Facebook has come under withering fire recently for its recent string of privacy-unfriendly practices, from its 鈥減rivacy transition鈥 that to 鈥渋nstant personalization鈥 that with third party pages without the user's consent.
These failings led over 80,000 people to sign 老澳门开奖结果 petitions demanding that Facebook give users control over all of the information they share via Facebook and ensure that user information is not shared with any third party without our own opt-in consent. Oddly, that sounds a lot like two of the principles that : 鈥淵ou have control over how your information is shared鈥 and 鈥淲e do not share your personal information with people or services you don't want.鈥
Too often, however, these principles have been left by the wayside, as Facebook's 鈥溾 demonstrates. That's why (and we were about Mr. Zuckerberg's promises to listen and 鈥渄o better.鈥
But Facebook deserves a lot of credit for its latest changes. Facebook moved very quickly this time around, going from a reported on May 13th to the release of new privacy tools a scant two weeks later. And these changes address several of the most serious privacy problems with their service. Although there are further changes users want and need, today鈥檚 changes are a significant and promising step in the right direction.
Following is an overview of Facebook鈥檚 most serious privacy problems and what Facebook has done (and in some cases, not done) to address them today:
Problem #1: Giving Users Control Over All Information They Share Via Facebook
Users share a wide range of information via Facebook: friends lists, photos, education and work history, religious and political leanings, relationship status鈥攖he whos, whats, whens, hows, and whys of their lives. For much of Facebook's history, this information was entirely under the control of the user, and others could only view the information if the user permitted it.
However, that has gradually changed. Last December, Facebook introduced the concept of 鈥,鈥 information that users must make public if they share it at all. More recently, the company expanded this definition to include 鈥,鈥 which includes users' interests, work and educational background, and more. In doing so, Facebook decreased the amount of control that users actually had over the information they shared via Facebook.
What Changed Today:
The most visible change to Facebook's privacy controls is the addition of . For profile information, you can now use a single click to change all of their settings to 鈥淓veryone,鈥 鈥淔riends of Friends,鈥 鈥淔riends Only,鈥 or Facebook's 鈥淩ecommended鈥 settings. You can also still fine-tune your own settings. In addition, the 鈥渟implified鈥 settings will affect both past and future sharing, resetting the privacy level of past content and carrying over to any new services that Facebook releases (though this will not necessarily happen if you customize your settings). Having controls that are actually easy to use鈥攅ven for unsophisticated users鈥攊s a significant improvement.
Even more significant is the addition of several . These settings allow users to control the privacy of Facebook's new 鈥淐onnections:鈥 their education and work history, current city and hometown, and interests and fan pages鈥攊ncluding preventing any Facebook visitor from discovering the connection from either end of the connection. (These are not brand new controls鈥攑rior to the launch of Connections, users had privacy controls for this information鈥攂ut are still a marked change from yesterday.)
Evaluation:
The addition of simplified options (combined with the continued ability to fine-tune your settings if you wish) and user control over Facebook鈥檚 鈥渃onnections鈥 are significant improvements to Facebook鈥檚 privacy. There are still some basic fields that users cannot prevent others from viewing on their profile鈥攏ame, gender, and profile photo鈥攂ut removing connections from that list is an enormous improvement. Unfortunately this content, while no longer public by Facebook fiat, is still public by default, whereas it was largely private by default a year ago.
Going forward, Facebook should restore the previous default settings for 鈥淏asic Directory Information,鈥 most of which were not 鈥渟hare with everyone,鈥 and include even the most basic fields like profile picture and gender in these settings It should also try to make these settings more prominent and include them in the 鈥渟implified鈥 privacy options, making these controls even more useful. But these are fairly minor steps鈥擣acebook has already done much of the heavy lifting today.
Problem #2: Sharing Information With Third Parties Without Users鈥 Opt-In Consent
Third party applications and websites have (something we highlighted in our very own ), including information about people who never even use apps. , Facebook has increased the amount of information these apps and pages can access and taken away some of the few controls users had to prevent this access. And Facebook recently took this one step further with allowing some websites to access Facebook user information without giving notice to the user first鈥攁nd made the process of opting out of this 鈥渇eature鈥 .
The result of this has been that, while users can choose which other users to friend and share their information with, they cannot make the same choices about applications. Facebook in effect has treated third-party applications and web sites as friends, giving the user limited power to control what these apps could see. (In fact, applications could access some information, such as friend lists, that were hidden from friends!)
What Changed Today:
Facebook addressed third party sharing in two ways. First, it made it easier for users to opt out of 鈥渋nstant personalization鈥 entirely by providing a single privacy control to disable instant personalization via friends as well as directly. Second, Facebook has restored the option to opt out of third party sharing entirely.
Evaluation:
Allowing users to opt out of instant personalization and third-party app sharing is a significant advance for privacy and Facebook deserves praise for taking these steps.
Unfortunately, the privacy control that Facebook has given to users over the sharing of information with general Platform apps and pages is extremely crude: users are only given the choice between having much of their information visible to any application or site they or their friends use or not allowing the sharing of any information with any application or site at all. That means that users who want to use even a single handy app will have to choose between not using that app or opening up all their information to any third-party app used by themselves OR their friends. A better approach would be to allow users to disable sharing information with their 蹿谤颈别苍诲蝉鈥 apps, which would still allow users to interact with (and interact with friends via) any application they specifically chose.
Similarly, making it easier to opt out of 鈥渋nstant personalization鈥 is nice, but it still requires users, even users who never visit the sites, to opt out. Facebook should rethink the whole idea of instant personalization as a default, and at minimum require users who want the 鈥渇eature鈥 to actually opt in before their experience on partner sites is affected.
Overall, Facebook needs to recognize that users should be allowed to fully control third party sharing. Just as each user can determine whether any other user can see her information, she should be able to choose whether any third party can access that information鈥攚ithout being forced to make a blanket 鈥測es or no鈥 choice that applies to every single application. And these controls should be as easy to use as possible.
Summary
Today鈥檚 changes are a major step forward for privacy on Facebook: users simply have more and better controls today than they had yesterday. There are still substantial issues that Facebook needs to address, but they deserve credit for today鈥檚 release.
But much of the credit also belongs to you. Today鈥檚 improvements are a direct result of users and others who have and pushed for control over their own information.
So keep up the good work! Please take this opportunity to sign our new petition and demand that Facebook continue working to live up to its principles by giving you real control of your personal information. It's up to us to tell Facebook that, even when it comes to sharing, it needs to be our choice, not theirs, to do so. Please help us push Facebook and other companies to build on today鈥檚 events!
(Cross-posted to and .)