Can you trust Facebook?

Facebook logo.pngThere was quite a bit of excitement today about Facebook. I noticed questions being posted on Twitter asking whether anyone else had experienced any problems accessing Facebook. My access was a bit slow so I thought there may have been a problem with Facebook’s servers. There was also some mention somewhere about Facebook possibly being hacked. Either way, I didn’t think too much about it because my access was soon pretty much restored. That was until I was asked by IM whether my inbox was still intact. It then transpired that people had been logging into their Facebook accounts only to find someone else’s messages in their Facebook inbox. There were also more mentions of messages being sent apparently from people whose inboxes had been exchanged for other people’s inboxes. In short, it was chaos.

I received a call from a journalist at The Times to ask me about the implications of this mess and I started looking at the small print on the Facebook site. There are two main documents on the site which seem to be relevant to the chaos on the site. The first is the Facebook privacy policy and the second are the terms of use. The big question is the effect of these errors or outages on Facebook and what people can do about it. The one thing that came to mind is that there is a movement towards using Facebook as a business networking site. What happens if discussions you are having with a potential business partner are suddenly presented to a competitor or just some unknown third party? What if your personal and intimate messages with some “friends” find their way into your wife’s inbox? What do you do then? What can you do?

The privacy policy begins with two principles. The first principle is that you can control how much information is made public and the second is that you can only access what others permit you to access. The policy then describes what information Facebook collects from its users and how its users can exercise a degree of control over that process. You may have strong views about Facebook collecting any information about you so it is worthwhile reading the policy which is written for the end user, you, and not in obscure legalese. This one paragraph caught my eye in particular because it struck me as being so relevant to this afternoon’s excitement:

You post User Content (as defined in the Facebook Terms of Use) on the Site at your own risk. Although we allow you to set privacy options that limit access to your pages, please be aware that no security measures are perfect or impenetrable. We cannot control the actions of other Users with whom you may choose to share your pages and information. Therefore, we cannot and do not guarantee that User Content you post on the Site will not be viewed by unauthorized persons. We are not responsible for circumvention of any privacy settings or security measures contained on the Site. You understand and acknowledge that, even after removal, copies of User Content may remain viewable in cached and archived pages or if other Users have copied or stored your User Content.

When it comes to sharing your information with third parties, the following paragraph sums up the Facebook policy quite nicely:

Facebook is about sharing information with others — friends and people in your networks — while providing you with privacy settings that restrict other users from accessing your information. We allow you to choose the information you provide to friends and networks through Facebook. Our network architecture and your privacy settings allow you to make informed choices about who has access to your information. We do not provide contact information to third party marketers without your permission. We share your information with third parties only in limited circumstances where we believe such sharing is 1) reasonably necessary to offer the service, 2) legally required or, 3) permitted by you.

Of course the use of all of these Facebook Applications complicates matters somewhat because these applications often take advantage of information contained in your profile and are developed by third party developers so you really need to be mindful of who these developers are and whether you consider them to be trustworthy.

One of my concerns was the security of my information on Facebook and I am happy to see that this is being taken relatively seriously by Facebook. When I chatted to the journalist from The Times earlier today I told her that Facebook users need to be careful about storing their credit card details on Facebook because is that information is not being secured then it can only go badly. Here is what Facebook is doing to secure your information:

Facebook takes appropriate precautions to protect our users’ information. Your account information is located on a secured server behind a firewall. When you enter sensitive information (such as credit card number or your password), we encrypt that information using secure socket layer technology (SSL). (To learn more about SSL, go to http://en.wikipedia.org/wiki/Secure_Sockets_Layer). Because email and instant messaging are not recognized as secure communications, we request that you not send private information to us by email or instant messaging services. If you have any questions about the security of Facebook Web Site, please contact us at privacy@facebook.com.

This privacy policy is pretty clear about a number of things including the fact that information you publish on the site is potentially being collected and used by Facebook in the course of its business. That information which may be shared with third parties may not be personally identifiable and you do have some measure of control over how much information is disclosed to whom. When I read the opening part of the privacy policy it occurred to me that the overriding message of the privacy policy is that we, as users, have a fair amount of responsibility for what we publish on Facebook. Sure Facebook collects some of our information but much of that depends on what you make public so if you don’t want people to know your phone number or home address, don’t publish it or only make that information public to your close friends. I was listening to episode 3 of Flamebait, a Mail & Guardian podcast, where Vincent and Nic were talking about some guy who started a search for a girl he saw at a party and who was eventually identified by someone who knows her. I don’t know if this guy was able to use the information he obtained through Facebook to make contact with this girl but this sort of thing is possible if you are not mindful of how much information you publish and where you publish it.

In the next part of this series of posts, I’ll talk a bit about Facebook’s terms of use and the possible issues that arise out of that …

Comments are closed.

Powered by WordPress.com.

Up ↑

%d bloggers like this: