Sunday, 16 May 2010

Facebook privacy or celebrity: We choose

I’m not one to knock large corporations for poor data protection practices – you just never know when that email may come from that very same corporation, offering me a challenge even greater than the one I’m currently dealing with. But I thought I might make a few comments on a trend that some data protection wonks have been commenting about recently.

It’s about the extent to which individuals cherish their privacy. Or perhaps it’s more about the extent to which they are prepared to trade their privacy for celebrity. And it appears as though some of the largest social media players have recognised this trend and are making it easier for people to become celebrities in their own right, by giving the rest of us ever more ways of finding out lots about them.

Take Facebook for example. I’ve recently seen a really interesting report which looks at the way they have continually changed their privacy policies over the past 5 years, which have had the cumulative effect of making it far easier for users to share information about themselves with others. Indeed, it’s become so easy (thanks to the default privacy options) that some commentators are expressing a degree of unease at both the direction and speed of travel. Have they gone too far? Are they simply “responding” to the wishes of Facebook users, as evidenced through a global pattern of focus groups, or has a decision been taken elsewhere within the organisation to lead their users to revealing information that more suits Facebook’s commercial aspirations, rather than their users’ social aspirations.

Of course the jury is out on this one and I suspect it may be out for some time. But for those who are interested of the evolution of privacy policies, take a good look at this example. What was once private is now only private if you choose to make it so.

But is this necessarily a bad thing ? Perhaps we all need a good kicking once in a while to remind us that we should never be complacent at what we place online, as the expectations of those we shared it with may change – and perhaps in ways we did not originally anticipate.

Facebook Privacy Policy circa 2005:
No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.

Facebook Privacy Policy circa 2006:
We understand you may not want everyone in the world to have the information you share on Facebook; that is why we give you control of your information. Our default privacy settings limit the information displayed in your profile to your school, your specified local area, and other reasonable community limitations that we tell you about.

Facebook Privacy Policy circa 2007:
Profile information you submit to Facebook will be available to users of Facebook who belong to at least one of the networks you allow to access the information through your privacy settings (e.g., school, geography, friends of friends). Your name, school name, and profile picture thumbnail will be available in search results across the Facebook network unless you alter your privacy settings.

Facebook Privacy Policy circa November 2009:
Facebook is designed to make it easy for you to share your information with anyone you want. You decide how much information you feel comfortable sharing on Facebook and you control how it is distributed through your privacy settings. You should review the default privacy settings and change them if necessary to reflect your preferences. You should also consider your settings whenever you share information. ...
Information set to “everyone” is publicly available information, may be accessed by everyone on the Internet (including people not logged into Facebook), is subject to indexing by third party search engines, may be associated with you outside of Facebook (such as when you visit other sites on the internet), and may be imported and exported by us and others without privacy limitations. The default privacy setting for certain types of information you post on Facebook is set to “everyone.” You can review and change the default settings in your privacy settings.

Facebook Privacy Policy circa December 2009:
Certain categories of information such as your name, profile photo, list of friends and pages you are a fan of, gender, geographic region, and networks you belong to are considered publicly available to everyone, including Facebook-enhanced applications, and therefore do not have privacy settings. You can, however, limit the ability of others to find this information through search using your search privacy settings.

Current Facebook Privacy Policy, as of April 2010:
When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. ... The default privacy setting for certain types of information you post on Facebook is set to “everyone.” ... Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.

Many thanks to Kurt Opsahl of the Electronic Frontier Foundation for his work in creating this summary (and thanks also to the hacks at The Register who first drew my attention to it). More analysis can be found in Kurt’s article at