If you've been reading my posts recently you are aware of (and perhaps share) my concerns about Facebook's inroads into users' privacy and, specifically, erosion of users' choices about how public or private their personal information should be. The growing privacy trend may well be towards greater publicity as Mark Zuckerberg has contended but its not for Facebook to unilaterally make these profound decisions for their users. Robert Scoble, a well known Web maven, recently wrote about how he wishes Facebook were more open. He lives his life in public and that is an intriguing way to live your life but he misses the point. The more I think about it the more I believe that the fundamental problem with Facebook's approach to privacy is that it disregards its users' right to choose their level of exposure to the public Web.

Facebook's representatives talk about how their are making it easier for users to connect to each other, share things with each other and find content customized for them through the recently announced Open Graph API. What they don't talk about is the labyrinthine privacy controls which include loopholes enabling friends to share your profile information outside your own privacy settings or how the new panels users are presented with to authorize connections to their Facebook profiles are all-or-nothing options. Faced with these panels, users are probably more likely to agree than they are to refuse access and in the absence of a degree of granularity in their choices, Facebook's personal information grab progresses.

There is growing dissatisfaction with Facebook's privacy moves as more and more people explore the ramifications of Facebook's developments (take a look at the headlines Jason Calacanis lists in his post on this topic). A number of relatively high profile individuals are publicly disabling or even deleting their Facebook profiles as a result. The challenge is that Facebook is so big that removing yourself from its ecosystem means opting out of a significant community of users. That can have an impact on a business that uses Facebook to promote itself.

We discussed our Facebook page internally and the extent to which we promote that page to our clients and followers. Facebook represents a noticeable traffic source to our main site but our reservations about Facebook require us to give careful thought to how much we promote our page. We've decided to retain our page and continue posting our blog posts to the page as a distribution channel. We'll also retain the "Recommend" button on our sidebar for the time being. We have removed the "Join us on Facebook" link we had in our main menubar though. It may not seem like much of a change but it is a start as we further evaluate the merits of remaining on Facebook. One reason to retain a presence on Facebook is keep our page open as a channel for our posts in which we highlight the risks of using Facebook.

The question whether to maintain a presence on Facebook is a difficult one and until their is a comparable alternative, it remains a challenge.

Changes to the Facebook Platform for developers

I’ve written about the legal labyrinth developers for Facebook’s Platform must navigate in a previous post. Facebook has outlined its changes to the Facebook Platform for developers in its post titled “A New Data Model”. The post describes the changes to Facebook’s Platform from behind the scenes. There are a number of interesting changes which are concerning.

Generally speaking Facebook is putting some distance between developers and users. Its new approach is summed up in this paragraph from the post:

These changes reflect two core beliefs: first, user data belongs to the user; they should have transparency and control over it. And second, you should be able to build relationships with your users; we should not be in the way. We hope these improvements will foster more trust and engagement for our platform and the applications and websites using it.

By putting some distance between itself and users, Facebook doesn’t have to take responsibility for errant developers who abuse the new levels of access they are being granted to users’ personal information. On one hand it probably lightens the administrative load on Facebook to keep a watchful eye on the Facebook Platform ecosystem but it also gives Facebook an excuse when a user’s personal information is abused: its not Facebook’s job to manage a user’s relationship with the developer. The hope is that developers will conduct themselves responsibly but there have already been instances of developers who have abused the system and misused users’ personal information through their applications.

For starters the permissions developers require from users to permit social applications and socially aware websites to access users’ profile information are not as granular as they were before Facebook shifted away from its previous Facebook Connect approval and authentication model. One of the changes is that instead of being required to approve a series of requests to reference different aspects of a user’s profile, all the necessary permissions are collection in a single dialogue:

While this certainly makes obtaining permissions from users a lot simpler for developers and gives the appearance of a simpler approval mechanism for users, it removes the option of allowing access to some parts of a user’s profile and not to others. Instead, using a social application or socially aware website becomes an either/or option for users: either they grant all the permissions requested or they don’t benefit from the social functionality of the site or the application.

Facebook has also removed the 24 hour retention limit on some profile information which, coupled with increased profile publicity thanks to changes to profile publicity in December 2009, increases the risk of users’ personal information abuse. Developers still require users’ consent to access and store their personal information and if they obtain explicit consent, they will be able to do more with users’ profile information than simply display it back to them. As a starting point developers will have access to users’ User ID, name and email address and, thanks to Facebook’s real-time updates, developers will also receive updates when users change their profile information which they have given developers access to.

One of the challenges with this degree of data retention and Facebook’s hands-off approach is that users will have to take greater responsibility for managing their profile information (as much as they can, Facebook has already decided that some profile information will be public by default and the majority of users are not savvy enough to change those defaults where possible). Another challenge is that developers are expected to publish privacy policies for their applications and websites and give users an option to delete their personal information. This is particularly concerning because once the information has been passed along to an unscrupulous developer, you can’t unscramble that egg.

These are just overviews of some of the implications of the new Facebook Platform. There are even more privacy concerns and a marked absence of adequate answers. As has become its habit, Facebook couches these changes in user friendliness and convenience terms which disguise the underlying threats to users’ privacy in the hope that more people will drink the Koolaid than will question its motives.

Complying with privacy law

As I mentioned above, Facebook requires developers to make sure they comply with applicable privacy laws. In South Africa developers should anticipate the Protection of Personal Information Bill which is making its way through Parliament. This legislation, when enacted, will likely require developers to publish a detailed privacy policy describing what personal information they will collect from users and what they intend doing with that personal information. I wrote about the essential requirements of a privacy policy in a recent post titled “Privacy policies that don’t suck”. The key issue there is to obtain informed consent from users to collect that personal information and process it in the manner the developer intends. Depending on what personal information the developer intends collecting, specific consent to collect personal information for a specific session may also be required.

To add to all of this, Facebook’s global nature may also necessitate that developers factor in privacy laws in other countries and regions. The European Union has a fairly developed body of laws and regulations dealing with data collection and privacy and developers may need to cater for these rules as well.

This is one of the challenges of Facebook shifting the responsibility for how developers interact with users’ personal information to the developers. Developers not only need to take care to comply with Facebook’s own policies but they also have to cater for privacy laws which may impact on their applications. For users the challenge is managing their personal information better on Facebook and taking care not to give permission to collect and process their personal information without first taking the time to understand exactly what will be done with it. This decentralised approach opens the door to even more abuses and users will be left picking up the pieces while Facebook shrugs its shoulders.

Facebook is becoming synonymous with forced publicity and a flagrant disregard for users' control over their personal information. It is also changing the way that large providers like Facebook and Google will treat users' personal information. It is almost trite that privacy as in secrecy is pretty much over for anyone who is active on the social Web. It sounds harsh and a little outrageous to make that statement (I'm not the first) but it is an uncomfortable truth. At the same time a new approach to privacy has emerged in the last couple years which could be the next best thing: privacy as in users' control over their personal information.

In a world where real secrecy online doesn't really exist, control over how much personal information to expose to who becomes really important. Meaningful control over your personal information is also referred to as "informational self-determination" and it is central to decent privacy policies. Facebook has made a number of changes to how it is handling users personal information and it has done so under the guise of giving users more control over their personal information. This is just insidious. What Facebook regards as more control over users' personal information is really a series of changes to privacy setting defaults and controls that appear more user friendly but really detract from the level of control users enjoyed previously. The last round of privacy control changes, for example, changed privacy defaults to "Everyone" for a range of personal information categories. If users weren't careful they would have exposed far more of their personal information to the public Web than they may have been comfortable with previously.

All of these changes are made under the auspices of Facebook's privacy policy which is amended using a curiously deceptive practice of being more transparent about the changes. Facebook publishes the proposed changes to its terms, the Statement of Rights and Responsibilities, and gives users an opportunity to comment. Here is how it works:

13. Amendments

1. We can change this Statement if we provide you notice (by posting the change on the Facebook Site Governance Page) and an opportunity to comment To get notice of any future changes to this Statement, visit our Facebook Site Governance Page and become a fan.
2. For changes to sections 7, 8, 9, and 11 (sections relating to payments, application developers, website operators, and advertisers), we will give you a minimum of three days notice. For all other changes we will give you a minimum of seven days notice. All such comments must be made on the Facebook Site Governance Page.
3. If more than 7,000 users comment on the proposed change, we will also give you the opportunity to participate in a vote in which you will be provided alternatives. The vote shall be binding on us if more than 30% of all active registered users as of the date of the notice vote.
4. We can make changes for legal or administrative reasons upon notice without opportunity to comment.

So users have an opportunity to comment on proposed changes but if the number of votes on the proposed changes don't meet the "30% of all active registered users", the vote won't be binding. Bear in mind that there are 450 400 million users and while not all of those users are "active registered users", 30% works out to a lot of votes! The current draft privacy policy and draft Statement of Rights and Responsibilities don't seem to have nearly enough votes or comments to meaningfully influence the amendment process. This means that these proposed changes will likely be implemented and users can expect even more of their personal information to be exposed publicly based on Facebook's determination that people are and should be more public.

Users will now find that much of their personal information is becoming publicly available, whether they like it or not. What does "publicly available" mean?

Publicly available information includes your name, profile picture, gender, current city, networks, friend list, and Pages. This information makes it easier for friends, family, and other people you know to connect with you.

Publicly available information is visible to people visiting your profile page, and Facebook-enhanced applications (like applications you use or websites you connect to using Facebook) may access this information. It does not allow people without Facebook accounts to contact you.

The latest changes also introduce a new way of handling your interests. According to the Facebook blog:

More Connected Profiles

Some of you added information about yourself, such as your likes and interests, favorite books, music and movies, when you first joined Facebook. But we've noticed that more than three times as many of you have connected to Facebook Pages, such as those for bands, non-profits, universities or anything else you care about, as a way to express yourself. So to make it even easier to display your affiliations, we've improved the profile.

Now, certain parts of your profile, including your current city, hometown, education and work, and likes and interests, will contain "connections." Instead of just boring text, these connections are actually Pages, so your profile will become immediately more connected to the places, things and experiences that matter to you.

Here's how it works:

• Opt-in to new connections: When you next visit your profile page on Facebook, you'll see a box appear that recommends Pages based on the interests and affiliations you'd previously added to your profile. You can then either connect to all these Pages—by clicking "Link All to My Profile"—or choose specific Pages. You can opt to only connect to some of those Pages by going to "Choose Pages Individually" and checking or unchecking specific Pages. Once you make your choice, any text you'd previously had for the current city, hometown, education and work, and likes and interests sections of your profile will be replaced by links to these Pages. If you would still like to express yourself with free-form text, you can still use the "Bio" section of your profile. You also can also use features and applications like Notes, status updates or Photos to share more about yourself.

This may not seem like a problematic change but it could be for someone who has interests that they may prefer to be kept relatively secret or at least limited to a smaller group of friends (take a look at the EFF's post about these changes).

Another controversial change is Facebook's plans to work with content providers it has pre-approved to share your personal information with them. What will happen is that you will see content more tailored to your preferences or profile when you visit these sites and will have to opt-out if you don't want to be greeted with this level of customization. This has attracted some attention and Facebook responded as follows:

We also received questions about the proposed new language in the Privacy Policy relating to our plans to work with some pre-approved partner websites to offer a personalized experience when you arrive at these sites. Based on your comments, we think it's important to clarify a couple of points, even though this program has not yet been launched or even finalized.

First, it's important to underscore that this will be a test with a handful of carefully selected partners to provide express personalization on their sites. These partners will be pre-selected, reviewed, and bound by contracts with Facebook – much like other partners we have worked with in other contexts to deliver unique and innovative experiences. For example, we're working with Yahoo! to integrate Facebook across their properties, AOL to integrate our chat with AIM, and we first partnered with CNN.com to make their broadcast of the Presidential Inauguration more social with the launch of the Facebook live stream application.

In addition, partners who participate in this test will be required to provide an easy and prominent method for you to opt out directly from their website and delete your data if you do opt out. There will also be new features on Facebook.com to help you control your experience when you visit these sites.

In sum, the core idea behind this test is to work with partners to enable them to present you with a better, more relevant, and tailored experience when you visit their sites. While we have not finalized these features or partnerships, we think this is an exciting opportunity to make surfing the web a smoother and more engaging experience for people who use Facebook.

Again, this may give rise to an improved experience of those sites for many but what about Facebook users who don't want their profile information to be handed to these content providers? What about users' choice whether to pass that information along like they have with the current Facebook Connect option many sites implement? Facebook has decided (or perhaps Mark Zuckerberg, Facebook's 20-something leader has decided) that we should be more public with our personal information and it is forcing a change in our habits to make the social Web fit this determination. I don't know about you but I object to that as a user and as a lawyer despite how public I am online. I want to have a choice what I want to share and what I want to keep private.

Instead we have posts from Facebook telling us how much better we would be if we shared more with other people and if we used Facebook more to do just that. This sort of thing sounds a lot like propaganda to me to support someone else's decision about my personal information.

I keep thinking back to that line in Spiderman where Uncle Ben tells Peter Parker that "with great power, comes great responsibility". Facebook has more than 450 400 million users. If Facebook was a country it would be bigger than the United States in terms of population below China at 1.3 billion people and India at 1.2 billion people. There are more than 1.5 billion people using the Internet. Facebook's users make up just less than a third of that number. By any measure, Facebook controls a significant number of people's personal information and rather than taking steps to protect its users who should be given meaningful control over their personal information, Facebook is adopting a very paternalistic approach to this and is making these decisions for us based on a consent we gave to a previous version of its privacy policy and terms (yes, this is a direct consequence of you just checking the "I agree" box and signing up with Facebook in the first place - how is that for the power of a site terms and privacy policy?). If this doesn't scare you, it should.

So what are the options? Opt out of Facebook? Perhaps but given Facebook's size and growing influence on the social Web that could be the equivalent of opting out of society and heading for the hills. Another option is to remove the personal information you don't want shared but that would just detract from your profile's value to your friends. It is a difficult dilemma for many.

The bottom line here is that Facebook does not respect its users' right to determine what is done with their personal information on Facebook, especially where those users don't want a stripped down Facebook experience.

As I pointed out in my previous post, there has been quite a bit of concern about Google Buzz's defaults and their implications for users' privacy. Fortunately the Gmail team (Buzz is part of Gmail) has been pretty responsive and has made a series of changes to Buzz in the few days since its launch. The Gmail team published a post on 13 February 2010 announcing further changes to how Buzz operates. The first change affects the auto-following behaviour many people are/were concerned about:

First, auto-following. With Google Buzz, we wanted to make the getting started experience as quick and easy as possible, so that you wouldn't have to manually peck out your social network from scratch. However, many people just wanted to check out Buzz and see if it would be useful to them, and were not happy that they were already set up to follow people. This created a great deal of concern and led people to think that Buzz had automatically displayed the people they were following to the world before they created a profile.

On Thursday, after hearing that people thought the checkbox for choosing not to display this information publicly was too hard to find, we made this option more prominent. But that was clearly not enough. So starting this week, instead of an auto-follow model in which Buzz automatically sets you up to follow the people you email and chat with most, we're moving to an auto-suggest model. You won't be set up to follow anyone until you have reviewed the suggestions and clicked "Follow selected people and start using Buzz."

This change will affect new users as well as existing users who will be shown a similar set of options and given another opportunity to confirm the people they are following. Other changes include optional connections with Picasa and Google Reader (despite those services only feeding public content items) and a new Buzz tab in Gmail's settings which will give users another way to limit friend list displays, Buzz's visibility in Gmail and even an option to disable Buzz completely. When it comes to restricting access to your stream to specific people, you should take advantage of contact groups in Gmail's contacts.

This method still requires you to set up your contacts lists or groups to take advantage of them but you can specify which groups of people can receive your Buzz updates. One way you would limit who receives your posts is by making your posts "Private" in Buzz and selecting specific contact groups. I haven't quite set up my contacts lists completely but here is an example:

What is not immediately apparent is how to block existing followers or set default post publicity/privacy levels if you are already using Buzz. When it comes to blocking existing followers, the option to block existing followers is accessible through the "XX followers" link (note the checkbox at the bottom that affects follower lists visibility):

The changes do address many of the concerns raised about Buzz but their benefits for existing users may be somewhat limited. New users can look forward to a very different initial experience with Buzz and far more control over their stream's privacy (or publicity, for that matter) and who can view their content. We've seen a number of changes in the last few days and it is clear that Buzz, like many early-stage Google products, is a work in progress. We will likely see further improvements and enhancements as Buzz becomes available to more and more users and is extended to Google Apps. At that point the product becomes a sort of enterprise product as it becomes available to Google Apps business users.

If you are interested in using Buzz, take the time to explore the various privacy settings and controls and make sure they are set to levels you are comfortable with. It will be worth it going forward if you decide to use Buzz as an extension of your social presence.