Whenever Facebook introduces new services, especially those that expand into other parts of the Web, it doesn’t take long before privacy advocates and users start complaining about the changes. This time, however, Senators Michael Bennet (D-Colo.), Mark Begich (D-Alaska), Al Franken (D-Minn.), and Charles Schumer (D-N.Y.) have joined the fray.
The thing is, Facebook has been relatively responsive to user concerns in the past, and could regain user trust if it would just change some of its behaviors. Here are five things that I think Facebook needs to do out right away.
Opt-out, not opt-in
The four senators were right to criticize Facebook over its opt-out process for the social network’s Instant Personalization feature. The opt-out process is not as clear as it should be. It takes several clicks to find the opt-out check box for Instant Personalization; it’s practically buried within the user’s privacy settings, and Facebook did not provide a clear and unambiguous path to get to the setting when it recently started the program. Not to mention the fact that even if you opt-out for yourself, Instant Personalization sites can still obtain your information through interaction with your Facebook friends.
This is not a Facebook-specific problem, though, as many online services have this preference for opt-out instead of opt-in features. Google, for example, ran into a lot of trouble over Buzz, the search giant’s Gmail-based social tool, because of its opt-out approach.
Be upfront about changes or rewrites
Stop being vague
“Connections. Facebook enables you to connect with virtually anyone or anything you want, from your friends and family to the city you live in to the restaurants you like to visit to the bands and movies you love. Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.”
It takes a close reading of this paragraph, as well as reading parts of Section 2 of the revised policy, to understand that connections means, at a minimum, your friends, likes, and interests. But your connections may also mean current city, hometown, family, relationships, networks, activities, interests, and places. It’s also unclear about how, exactly, your connections are made public and to whom. You have to read several sections later to understand that your connections are made by public to third-parties by default.
Facebook should state specifically what they consider to be your profile connections, and they should also be unambiguous in section 3 about the fact that connections are made public by default.
Let me control information access
Facebook users interacting with a third-party Web site or application need to have more control over what information those third parties can get from their profiles. I’m not convinced, for example, that many sites really need access to things I’ve publicly posted to my Wall or even my friends list. I can understand wanting to know my name and gender for demographic purposes, but it would be better if I could decide on a case-by-case basis, which parts of my public profile the site would get to see.
Facebook has made it very clear that the decision to allow third-party Web sites and applications to store Facebook user data indefinitely does not alter a user’s privacy rights. Third parties you interact with are still forbidden to sell your Facebook data or do much more than use it in relation to Facebook. But it does make it easier, at least in theory, for a rogue site or application to start building a user database based on Facebook profile information.
Facebook should make just a few tweaks to how it does business to regain user trust. Because if they don’t act now, it’s possible that Congress will.