Facebook Privacy Failure: Latest in Long Line of Blunders
By John P. Mello Jr.
Facebook’s latest privacy blunder is just the latest in a long line of SNAFUs for the world’s largest social network. Here are some of the social network’s greatest privacy faux pas.
In the latest episode of the gang that couldn’t get privacy straight, it was revealed by the Wall Street Journal that many of Facebook’s popular applications were unintentionally transmitting the names of the social network’s members and, in some cases, their friends’ names to dozens of advertising and Internet tracking companies.
While acknowledging concern over the issue, Facebook maintained that the significance of the problem is being exaggerated by the press. “Knowledge of a UID [User ID] does not enable anyone to access private user information without explicit user consent,” Facebook platform engineering lead Mike Vernal wrote in a blog.
Nevertheless, Facebook was concerned enough about the issue to block last week the playing of games made by LOLApps on the social network. After Facebook discovered the the information leak was browser-related and not intentional by the game maker, LOL’s Facebook privileges were restored.
The app leak comes on the heels of criticism of the network’s revamped group feature rolled out earlier this month. It allows members to create groups and invite friends to join the group. From a privacy point of view, however, the feature leaves much to be desired. While members can control who they invite to the group, they can’t control who their friends invite to join the group. That means there’s no way to really keep the group private. It also makes a group vulnerable to spammers. In fact, one blogger called Facebook Groups “the worst spam loophole in the world.”
Another Facebook feature, Places, set privacy advocates buzzing as soon as it was announced in August. Once again, integration with third-party websites was cited as a flaw. “Your friends’ apps may be able to access information about your most recent check-in by default as soon as you start using Places,” the American Civil Liberties Union warned Facebook members. “Even if you’ve already gone through your settings to limit the info that apps can access, you should do it again–you may find that you’ve been defaulted into sharing your location info with apps.”
Instant Personalization Flap
In April, Facebook was rapped for its new “Instant Personalization” feature. It allowed websites who partnered with the socnet to peek at members’ personal information when they arrive at a site. Using that info, the site could then display a personalized page for the member. So if you stumbled across a restaurant site that cut a deal with Facebook, for example, eateries recommended by your friends could be splashed on the web page you landed on. “While going to a brand-new website that instantly knows who you are might ultimately be useful, the first time it happens you’re going to freak out,” observed Liz Gannes at GigaOm.
Other changes introduced in April, led to a complaint being filed with the Federal Trade Commission in May. At that time, the Electronic Privacy Information Center maintained that the changes revealed more information to third parties about Facebook members that it did before the changes were made. The Center asserted: “These changes violate user expectations, diminish user privacy, and contradict Facebook’s own representations. These business practices are Unfair and Deceptive Trade Practices.”
We Own Your World
Even the simplest changes at the social networking site can spur mountains of privacy protests, as it found out in February when it tinkered with language in its terms of usage agreement. It removed a clause in the pact that barred Facebook from using a member’s information if the member removed it from the service. Under the rescinded change, members complained that Facebook would have control over their information forever.
Lowering Privacy Controls Mess
At the end of last year, Facebook, in an attempt to stimulate sharing, lowered the default controls on its members’ accounts allowing more personal information to be displayed on their home pages. What the network stimulated was howls of protest. “Things get downright ugly when it comes to controlling who gets to see personal information such as your list of friends,” groused an attorney for the Electronic Frontier Foundation. “Under the new regime, Facebook treats that information along with your name, profile picture, current city, gender, networks and the pages that you are a ‘fan’ of–as ‘publicly available information’ or ‘PAI.’ Before, users were allowed to restrict access to much of that information.”