April 21, 2010
Facebook has introduced their new ‘f8’ platform which raises several serious privacy concerns. While I’m not usually a tinfoil-hat kinda guy, these realizations today really raised my ire against Facebook.
The f8 platform will allow web developers to add a ‘like’ button on their sites, and if you’re a content publisher, face it – you’ll WANT to add that to your site. But this HTML iframe will give Facebook access to every site you visit that includes the LIKE button. (those sites won’t be able to publish anything on your Facebook wall, unless you explicitly permit them to.) However, FB will still know you’ve been there, and who knows what they’ll do with that information (they’ve declined to specify what they’ll use that information for).
Also included in the f8 platform is a means to set up partnerships between Facebook and groups like Microsoft, Pandora and Yelp which will gain access to any public information you have on Facebook, including your name, gender, profile photo, and friend connections. Even if you set your own privacy settings to opt-out of giving these partner sites your information, your friends could still unwittingly give this information to the partner sites without your consent because your FRIEND has access to those details. To fix this, Facebook says you must manually visit each of these partner sites and ALSO opt-out of their f8 platform settings.
To recap, to restrict my public information from being given away, I must:
- DE-select a checkbox in my Facebook privacy settings that FB has already turned on without my consent
- Find a list of partner applications at Facebook and manually block each application from within Facebook
- Visit each partner’s web site and click a “no thanks” link
- Convince every one of my hundreds of Facebook friends to do the same. One friend not complying will undo all the work I do myself.
That’s an awful lot of hoop-jumping to protect my privacy. Not to mention my earlier point that every site that starts including a Facebook LIKE button will give FB a means to log every page I visit which I have no way to opt-out of.
At launch, only docs.com (partnership with Microsoft to rival Google Docs), Pandora and Yelp are partnered up on f8, but how are we, as users, going to know when Facebook adds a new partner so we can race there to opt-out before an unwitting friend beats us there and unknowingly shares our info? I don’t like the idea of Facebook having dozens or hundreds of partners and now suddenly I have to perform two tasks per partner in order to opt-out??
Granted, this platform will certainly, in Facebook’s words, make web “more open and social.” But at what price? How is my web experience going to be better if I have to lock down my social network profiles and spend time opting out of these partner sites when my friends who do NOT do this work will end up sharing my information any way, without my consent?
In the 90’s, there were tons of computer viruses that would infect a person’s PC and upload their address book to a central location which would then attempt to re-infect those users via Email. This feels eerily similar. Even if I lock down my settings, a friend who doesn’t will send their entire friends list to these partner sites which will include my Facebook information. How, exactly, is that a better experience for me?
From Facebook’s own help FAQ’s:
What data is shared with instantly personalized partner sites?
When you and your friends visit an instantly personalized site, the partner can use your public Facebook information, which includes your name, profile picture, gender, and connections. To access any non-public information, the website is required to ask for you or your friend’s explicit permission.
How do I opt-out of instant personalization?
You can opt-out of instant personalization by disallowing it here. By clicking “No Thanks” on the Facebook notification on partner sites, partners will delete your data. To prevent your friends from sharing any of your information with an instant personalization partner, block the application: Microsoft Docs.com, Pandora, Yelp.
Keep in mind, also, there’s no way for Facebook to know whether the partner site has ACTUALLY deleted your data. They’re told in their agreement terms with Facebook that they must do it, but there’s no verification step on Facebook’s part to ensure this happens.
UPDATE in 2016: Facebook got around to adding a permanent opt-out for these sites: