Entries RSS · Empty promise of privacy in Facebook
The more and more I’ve started to think about it, Facebook’s applications are an exercise in personal information anarchy.
One evening at a bar, we were joking with my friends that it would be quite trivial to make an application to Facebook called “How sexy is your social security number?”, which would compare your SSN, bank account and other personal information in a “fun” way with those entered in to the application by your friends. The strangest thing about this is that this would most likely be in accordance of all Facebook’s privacy terms.
Couple of days ago I was quite surprised to see when my friend showed me how hot, geeky and so on I was ranked by, I suppose, my friends. The problem is that I’ve never used or ever given any permission for this application to use my profile picture or my name.
I’m pretty sure that in any European country, this would be illegal. Conveniently Facebook is located in USA, where privacy is somewhat looser.
I’ve not given my permission to these people or these corporation and their applications to use my picture or my name. Yet, because they discard any business ethics in their pursue of Google Adwords income, they cannot respect any privacy conventions. If people cannot compare all their friends (users or not of that comparison app) they will not use that application. There has to be enough information in the application for people to be interested in using it.
Because I do not use these apps, I cannot set any privacy settings in my profile. In their Privacy Policy, Facebook states that “If you, your friends, or members of your network use any third-party applications developed using the Facebook Platform (“Platform Applications”), those Platform Applications may access and share certain information about you with others in accordance with your privacy settings”. Yet, because I don’t have those applications added, I cannot control that use of my information. Facebook washes its hands by saying that “while we have undertaken contractual and technical steps to restrict possible misuse of such information by such Platform Developers, we of course cannot and do not guarantee that all Platform Developers will abide by such agreements”. This is quite similar to the defence YouTube uses when defending all the material on their site. Thanks to DMCA’s safe harbour sections, they can easily claim that they can’t be held responsible for their users actions. I don’t believe Facebook has the same defense against their third-party application developers pimping out people’s private data without their consent – their friend’s consent doesn’t count. They can use DMCA in their defense when people upload photos of featuring other people (identifiable) without the latters’ permission (which happens, well, all the time) – but even in this case Facebook goes so far as encouraging identifying people with their photo-person-tagging function.
As a citizen of a country with quite strict privacy laws, I find it rather strange that there’s an application on Facebook where people can rank certain aspects of me without me knowing about it. Even though I’m a blogger on Tech IT Easy, the premier tech blog, I have quite a broad rights to privacy (ie. I’m not a public person). In Facebook, I’ve understood that this means that applications that I’ve not given direct permission to use my personal information (like name and profile picture) cannot use them. I think it’s not enough that Facebook tells that they’re not abusing my data, when they can’t make any assurance of their third-party applications.
I’ve not given (or to my knowledge, neither has my profile picture’s photographer) rights for these applications to use my picture, which clearly identifies me. Yes, Some Comparison Application, Inc. might pull that image from Facebook’s database, but they do not have the right to use it in their context, without my explicit permission. The point that this information is only shown to people I’ve flagged as my friends who could anyway see my picture on my profile page does not count. You can take a look at the information any Facebook Platform application can get about you if your friend happens to use that application. As Facebook tells in their privacy terms, they make no guarantees what their thrid-party developers do with your information they got through your friend. (Your friend may have waived his rights to privacy by agreeing to some stupid EULA to get his/her hands on new smileys, but his/her agreement does not extend to you, or me in this case.)
I can clearly understand why any developer would like to code his Facebook application in this way. It’s far easier to gain the needed critical mass when most of your users are part of your application without knowing it. I find this morally at least questionable. I don’t know about the culture in USA, but at least in Finnish context, I find many of the uses of my personal information outside my control in Facebook quite offensive.
As I see it, a third-party application could only call users.getInfo on me if I had the application added myself (e.g. friends.getAppUsers, users.isAppAdded or users.hasAppPermission). This of course would be a major restriction on the Facebook ecosystem as it is today for the reasons I’ve mentioned above. Right now, this restriction is left on the shoulders of the developer. And, right now, the developers seem to use those functions only to find the users’ friends who dot not have this developer’s application added and to bombard them with invites.
When I last visited my school’s library, I noticed that in the textbook section, the shelves were full of international marketing books, but there were only couple of books titled business ethics. Is it really okay to pimp other people’s private data without their consent?
Like
Related posts:
- The life of a software developer 4/4: developing a Facebook application
- The value of Twitter vs. the value of Facebook vs. the value of having Neither [weekend ramblings]
- Serious concerns about privacy on the WWW
- A (Sci-Fi inspired) vision of Facebook's (or equivalent) future
- My favourite Facebook-app
Tags: business ethics, Facebook, Security
Europe, Facebook, Security, blogging, marketing, user-generated content, web2.0
It’s a pretty tricky situation. For instance, if one of your friends took your picture offline and decided to post a funwall of friends’ pictures on his house, is that a violation of your privacy? If you post your picture online and give access to your friends to view it, can they then use that picture in whatever application they choose?
If the latter were not the case, the situation would probably be as follows: Your friend installs an application which rates his friends. A notification is sent out to you whether you want to be rated, you can accept of deny, and I assume you will deny to be listed on hottest vampires of the 21st century? While this is probably much more privacy-respecting, I would also call it totally… party-pooping.
The only sure way to not have anyone use your data is to only upload data you want to share—with the knowledge that anything you share can and will be used against you—and to be very strict in your privacy-settings—which, apart from the 3rd party app situation you outlined, are surprisingly broad.
Incidentally, if you think about it, your argument is the same one employed by the media-industry against piracy.
The difference of the situations in your first paragraph’s examples is that the latter case is in public. The first example is covered by fair use.
Yes, and I do agree, your second paragraph, it is totally party-pooping and I do not mean to be a killjoy. Unfortunately, that is the “right” way to do it. On some level I do not mind that people rank me behind me back. The problem is that there are people developing these applications in violation of Facebook’s own privacy standards.
There are even some applications which send me directly e-mail that “your friend did something or other”. I’ve not given my friend or Facebook the right to give my e-mail address to this application. In simpler terms, some Facebook applications even go as far as to spam you.
The Facebook developer forums are full of ethical people asking how they could accelerate the membership numbers of their apps without resorting to these spammy and shady practices. Unfortunately, as long as the situation is this, they can’t.
Well as far as Facebook being a spam-engine, I am in total agreement. All the ‘walls applications are totally designed to spread crap virally, some of them have as an only link “fast-forward” below them, it’s not even about replying anymore. For some, Facebook has included labelling it as “junk,” but for others there’s simply no solution, except to go to the ‘notifications’ settings and turn off any applications that show up there, including labelling them as ‘spam’.
In your ‘privacy’ settings, in ‘other applications’ you can also turn off sharing stuff like your picture.
As I said, Facebook’s settings, when you dig deep down, are surprisingly extensive. Sure there are gaps, but I can’t say that they’re not working on it.
You can opt out of the facebook platform or of specifics apps.
You can also limit the amount of information that applications can grab.
It’s true that some devs are not respecting the TOS. But imho it should be user’s responsability to set the right privacy settings.
Anyway facebook is acting pretty good in this way now. They are coming over the downsides of the platform.
In my opinion, it’s the developers responsibility to respect privacy. It doesn’t make a single bit of business sense, but in my opinion the default should be opt-in and not opt-out.
I really agree that Facebook itself is doing the best they can now, but they should’ve acted earlier and, well, it’s still quite hard to trust them after the whole Beacon thing. It’s the third party applications I’m worried about.
Also there is a difference between for example your photo being put on a friends profile as a collage of friends, which I wouldn’t mind too much and any old person being able to rate my ‘attractiveness’, ‘friendliness’ or whatever; what will facebook do when some teen kills themselves because of lots of negative comments on them on a app like this?
So essentially I have no problem with others (who aren’t my friend) seeing my picture. I need it for profile searches as I have quite a common name so people can work out I am the right person in the search, but the problem I have is about people rating me and them storing other peoples comments on me etc without my permission or informing me.
I have found one app doing this, but I am sure there are many more – and I can’t block /opt out of them unless I know they exist (unless I block all apps), that’s the problem.
I’m not really sure that random people rating other people apps should actually be allowed on facebook in my opinion anyways, but I can see that perhaps an app where friends can rate friends who have opted in and only friends can see the comments could be quite fun and as you have opted in you would be aware of what was going on and could opt out if it stopped being fun for you.
On the comments of the app I found there was a girl who was very upset as people had been commenting on her saying she had stds and stuff and she didn’t even know she was on there – this is blatantly unacceptable.
Interesting aside: I wonder if my ‘attractiveness’ will be very different on different apps :S
I gotta say, Ruth, now I’m curious to see your picture
lol