Thursday, May 6, 2010

FaceBook: It's not just about privacy, it's the principle.

Lots of people are annoyed at FaceBook with its deployment of Instant Personalization and what it has done for privacy, and I'm one of them.

So, first, what exactly has FaceBook done? Basically Instant Personalization means that when you visit any of their partner sites they will share information about you in order to "personalize" your visit. Currently its just three partner sites, but that number is sure to grow (as is what they are going to share I'm sure). And unfortunately not only is the Instant Personalization something you are automatically enrolled in, you have to opt out of each partner. So every time they add a new partner, you have to go opt-out from that new partner.

That's two sins in my book: making a privacy-eroding feature opt-out instead of opt-in, and making the opt-out unnecessarily complicated.

It's become clear to me that FaceBook has prioritized their business over their user's privacy and they have a long history of doing so.

A lot of the complaints that I've seen on the Internet go along the lines of: "FaceBook is eroding privacy" with then get countered by "you are a fool to expect privacy on the Internet."

I have no problem with sites that don't give you privacy - I use Twitter without problem, the difference is Twitter makes no promises of privacy. Anything I put on Twitter I know will go out for the world to see. I have no expectations of privacy and that's fine,.

I think Adrian Perez put it well:
"I joined Facebook under certain conceptions that it was a somewhat private place. It used to have a clean interface, especially compared to MySpace. And now it seems that there is something every month where they have started to sell or give more of my stuff to some company without my knowledge."
FaceBook has sucked us all in and now has pulled the old bait'n'switch. That's what annoys me. It's not that I've ever posted anything on FaceBook I'd be concerned about going public, but I'm sure finding myself thinking harder to make sure that's the case.

The main thing is that I have friends and family who are more sensitive to privacy on FaceBook than I, and several years ago when I was asked I would say "It's fine. Just make sure you have the right configuration and you'll have privacy." Well, now there is no way I can say that any more. Even I, as an experienced cybersecurity professional who has written policies in the most complicated policy languages you can imagine, have a hard time understanding FaceBook's privacy controls. Plus, it's a treadmill with new settings to constantly tweak.

FaceBook had made me regret ever endorsing them. To anyone I've ever suggested it was a good thing, I apologize.

Where does that leave me?

I really do still get a lot of value out of FaceBook - interactions with friends and family. Their large number of users gives them a network effect which in turn gives them the equivalent of vendor lock in. I'd love to pick up all my friends and family and move them, but that's really hard to coordinate. Plus I'm not even sure if any good alternatives exist.

What I've decided is that I'm not going to delete my FaceBook account. I'm going to keep my account, but cleanse it of all photos and basically any other information on my profile. I'll keep using it to keep up with my friends and family, but I'm not going to post any new content there myself. My Twitter updates and blog posts will appear there (i.e. stuff that is public already), but I'm giving FaceBook nothing about myself to use in any way.