Tuesday, January 18, 2011

Facebook "Privacy" Advisory

Yes, scare quotes intentional.

In case you haven't already heard, Facebook is planning to allow app developers to access your address* and telephone number. This great new plan has been suspended (via) while Facebook reconsiders how it wants to go about doing this, but the suspension likely won't last more than a few weeks.

Salon and The Guardian have stories that ran before the suspension was announced.

Apparently, the original plan was going to "protect" your privacy using one of those pop-ups where you have to click to give permission:

Facebook permission request (screen shot)(embiggen)

Odds are, you're going to click that Allow button at some point, on purpose or by accident, so you may want to check to see if Facebook already knows your address and phone number, and if so, decide if you want to remove it.

You may not have this info stored in Facebook. It wasn't required at sign-up, at least for me, and in any case, it's not required that it stay there, if it is. To check, log into Facebook, click the Profile link in the toolbar running across the top of the page, and on your Profile page, click the Edit Profile button.

Facebook profile page (screen shot)(embiggen)

On the next page, click the Contact Information link in the left-hand column.

Facebook edit profile page (screen shot)(embiggen)

Make changes on the next page, if you like, and click the Save button at the bottom of the page if you do. You can just delete what's there, or, as Chris Miller suggests, put in something better, like the contact information for Facebook's customer service department. Assuming you don't know Mark Zuckerberg's cell number, I mean.

(h/t: KK, via email)

[Update 2011-01-18 22:38] See Comments for a link to Keith Olbermann's coverage of this latest news.

* If you're reading this, you budding curmudgeon after my own heart you, sorry. Yes, I could have said to have access to your, or for that matter, just access to, but I think using access as a verb is appropriate when talking about computers doing active things, such as a program grabbing information previously stored in a database. I notice you do not ban reference as a verb, BY THE WAY.


Jack said...

Olbermann's coverage

Brendan said...


So, what do you think? Is it best just to adopt the attitude that there are no secrets, and adjust one's life accordingly?

Or should we keep battling, even as KO's guest leads us to believe that most people don't care that much about the issue?

I am thinking here of the survey he mentioned, in which people said they would not be willing to pay a dollar a month for Facebook without all the data-snooping.

One dollar.

If that is really how most people feel, I have to say that it takes a lot of steam out of my urge to keep up the fight for privacy. Especially since it is only on other people's behalf, due to my living an entirely blameless life and thus having no worries about exposure.


Brendan said...

I got an email asking:

As B says, your street address and landline phone is already out there everywhere so what's the big deal if facebook posts it too?

Here is the response I sent, fwiw.

Yes, I meant street address, not email address. (You have to give an email address to get a Facebook account. To the extent that this is protected from sharing, you check the appropriate box in the privacy settings.)

I both agree and disagree with B about as to how much this choice by Facebook to share street addresses and phone numbers matters. What I said to someone else on the matter:

I agree that one's address and phone number are accessible elsewhere. Even if they're unlisted, in your phone company's definition, odds are, they're out there on the Web.

However, there's accessible and then there's accessible. I don't much mind if a human is looking for me, specifically, and wants to make the effort to look me up; what I like to prevent is machine-harvesting of my information. Especially when there's likely a lot of other related context that can be automatically gleaned at the same time, such as my circle of friends and family, what links I've clicked on through Facebook, etc.

In other words, as you will have no doubt realized, based on your more recent email about Spokeo, when we have programs that can roam around collecting data, it can lead to rapid accumulation of useful information, from which can be drawn results that may be fairly unsettling. To my mind, the difference between getting personal info through Facebook compared to automated mining of, say, real estate databases and telephone company directory listings, is that there is all that personalized information right in the same place, associated with a specific name.

(continued next comment)

Brendan said...

(continued from previous comment)

To sketch out why this could matter, observe that the Spokeo listing for me is fairly ambiguous, even given my rather unusual name and that you could further narrow it down to one state. Now imagine if some agency was, oh, I don't know, looking to make a collection of dossiers of all bloggers who had said mean things about John Boehner. (Or make it a real nightmare: who had said mean things about President-elect Palin.) As it stands now, someone could probably figure out with an automated approach that bjkeefe="Brendan Keefe" and could maybe figure out a few people with whom I'm likely to be friends online, by looking at where else "bjkeefe" has appeared in comments sections, etc. But with the Facebook personal network info, not only would such an agency be able to figure out which "Brendan Keefe" was me, they'd also know the names of some of my relatives and friends (and not just the online-only friends, but the meatspace ones). They'd know where I lived, what my phone number was (and probably my cell phone number, which is not too easy to get elsewhere), what I looked like (from people tagging me in pictures), and a whole bunch of information about my tastes, interests, and habits. All in one place, all easily swept up in an automated manner, all much more valuable because of the now-known interconnectedness of the data elements.

Don't forget, also, that not everyone is as smart as B (and you and me) about not posting online information that is not required to be posted. Many, probably most, Facebook users have the sense that they're in a private space when they're on Facebook, that only people who they have designated as friends can see their personal information. And I'm not sure, but I'd bet tall dollars that when one signs up for a Facebook account, the impression is created that a street address and phone number must be entered. Typically, when one is signing up for something online, the only clue that is given a field may be left blank is that it is not marked with an asterisk.

Finally, given that Facebook has something like 500 million accounts, it is THE go-to place for harvesting information. Again, it's not as though the information FB is planning to share isn't already out there; it's just that their choice makes it a lot easier to sweep it up and cross-correlate it using an automated approach.

Am I actually bothered that much about this, given how long this email is getting? No, not really. I long ago decided to post online only under my real name, and I've known for even longer than that what is possible using automated data collecting tools. So I've made my choices (based in part on a long-held cynical view about the loss of privacy), and I don't regret them. But it is the principle of the thing to me: not everyone has the same computer-awareness as I do, and I think it's wrong of a company to take advantage of their ignorance, rather than giving them sufficient information to make an informed choice.