identify the user with a trusted provider (Facebook, Google, Religious institutions, Government institutions, you choose), and then be able to retrieve private information about individuals directly from the browser itself.

The fact is I already use tools to do some of this.  1Password, for instance, allows me to keep a highly encrypted store of my passwords, credit card, and other data on my hard drive and provide that data, as I choose, to the websites I visit.  A browser-native experience like this would make this process automatic.  I would specify which sites I give permission to have my data – name, address, phone number, email, location data, etc. – and I would also be able to choose what users have access to that data.  I could then choose to store my more public data on services such as Facebook and elsewhere, with the same option to still store it on my own hard drive if I choose.  With such a fine-tuned integration my more private information is completely in my own control.  My browser controls access to the data, not any 3rd party website or developer.

At the same time keys could be given to 3rd party websites to store my data on their servers.  In order to render that data, they need my computer’s permission to render the data.  The solution is not quite evident yet, but some how a trusted, separate service should be able to provide the permissions to render that data, and when that permission is revoked, all data, across all 3rd party websites, becomes disabled.  Or maybe just a few sites become disabled.  The goal being control is completely handled by the user, and no one else.  Maybe sites get disabled by my browser sending a “push” to the sites, forcing their data of mine to delete completely off their servers (or render useless).

Chrome and Mozilla have a huge opportunity here, and it’s not to provide an on or off switch for privacy.  I should be able to decide what information I want to be able to provide to ads displayed to me, and that data shouldn’t come from Facebook, Twitter, or Google.  My browser should be controlling that access and no one else.  Privacy belongs on the client.

I’m afraid “Do Not Track”, in the browser or by government, is no the answer.  There are better, much more granular solutions that browsers could be implementing.  It is time we spend our focus on a dimmer, not an on-and-off switch, for the open, world wide web.  I really hope we see this soon.

Facebook Shows its Hand in Privacy

I spoke earlier how I didn’t buy the claims against Mark Zuckerberg trying to steal away our privacy and con people into becoming more public if they didn’t chose to do so. Today Facebook made that even more clear in a press conference I attended by phone by stating their intentions, and introducing an even newer, more simplified, more granular privacy control model that launches today.

The new settings enable, via simple controls, for users to chose at a high level whether they just want friends to see their data, whether they want friends of friends to see their data, or whether they want to customize that data at a piece-by-piece level.  Users that set this will then default to this setting with any new feature Facebook releases in the future, making users able to be confident their privacy will not change.  In addition, Facebook is enabling users to opt out of the “Instant Personalization” settings completely.  Instant Personalization enables third party websites that have partnered with Facebook to, with the user’s ability to opt out, collect user information with the intent to make the experience for that user more personalized and more relevant on each site that implements these controls.  Users will be able to opt out of this completely, and also set granular controls as to how applications have control over their privacy.  Users will also be able to control how people see them in the Facebook search and directory much better with the new settings.

Mark Zuckerberg, Facebook’s CEO and founder, had a sincere tone at the press conference, wanting to be absolute sure they had no ill will, nor intentions to sell user data to advertisers, or disrespect user privacy in the process.  He was very clear that along with allowing people and helping them to be more open and share better, Facebook held the same priority towards enabling users to have complete control over how public, or private that data was as they used the site.  He admitted they rushed to launch their previous features and hoped that this new round of more simplified settings made it easier to understand what users were getting into, and at the same time allowed them to set specific settings to their comfort level on the site.

I think Facebook laid down to rest any concerns users have had about privacy.  They showed their hand, and, while a Full House at Facebook, I think those that just quit Facebook over privacy will be forced to fold.

Facebook will be gradually rolling out the new settings to all users starting today.  If you’re in Utah, be sure to watch Fox 13 KSTU at 5:30pm and 9pm (you can watch online here) for more as I discuss these new settings with Nineveh Dinha.  I’ll try to post those videos later.  See screenshots of the new settings below:

Mark Zuckerberg – A Cheater? A Stealer? I’m Calling Calacanis’ Bluff

Mark ZuckerbergI give – I call.  I’m getting really tired over all the “I’m deleting my Facebook because they have gone corrupt” posts all over the place.  Some of the smartest minds in the industry (and those I respect most) are all doing it, even Leo Laporte, and it’s breaking my heart.  I don’t understand how any of these people can talk about Facebook with any grain of salt after this without some level of bias.  How can you talk legibly about Facebook from here on out if you’re not using the service?  How can you know how to compete properly if you’re not using your competitors’ products (ahem, Matt Cutts)?  How can you know whom to invest in unless you’re truly trying out all the biggest players in the game?  It doesn’t make sense to me.

Jason Calacanis wrote a scathing letter to his e-mail list today just ripping apart Mark Zuckerberg, coining a term I’m not sure I want to repeat here since it’s almost a curse word (okay, he coined the term, “Zucked”).  He called Zuckerberg a liar, a cheater, a backstabber, and even inferred he had Asperger’s-like tendencies (which anyone who has or knows someone with Asperger’s should be offended).  According to Calacanis:

“Zuckerberg represents the best and worst aspects of entrepreneurship.
His drive, skill and fearlessness are only matched by his long
record–recorded in lawsuit after lawsuit–of backstabbing, stealing
and cheating.”

I’ve heard elsewhere Zuckerberg compared to a Nazi, and other Facebook employees all “drinking the Kool-Aid” they were being served there.  I’ve been called names myself for supporting them.  I really feel bad for those at Facebook right now – quite honestly, as a company, despite their audience, they’re not that big!  Bullying them certainly isn’t going to help.

Let’s address the Zynga issue that Calacanis seems to be basing much of his letter on (the reason Calacanis calls Zuckerberg a liar and stealer).  As a Facebook developer myself, and having addressed, consulted and discussed with many very successful Facebook developers as both a consultant and author of Facebook development books (see the upper-right, and a Dummies book on the way), I’ve seen the pain of many, much more than just Zynga, that have been affected by what Calacanis is talking about.  Zynga is the last of the successful developers that managed to make millions by building applications on top of itself.  I know one  developer that went from 0 to 2 million users in just a couple weeks in the early days of – it was a mad GoldRush!

The problem, however is that none of these developers adapted.  Facebook gave them all the tools they needed to adapt and move outside the platform, and I’ve seen very few actually take Facebook up on that offer.  Facebook gave the hints that they were pushing in that direction and no one followed.  Zynga is just now realizing that as they build their own website – it’s the smart thing to do, and Facebook hasn’t abandoned them in the process.  Facebook, in fact, has pushed Zynga in that direction, offering tools, plugins, protocols, and many other ways of building outside the Facebook platform, while still enabling them to maintain their existing user base on itself.  Zynga’s finally doing the smart thing here, and Facebook wants that to happen!

The crazy thing here is Zynga probably has one of the closest relationships with Facebook of any Facebook developer I know.  Sure, Facebook is trying to make money off of what Zynga does in their own environment, but can you blame them?  It’s Facebook’s own environment.  They have every right to control their own IP, and every developer on the platform should know that by now – I’ve written about it many times.  Every company needs a core. I’m a little jealous of the relationship Zynga has built with Facebook though – there is no reason to feel bad for them.  And they’re now working on their own core as Facebook helps them through that process.  I don’t see anyone lying, cheating, or stealing from anyone here.  Is Facebook supposed to be giving their IP away?  I don’t get it.

Now let’s talk privacy.  Were you aware that Facebook actually gives users a chance to debate privacy policy changes when they go into place?  For every change to Facebook’s terms that goes into place, users have the opportunity to complain, react, and share their feelings in whatever manner they feel necessary about new changes put into place.  The November policy changes (which were probably the biggest recent change) were proposed here (if you really have problems with the Privacy changes you really should subscribe to the updates, that is, unless you’re no longer a Facebook user):

“Facebook has proposed an updated privacy policy. We encourage you to view the proposal and offer your comments here <> by 12:00 PM PDT on November 5, 2009. For future policy updates, become a fan of the Facebook Site Governance Page.”

When this was proposed, users were overwhelmingly for the changes.  Comments were overwhelmingly in a positive tone, resulting in the changes being adopted.  Had users complained back then, the changes would not have gone into place.  This is actually the same process that got Beacon reversed.  New changes were again proposed on March 26, shortly before F8, when the OpenGraph initiative was announced.  Users again overwhelmingly supported the changes, and on April 22, the new changes were accepted.  It was on April 23 that Matt Cutts, and others deleted their Facebook accounts – I’m very curious if they even tried to make their concerns known on the Site Governance site.  It should also be noted that Facebook issued press releases for each of these proposed updates – Mashable covered it.  ReadWriteWeb covered it.  So did TechCrunch, in vivid detail.

So I don’t get it – Facebook is opening up more than they have ever before (despite these same people calling them a Walled Garden before).  They’re the only site out there with a policy in place that actually lets users vote on privacy and policy changes.  They’re the only site out there with the ability to provide any level of granularity towards privacy (did you know you can specify specific groups, exclude specific individuals and groups, and get very specific with exactly who sees your status updates on Facebook?  That’s only the beginning.).  Facebook seems to be making all the right moves, yet they’re Nazis.  They’re liars.  They’re cheaters.  They’re stealers.  All this doesn’t compute!  I don’t see Google doing any of this.  And talk about taking developers out of business – Google’s the biggest culprit of all!

I’m sorry Jason, but calling names isn’t how you win Poker either.  It’s time we start encouraging Facebook’s moves, hoping they continue this momentum to become more open.  It’s time we start educating users that they get to vote on this stuff before it goes live (which they did!).  It’s time we start helping to get the word out to users on what is private and what is not in their Facebook accounts now that the changes have gone into place.

I’m sorry, but I’m getting sick of all the bloggers and so-called “experts” complaining about this when they didn’t do anything to stop it in the first place.  This, especially, when we’re given so many options!  Right now they’re all starting to sound like a bunch of complainers to me.  Am I really the only one that sees this?  I feel like I’m the only one writing about it.  Maybe it’s time I fold, or is everyone else just bluffing?

Yes, Facebook Broke Your Trust, and Yes, That’s a Good Thing

It seems like every other post I read these days is about whether Facebook violated users trust, or whether they were wrong, or right in opening up more.  It’s eerily repetitive for someone that’s written 2 (and 3rd on the way) books on the subject and who’s been following Facebook pretty intimately for the past 3 or more years since they launched their platform and exploded like wildfire.  Originally, it was “Facebook is too private”, or “Facebook is a walled garden”.  Suddenly, Facebook opens up, and it happens again, but this time “Facebook is too open”, or “Facebook killed privacy”, or “My trust has been violated”.  I don’t know why it bugs me, because this happens every year, some times a few times a year, and Facebook still keeps exploding like wildfire.

I’ve been debating this privacy post for awhile now, but I really want to get some thoughts out.  For a long time before Facebook became “open”, I had a post in mind where I really wanted to share why I thought Facebook’s “private by default” rules were cheating its users.  At the time, users were sharing information, but they really didn’t know that, despite the “walled garden” they were in, it was pretty easy to do a quick search on them, and, with just a simple Facebook account you could have their work history, name, location, picture, parties they got drunk at, and much, much more information all available to the public.  Look at this picture – this was in 2007!  Heck, even as far back as 2005 all they had to be is a friend to get access to that information – you apply for the job, they send a request, you accept because you want the job, and voila, all that information, exposed.  (Note that this picture doesn’t reveal the fact that most people didn’t lock down the pictures they saved)

Image courtesy, via Matt McKeon.

In the book I wrote with Jason Alba way back in 2007 (I’m on Facebook–Now What???), we shared these exact concerns – they were nothing new.  We shared the example of the “30 Reasons Girls Should Call it a Night” Group on Facebook, and warned, “Always be careful with what you put online, anywhere… photos, comments, thoughts, opinions.  Don’t write or upload something you might later regret!” (Chapter 8, Page 76).  We shared examples of people getting fired from their jobs simply because their friends were co-workers when they stated they were going to be sick and posted about partying all day on their Facebook profile.  We also shared (Page 44) that basically all your information was available to your friends and your entire network(s) by default at the time.  Remember – this was back in 2007.  Facebook had this problem way back then, and it’s amazing that this stuff is still very applicable!

The problem with starting out private is that users are being tricked into thinking their data will never be exposed.  It’s too difficult to know what is open, and what is private.  Sure, privacy controls are cool and all, but what good are they if no one knows how to use them and everyone just assumes that everything they put on the service will remain between just them and their “friends”?

That’s the dilemma Facebook “faced” as they had a “private by default” mentality.  In reality, being “private by default” was bad for the users because the users were being tricked into thinking their data could never become public.  Let’s face it – anything with a search box at the top that lets you search amongst at a minimum your friends, but in reality, at least since 2007 and even earlier, has the potential for the information you shared on that service to be discovered by anyone on the network itself.

Facebook had to make data public by default for them to be fair to their users.  Facebook was in a tough position to be in, but it was a necessary “evil” for the better good of their service.  Now, users can know with 100% certainty that the data they share is public by default and they should be careful before sharing it.

“But, Facebook should have made that opt-in”, you say?  The problem with that is Facebook would have still been cheating their users.  Instead, Facebook sent an e-mail to all their users notifying them of the change, and gave them the opportunity to opt-out.  In addition, the next time you logged into Facebook, all users (note that, according to Facebook’s stats, over half of Facebook users log in at least once daily) were prompted to adjust their privacy settings if they didn’t agree with the changes.  They did that again as they added new features, and thus, new privacy settings you could opt out of.

The fact is that Facebook had to open up in order for them to be fair to their users.  In my opinion, Facebook was being unfair to their users by not being open by default.  The fact is, regardless of this change, Facebook still has the best privacy controls of any service out there, and still gives you the most control over your privacy, but at the same time everyone now knows they have to set it to be so if they choose to be private.  At the same time everyone now knows they should now think twice before posting that drunk photo of them at the party last night.  At the same time we are becoming a much more open, less anonymous society.

Privacy is good.  So is openness.  Identity is good.  Anonymity is not.  By making Facebook a more open place, they are encouraging us, as a society to be more open about what we share.  They’re encouraging us to become more forgiving of one another.  They’re encouraging us to do fewer things in closets, and encouraging more to come out.  They’re encouraging entire regimes to share more, and thus, changing the world in the process.

While Facebook broke all of our trust, I think they’re making it right by making us a much more open society.  They’re removing anonymity amongst us in the process, and we’re growing because of it.  I hope they continue to build privacy controls.  At the same time I hope they continue to encourage us to be a more open people.  Let’s stop lying to ourselves – your data, when on the web, is almost never 100% private.  We need to stop cheating ourselves of that fact.

Is Google’s Position Towards Default Privacy a Good Thing?

I’ve been openly critical about Google’s lack of privacy in their launch of Buzz (and I argue other things as well), and its’ opt-in attitude towards opening up contacts and settings people previously thought were private.  That doesn’t change.  However, I’d like to spend some time here playing devil’s advocate and share how perhaps, Google starting with an open approach may be a good thing for Google in the long term.  Let me explain:

There’s no doubt that Google opening up all our data at the launch of Buzz is making people think more about Privacy.  I’ve had a post in the back of my head for quite awhile now that I was going to write on how I think Facebook could have made a mistake starting with a focus on privacy, as now people just assume that everything they put online is private, when in all actuality there is no way that will ever happen 100%.  Because of Facebook, people are getting more comfortable with posting their lives online, and while, even if Facebook remains a private environment for those people (in many cases it isn’t), they are now becoming more comfortable posting that information elsewhere, assuming it will remain private in those places as well.

I think Facebook could have done their users a disservice by giving them that comfort.  What if, instead of starting out private as Facebook did, they instead opened up everyone’s profile by default, and enabled them to choose what elements they want private after that?  Make people completely aware their information is 100% public, and then it is up to those people to decide what they share online, and what they would prefer stays private.  I think there would be a lot more education amongst users this way, and people would think twice before sharing things online.  Of course, Facebook wants people to share in easier ways and in a more comfortable environment to make sharing as easy as possible, so this isn’t going to happen, but it may have been even more in the right by defaulting to public on more things.  Ironically, these types of moves are what is getting Facebook a lot of flack as is, regardless of whether there are privacy controls in place that users can still turn on.

So perhaps Google is doing a good thing here.  Even the optimistic Louis Gray says we’re all wearing tin foil hats by criticizing their lack of privacy.  By starting public (while I still argue turning what was previously private into a completely open environment is completely wrong, and it seems they’re backtracking to try and fix this), Google is encouraging each and every one of its hundreds of millions of users to think twice before sharing anything online.  Google is taking a risk here by making people think twice, since it makes money off of the content you share.

I fully predict Google will be adding more and more privacy controls as they move forward.  I agree, maybe they launched too soon before having these privacy controls in place.  One thing they may have done right though is that they are making us think twice about sharing.  They’re making each of us think about what goes online, and what stays off, and how comfortable we are with what we want public.  I think that’s a good thing, and more companies should be defaulting public, rather than private, until the general internet audience gets used to this type of environment where we know everything we share could very well be made public for the whole world to see.

I encourage you to step back and think about this – I agree, privacy is a good thing, but could the default to public be even better?  Are users being educated with this move?  It’s an interesting move by Google – let’s just hope they can get more privacy controls in place for users to choose from as they do it.