Facebook’s Privacy Issues and the New Social Norm

By Mari Basson on 2010/05/19

Recently the New York Times reported on a big project called Diaspora– free social networking software with an openly available code. Diaspora will let users set up their own personal servers, hubs and grant them full control over the information they share. In just a few weeks Diaspora has more than 24 000 Twitter followers – a clear sign that they’re onto something that the Internet community agrees with.

Facebook and Security

Facebook has forever been battling its reputation with users, with privacy concerns in the spotlight since 2007 and now perhaps, more than ever.  

The earlier years put Facebook privacy under the spotlight due to security concerns. In August 2007, a configuration problem on a Facebook server caused the PHP code to display instead of the web page that should be called by the page. This Facebook faux pas raised major concerns about Facebook security and the privacy of users’ data. A Facebook user published the code to his forum and claimed that he had been served with a legal notice from Facebook.

“It was not a security breach and did not compromise user data in any way. Because the code that was released powers only Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further,” was Facebook’s official response on the matter.  

The Launch of Beacon

Later that year in November Facebook launched Beacon, an extension of Facebook’s advertising system that allows targeted advertisements and sharing activities amongst users. Beacon evoked major controversy due to privacy concerns amongst users and bloggers. Soon thereafter Beacon allowed users to opt out, or switch it off completely.

A law suit was filed against Facebook and corporations using in August 2008 alleging that the release of such information was in violation to the Video Privacy Protection Act, Electronic Communication Privacy Act, Computer Fraud and Abuse Act, California Consumer Legal Remedies Act, and the California Computer Crime Law. 

A month later Facebook shut down the service.

Holes in Facebook

A significant event further scrutinising Facebook’s privacy structures is an experiment of undergraduate student Adrienne Felt, in July 2007. She used the hole to import custom CSS and demonstrate how the platform could be used to violate privacy rules or create a worm. It took Facebook two and a half weeks to fix the hole.

In September 2009 a story appeared on Reddit: Facebook FAIL: A misconfigured webserver has leaked notes for 16,000 accounts with privacy settings turned on. (Mine was one of them). It links to a Facebook Search revealing Facebook users’ notes – some very personal. Upon further investigation it was revealed that all these users had Privacy settings in full effect. This again, raised concerns regarding Facebook and their security structures. 

Privacy Settings

Apart from faults and holes in Facebook’s security which brings privacy under scrutiny, there are many other Facebook settings that raise concern. As of 24 June 2009 a Facebook user’s profile is public by default. This includes the user’s name, location, pictures and pages. This is unless a user has specified otherwise – which surprisingly most users do not do. This means that most users’ basic information is visible to anyone. A user on Hacker News posts a rather interesting statistic: “Behavioral Economics studies show that when something is made a default, about 90-95% of people will keep that default.”

Facebook also reported that 35% of users interacted with their privacy settings after the changes rolled out early 2009, which leaves 65% of users who didn’t – either because they weren’t aware or didn’t mind their information being public.

Earlier in 2009 status updates were made public and searchable on Facebook, again tipping the social media giant into controversy. In an interview with Read Write Web Leah Pearlman, a project manager at Facebook explains the reasoning behind it: “…it's hard for people to tell the difference between users with similar names when looking for their friends. More publicly shared information would make your friends with common names easier to identify.” The article in which the interview appears goes on to discuss other reasons behind this; including competing with Twitter and for traffic and advertising purposes.

Another worrying factor for many Facebook users is that accounts can be deactivated but not deleted forever. The data will be permanent on Facebook’s server.

One of the most recent changes Facebook made is the option to display like Facebook like buttons on sites outside Facebook. If a user likes content this will be fed back to their Facebook account, but in many cases their profiles will be linked on the given site.

A user does have options regarding who they share their Facebook Data with, but once these settings have been made by the user, he or she will have to identify their chosen setting again once new data is added. Facebook also decided to forward users’ info to sites like Yelp, Pandora and Microsoft — this will personalise a users experience on these sites.

Social Norms and User Behaviour

With changes aiming to monetise Facebook put aside Facebook is adjusting their network to users behaviour in particular: "We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are”, says Facebook founder, Mark Zuckerberg. Frankly, users have skewed social norms and this is what Facebook is taking into account with its own settings.

A recent Interview on Mashable aptly titled: Public is the New Social Norm, Zuckerberg is quoted "When I got started in my dorm room at Harvard, the question a lot of people asked was 'why would I want to put any information on the Internet at all? Why would I want to have a website? And then in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people.” The Internet has changed who we are. 

It’s not just what Facebook’s doing. It’s what users are doing on the Internet everyday. Twitter is a massive stream packed with useless information like breakfast preferences. Blogs contain details on deepest secrets and sex lives. In this modern connected world it potentially takes just a few clicks to know everything about someone. Social Network users have a constant need to broadcast everything. And the truth is no one bats an eyelid until Facebook does it wrong.

To Conclude

There’s a difference between privacy as we know it on the Internet and privacy as we know it socially. And this is why, like most intelligent web networks Facebook is constantly refining its privacy settings to mimic our personal interactions and online behaviour. 

Ultimately, the question remains - who is responsible for new age Social Norms?  Will it be left up to Facebook to define it? Or will we take the lead?