FaceBook Screwed Up User Data Again. And Their Sorry This Time. Really. Kind Of.

So, Facebook changed people's default email addresses so that the facebook.com email address became the default, replacing whatever email the actual human connected to the email address had chosen as their default. And people didn't like that.

Sad Facebook

But Facebook is sorry, kind of, and they really kind of mean it.

A Facebook spokeswoman said Tuesday that "in hindsight" the company probably should have better explained the email switchover.

This is what Facebook does. They screw with your data, and then they apologize.

It's what you sign up for when you join Facebook.

At what point will people finally understand that Facebook cares about the details of what you do, who you do it with, and where you do it, but they don't actually care about you?

And now, I'm looking forward to the next event where Facebook plays fast and loose with user data, and then apologizes. If history is any indicator, we should have another good screwup and another faux-pology before the end of 2012.

Image Credit: Image found at and reused from Study: Too Many Open Facebook Could Make Sad

Social Media and Cooperative Surveillance

So the Bruins won the Super Bowl. Or something like that.

And in the aftermath, people rioted in Vancouver. And in those riots, pictures and videos were taken.

And some people took it upon themselves to identify the rioters.

Stanley Cup

And after the aftermath - with nearly 170 people treated in hospitals, volunteers cleaning up the city, people began to ask questions about surveillance and the role of social media.

In the comments of her post linked above, Alexandra Samuel extends her original thoughts to include the "slippery slope" argument:

I don't see how we can claim to be uncomfortable with mass surveillance -- to fear Big Brother -- but then make exceptions when it's convenient, or feels important. This is a slippery slope and we can't draw too many simple lines -- even a line based on exposing illegal behaviour (as opposed to legal but controversial). Remember that there are places where it's illegal to smoke dope, or criticize the government, or hold hands with someone who is the same gender as you. Do we accept social media surveillance in those contexts?

To start, it's worth pointing out that most slippery slope arguments aren't worth the air required to set them loose. A "slippery slope" argument assumes that we live in a world with moral absolutes, and that making a "wrong" choice plunges us into the abyss of uncertainty and ambiguity.

But with that said, to all those who argue that using social media to identify rioters to the state are engaging in community surveillance/crowdsourcing big brother/engaging in nefarious deeds to further the expansion of the omnipresent nanny state: you are late to the game. That ship has sailed. People are reporting on one another, and have been for years, well before the advent of the social web. Perversely enough, people using Facebook are complicit in building their own Panopticon. And, in using sites like Facebook - where people throw their contact information, their interests, the places they like to go, the people they like and dislike, things they buy, games they play (and how they play them), what they look like, what their friends look like, etc, etc - people leave a broad data trail. Even rough data shows a lot about individuals; more sophisticated datasets allow for more sophisticated predictions.

It would be interesting to look at what could be discerned from a person's datastream on Facebook, combined with the data accessible via the phones and laptops we use, and how close that woud come to supporting the data needed to make the Information Awareness Office a reality.

But to return to the argument of what constitutes an appropriate use for social media, and what level of privacy is reasonable to expect: we need to ground these conversations within the historical reality that people have been disagreeing, behaving badly, attempting to avoid responsibility - and then talking about it - for centuries (as an aside, Augustine would have had an AWESOME twitter feed). Social media just lets us get the word out faster.

And, if you are now concerned about privacy, and the relationship between surveillance, privacy, and the state, there is one thing you can do right now to make it better: stop using Facebook, Foursquare, Twitter, etc, as outreach and communication tools. To use social media is to participate in a continuous act of cooperative surveillance: sometimes we're watching ourselves, sometimes we're watching others, sometimes we're being watched, but the difference between sharing and observing is largely a matter of the side of the window you're on.

For the many self-proclaimed "social media consultants": stop advocating an expanded use of Facebook, Twitter, etc, to the detriment of an organization's primary web site. If you have engaged in such unseemly behavior in the past, it's never too late to admit your mistakes. Just stop repeating them. And if you have been working in social media for more than 15 minutes and are actually surprised by privacy implications, you can always go back to selling cars.

Seriously, though, if you are giving advice to an organization that does social justice work, be very careful of the relationships you encourage them to foster on external social sites. Given Facebook's unclear direction in China, the ease in which apps can access and store user data, the way bugs leak private data, and Facebook's own hamfisted "privacy" efforts (from Beacon to facial recognition and everything in between), encouraging social justice-oriented groups to work on Facebook could be putting people at unnecessary risk.

As we talk about privacy and surveillance, we need to remember that a key difference between a surveillance tool and a tool for individual or collective empowerment is who controls the data, and how that data is used.

Image Credit: "Patrice Bergeron" taken by slidingsideways, published under an Attribution Non-Commercial No Derivatives license.

Bad Execution As A Feature

A great new feature that comes with the Facebook Groups: any friend can add you to any group, without your permission.

And, it's really easy to impersonate someone!

So, I wonder how long it will take for a teacher to get in trouble for belonging to a group they were added to by a "friend."

I don't know how many more times I'll need to say this, but I'll add this additional time to the pile of others: Facebook is a business, and Facebook only cares about your interests up to the point where they can study them and profit from access to them. That is why they allow you to "connect" with things. Any benefit you receive is purely incidental.

100 Million Dollars

So I'm glad that Mark Zuckerberg is giving 100 million dollars to the city of Newark, and that this initial investment is designed to attract an additional 100 million to the city.

Front page of the Star Ledger

It's a lot of money, and he didn't have to do it. It's always good to see people stepping up and getting involved.

But I'm skeptical. If this money is used to dismantle the public school system in Newark, then the 100 million will have been used to do the people of Newark, and New Jersey, a disservice. If the money is used to fund a series of unsustainable changes in the hopes that additional funding streams will materialize over time, then the money will have been wasted.

There are a slew of things for which this money can be used. But, when the dust settles, when the focus of the media leaves Newark, if this turns out to be nothing more than a well-funded publicity gimmick, then the people of Newark will have been misused in the larger national debate about what educational change should look like. And that's a waste of 100 million dollars, and an abuse of people's hopes.

Picture credit: Image retrieved from the Newseum, of the NJ Star Ledger front page for 23 September, 2010

Why Privacy Matters, the Tinfoil Hat Version

Hi. We're your new overlords.

Hi. We're Apple.

We are delighted to inform you that regulations require you to carry a device that:

a. Tells us where you are at all times;

b. Records who you talk with, and for how long;

c. Can be used to record exactly what you say, and the responses of other participants in these conversations;

d. Collects email and text messages sent by you and to you.

You will never be informed when this information is examined by anyone.

Buy a phone. It's cool.

You must tell us everything you do, no matter how trivial. Identify your friends and acquaintances, and how you know them. We expect you to check in with us at least several times a day, every day.

Install apps for Facebook, Twitter, and Foursquare.

Tell us everything you are curious about.

Install apps for Google and/or Bing.

Pay us, because tracking you and sorting through all the information you give us takes time and we need to pay people to do it. Additionally, we need to sell your data to advertisers, marketers, or possibly just hand it over to law enforcement regardless of whether or not they have any legal right to have it, and your data doesn't package itself. Your data is worth money, and you must pay us because we value your data. We value it so much that we will sell it, because that lets us make more money. So pay us. We need to continue watching you.

You will be charged a reasonable monthly fee for these services.

Thank you,

Your new overlords

There Is No Such Thing As A Privacy Setting On Facebook

All of the recent discussion about Facebook's change to its privacy policy obscures one frequently minimized point: privacy doesn't really exist on Facebook. While there is minimal control over what appears onscreen, this should not be confused with real, actual privacy, or the ability to control what is known about you. Facebook has your information, and by virtue of using their site, you have provided them a degree of control over your personal information.

This becomes particularly apparent when looking at Third Party Application developers. These external applications can access data in ways that are not immediately obvious to the end user, and in some cases this seems to work against people's obvious desires. In short: third party applications get the same access as the account that installed them, so if your privacy settings are set to friends only, and a third party app installed by a friend requests your information, it can get it. So, your privacy is as good as your least discrete friend's judgment.

But issues around abusing privacy aren't new for Facebook. They have these types of issues a few times a year, every year. Flash back to the launch of Beacon:

"Facebook still collects your data. Whether or not they show it onscreen or not is only marginally relevant. They have records of how you have used their site, and that information is valuable to people who want to sell you things."

Facebook has a well worn track record of disastrous handling of user data. In the beginning of 2009, Facebook pre-emptively changed their ToS. People were not happy, but people should not be surprised, as this is normal behavior for Facebook.

And Facebook's current "privacy policy" has some gems -- really, there are too many to list, but my favorite is probably from Section 3: Information You Share With Third Parties: "We take steps to ensure that others use information that you share on Facebook in a manner consistent with your privacy settings, but we cannot guarantee that they will follow our rules." Translation: People will get your information through our site, and we don't really have much/any control over what they do with your information.

And, of course, Facebook can change their privacy settings at will, thus eliminating the illusory value of these settings in the first place, as illustrated by this very conversation.

Some other good reads on this:

Why Facebook Blows

Some thoughts after reading this piece in Wired (although this actual blog post could have been written anytime in the last few years).

Let's imagine that the US Government announced that they had started a web site. On this site, you needed to enter your personal information, including an address, and various interests. Once this was done, you could tell the government – via the web site – all about your day to day activities: what you read, where you were going, what movies you like, etc. Then, you could identify your friends, and upload pictures and video of these friends.

This is a small subset of what Facebook users do every day, by choice. Facebook is probably the single largest opt-in surveillance program ever seen. If any government ever tried to build a site like this – even with an ostensibly worthwhile goal, like mapping public services to people based on interest, geographic location, and perceived need – the outcry would be deafening.

Facebook's "services" – and I'm thinking specifically of Facebook Connect – extend that surveillance to what people do on sites outside of Facebook. However, Facebook's internal search – powered by their deal with Microsoft – will provide an enormous amount of raw data about what individual people want. Given that these searches will be conducted by people logged in to Facebook, the search strings used can be mapped to specific individuals. As we have seen before, even a little bit of information about search strings can lead to some awkward revelations.

When people get a glimpse of how much Facebook knows about them, they generally freak out. Yet, the freak outs subside, and people keep plugging away, adding more data into the system.

Okay, time to go. Need to update my status:

Adjusted my tinfoil hat. It had tilted precariously back, exposing most of my frontal lobe.

It Hurts. Please, Make It Stop.

Recently, via a listserv where I participate, I learned about a site called StudyBlue. This site was touted as part of a new set of tools supporting networked learning; my response is reposted below.

My response

Hello, all,

At the risk of being a curmudgeon, we need to look at the terms of use of the services we are using/promoting.

The Terms of Use of StudyBlue, available at http://www.studyblue.com/Terms.htm, contain the following language:

"By posting Member Content to any part of the Web site, you automatically grant, and you represent and warrant that you have the right to grant, to the Company an irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license (with the right to sublicense) to use, copy, perform, display, reformat, translate, excerpt (in whole or in part) and distribute such information and content and to prepare derivative works of, or incorporate into other works, such information and content, and to grant and authorize sublicenses of the foregoing."

However, this site is one of the rare cases that has Terms that are worse than Facebook's (who at least pay lip service to respecting user's privacy decisions).

From the StudyBlue terms of service, from the link above:

"When you upload Member Content as Private the Company will not post the information to any other Member without your permission. However, upon leaving a class or course, any Member Content left uploaded as Private will be made Public for the life of the Web site. You may remove your Private Member Content from the Web site before you leave a class or course. If you choose to remove your Private Member Content before leaving a class or course , the license granted above will automatically expire. If you do not remove your Private Member Content from the Web site before you leave a class or course, the license granted above will not expire and will continue indefinitely."

So, if you create private content in a course/group, it will become public if you leave the course without deleting it. Moreover, on a quick read through, these terms say nothing about what happens if a user wants to delete their account. Under these terms, there seems to be no way for a user to delete their content, which is, according to these terms, licensed in perpetuity to StudyBlue.

Facebook recently enraged a portion of their user base by similar behavior: http://consumerist.com/5150175/facebooks-new-terms-of-service-we-can-do-... or http://is.gd/jDf4

The web opens up an array of options for teaching, learning, and connecting, but we need to remember that learning should be organized around the needs of the student/learner. The cost of joining a website should not be complete loss of control over your content, and as technology advocates we need to become more aware of the ramifications of data control and data portability within networked learning environments. In short, learners deserve better than the terms offered at StudyBlue, Facebook, Ning, etc. Why should a prerequisite of social learning be the loss of control over how your work is used/reused? By promoting sites that are predicated on an intellectual land grab of learner-created content, we perpetuate the lie that this is acceptable behavior.

Hands Off

In an earlier post this year, I held out hope that 2009 would finally be the year where people started taking data ownership and data portability seriously.

As Facebook often does, they help illustrate why this is relevant, and why this is something people should care about.

The fun began a few weeks ago, when Facebook changed their Terms of Service. Last weekend, Consumerist described the specifics of the changes:

Facebook's terms of service (TOS) used to say that when you closed an account on their network, any rights they claimed to the original content you uploaded would expire. Not anymore.

Now, anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later. Want to close your account? Good for you, but Facebook still has the right to do whatever it wants with your old content. They can even sublicense it if they want.

To summarize, the old version of Facebook's Terms of Service used to specify that, when a person deleted their account, their content went with them (and never mind that the process of deleting an account has proven, well, troublesome for some).

Facebook founder Mark Zuckerberg initially defended the change (does this remind anyone else of the response to Beacon?), but 24 hours later Facebook announced that they would revert to the original terms of service.

But really, the hue and cry over Facebook's terms of service misses the larger point: when you put your data into a hosted service, you are allowing it to slide outside of your control. This is true of most hosted services, including Facebook, Ning, MySpace, etc. Facebook's change of the license terms illustrates a larger point: they control your data. More importantly, sites like Facebook and Ning allow people who have no ties to either company to access your data via third party apps. A quick read through the Developers Terms of Service for both Facebook and Ning show that developers of these apps can access user data and content, but this creates an enormous gray area: if someone deletes their account, what happens to any data collected by these third party application developers? I would love to hear of the mechanisms in place that measure how application developers abide by the rules concerning user data.

So, when evaluating a platform for use by you, by your class, or within your school, department, district, or organization, make sure to read the privacy policy, terms of service, and any applicable third party developer terms of service. All of these affect how the work of people within your site will be treated, and potentially used -- which is especially relevant given that most of these sites include terms that allow for indiscriminate resuse and republication of content posted in the site.

At the risk of stating the obvious, none of these are concerns for sites built using open source tools.

And for those curious about where this ends, it looks like Facebook's interest in user data extends beyond the grave.

Getting Social in Vegas -- CASE Conference

I presented earlier today at the Case District VII and VIII conference in Las Vegas. One of the things that struck me as I was getting my notes together for this talk is how using the current/upcoming tools require that organizations staff themselves differently. For example, you can't really write an OpenSocial app without coding skills, and while programmers are easy to hire, writing a good app requires a connection between spotting a need and writing code that addresses it. One of the other differences between where we are now and where we were as recently as a year ago is that people are beginning to understand the value of leveraging their existing community, as opposed to building everything new from scratch. Perhaps online forays, like Kaplan's into MySpace, have been a suitable object lesson in how not to use the social web.


Subscribe to RSS - facebook