Yet Again, Facebook Misunderstands Privacy

Facebook recently announced a variety of proposed changes to its Privacy Policy and Statement of Rights and Responsibilities. You can review the proposed changes here, and in accordance with the website’s governance rules, Facebook users have until 12:00am PDT on April 3, 2010 to comment on the proposals.

There have been numerous, valuable commentaries on what these changes mean for user privacy. See, for example, Tech Crunch (and again here), ACLU of Northern California, ReadWriteWeb, All Facebook, and Inside Facebook.

In brief, the proposed changes to these governing documents point to the following matters, each with its own unique privacy implications:

  • Location-based services are coming soon to Facebook
  • Clarifying what it means when you share your status updates and posts with “everyone” and who can find that information
  • And most notably, Facebook will allow a small group of “pre-approved” sites to access your public Facebook data when you visit them even if you don’t use Facebook Connect to actively link your FB account to those websites. The sites would be able to discover your Facebook profile based on your cookie, see your friends lists and any info you share publicly, and use this data to — purportedly —  display customized content or cater to your particular likes. And all of this happens within an opt-out regime.

This final point has gotten significant attention (see the above links), so I won’t add to those critical comments here.

But I would like to point out a few aspects of Facebook’s new language that reveals — yet again — that Facebook simply fails to understand the nature of privacy, especially in our online information ecosystem.


Item 4.2 of the proposed Statement of Rights and Responsibilities dictates that “You will not create more than one personal profile.

By banning the ability to create multiple profiles, Facebook has eliminated a means by which many people control their identity — and the flow of their information — on the social networking site. Rather than trying to navigate Facebook’s complex privacy settings in order to set up various customized restrictions on the visibility of particular data elements, many users simply create separate accounts for their work-life and their personal-life, allowing a simple means to making sure that their weekend costume party photos aren’t visible to management at your day job (cuz it would’ve been awkward to deny your boss’s friend request).

But, it seems clear that Facebook has no interest  in allowing users to manage their multi-faceted identities through multiple accounts. Allowing multiple accounts creates inefficiencies in Facebook’s advertising modules, and is contrary to Mark Zuckerberg’s philosophy that information wants to be shared, and that the primary goal of Facebook has been to encourage people to overcome the “hurdle” of wanting to preserve some privacy online. Facebook simply assumes that if you want to share information, you want to share the same information with everyone, and that you can just go create a bunch of custom filters if you feel otherwise.

At the end of the day, this new “right and responsibility” takes away a simple method for users to manage the flow of information on Facebook. As a result, users now have even less control of their information on Facebook.

(Aside: The social network Moli built its business around allowing users to manage multiple identities within a single account. See my comments here and here).


Section 3 of the proposed Privacy Policy attempts to clarify some of the privacy settings changes Facebook thrust on its users in December, including making various pieces of user information permanently public. The “Connections” paragraph caught my eye:

Connections. Facebook enables you to connect with virtually anyone or anything you want, from your friends and family to the city you live in to the restaurants you like to visit to the bands and movies you love. Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.

Here, Facebook is reminding users that their friends lists and pages that they are a “fan” of — what FB now seems to gather under the term “connections” — are permanently public information. Facebook seems to assume that one’s “connections” are simply either public or private — that you either want everyone to see them, or no one. There’s no way to fine tune who can see the fact you’re a fan of Glenn Beck, or The Advocate, or Taco Bell.

What is most problematic with this section is the free counsel at the end: “If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.” In Facebook’s philosophy of information, any connection you make must be public, or you just shouldn’t make it in the first place.

I guess I shouldn’t be surprised that Mark Zuckerberg’s company would maintain such a short-sighted attitude towards privacy and provide such unrealistic (and paternalistic) advice to users on how to manage their information, I just keep hoping that things will be different next time.

(BTW, does this attitude remind you of anyone else?)

<Image from Albino Blacksheep video, “Do You Have a Facebook?“>

Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s