Dec 112009

Facebook is always in the news for something or other, it seems. But this week it’s in the news because of changes to its privacy model. Some of these changes are welcome and may even be effective, but many threaten to be disastrous for users’ privacy, to the extent they haven’t already been.

I myself do use Facebook, albeit reluctantly. It seemed like something I needed to do if I wanted to have any credibility as a cyberlawyer, to go there and see how it worked and what the appeal of it was. Because its appeal wasn’t at all obvious to me: there was nothing Facebook offered in its closed, proprietary way that basic Internet technologies didn’t offer in their more open and flexible way. I’ve never understood the point of closed systems. I didn’t get them back when AOL was the closed system of choice either. As an Internet user, why restrict yourself to the finite universe of content and users AOL or Facebook provides when there is an unlimited universe just beyond its borders in the Web at large?

But perhaps I’m not sufficiently crediting individual preference. Just as I preferred a large university to a small college, many others prefer the exact opposite. Small feels safe. Predictable. Knowable. Limited. So perhaps that’s why so many people have liked Facebook, because it felt like a quiet cul-de-sac away from the tumult of the information superhighway. A quiet place for just you and your friends. But maybe it’s not the quiet, out-of-the-way place people thought after all, thanks to Facebook’s inadequate privacy model.

There are lots of horror stories about Facebook users being “outed” in some unfortunate way in their real lives by something seen on their Facebook pages, like people being denied insurance coverage for looking too healthy, or even fugitives ending up captured because they posted about where they were. But interesting as those stories may be, what I want to focus on is the illusion of privacy Facebook fosters for its users, which thus enables so many to later be blindsided when content they thought was private is later proved not to be. In particular, I want to focus on the weakest link: friends.

The Facebook privacy model has many limitations, not the least of which is the cryptic and unintuitive UI that prevents even the most privacy-conscious people from using what privacy protections Facebook does afford as effectively as possible. But the most major shortcoming may be on its conceptual model of privacy through relationships.

In real life, it’s a sensible model. You know whom in your life you trust, and with what information. You know who will keep your secrets, and you endow people with your information accordingly. Facebook, however, despite its concept of “friending,” does not adequately mimic real life “friending.” Real life has degrees of friendship, whereas for Facebook it tends to be all or nothing and it is hard, if not completely impossible, to endow “friends” with varying degrees of your information in the kind of nuanced way you would in real life. I myself don’t have too many privacy concerns with Facebook — most of my Facebook content is my Twitter stream, which is public anyway — but I still “friend” fairly few people because it presupposes an underlying relationship of trust I’m not always sure is well-founded.

To be fair, some of the current changes to the Facebook privacy settings give back a little more control by plugging some of the biggest holes, like by doing away with geographical networks. Personally I think there could be some utility in geographical networks, but the Facebook implementation never came close to capturing it. Instead it presumed trusted relationships among members of these potentially enormous communities where none should ever have been so assumed. Thus any change by Facebook ceasing to presume trust is a good one and most welcome.

But even among Facebook relationships that aptly analogize to trusted real life ones, there remain underlying trust problems. It is simply too easy for someone, someone who ordinarily would guard your information with appropriate discretion in real life, to expose it online.

Admittedly, Facebook is not the only problematic online forum for this kind of thing. People who post about their own lives on the Internet inherently threaten to reveal information about the lives of the others they interact with. Often there’s enough obfuscation that those other people may effectively remain anonymous, but it’s become a particular issue for those who tend to tweet about where they are. It may be fine to let people know your GPS coordinates when you are at a train station, but what about when you are at someone’s home?

But sometimes it’s not a lack of discretion that causes too much about another to be revealed: sometimes it’s the tool itself that causes such disclosure, and here again Facebook is justly criticized for its architecture that makes it so easy to reveal so much about others — and its insistence that there’s nothing wrong with that. In Facebook’s view, certain information is never private in the first place, such as information like friend lists.

I offer an example of why Facebook is wrong about that: I know someone who is somewhat famous, and as a consequence of his fame he needs to guard his privacy more carefully than most. If he wanted to use Facebook to intermediate his connection with his fans perhaps this situation would be less of an issue, but his lack of disclosure (in fact, his previous outright denial) of any Facebook presence suggests he is not interested in using it as such, as is clearly his right to decide. If he did want to use Facebook simply for communicating with immediate relations, with all his privacy settings locked down, plus a fairly common name, he should be able to stay pretty well hidden on Facebook except to those immediate relations he revealed himself to.

Such as his brother, whom I also know a bit, and who happened to have commented on a status update appearing my news feed that was posted by someone else I’m “friended” with. I wasn’t yet “friended” with the brother, who also has a common name, so I clicked on the comment to see if he was the person I knew. His profile was pretty well locked down so there wasn’t a whole lot of information to go on, except there was his friend list, right there in the open. And there in the middle of his it was the smiling face of his brother’s avatar. I guess he was on Facebook after all.

Does this kind of thing matter? Well, in theory Facebook users like them are still ensconced behind their locked-down profiles, and they don’t have to respond to any friend requests they don’t want to. Of course, then they have do deal with the not-inconsequential social consequences of ignoring friend requests. But let’s not look past the basic problem: if you thought you were hidden, wouldn’t it be alarming to discover you actually were not?

Moreover, what other such surprises are out there? What other information about you is escaping from your control? And who is getting access to it? While Facebook has relented somewhat on whether friend lists should be public, the only option it offers is to hide your own list; you still can’t force your friends to hide you on theirs. No matter how well-placed your trust in your “friends” that they will protect your information with appropriate discretion, there’s only so much discretion the Facebook tool will allow. In addition to the limited and confusing privacy settings interface, the Facebook application programming interface is also notorious for allowing app developers to suck in large amounts of its users’ data, including large amounts of their “friends'” data as well, when people use those applications.

But what’s most concerning about the situation is that Facebook’s users don’t expect it. Facebook fosters the illusion that it’s a private place, when in reality it is already anything but (and perhaps even pointedly becoming even less so). Ironically it is Facebook, which gave us the term “friending” as a verb, which is proving to be no friend to its users at all. In real life a friend who shares information about another indiscreetly will face real social consequences, including a loss of trust. Perhaps it’s time for Facebook start to face that consequence itself.

 Posted by at 4:49 pm

  One Response to “Friends don’t let friends friend them on Facebook”

  1. I really like facebook for getting my old coworkers email addresses and contact numbers.
    I am just socially inept to keep up with friends’ faces and names. And The time flies. A couple of years become 10 years and you barely remember their faces anymore.
    I do try to limit my post to minimum knowing nothing is private on internet but I’ve also got addicted to twitter. It was quite fun to twit while watching a hockey game.
    Anyway how’s your life?

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>