net.wars: Privacy Theatre
by Wendy M Grossman | posted on 28 May 2010
On Wednesday, in response to widespread criticism and protest Facebook finally changed its privacy settings to be genuinely more user-friendly – and for once, the settings actually are. It is now reasonably possible to tell at a glance which elements of the information you have on the system are visible and to what class of people. To be sure, the classes available – friends, friends of friends, and everyone – are still broad, but it is a definite improvement. It would be helpful if Facebook provided a button so you could see what your profile looks like to someone who is not on your friends list (although of course you can see this by logging out of Facebook and then searching for your profile). If you're curious just how much of your information is showing, you might want to try out Outbook.
Those changes, however, only tackle one element of a four-part problem.
1: User interface. Fine-grained controls are, as the company itself has said, difficult to present in a simple way. This is what the company changed this week and, as already noted, the new design is a big improvement. It can still be improved, and it's up to users and governments to keep pressure on the company to do so.
2: Business model. Underlying all of this, however, is the problem that Facebook still has make money. To some extent this is our own fault: if we don't want to pay money to use the service – and it's pretty clear we don't – then it has to be paid for some other way. The only marketable asset Facebook has is its user data. Hence Andrew Brown's comment that users are Facebook's product; advertisers are its customers. As others have commented, traditional media companies also sell their audience to their advertisers; but there's a qualitative difference in that traditional media companies also create their own content, which gives them other revenue streams.
3. Changing the defaults. As this site's graphic representation makes clear, since 2005 the changes in Facebook's default privacy settings have all gone one way: towards greater openness. We know from decades of experience that defaults matter because so many computer users never change them. It's why Microsoft has had to defend itself against antitrust actions regarding bundling Internet Explorer and Windows Media Player into its operating system. On Facebook, users should have to make an explicit decision to make their information public – opt in, rather than opt out. That would also be more in line with the EU's Data Protection Directive.
4: Getting users to understand what they're disclosing. Back in the early 1990s, AT&T ran a series of TV ads in the US targeting a competitor's having asked its customers the names of their friends and family for marketing purposes, "I don't want to give those out," the people in the ads were heard to say. Yet they freely disclose on Facebook every day exactly that sort of information. As director of the Foundation for Information Policy Research Caspar Bowden argued persuasively that traffic analysis – seeing who is talking to whom and with what frequency – is far more revealing than the actual contents of messages.
What makes today's social networks different from other messaging systems (besides their scale) is that typically those – bulletin boards, conferencing systems, CompuServe, AOL, Usenet, today's Web message boards – were and are organized around topics of interest: libel law reform, tennis, whatever. Even blogs, whose earliest audiences are usually friends, become more broadly successful because of the topics they cover and the quality of that coverage. In the early days, that structure was due to the fact that most people online were strangers meeting for the first time. These days, it allows those with minority interests to find each other. But in social media the organizing principle is the social connections of individual people whose tenure on the service begins, by and large, by knowing each other. This vastly simplifies traffic analysis.
A number of factors contributed to the success of Facebook. One was the privacy promises the company made (and have since revised). But another was certainly elements of dissatisfaction with the wider Net. I've heard Facebook described as an effort to reinvent the Net, and there's some truth to that in that it presents itself as a safer space. That image is why people feel comfortable posting pictures of their kids. But a key element in Facebook's success has, I think, also been the brokenness of email and, to a lesser degree, instant messaging. As these became overridden with spam, rather than grapple with spam and other unwanted junk or the uncertainty of knowing which friend was using which incompatible IM service, many people gravitated to social networks as a way of keeping their inboxes as personal space.
Facebook is undoubtedly telling the truth when it says that the privacy complaints have, so far, made little difference to the size and engagement of its user base. It's extreme to say that Facebook victimizes its users, but it is true that the active core of long-term users' expectations have been progressively betrayed. Facebook's users have no transparency about or control over what data Facebook shares with its advertisers. Making that visible would go a long way toward restoring users' trust.
Technorati tags: facebook privacy defaults traffic analysis
Wendy M. Grossman’s Web site has an extensive archive of her books, articles, and music, and an archive of all the earlier columns in this series. Readers are welcome to post here, at net.wars home, follow on Twitter or send email to netwars(at) skeptic.demon.co.uk (but please turn off HTML).
net.wars: Privacy Theatre