Earlier this week I wrote a post about how I didn't like that I couldn't alter the Facebook Connect privacy settings for updates from Foursquare, an iPhone app that shares my location through a GPS-enabled city directory. It didn't make sense to me that Facebook Connect information was automatically visible to anyone who had access to posts on my "wall," whereas privacy settings on a third-party app embedded directly on my profile were much more fine-tuned, allowing me to restrict them to specific subsets of friends.
I've been e-mailing back and forth with Facebook, and I've gotten some clarification on how the process works. Privacy controls for embedded apps aren't as simple as I'd thought. I can opt to block the "box" for a third-party game like Mafia Wars or Farmville, as the privacy controls indicate, but activity from those apps--i.e. if I just picked up a new weapon in Mafia Wars--will still show up to anyone who can see what I post on my Facebook wall, like status messages and new friend connections. (You can, however, block individual Platform apps from posting to your wall in the first place.)
"Activity from apps and Connect sites are grouped with the activity you take on Facebook (which then appears on your wall), all of which can be blocked from a select group of people using publisher privacy," Facebook representative Malorie Lucich explained to me via e-mail. "So, for example, if you don't want your boss seeing your Mafia Wars activity and your usual Facebook activity, you can block her/him from viewing your wall."
Everything on the wall, therefore, is treated as a single unit. Except not quite: With status messages and content posted directly through Facebook, as part of Facebook's new privacy controls there's now a drop-down menu that lets me choose exactly who can see that message--the public Web, friends of friends, only my friends or "networks," or stratified groups of friends. That's great, because I can post a status message asking for Christmas present suggestions, and opt to block it from my family or other potential gift recipients.
For third-party apps, I'm not so lucky. I'm sure I wasn't the only Facebook member who figured that blocking the Mafia Wars "box" from a certain list of friends would also block activity updates on my wall. According to Facebook, it doesn't.
I'm also sure I'm not the only one who would like to use Facebook Connect with a service like Foursquare that isn't normally public; I liked some of the comments that would appear on "check-ins" pushed to Facebook (when I checked into a restaurant, for example, a few people responded with their favorite menu items, and another asked about the variety of beers on tap). But wanting to keep them restricted to half or a third or a quarter of my Facebook friends is not always just a matter of privacy--the majority of my Facebook friends have no interest whatsoever in which coffee shop I just checked into on the likes of Foursquare or Gowalla, and out of courtesy I don't want to plaster it all over everyone's news feeds. I'd like Foursquare's implementation of Facebook Connect, theoretically, to only be visible to close friends and people who live nearby.
Facebook is, and should be, proud of the wealth of data that gets shared on members' "walls." On Friday morning, I used my status message to solicit tips for an upcoming tropical getaway, and got some terrific suggestions from people in my "social graph" whom I hadn't talked to in ages. This was a great example of something that I'd like to open up to my entire Facebook network. But when it comes to information that's local, sensitive, or otherwise private, I'd like to be able to restrict it. As Facebook Connect grows bigger and more diverse, these instances are likely to come up more often.
So if I had to come up with a most-wished-for new Facebook feature, this might have to be it.
A Foursquare check-in posted to Facebook through Facebook Connect.
(Credit: Facebook)Privacy on Facebook has been front and center this month as the company has rolled out the controversial revamp of its user privacy settings. One thing that's thankfully stayed intact has been the ability to restrict the third-party applications on your profile to specific "lists" of friends--so that you can, for example, block your Mafia Wars activity from everyone who's not on your "People Who Know About My Mafia Wars Addiction" list.
Dopplr, an app that you can install as a 'box' on your Facebook profile, has privacy controls that allow you to block it from various groups of your friends.
(Credit: Facebook)But for stuff on my profile that was published through Facebook Connect rather than an app "built" on the platform, this is not the case. For some reason, information published to Facebook through Facebook Connect does not have any privacy controls attached to it, so it's either available to everybody or nobody.
To backtrack a little bit, Facebook first rolled out developer-created applications in the summer of 2007, and then a year later introduced Facebook Connect, which lets users log into third-party sites (and iPhone apps) from their Facebook profiles and publish content back to Facebook.
Facebook Connect apps that publish content back to Facebook profiles (which have additional permissions from those that simply let you log in with your Facebook ID) are grouped alongside the original variety of platform apps in Facebook's "Application Settings" privacy controls section. But the Connect apps don't have a "Profile" tab in their settings, because there isn't an embedded "box" for the app--just what shows up in your News Feed.
"We are evaluating adding post-level privacy settings for stories created through external developers, but for the time being, there is currently no difference between the settings for applications and Facebook Connect activities," Facebook representative Malorie Lucich told CNET via e-mail. "So, while you can control who sees the applications living in your profile boxes and application tabs, you currently cannot granularly control who sees your application activity in your feed."
I discovered this when I was testing out the new Facebook Connect feature on geo app Foursquare, one of the many mobile apps that lets you "check in" to different establishments and broadcast it to your friends from your phone. Foursquare will let you choose before you check in whether you want to broadcast that location to Twitter, and co-founders Dennis Crowley and Naveen Selvadurai tell me that a selective "share this on Facebook" button is coming alongside the Twitter button in a future version of its iPhone application. That'll help a lot, because right now, it'll share all of your check-ins to Facebook or none of them.
In the meantime, I decided to see whether I could restrict Foursquare's Facebook Connect publishing to one or two of my stratified Facebook friends lists--I mean, I don't need to clog all those news feeds up with a day's worth of check-ins, and my boss doesn't need to see that I checked in at Tom & Jerry's Bar after midnight on a weekday. (Not that I'd ever do that.)
Those settings don't exist for Foursquare, though, which takes the form of a Facebook Connect implementation rather than an embeddable app.
(Credit: Facebook)Unfortunately, because you can't modify privacy controls for a Facebook Connect app, this means I can either show actions to all my friends (my profile is friends-only by default) or none of them. This appears to be the case for everything that's published to Facebook through Connect rather than an app--the same applies, for example, to Foursquare competitor Gowalla.
Right now, Facebook's Malorie Lucich explained to CNET, Facebook Connect posts are treated as "wall" activity. "With Facebook Platform applications and Facebook Connect, users always have control over whether or not they want their activity published to their feed for their friends to see," she wrote. "You can also control who sees your overall activity on Facebook by setting who can see 'posts by me' on your privacy settings page. This will limit who can see your Wall."
"As outlined in our (developer) roadmap, upcoming changes will make it easier for users to directly communicate with their friends about applications and Facebook Connect activity via the inbox," Lucich's e-mail continued. "Additionally, profile boxes and the boxes tab will be removed, making application tabs the sole way to integrate applications statically with your profile--and you will continue to be able to control who sees that content."
But Facebook Connect is huge. More than 80,000 third-party sites are now participating, and not all of them deal with publicly available content (i.e. Yelp reviews, photos uploaded to Flickr, comments on Digg). Privacy controls here are something that Facebook could certainly improve; the company says that plans for data permissions are still evolving.
This post was expanded at 4:46 p.m. PT with comment from Facebook.
Privacy advocates opposed to new privacy regulations at Facebook are attempting to get the attention of the U.S. Federal Trade Commission, according to a complaint filed Thursday on behalf of the Electronic Privacy Information Center and several allied groups.
"These changes violate user expectations, diminish user privacy, and contradict Facebook's own representations," the complaint says of Facebook's new regulations, which push more content public, and make even more data available to third-party applications and advertisers. EPIC's goal is to force Facebook to restore the old settings and add additional controls for members.
"We've had productive discussions with dozens of organizations around the world about the recent changes, and we're disappointed that EPIC has chosen to share their concerns with the FTC while refusing to talk to us about them," a retaliatory statement from Facebook read. "We're pleased that so many users have already gone through the process of reviewing and updating their privacy settings, and are impressed that so many have chosen to customize their settings, demonstrating the effectiveness of Facebook's user empowerment and transparency efforts. Of course, the new tools offer users the opportunity to decide on privacy with every photo, link, or status update they wish to post, so the process of personalizing privacy on Facebook will continue."
It's one thing when Facebook users start complaining about new features that they deem excessively creepy--just look at the outrage that surrounded the News Feed, now a mainstay of the site, when it launched in 2006.
It's a bigger fish entirely when government regulatory bodies get involved, particularly the FTC, which has major sway over the advertising and marketing industries. It was only when privacy groups flagged concerns about Facebook's Beacon advertising program two years ago that participating advertisers started to pull out amid bad publicity. A class action settlement over the Beacon program was resolved recently.
Since then, Facebook hasn't had a privacy-related debacle on the same scale. Much of the philosophy behind Beacon was baked into its Facebook Connect universal log-in tool, which shares information from third-party sites on Facebook profiles and lets users log into other sites with their Facebook credentials. But with the public-relations pitch geared toward making the entire online experience easier for users (fewer passwords to remember, no more registration headaches) rather than helping advertisers exploit social-networking channels, the debut of Facebook Connect wasn't subject to the same scrutiny.
The controversial new privacy standards at Facebook have been a long time coming, considering the fact that the social network started to publicly set the groundwork nearly six months ago with a series of announcements about modified privacy controls. It's clear that the company was trying to avoid the sort of press bloodbath that came after the debut of Beacon.
That didn't happen. Facebook has already backtracked on one component of its new privacy regulations, one which made users' friends lists publicly available. It's unclear as to how much EPIC's coalition, not to mention the FTC, will prioritize this most recent controversy.
Behind Facebook's traditional willingness to make tweaks and modifications to new features and products, if they spark some kind of concern among government regulatory bodies or marketers, is a fight that the company will not give up easily. What it all comes down to is that Facebook's once-watertight log-in wall--remember the time that representatives mulled banning a blogger who'd posted Facebook-hosted photos publicly?--is getting in the way of the social network's potentially central role in one of the digital world's crazes du jour, searchable real-time information.
Search companies have been announcing big deals to pull Facebook status messages and Twitter tweets into results, and the media business has gone nuts over the potential to harness the "real-time Web."
Facebook, dependent on advertising revenues and still looking to expand its base of more than 350 million users, obviously wants in on this. But if it doesn't have enough status messages, shared links, and other information pulled into search results, it stands a chance at losing ground to the much-smaller Twitter--already the top name, in terms of a massive, searchable clearinghouse for up-to-the-minute information.
Plus, there are marketers and advertisers for Facebook to consider: more search results equals more page views and more ad revenue, and more public information on users' profiles means more ways for the advertising industry to reach them. But if those same marketers and advertisers are the ones pressuring Facebook to change course, in terms of user privacy, it could cause some friction between the social network and the businesses that have finally begun to accept it as a choice destination for their ad dollars.
Now EPIC is alleging to the FTC that Facebook's new regulations can be outright dangerous: "Dozens of American Facebook users, who posted political messages critical of Iran, have reported that Iranian authorities subsequently questioned and detained their relatives," an item in the complaint reads. "Under the revised privacy settings, Facebook makes such users' friends lists publicly available."
That's not good PR for Facebook, which has repeatedly pitched itself as a destination for open dialogue and grassroots organization across zones of political and ethnic conflict.
It's been a matter of days since Facebook's new privacy controls went into place, and the company is already making modifications in response to user complaints that they expose too much information. Namely, the company has made it easier to prevent people from seeing who your friends are.
For one, Facebook no longer makes a link to a list of your friends publicly available, and it has added an option for members who want no one at all--including other friends--to see their connections. Third-party applications, however, can still access it.
"In response to your feedback, we've improved the Friend List visibility option," an update to Facebook's blog post about the new privacy settings read. "Now when you uncheck the 'Show my friends on my profile' option in the Friends box on your profile, your Friend List won't appear on your profile regardless of whether people are viewing it while logged into Facebook or logged out. This information is still publicly available, however, and can be accessed by applications."
Facebook's reasons for making this move likely have something to do with the fact that it wants to be a safe place for professionals: in some fields of work, people may be uncomfortable with basically opening up their Rolodexes. There was a high-profile incident that highlighted these potential pratfalls of making one's Facebook friend list publicly available: Business Insider revealed earlier this week that Overstock.com CEO Patrick Byrne was keeping a list of journalists covering the company as well as their professional connections found through Facebook.
The new privacy settings give members more control over how much they share in general, but they additionally encourage them to make more content public as the site moves from a closed-off, login-required site to a potentially huge player in the new real-time search craze. But the company remains under pressure from not only its 350-million-plus users, but also lawmakers in multiple countries who have voiced concerns about how much the company is doing to protect users' privacy.
An e-mail was sent on Thursday to Facebook users who were members at the time that its controversial, now-defunct Beacon advertising program was operated: it's the official notice about the proposed settlement for the class-action lawsuit against Beacon. The terms of the settlement have been public since September, but the court-ordered summary notice is the last step in the process before final approval on February 26.
"This is not a settlement in which class members file claims to receive compensation," the notice explained (possibly crushing the hopes of any Facebook members who might have got excited that this would be an easy way to make some pizza money). "Under the proposed settlement, Facebook will terminate the Beacon program. In addition, Facebook will provide $9.5 million to establish an independent nonprofit foundation that will identify and fund projects and initiatives that promote the cause of online privacy, safety, and security."
A Web site has been set up to explain the terms of the settlement for the case Lane et al. vs. Facebook Inc. et al., which was originally filed last summer.
Beacon, an advertising program that shared members' activity on participating third-party sites on their Facebook profiles without much warning or notification, was a much-hyped part of the Facebook Ads initiative that debuted in the fall of 2007. But it was, unfortunately for Facebook, a complete public relations disaster.
Pressure from privacy and activist groups resulted in notable changes to the product and member controls thereof, but image repair proved to not be enough and Facebook let Beacon fade to black.
Facebook head of communications Elliot Schrage posted a company blog entry on Thursday inviting members to review proposed updates to the social network's privacy policy, and much of it deals with what happens to the content of accounts that members have opted to delete.
"Specifically, we've included sections that further explain the privacy setting you can choose to make your content viewable by everyone, the difference between deactivating and deleting your account," and the process of memorializing an account once we've received a report that the account holder is deceased," Schrage wrote. Earlier this week, Facebook detailed the process of "memorializing" an account, which leaves the profile intact to current friends but hides potentially sensitive information.
Now, in the proposed new policy, which members are invited to review and comment on until November 5, Facebook explains to users that they can "deactivate" their account, which hides it but keeps information stored for potential reactivation, or alternately choose to delete it for good.
"Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users," the new wording explains. It's referring to content like posts and comments on other members' profile 'walls.' "However, your name will no longer be associated with that information on Facebook."
It's been a long and twisted road for Facebook's privacy regulations. The new policy was put into place after a complaint from the Canadian Privacy Commission called into question what would happen to member profile data if a user deactivated an account.
That fiasco followed outrage over changes to Facebook's terms of service that implied Facebook claimed an "irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license" to member content even if the account had been deleted. One privacy advocacy group readied a federal complaint, and Facebook backed off and returned to its old terms of service.
In July, Facebook cleaned up its user privacy controls as it prepared to open up more of its profile content to public access and search engines.
But the Canadian Privacy Commission had also taken issue with how much Facebook profile information could potentially be shared with third-party developers or advertisers. Facebook made additional modifications to its user privacy controls in August in response to concerns about the developer platform, and in Thursday's post about the new privacy policy Schrage highlighted that the social network does not intend to share personal data with advertisers.
"The information we provide to advertisers is 'anonymized,' meaning that it can't be traced back to you as an individual in any way," Schrage's post explained.
It's finally over for Beacon, the ill-fated advertising program that the social network initially launched with splashy Madison Avenue fanfare nearly two years ago.
The social network has settled a year-old class action lawsuit that targeted the social network's alleged failure to provide adequate information and privacy controls to users with regard to Beacon, which shared information about users' information on third-party partner sites in Facebook news feeds.
One of the terms of the settlement? Any last vestiges of Beacon, which failed to gain traction amid a barrage of negative press stemming largely from advocacy groups like MoveOn.org, will be shut down completely.
Also as part of the settlement, which is still pending approval from a judge, a $9.5 million "settlement fund" has been established to set up an independent foundation to "fund projects and initiatives that promote the cause of online privacy, safety, and security," according to a release. Up to a third of that fund, however, can potentially be recovered by the plaintiffs' lawyers.
"We look forward to the creation of the foundation and its work to educate Internet users on how best to control their privacy; engage in safe social-networking practices; and, generally, enjoy themselves more online by having knowledge that gives them a greater sense of control," a statement from Facebook representative Barry Schnitt read. "We fully expect the foundation to team with other leading online-safety and privacy experts and organizations that have been working diligently in these fields."
The suit was filed in August 2008 on behalf of 20 plaintiffs, most of whom were Texas residents. Named as defendants were Facebook, along with current and former Beacon participants Blockbuster, Fandango (owned by Comcast), Overstock.com, STA Travel, Zappos, Hotwire (owned by InterActiveCorp), and GameFly. Another, earlier Beacon-related lawsuit had been filed against Blockbuster several months earlier, claiming that its participation in the advertising program violated the Video Privacy Protection Act of 1987. Facebook was not named as a defendant in that suit.
Shortly after the negative buzz about Beacon started, Facebook began tweaking and modifying the program to allow more user control over the feature. But it was too late: advocacy groups claimed that it still wasn't enough, some existing partners pulled out, and others were likely deterred from participating because of the unsavory implications. Surprisingly, a "small number of customers" were still using it; Facebook will work to transition them out of it.
Facebook's experiments in social-media advertising turned instead to "engagement ads," which have come under some scrutiny themselves, and the "fan pages" that it encourages brands, organizations, and celebrities to create.
The irony behind Friday's news is that the thinking behind Beacon ultimately evolved into the phenomenally successful Facebook Connect, the universal log-in standard that, among other things, shares third-party activity on members' Facebook profiles.
The privacy controls on Connect are clearer and more extensive, but perhaps more crucial to Facebook Connect's success has been the fact that it's been marketed as a utility for ordinary members rather than an advertising tool for paying clients. It's free for third-party sites to implement, and with only a few exceptions, sites working with Facebook Connect code it in through the social network's application programming interface, or API, rather than ink a formal partnership.
And offering Facebook users the chance to register and log in to external sites without separate usernames and passwords gives Facebook Connect's marketing a slant of user convenience--and security, as some Web users may be more comfortable hitting a "Connect with Facebook" button than registering for an account with a new Web service.
"We learned a great deal from the Beacon experience," the statement from Facebook's Schnitt read. "For one, it underscored how critical it is to provide extensive user control over how information is shared. We also learned how to effectively communicate changes that we make to the user experience. The introduction of Facebook Connect--a product that gives users significant control over how they extend their Facebook identity on the Web and share experiences back to friends on Facebook--is an example of this."
A recent simplification of Facebook's user privacy controls wasn't enough for some policymakers.
On Thursday, in conjunction with the Canadian Privacy Commissioner, Facebook announced a new set of modifications to its user privacy controls as well as its developer API, and the targets of these changes are the thousands of third-party applications built on Facebook's developer platform. That means there may be major implications for developers--some of whom rely almost exclusively on Facebook activity as a revenue source.
The Canadian Privacy Commissioner's office released a set of recommendations for Facebook last month, specifically highlighting concerns that third-party applications could access a significant amount of users' personal data. "It's clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates," commissioner Jennifer Stoddart said in a release at the time.
Facebook's newest set of changes will require third-party applications to specify which fields of user data they access (birthdays, favorite music, geographic location, etc.) and will require users to offer explicit permission before an app can access any of their friends' profile data. This is also in tune with recommendations offered earlier this week by a chapter of the American Civil Liberties Union, which highlighted the amount of personal data that third-party apps can access--sometimes without a user knowing it.
"Our productive and constructive dialogue with the Commissioner's office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users," Elliot Schrage, Facebook's vice president of global communications and public policy, said in a release Thursday. "We believe that these changes are not only great for our users and address all of the Commissioners' outstanding concerns, but they also set a new standard for the industry."
But what does it mean for developers? This could make it difficult for some apps--particularly the sillier ones that rely on heavy viral spread and often one-time use--to gain traction and stay effective. These are similar concerns to those that arose when Facebook cracked down on apps that it deemed "spammy" (and often rightfully so). But on the other hand, the new privacy controls could stem off bad press that could easily paint the developer platform as a whole as unsafe or untrustworthy.
"It is important for developers to have access to information, but we want to balance that with transparency and control for users," Ethan Beard, Facebook's director of platform product marketing, said in a blog post geared toward developers.
"We have committed to making these enhancements over the next twelve months, and anticipate a lengthy beta period including opportunities for you to provide input, multiple blog posts, and updated documentation delivered well ahead of time," Beard's post continued. "Understanding that this will likely require modifications to your code base, we want to give you the earliest heads up that these enhancements are on our road map."
The Northern California chapter of the American Civil Liberties Union has put out a campaign designed to raise awareness of the privacy implications of Facebook's developer platform. It's focusing specifically on the popular "quiz" applications, like "Which Cocktail Best Suits Your Personality?" and "Which Wes Anderson Movie Character Are You?" These are largely one-time-use apps that many a Facebook user clicks on and tries out with little concern.
According to the ACLU chapter, "millions of people on Facebook who use third-party applications on the site, including the popular quizzes, do not realize the extent to which developers of quizzes and other applications have access to personal information. Facebook's default privacy settings allow nearly unfettered access to a user's profile information, including religion, sexual orientation, political affiliation, photos, events, notes, wall posts, and groups." For the promotion, it's put together a quiz about how much you know about Facebook-based quizzes.
Side note: Creating a Facebook quiz app to draw attention to the pratfalls of Facebook quiz apps is very meta.
"It's time for Facebook to upgrade its privacy controls so that quizzes can only see what people want them to see," Chris Conley, technology and civil liberties fellow at the ACLU of Northern California, said in a release. "Users need stronger protections than Facebook currently provides."
So are the ACLU-NC's claims legitimate? The most damning one asserts that "regardless of whether a user's Facebook profile is 'private,' by taking a quiz the user allows its developer to gain access to the user's profile information...by Facebook default, every time one of a user's friends takes a quiz, the quiz has access to that user's profile information." That could have particularly alarming security implications if an app turns out to be malicious.
Facebook does not deny this, but notes that "sensitive" information like contact details are not available to third-party apps, and that Facebook has settings for users to tweak exactly how much their friends' apps can see.
Last month, the company modified its privacy settings to make them more user-friendly.
The ACLU chapter recommends that Facebook make it an opt-in, rather than opt-out process for apps to access a user's friends' data and require that apps list the specific profile data fields that they will be accessing.
"We generally agree with (the ACLU's) recommendations and have already made public announcements about relevant changes that are under way," Facebook spokesman Barry Schnitt said in an e-mail. "Specifically, we recently disabled hundreds of applications, including quiz applications, that were inconsistent with Facebook Platform policies...We've also had productive discussions with the Canadian Privacy Commissioner about improving user data controls on Platform. We'd be glad to also have productive discussions with the ACLU and generally catch them up, if they want to give us a call."
The office of the Canadian Privacy Commissioner, which has taken issue with Facebook's privacy policies, is holding a press conference on Thursday to address the subject, and Facebook plans to hold a conference call with reporters in response.
A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.
Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.
Security on Twitter is front and center right now, as the microblogging site was completely downed by a distributed denial-of-service attack last week that was targeting a Georgian political blogger. While other services like Facebook and the Google-owned Blogger were also hit by the attack, Twitter was the only one to suffer a full-out, hours-long outage, and it called into question just how secure the service really is.
But in this case, the Twittering botnet doesn't necessarily highlight a vulnerability that would be unique to Twitter.
"Although Twitter.com has been used in this instance, there are plenty of alternative sites on the Internet that could also be used as a similar medium of communication," Coogan wrote.
This post was updated at 1:05 p.m. PDT to note that Arbor Networks also reported the Twitter-based botnet.
