Facebook took a controversial step over the weekend that has privacy advocates concerned, again. The social network is now making users' mobile phone numbers and addresses accessible to applications as distinct categories of personal information. Alternatively, as Jeff Bowen's blog post on the Facebook Developer blog put it:

We are now making a user’s address and mobile phone number accessible as part of the User Graph object. Because this is sensitive information, we have created the new user_address and user_mobile_phone permissions. These permissions must be explicitly granted to your application by the user via our standard permissions dialogs.

Facebook received a fair amount of criticism about this move and, earlier today, announced, also on the Facebook Developer blog, that it would suspend this new functionality while it works to address users' concerns:

Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks.

That said, these additional fields are likely to still be exposed to applications in some form or another once Facebook finds its way through this privacy minefield.

Why the concern?

Essentially Facebook proposed adding your mobile phone number and address fields to the categories of personal information developers could access if you granted the appropriate permissions to their applications. If you have been using Facebook for an appreciable period of time, you have probably encountered the Facebook permissions dialogue box along the lines of the one above. This is the mechanism by which applications secure your permission as a Facebook user to access your personal information contained in your Facebook profile.

These permissions tend to include access to your Wall, your friends' lists, your name and profile photo. Where you give an application permission to access your personal information it is often used to give you a certain experience. For example, granting CNN access to your Facebook profile using Facebook Connect or the Open Graph API functionality gives CNN the ability to show you which of your friends read and recommended an article and publishes your comments about an article on your Wall. This functionality has some social value as friends' recommendations may be relevant to you and highlight something you may not have discovered on your own. The challenges have been whether users are sufficiently educated about how using this functionality affects their privacy and whether they have adequate tools to do this.

ReadWriteWeb published a post yesterday titled "Facebook & Identity: The Continued Push Toward Becoming Your One True Login" (the title itself nicely summarizes why Facebook is doing this in the first place) which explores objections to Facebook's plans and these objections largely focus on a perennial theme in Facebook privacy complaints: the degree to which users have meaningful control over their personal information.

Lack of granular control over profile information

One of the problems is how Facebook gives users the option to grant access to their profile information. The permissions are typically all or nothing and users are faced with a stark choice: agree to share their profile information and gain access to the application or refuse and lose out on the experience the application promises. Elias Bizannes summarized the issue quite nicely for RRW when he said the following:

"Something bugs me about the Facebook connect privacy options," said Bizannes. "When you connect, you see what permissions you have to give, but you don't have an option there to deny individual permissions."

Facebook's response to this criticism is that applications should only request the information they require at a bare minimum to do what they propose to do. Giving users the opportunity to pick and choose which categories of personal information to grant access to would mean that these applications would be hobbled and would not be able to fulfill their purpose. In the event an application mis-uses profile information or asks for more information than it requires, users have the option of revoking the application's permissions. Its not clear to me whether revoking an application's permissions would remove all traces of a users' profile information from the developer's control (I'm not familiar with how the profile information is passed to developers using the API) or whether the developer will still be left with the profile information passed along when permission was granted to the application.

One of the big problems is that abuses of this level of access to users' profile information have occurred. These are worrying because of the detailed picture Facebook has of its users which makes Facebook extremely attractive to advertisers. Facebook knows who your friends are, where you live, what your interests are, where you spend your time and so on. This information gives advertisers the ability to target their ads pretty accurately and with a greater likelihood of a positive response. The dangers of giving developers access to such valuable stores of personal information was demonstrated by a company called Rapleaf last year.

Centralized identity

Chris Saad, a co-founder of the Data Portability Project, took issue with Facebook's approach to identity, namely that it intends placing itself at the centre of your online experience with your Facebook profile as your core identity:

The problem is that Facebook has architected the whole thing from the beginning to be an exclusive hub and spoke relationship with them rather than a peer to peer relationship on the open web.

When you couple concerns about how much of your profile information developers have access to, the all-or-nothing approach to permissions and a centralized identity used to access an increasing number of social sites or sites with social capability care of the Open Graph API, you begin to appreciate both the value of a Facebook profile to advertisers (with a corresponding benefit to Facebook itself which relies of advertising revenue for a significant share of its income) and the risks to users' privacy if they don't fully appreciate that their activities on Facebook and on the broader Web may expose more of their personal information than they may intend.

To aggravate matters, Facebook's privacy policy has frequently been criticized as being too complex for most users to understand, as are the privacy controls Facebook gives users to help them manage their privacy settings. Of course, changes to Facebook's privacy policy has historically made managing privacy settings even more complex.

What now?

Fortunately, Facebook has decided to return to the drawing board and rethink how it proposes making users' phone numbers and addresses available to developers in light of criticism it received over the weekend.

The nature of the profile information in question necessitates that Facebook take great care safeguarding this personal information when giving users the option to make it available to developers. While some people may not be too concerned about their mobile number being passed along to third parties, a person's home address is particularly sensitive information.

While there may be value in being able to pass along your address and mobile phone number in more controlled circumstances to third party providers (you may want a retailer to know where to ship a purchase to you or get in touch with you to respond to a query); it is essential that this information is protected from abuse by unscrupulous third parties as well as from Facebook's own tendency to change its privacy practices and expose more personal information than users initially anticipated.

While we can only hope that Facebook acts responsibly, users should also take responsibility for the personal information they make available on their profiles. If you are deeply concerned about Facebook passing along your phone number and home address, remove that information from your profile! I have often recommended that when it comes to personal information that people decide, in advance, which categories of personal information are most sensitive and to never publish that information online. This sensitive personal information may include home addresses, identity numbers, phone numbers, children's schools and so on. That applies to Facebook as much as it applies to any online platform or service. You should assume that anything you publish online could be compromised and shared without your consent, regardless of Facebook's best efforts to safeguard your information.