How did you spend Christmas? Hitwise says it knows: the Internet traffic tracker says you spent at least part of the holiday visiting Facebook, making the social network the most popular U.S. site on the Web.
That's the first time Mark Zuckerberg and company have earned that designation--at the expense of Google--but it is in no way surprising. Facebook saw traffic spike last Christmas, too, and that's when it had a mere 140 million users. The user count is now up to 350 million.
So even if tens of millions of them leave the site in a huff over Facebook's privacy changes (and there's no evidence that's happening), it's going to be blowing by traffic records on a regular basis.
Really safe bet: you're going to see a similar story after New Year's.
(Via ReadWriteWeb)
Story Copyright (c) 2009 AllThingsD. All rights reserved.
Additional stories from AllThingsD
This is definitely a question reeking of our delightful modernity: if you were an escaped convict, would you regularly update your Facebook status?
This question is significant because Craig "Lazie" Lynch has, according to CBSNews.com, been on the run from a British prison since September. However, his Facebook page, updated with a plethora of bons mots Sunday, has stirred so many who admire freedom and, um, crime.
Lynch's musings are enjoying the attention of more than 3,000, um, friends. They have been regaled with Lynch's dilemmas, thoughts and wishes. This, for example, from Sunday: "Trying to figure out my plans for New Years. I know what I want to do but its not that easy."
Who can but sympathize with his plight? It's tough to get a reservation for dinner at a Gordon Ramsay establishment at such late notice. And if he wanted to take a lover for, say, a night at the Ritz, well, there might be problem with the credit card confirmation.
Lynch was serving a 7-year sentence for aggravated burglary before he slipped out of Hollesey Bay Prison, which is in the rather sleepy and flat part of England to the north-east of London.
An aerial view of the prison and its surroundings. Plenty of fields to hide in, no?
(Credit: CC Babylon Angel/Flickr)The police are, naturally, not well-disposed toward Lynch's updates.
"We have spoken to Facebook and we are trying to trace him from the information we have, but it's one of those things that we're also asking for help from members of the public," police spokesperson Anne-Marie Breach told CNN.
It seems, though, that late Sunday, Lynch began experiencing a little emotional pain. In what must have been an almost teary update, he posted: "right i'm coming off this page as i have better things to do."
Who might have imagined that, in his mysterious hideaway, Lynch had something better to do than continue his run as a Facebook attraction?
Still, he continued: "In fact due to the nature of some of these comments and the racist remarks that keep frequently poppin up have a dig at me by all means but why be abusive to others due to their colour or race it is petty minded fools who have ruined this site."
Petty-minded, indeed. Some of the world's great artists have suffered when their works have been ruined by unscrupulous, jealous critics, so Lynch's pain is entirely understandable.
However, he wants his supporters to know that he is grateful. For he posted: "Thank you to...all of you serious supporters out there and to my admin staff. To all you haters and hitlers out there i hope you slowly choke in your sleep."
By the way, if you ever wondered about the definition of aggravated burglary it is this: at the time of the burglary, the criminal: "has with him a firearm, imitation firearm, weapon of offense, or any explosive."
You might imagine, therefore, that Lynch is someone who might not always turn the other cheek. This might affect the level of sympathy you have for his Facebook critics.
How do you react, for example, to this update from he Saturday evening?: "Its freezing outside. Another lonely night. So far away from my family and friend. Yet I have so many supporters and haters on here. Thx for your support everyone cause this is a FAN PAGE."
One might conceive that, with the help of the large brains at Facebook, Lynch's Facebook fame might shortly come to an abrupt logout.
But here's the thing that seems a little peculiar. Lynch, according to the BBC, was serving time near the end of his sentence and escaped while he was on day release.
For some, the lure of Facebook fame is clearly uncontrollable.
Facebook isn't just for kids anymore, but it looks like Disney's still an admirer: The entertainment conglomerate has nominated Sheryl Sandberg, chief operating officer of the massive social network, to its board of directors.
In a release Wednesday, Disney made the announcement and stated that shareholders will vote on Sandberg's nomination (along with the re-election of its 12 current directors) at the company's annual meeting on March 12 in San Antonio, Texas.
Facebook COO Sheryl Sandberg
(Credit: Corinne Schulze/CNET)"Sheryl has been at the forefront of a technological revolution that's opened up a world of new possibilities for consumers and which has greatly affected the way we do business," Disney CEO and president Robert Iger said in the release. "Her unique insight, born of great practical experience, will be of considerable value to Disney's shareholders."
Sandberg was named to the COO position at Facebook last March, following the departure of executive Owen Van Natta, who is now CEO of the News Corp.-owned MySpace. Sandberg has since become one of Facebook's chief liaisons with the media and advertising industries, speaking at numerous conferences to pitch the social network's ad and marketing products.
Prior to her hire at Facebook, Sandberg was a sales executive at Google and chief of staff for the U.S. Treasury Department.
So where does Disney stand in the Web 2.0 world? It owns kiddie virtual world Club Penguin, which it acquired for $350 million well before the real hype began over social games and virtual goods. It's also reportedly in talks with Apple to become part of the tech giant's potential subscription TV service, and this spring became a partner in joint video venture Hulu alongside original partners NBC and News Corp.
You and just about everyone else, it seems, are spending more and more time on Facebook and Twitter, updating statuses and checking friends' tweets. That's all well and good, of course, but the amount of personal information that all of you share in real time, and the level of trust implicit with the social networking sites, do pose particular security and privacy problems.
A recent study from Sophos found that Facebook users reveal a lot of personal information to new friends, including ones they really don't even know or have never met. Using fake profiles, Sophos sent out friend requests to 100 random Facebook users, and more than 40 percent blindly accepted, giving the company access to birth dates, e-mail addresses, phone number and addresses--private information strangers shouldn't have.
The openness of Twitter--anyone can follow anyone else, and posts are indexed in search engines--makes it a nirvana for spammers. Kaspersky says there are nearly 500,000 new unique URLs that appear in Twitter posts daily, and of those, anywhere between 100 and 1,000 are malware attacks.
Here's a look at some of the specific threats users of the sites face and what they can do about it.
A rogue app that appeared early in the year sent notifications to Facebook users reporting they were violating terms of service and offering a link that lead to an application called "facebook -- closing down!" which then spammed all the friends of affected users.
(Credit: Trend Micro)Problems: Malware, account hijacking, phishing, and social engineering
The biggest malware risk is Koobface, (an anagram of Facebook), which is a worm that targets social networking sites and affects Windows-based computers. Once a computer is infected, it hijacks the Facebook account and sends messages to other friends of the victim, enticing them to click on a link. The link redirects to a Web site where they are prompted to download software ostensibly to watch a video. However, there is no video; only malware that infects the system, blocks access to security sites, and can be used to steal sensitive information from the computer, such as credit card numbers. Infected machines can then be used to spread the worm to others on Facebook, send spam and distribute fake antivirus alerts, said Rik Ferguson, a security researcher at Trend Micro. Koobface now can automatically create new profiles using infected machines, he said.
Facebook accounts can be hijacked in several ways. A brute-force attack can be used to guess passwords. Users can fall for phishing attacks by clicking on links in messages or e-mails purportedly coming from friends that redirect to a fake Facebook log-in page. Or malware such as Koobface can steal passwords.
Social engineering is a huge problem for social networks because the trust that users have for messages and posts from friends can be easily exploited by scammers. Hijacked accounts are used to send everything from spam touting weight loss plans to links that install malware and steal passwords to fake emergency messages saying a friend is stranded in another country and needs someone to send money. Scammers are also sending e-mails that look like they come from Facebook and include an attachment that contains a Trojan.
Solutions: Use antivirus and anti-malware software and keep it up-to-date. Install security updates for operating system and other software. Use software like AVG Linkscanner or McAfee Site Adviser to protect against phishing and malware attacks. Become a fan of the Facebook Security page, which has posts related to all sorts of security issues, tips, resources and other information. If you think you've been infected with Koobface or other malware you should reset your password and notify friends who may have been affected.
Use an up-to-date browser that features an antiphishing black list, such as Firefox 3.0.10 or Internet Explorer 8. Be aware of where you enter your password. Check to see that you are logging in from a legitimate Facebook page with the Facebook.com domain. Be wary of unusual stories or offers that are too good to be true. Verify information with sources directly. Be cautious of any message, post or link that looks suspicious, requires an additional log-in or asks you to download or upgrade software. If a link seems odd or lacks context, don't click on it. Don't click on links or open attachments in suspicious e-mails. You can add a security question from the "Account Settings" page if you would like an additional layer of protection.
Problem: Rogue applications
Facebook doesn't vet every app that appears on the site, which means there is a risk that some apps will have bugs in them or will violate Facebook's privacy policies. Facebook has proven diligent in removing rogue and problem apps quickly when it is notified, but unlike iPhone apps, pretty much anyone can write a Facebook app. "Because the code is not always of professional standard or hosted or audited by Facebook, we've seen innocent apps compromised externally and used to deliver malware, such as fake antivirus," Ferguson said. One rogue app that appeared early in the year sent notifications to Facebook users reporting them in violation of terms of service and offering a link that lead to an application called "facebook -- closing down!" which then spammed all the friends of affected users, according to Trend Micro.
Solution: See solutions above, and be cautious about adding applications. Research the developers and perform Web searches to see if anyone has complained about the app. And ask yourself, what value does the app provide? Do I really need to play zombie?
Problem: Privacy leaks due to user error
Because people control who they are friends with on Facebook it is easy for users to have a false sense of security about the privacy of their data and activities on the site. Social engineering attacks, lax security practices by users like using weak passwords and design or implementation problems with the site itself can undermine the privacy protections users rely on. Users who fall for phishing scams and get their accounts hijacked have everything in their account exposed to strangers who can then use the different types of data for identity fraud or to target the victim's friends with social engineering attacks.
Solution: See solutions above. Also, use unique logins and passwords for each Web site you access. Use strong passwords, change them often and don't share them with anyone.
These instructions explain how to keep most people from viewing your friends list on Facebook.
(Credit: CNET)Problem: Privacy leaks due to design or implementation issues
Privacy advocates contend that Facebook's lenient apps approval process, privacy policies and confusing privacy settings put users at risk. Two weeks ago, Facebook asked users to configure their privacy settings. The options were confusing and many people were inclined to just keep the default settings, which are set to make the data visible to the Web rather than opting to use the old settings established by the user. Screenshots and descriptions are detailed on this photo gallery.
Many people have complained that it is difficult to figure out how to change the privacy settings, that they are not intuitive and that there doesn't seem to be one central place for that. And using Facebook Connect with outside apps, like the iPhone app Foursquare, can expose more information than a user expects to share. The new privacy changes at Facebook have prompted the Electronic Privacy Information Center to ask the Federal Trade Commission to investigate.
Facebook encourages people to share their full names, date of birth, home town and other information, all pieces of information that are commonly used in identity fraud. Scammers on underground sites even refer to Facebook as a "free date-of-birth look up service," according to Ferguson. People don't realize that their profile information can be accessed by total strangers who happen to be in the same groups or networks unless they specifically change the settings. People who don't trust random apps--which in general have access to profile information even if it isn't necessary to the function of the app--don't realize that the apps their friends are using also have access to their data. "Friends apps can access most of your profile, interests and groups. There is no way to prevent them from accessing your name, profile, photo, town and gender," said Joseph Bonneau, a PhD candidate in security at the University of Cambridge. In response to user feedback, Facebook made a change that allows users to hide their friend lists from everyone but their friends, a Facebook spokesman said.
Solution: CNET has a tutorial on how to hide your Facebook friends list by clicking on the pencil in the friends box on your profile. Detailed instructions and tips on dealing with Facebook privacy settings are available on the DotRights.org site and on the All Facebook blog. Facebook also has a blog post about the privacy changes.
Problem: Privacy leaks related to marketing
The relationship between the apps and advertisers can also cause problems. Adding an app allows the app to show ads inside the Facebook domain, and that can leak a user's profile information to the advertiser, said Peter Eckersley, a staff technologist at the Electronic Frontier Foundation. Meanwhile, cookies and other browsing tracking technology combined with data from social networks can be used by marketers to identify users for targeted advertising and other purposes, Eckersley said, providing details in a blog post on different ways data can be leaked from social networks to third-party tracking firms. Once marketers know a specific person's user name, they can use that identifier in the URL to get to a user's public profile page, according to Eckersley. "They can create a social graph of your date of birth, city, employment, relationship status, all uniquely codified in a way that can be automatically sucked into a database," he said.
Solution: Pick a good cookie policy for the browser, such as manually approving all cookies or only keeping cookies until the browser is closed. Disable Flash cookies. Use Firefox extensions such as RequestPolicy and NoScript to control when third-party sites can include content or run code in the browser page. Use the Targeted Advertising Cookie Opt-Out plugin or AdBlock Plus to block ads. To hide your IP address and other browser characteristics, use Tor via Torbutton.
Problem: Information used to suppress dissent and target political activists
As with e-mail, blog postings and other public expressions of dissent, Facebook and Twitter have been used by governments to target protesters. The Wall Street Journal reported earlier this month that family members of Iranian Americans had been arrested or questioned because of anti-Iranian government posts on Facebook by members outside the country. In other instances, Iranians living abroad were forced to log into their Facebook accounts or reveal passwords to government officials as they arrived at the Tehran airport and some even had their passports confiscated because of their political posts. In the U.S., the EFF says, officials have taken actions against U.S. citizens based on information discovered on their social networks; the group has sued the CIA and other agencies for allegedly refusing to release information about how they are using such sites in surveillance and investigations.
"Basically, every time you post something to Facebook you should assume that the whole world will know what you've posted, your family, employer, the government, people you don't trust," Eckersley said.
Solution: Think carefully about what information you want to share about yourself and consider only posting information you would want to let the general public see.
Twitter has many of the same malware, phishing, hijacking and social engineering issues that Facebook has, and the solutions for those problems would be the same. Because users don't provide much personal information to Twitter, and can even create accounts using all fake information, and because anyone can follow anyone else, there aren't the same issues with privacy, either. But that makes life easy for spammers.
Security does seem to be a worrisome thing with Twitter. The site has had several serious problems from employee accounts getting compromised. In January, someone hacked into the Twitter internal network -- possibly by guessing the password -- and gained access to the Twitter accounts of President Obama, CNN anchor Rick Sanchez, and 31 other high-profile Twitterers. In May, someone broke into Twitter's network and gained access to 10 accounts, which appeared to include Britney Spears and Ashton Kutcher. In that breach, a hacker was able to gain access to a Twitter employee's Yahoo account through the password recovery system and from there get information from other sites, including access to the employee's Twitter account. And last week, the legitimate account of a Twitter employee was used to hijack the site and redirect visitors to an external page displaying a banner for the "Iranian Cyber Army."
Meanwhile, Twitter was crippled (and Facebook and other sites also affected) by a rare politically motivated denial-of-service attack targeting one user in August. However, that incident reflects more on Twitter's ability to keep the site up in the face of an attack and accessibility than it does about security risks to users.
Twitter users are susceptible to getting their accounts hijacked, and the site has been targeted by clickjacking pranks. In these social engineering attacks, users were encouraged to click on links that distributed the original tweet to all of the Twitter user's followers.
Users with large numbers of followers have an added responsibility to be careful, particularly when setting accounts to automatically post items from news feeds. A malicious post on an unmoderated news feed that venture capitalist Guy Kawasaki was re-tweeting distributed a Trojan to more than 139,000 followers in June.
Kaspersky offers a Krab Krawler tool that analyzes tweets as they get posted on Twitter and blocks any malware associated with them. Trend Micro has technology that monitors Twitter posts for malicious URLs, as well as looks for attack patterns in the posts, such as use of popular terms to indirectly lead people to malicious links. And Finjan offers a free browser plug-in dubbed SecureTweets that warns users when they encounter a malicious URL in Twitter, as well as Blogger, Gmail, Google and a host of other popular sites. To keep up with security issues on Twitter follow Twitter's Spam Watch account.
Social networks are also susceptible to other serious security problems that can hit any type of Web site. For instance, last week passwords of 32 million stored in plain text on the RockYou site were exposed by a SQL injection attack, according to security firm Imperva. Because the passwords are used on other affiliate sites to the social networking application maker, the breach jeopardized other accounts, like Gmail, Hotmail, and Yahoo.
I have often wondered if being a divorce lawyer makes you feel better about humanity or worse. Perhaps it merely keeps you in intimate contact with all the pitfalls of relationships on a daily, even hourly, basis.
Still, whose heart could possibly lose so much as a throb on hearing that almost one in five divorces in the UK are fueled by Facebook?
No, it's not that Facebook's employees are so irresistible that anyone who comes into contact with them, even in the UK, immediately leaves their spouse. Rather, it seems that the constant lack of trust in marriages causes much trawling around spouses' Facebook pages until one party decides the party's over.
It has already been established by one study that Facebook turns lovers a painful shade of green. However, the Telegraph quotes a law firm declaring that almost one in five divorce petitions make Facebook the scene of the crime.
The managing director of Divorce-Online told the Telegraph: "I had heard from my staff that there were a lot of people saying they had found out things about their partners on Facebook and I decided to see how prevalent it was. I was really surprised to see 20 percent of all the petitions containing references to Facebook."
Some of the biggest culprits, according to the Telegraph, are flirty e-mails and messages found on Facebook, which are "increasingly being cited as evidence of unreasonable behavior."
And it was only in February that Emma Brady discovered her husband was divorcing her when he updated his Facebook status to: "Neil Brady has ended his marriage to Emma Brady."
Are people who leave themselves so exposed on Facebook merely careless? Or does the liberating new medium of social networking allow them to deliberately tell their spouses that they have had enough without having the courage to look them in the eyes?
Perhaps, though, Facebook might use this phenomenon to advertise its own power. The site should create a special group: the Facebook Disconnects group. It would bring together all those whose marriages that ended because of wall posts and the like, thereby showing how Facebook relationships are more powerful than any out there in the dumb ole' analog, touchy-feely world.
That way, advertisers might finally realize that it's better to put all of their money into digital relationships on Facebook rather than into those quaintly ancient TV spots.
It's an odd tradition. Well, it is Britain, where they have a talent for clutching traditions like Posh Spice clutches many things with a D&G logo.
The particular tradition that fascinates at this time of year consists of really caring about which song is the best seller at Christmas.
Once upon a time, some of the greatest music ever composed was Britain's Christmas No. 1. Yes, Slade's "Merry Christmas Everybody," Mud's "Lonely This Christmas," and the slightly less melodic "Another Brick In The Wall (Part 2)" by Pink Floyd.
In recent times, Simon Cowell, a man with more tentacles than T-shirts, has timed one of his reality talent shows to coincide with the Christmas period.
No sooner is the winner announced than he or she has a song that is then downloaded beyond distraction straight to the top of something that is still quaintly called the Singles Chart. (Recent examples include the stunning Leon Jackson and Alexandra Burke.)
This year, Londoners Jon and Tracy Morter decided that something must be done. So they created a Facebook group, Rage Against the Machine for Christmas No. 1.
Sentiment in the snowy English shires was clearly strong. Because around 1 million people declared their belief in the cause. And Sunday it was announced to huge acclaim that the Facebookers had got their way. The Rage Against the Machine song, so CNN tells us, "Killing in the Name," is the No. 1 Christmas single.
It is not easy to defeat the intentions of Cowell. He is the man who dominates "American Idol" rather beautifully and the man who brought Susan Boyle to the world's attention through yet another pulsating show called "Britain's Got Talent." He is also the man who created "The X-Factor," another talent show designed to create instant fodder for Christmas. (Oh, of course it's coming to the U.S., did you have to ask?)
The Morters claimed on the Facebook group's page that the campaign was not remotely personal. Some might think this not entirely true, as the Guardian tells us that when they launched the group they said: "Fed up of Simon Cowell's latest karaoke act being Christmas No. 1? Me too."
Cowell, for his part, told a press conference that the Facebook campaign was "stupid" and "cynical."
You might be wondering why the Morters chose Rage Against the Machine. Well, Jon Morter told NME.com: "It's been taken on by thousands in the group as a defiance to Simon Cowell's 'music machine'. Some certainly do see it as a direct response to him personally."
So one machine has defeated another in the place where they always tell us the Industrial Revolution began. It's a touching Christmas story, isn't it?
Facebook has released a demographic study of its 350 million users. The upshot: Facebook isn't just for white and Asian people anymore.
In fact, Facebook's demographics resemble the base of Internet users. That finding makes a lot of sense because Facebook, like AOL way back when and Google today, represents a proxy for the Internet and population overall. If you're on the Internet you've probably stumbled on Facebook. In the early days of Facebook, the site was dominated by white and Asian folks.
In a note, Facebook walks through its analysis and how it compared surnames of users with U.S. Census Bureau. By analyzing surnames, Facebook cooks up a racial breakdown over the history of the site.
Read more of "Facebook's audience is diverse (and ready to be carved up for advertisers)" at ZDNet's Between the Lines.
Facebook last Wednesday announced new privacy settings that give users some additional control over what information they share, while taking away the ability to hide a few pieces of information from the general public.
One particular piece of publicly available information--users' friends lists--caused a bit of an uproar from a number of sectors, including business people who don't necessarily want to expose their professional networks to the public and their competitors. It is also a concern to some parents who might not want their kids--or a list of their kids' friends--to be widely available.
Facebook quickly backtracked. A day later, the company announced on its blog that users can now uncheck the "Show my friends on my profile" option in the Friends box on their profile so that your friend list won't appear on your publicly viewable profile.
Unfortunately, they weren't very clear on exactly how you make the change. ... Read more
Editors' note: This is a guest column. See Larry Downes' bio below.
It's been a bad week for those, like me, who feel the debate over data privacy too often casts information businesses as evil Halloween monsters, determined to terrorize and humiliate their customers just for the fun of it.
On Monday, the Federal Trade Commission held the first of three conferences on privacy and technology, at which a parade of consumer advocates and legal scholars warned of an imminent data apocalypse.
Recent events seemed, alas, to support that view. Sprint, for example, reported that over the last 13 months, it has received more than 8 million requests for GPS data about customer location and movement from law enforcement agencies. (Sprint is now determining the number customers affected, estimated to be in the thousands.)
Verizon and Yahoo filed objections to a Freedom of Information Act request that asked how much the companies charge to comply with government surveillance orders, claiming that release of the information would "shock" and "confuse" customers.
Then, Google's notoriously private CEO, Eric Schmidt, brushed aside a CNBC's reporter's question about concerns that users are putting too much trust in his company, saying, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."
Most disturbing at all is what happened over at Facebook, the social-networking behemoth that now hosts more than 350,000,000 members. Based in part on complaints by government agencies in Canada and Europe, the company announced in July that it had begun testing a more comprehensive and simplified set of privacy settings, promising to give users "even greater control over the information they share and the audiences with whom they share it."
After months of what looked like careful planning, Facebook implemented its new privacy policy and user tools this week.
The announcement landed flat on, well, flat on its face. A chorus of the usual suspects, including the Electronic Frontier Foundation and the American Civil Liberties Union of Northern California cried multiple fouls, objecting both to the nature of the changes and the way in which they were being imperiously foisted on users. "Under the banner of simplification," said Electronic Privacy Information's Center's Marc Rotenberg, "Facebook has pushed users to downgrade their privacy."
First, a word about the changes themselves. In a detailed exegesis published on Wednesday, EFF's Kevin Bankston divided the revisions into three categories: the good, the bad, and the ugly.
In the good column, Bankston noted that all Facebook users are being required to review their privacy settings and have been given new tools to simplify the process. For each individual post to their page, users can now limit who among their friends gets to see what. In the bad department, EFF doesn't like the recommended settings, which pretty much let everyone see everything.
The ugly, however, are genuinely ugly. The version of a user's Facebook page open to Facebook members and nonmembers alike will now show the user's name, profile picture, location, and gender, as well as a complete list of her friends. Most of that information can no longer be controlled other than by not providing it in the first place. (Facebook has already backtracked on the public availability of friends information.) And users can no longer opt out of letting Facebook and third-party applications, such as all those quizzes and tests my friends seem to spend most of the day filling out, access at least some information from their account and that of their friends.
Logic behind privacy policy changes
I understand why Facebook wants these changes. Given the sheer number of Facebook users, it's increasingly difficult to find friends when presented with a list of dozens of profiles with matching names and no other information.
As the company moves to find ways of making money from its network, moreover, open access to information about users is not just important--it's essential. Constraining the company's ability to publish and otherwise monetize that information limits the chances Facebook and other social-networking sites can continue to secure funding, compete in a wide-open market, and ultimately survive as a commercial enterprise.
That, at least, is the kind of reasonable explanation for the changes the company could have provided. Instead, it announced the new policy and implemented it at the same time, leaving no opportunity for user review or comment. According to EFF's Bankston, Facebook didn't disclose the creation of the new category of "publicly available information,"--that is, information about a user that cannot be controlled--until "the very day it is forcing the new changes on users." (Facebook did, in fact, allow a one-week comment period on a draft of the new policy, which is more than 5,000 words long, in early November.)
The company's reliance on good relations with its users makes the ham-fisted and tone-deaf nature of these changes both "shocking" and "confusing." After a minirevolt erupted earlier this year over changes to Facebook's terms of service, in which the company seemed to grant itself a more generous license for user data, a chastened CEO Mark Zuckerberg quickly reversed course.
More than that, Zuckerberg promised that future modifications would be developed in collaboration with users on an open-source model. "Our terms aren't just a document that protects our rights," Zuckerberg wrote on the company's blog, "it's the governing document for how the service is used by everyone across the world. Given its importance, we need to make sure the terms reflect the principles and values of the people using the service."
Exactly. So why didn't Facebook learn from its own painful lesson? While the company tested the new features with some users and solicited comments on the privacy policy over the last several months, Facebook reported in November that the number of comments it received on its draft proposal "did not reach the threshold to hold a vote." That's not a good thing.
Lessons not learned
Despite the high level of emotion, rightly or wrongly, that users attach to the topic of privacy, the new policy and tools simply arrived, providing some new protections even as existing controls were unceremoniously removed. Did the company think no one would notice? These and other recent privacy gaffes and missteps have unfortunate consequences.
Consumers, already uneasy about how increasingly intimate information is being handled online, will trust companies less, raising the potential for government regulations and new privacy agencies to fill a perceived void. That would be a dangerous result, and ultimately a counterproductive one.
Introducing new layers of regulatory bureaucracy will slow the pace of exciting innovations in information technology that have kept users engaged in the first place. And interjecting government oversight over any data raises the possibility of misuse of that information by other parts of the government, a problem made all too clear by continued revelations about secret surveillance under the wide umbrella of the Patriot Act and other antiterrorism measures.
The reality is that most information services do a good and responsible job of balancing user interests in controlling information access with value derived from transactional and other data that pay for much of what happens online.
Though often implicit, users today trade the use of information about their activities, purchases, and interests for innovative and often free services that analyze and aggregate that data. Such services help cell phone users locate their friends with Loopt, consumers simplify their search for products and services on Amazon and eBay, and connect with each other in the low transaction cost world of social-networking applications such as Facebook and Twitter.
The real problem: PR
The real problem here is not of policy but rather of public relations. Start-up companies increasingly invest early and often in legal counsel, in part to navigate the complex waters of intercompany relationships and in part to avoid potentially lethal litigation from patent trolls, unhappy competitors, and a global army of business regulators.
At the same time, marketing, as well as public and government relations, get little attention, as companies believe that enthusiastic users are now the best form of PR a young company can get and at a price that can't be beat.
Maybe so. But as information exchanges have moved from the purely pedestrian business-to-business networks of the 1980s to the everything-and-everybody sharing that characterizes our increasingly digital lives, companies who discount or dismiss the emotional and even irrational attachment consumers have to information about themselves do so at their peril.
It's not that Google, Facebook, and others need to change in any fundamental way how they do business. They must rather rethink the casual, careless, and often conceited way with which they communicate to users, business partners, regulators, and other stakeholders. When the lawyers lead, everyone loses.
For companies like Facebook today and everyone else tomorrow, users and the data they provide are not just the most valuable asset; they are the only asset. As consumers absorb that fact, they will increasingly use the tools of online communities--ironically, tools provided by social-networking sites themselves--to express their dissatisfaction with unequal exchanges of information for value. Better to collaborate with them now than to negotiate later, at the end of a gun.
Facebook, as Mark Zuckerberg correctly noted, is a kind of virtual nation, where terms of service and other policy documents serve as Constitution and governing law. As such, changes to both policy and practice require honest deliberation and engagement with the residents.
They can no longer be delivered as fait accompli. For one thing, it's pretty easy for virtual citizens to revolt against a government they don't like, or simply pack up and move somewhere less tyrannical. Easier than it is in the physical world, in any case.
Sites owned by Yahoo, AOL, and Google have joined Facebook and MySpace in expelling New York sex offenders from their rolls.
New York Attorney General Andrew Cuomo announced Thursday that Google's Orkut.com, AOL's Bebo.com, and Yahoo's Flickr.com are among 13 additional social-networking sites to use sex offender data available through New York's Electronic Securing and Targeting of Online Predators Act (E-Stop) to find and disable accounts associated with registered sex offenders.
Other companies that have agreed to cooperate include BlackPlanet.com, Classmates.com, Flixster.com, Fotolog.com, hi5.com, MyLife.com, Stickam.com, and Tagged.com.
New York Attorney General Andrew Cuomo
(Credit: NY Attorney General's Office)There are still some holdouts. Cuomo called on other sites, including Friendster.com, Buzznet.com, eSpin.com, Habbo.com, and LiveJournal.com, "to commit to using the list." He urged parents and children to consider not using sites that haven't complied.
On December 1, Facebook and MySpace deleted the accounts of more than 3,500 sex offenders based on the New York law.
By comparing this data with their own user roles, Facebook was able to identify and delete 2,782 registered sex offenders. MySpace deleted 1,796 accounts.
In addition to deleting the accounts of any known registered sex offenders, the companies will turn over information about the accounts to law enforcement officials.
In a statement, Cuomo said: "It is no secret that sexual predators abuse social networking websites to find and manipulate victims and to insinuate themselves into their victims' lives."
The E-Stop law, which was passed in 2008, requires registered sex offenders from New York to disclose their online identities to officials. Information must include e-mail addresses, instant-messaging screen names and social-networking account names. The law also requires the state's Division of Criminal Justice Services to release state sex offender Internet identifiers to social-networking sites and other online services so that they can prescreen or remove individuals who match the list. It also imposes restrictions on sex offender's use of the Internet if the victim was a minor and if the Internet was used to commit the crime. Restrictions include banning the offender from social-networking sites, as well as prohibiting access to online pornography or communicating with anyone with the intention of promoting sexual relations with a minor.
Cuomo is one of several state attorneys general who have expressed concerns about the danger of Internet predators. In 2008, Cuomo and 48 other attorneys general entered into an agreement with MySpace that resulted in the Internet Safety Technical Task Force, whose report concluded that the actual threat of predators is less than many had feared and that kids are far more likely to be harmed by bullying and harassment from other youth. I served on that task force as a representative of ConnectSafley.org, a nonprofit Internet safety organization I help operate.
