The recent controversy about Facebook’s privacy settings and the (once again) updated privacy controls highlighted both misconceptions about what privacy is and what it isn’t in the context of the social Web. The new controls are aimed primarily at making managing Facebook privacy settings a little easier to manage. This is about being able to control –
- what personal information is published;
- how much personal information is published;
- where your personal information is published;
- who can see which personal information; and
- how long that personal information is made available.
A number of the Web’s more prominent pundits seemed to focus on the “privacy as secrecy” issue and missed what I believe is the more important point: privacy on the social Web is about choice, not secrecy. I talked about what I called the “privacy myth” in a post I published last year where I explored this idea in some detail. Its worth repeating a point I made in that post here:
In this context, privacy online becomes an exercise of identity management rather than a question of total control. When it comes to identity management the emphasis shifts from controlling whether and how much personal information is published to asserting a claim over personal information about you in an effort to create a more cohesive and accurate identity online. One of the reasons to do this is to reduce the risk of identity theft by providing a readily ascertainable body of information that represents you and which you have asserted is about you. A good example of a service that helps people do this is ClaimID which gives users an opportunity to state which websites, services and published information is linked to them and how.
When it comes to “privacy as secrecy”, users’ choices become pretty binary: either publish information or don’t. Facebook has taught us that even the biggest social services can be untrustworthy and any personal information you publish can be exposed when the company changes its policy. Of course that personal information could also be exposed through glitches, caching services, profiling efforts and aggregation services and functions. The point is that anything published online can be made more public than you may have wished or intended so a wiser approach is to decide, in advance, which personal information absolutely can’t become public and that personal information must never be published online. This sort of personal information may (and arguably should) include the following:
- your home address;
- your childern’s school;
- your identity number (although disclosing full birthdays erodes this); and
- credit card and other sensitive banking information.
Beyond that personal information which you hold most dear, you should assume that everything else could be made public without your specific consent and without you being made aware of it. That isn’t to say you shouldn’t still take advantage of your preferred social service’s privacy settings – you should.
The time may come when users’ choice is whether to remain on a social network or not. A number of people publicly terminated their Facebook profiles recently after the controversy following the F8 conference. I was tempted to delete my profile too but the problem with that is that doing so would remove you from one of the biggest social ecosystems online today. Facebook reportedly has around 500 million active users. That is a powerful network to be part of and removing yourself from it altogether is a pretty drastic step. That said, Facebook still has a long way to go to regain users’ trust (mine included) so the prudent course of action is to be more guarded about what you publish and how public you make that information.
Fortunately the new privacy controls do seem to give users more control over their personal information. That level of control extends to personal information Facebook previously deemed to be public by default as well as applications which can access users’ profile information. It was an important turning point for Facebook and a healthy reminder that Mark Zuckerberg doesn’t know best. Users are the best arbiters of how their personal information should be handled and what should be done with it. Services like Facebook shouldn’t interfere with users’ right to choose. Doing so makes profound inroads into users’ privacy.