Can you trust Facebook?

Facebook logo.pngThere was quite a bit of excitement today about Facebook. I noticed questions being posted on Twitter asking whether anyone else had experienced any problems accessing Facebook. My access was a bit slow so I thought there may have been a problem with Facebook’s servers. There was also some mention somewhere about Facebook possibly being hacked. Either way, I didn’t think too much about it because my access was soon pretty much restored. That was until I was asked by IM whether my inbox was still intact. It then transpired that people had been logging into their Facebook accounts only to find someone else’s messages in their Facebook inbox. There were also more mentions of messages being sent apparently from people whose inboxes had been exchanged for other people’s inboxes. In short, it was chaos.

I received a call from a journalist at The Times to ask me about the implications of this mess and I started looking at the small print on the Facebook site. There are two main documents on the site which seem to be relevant to the chaos on the site. The first is the Facebook privacy policy and the second are the terms of use. The big question is the effect of these errors or outages on Facebook and what people can do about it. The one thing that came to mind is that there is a movement towards using Facebook as a business networking site. What happens if discussions you are having with a potential business partner are suddenly presented to a competitor or just some unknown third party? What if your personal and intimate messages with some “friends” find their way into your wife’s inbox? What do you do then? What can you do?

The privacy policy begins with two principles. The first principle is that you can control how much information is made public and the second is that you can only access what others permit you to access. The policy then describes what information Facebook collects from its users and how its users can exercise a degree of control over that process. You may have strong views about Facebook collecting any information about you so it is worthwhile reading the policy which is written for the end user, you, and not in obscure legalese. This one paragraph caught my eye in particular because it struck me as being so relevant to this afternoon’s excitement:

You post User Content (as defined in the Facebook Terms of Use) on the Site at your own risk. Although we allow you to set privacy options that limit access to your pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your pages and information. Therefore, we cannot and do not guarantee that User Content you post on the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site. You understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content.

When it comes to sharing your information with third parties, the following paragraph sums up the Facebook policy quite nicely:

Facebook is about sharing information with others — friends and people in your networks — while providing you with privacy settings that restrict other users from accessing your information. We allow you to choose the information you provide to friends and networks through Facebook. Our network architecture and your privacy settings allow you to make informed choices about who has access to your information. We do not provide contact information to third party marketers without your permission. We share your information with third parties only in limited circumstances where we believe such sharing is 1) reasonably necessary to offer the service, 2) legally required or, 3) permitted by you.

Of course the use of all of these Facebook Applications complicates matters somewhat because these applications often take advantage of information contained in your profile and are developed by third party developers so you really need to be mindful of who these developers are and whether you consider them to be trustworthy.

One of my concerns was the security of my information on Facebook and I am happy to see that this is being taken relatively seriously by Facebook. When I chatted to the journalist from The Times earlier today I told her that Facebook users need to be careful about storing their credit card details on Facebook because is that information is not being secured then it can only go badly. Here is what Facebook is doing to secure your information:

Facebook takes appropriate precautions to protect our users’ information. Your account information is located on a secured server behind a firewall. When you enter sensitive information (such as credit card number or your password), we encrypt that information using secure socket layer technology (SSL). (To learn more about SSL, go to http://en.wikipedia.org/wiki/Secure_Sockets_Layer). Because email and instant messaging are not recognized as secure communications, we request that you not send private information to us by email or instant messaging services. If you have any questions about the security of Facebook Web Site, please contact us at privacy@facebook.com.

This privacy policy is pretty clear about a number of things including the fact that information you publish on the site is potentially being collected and used by Facebook in the course of its business. That information which may be shared with third parties may not be personally identifiable and you do have some measure of control over how much information is disclosed to whom. When I read the opening part of the privacy policy it occurred to me that the overriding message of the privacy policy is that we, as users, have a fair amount of responsibility for what we publish on Facebook. Sure Facebook collects some of our information but much of that depends on what you make public so if you don’t want people to know your phone number or home address, don’t publish it or only make that information public to your close friends. I was listening to episode 3 of Flamebait, a Mail & Guardian podcast, where Vincent and Nic were talking about some guy who started a search for a girl he saw at a party and who was eventually identified by someone who knows her. I don’t know if this guy was able to use the information he obtained through Facebook to make contact with this girl but this sort of thing is possible if you are not mindful of how much information you publish and where you publish it.

In the next part of this series of posts, I’ll talk a bit about Facebook’s terms of use and the possible issues that arise out of that …

Upload but remember your rights

There are so many file sharing sites on the Web today that it is becoming difficult to keep track of them all. There is a wealth of choice and so many ways to store, share and manipulate your content. There is also a hidden danger which you need to be aware of as a content owner.

Each of these sites have their own sets of terms and conditions governing use of the content to the site and what you may or may not upload. Popular examples of these sites include YouTube and Flickr for video and photo uploads, respectively. The reason why you, as a content creator, should be careful when you post to these sites is that once uploaded, your content may be licensed for use in ways you did not intend it to be used. An example of this was recently covered in the iCommons blog:

A friend of mine sent me a link to a message about copyright infringement involving Creative Commons (CC) licences at Buzznet, a community website that allows photo, video and text sharing.

Buzznet.com – serious theft, beware,? writes kmye-chan, a French graphic artist who found her works copied without permission by Buzznets users. Kmye-chan is angered, not just by people copying her works without permission, but also by the Buzznet system, which by default licences all works under a CC Attribution licence.

The gist of her argument is as follows: copying of works without attribution or permission is common on the internet. No big deal, I immediately think. Most of them didnt give credit, so I was going to ask them to credit me, she said. Proper attribution is all she usually cares about, because she feels that the rules of copyright serve as a hindrance to further copying of her works.

But through default open licensing with CC licences, the unauthorised copy becomes available under quite liberal conditions, to which the original author has not agreed. While regular copyright hinders further downstream copying through its all rights reserved rule, CC licensing on this type of site presents the unauthorised copy as available, often even for commercial reuse.

I think this is an important criticism: that the use of CC licensing, upon infringement of the downstream copies of a work, makes the unauthorized copying even more damaging to the author of the original piece.

It is ironic that a site that uses Creative Commons licensing would be subject to criticism for violating users’ own licensing conditions but this is just one example of a more pervasive risk. If you intend your content to be licensed in a particular way then you really need to do your homework and review the terms and conditions applicable to the site you are uploading to. More and more sites do support a variety of licensing conditions (Flickr and Zoopy.com [the Zoopy.com reference has subsequently been added as yet another excellent example of a file sharing site that embraces Creative Commons licensing – disclosure: Zoopy.com has been a client of this firm] are two good examples – they allows you to license your photos using a variety of Creative Commons licenses) and if you would prefer your content to be licensed under a specific license then check to see whether your preferred site supports that license.

The alternative is blindly uploading your content and, by doing that, granting a different license to the service concerned that you didn’t originally intend to grant. Basically, you give rights away that you originally wanted to retain. It is worth taking a few minutes and review the terms and conditions of the site concerned (or have your lawyer review them for you) before you make use of the service.