Facebook’s privacy changes aren’t a get-out-of-jail-free card
“Recommended” settings still expose too much.
The recent simplification of privacy settings on the social networking site Facebook is too little, too late.
The Facebook founder, Mark Zuckerberg, may have said in 2008 that privacy control is "the vector around which Facebook operates", but he soon showed what he meant by that when he relaxed privacy rules, making more and more members' personal information publicly available on the internet, and with a deliberately opaque and complex system of privacy settings for users to grapple with.
By January this year, Zuckerberg and his firm's approach to members' privacy was becoming clear, as he said in an interview that society had changed, and that Facebook was changing its default privacy settings to reflect that change.
In other words, people no longer wanted privacy.
"We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are," he said, adding that the company needed to "always keep a beginner's mind and what would we do if we were starting the company now, and we decided that these would be the social norms now and we just went for it".
So Facebook changed the default privacy settings for its 350 million-odd members, and was then rather surprised that there was a huge backlash. It seemed it had misread -- or invented -- the new "social norms". Far from Zuckerberg's insistence that people aren't bothered about privacy any more, privacy advocates, the media and, indeed, Facebook's own users disagreed.
Turn on, opt out
The Electronic Privacy Information Centre, in association with eight other groups, filed a complaint with the US Federal Trade Commission in December 2009 urging the regulator to open an investigation into Facebook's new privacy settings.
Facebook's privacy modifications "violate user expectations, diminish user privacy and contradict Facebook's own representations", according to the 29-page complaint, which accused the world's number one internet social networking company of engaging in unfair and deceptive practices.
"More than 100 million people in the United States subscribe to the Facebook service. The company should not be allowed to turn down the privacy dial on so many American consumers," said Marc Rotenberg, executive director of the Electronic Privacy Information Centre, in a statement.
Meanwhile, one group of users set up 31 May as Quit Facebook Day. Almost 23,000 people have signed up to the cause.
Facebook may have announced very recently that it has made it far easier to control the privacy settings for users, but it is unlikely to appease all of the privacy agitators. For one thing, the new "recommended" privacy settings expose data such as status updates to "everyone" and photos and birthdays to "friends of friends".
A poll of 650 Facebook users by the security company Sophos, in the wake of the latest privacy settings changes, found that 93 per cent would prefer it if you had to "opt in" to sharing personal data, compared to just 6.8 per cent who don't mind that it's currently an "opt-out" system.
The Staggers has looked before at the issue of opting in versus opting out in a privacy context, and indeed made the point then that "opt-out" schemes are dodgier than a three-bob note, because users don't always read the small print and might not realise exactly what they are getting into.
Don Smith, vice-president of engineering and technology at the security firm SecureWorks, says it's not just Facebook that is likely to come under increasing scrutiny in this area.
"For some significant time, privacy advocates have been warning of a collision between social networking sites and the consumer," Smith says: "that the penny would finally drop on who actually owns the data on sites such as Facebook and the implications on data visibility.
"Interestingly, Facebook's apparent disregard for the privacy of their end users has usefully brought this debate into the public domain.
"However, there are mounting concerns that others aren't taking privacy issues seriously," he says. "Google, first with Buzz and more recently with the revelations around data collection from their street-view cars, is demonstrating some of the same disregard for privacy which led to today's Facebook announcement."
Meanwhile Graham Cluley, senior technology consultant at Sophos, had this to add: "It's good news that Facebook has responded to user pressure and made it simpler to control what information you share with who -- it was a spaghetti jungle of options before.
"But they have missed an opportunity to address the real issue, and regain the trust of those people who are concerned that Facebook doesn't take privacy and the safety of its users seriously enough."
What all companies need to get into their DNA is the realisation that many users care deeply about privacy, especially when they realise exactly what they are sharing, and with whom. Zuckerberg and his ilk need to understand that a disregard for privacy is most definitely not the new "social norm".
Jason Stamper is NS technology correspondent and editor of Computer Business Review.