Sunday, November 18, 2007

Facebook's Privacy Default

David Weinberger has been looking at Facebook's privacy defaults and, though he is appreciative of the company not letting advertisers know the identity of the folk they are advertising to, generally he is none too impressed.

"Facebook makes an astounding array of information available to its advertisers so that they can precisely "target" likely suspects. This is great for advertisers, and — given that the ad space is going to be filled up one way or another — it's arguably better for users to see ads that are relevant than are irrelevant. (The counter-argument is that targeting makes ads more successfully manipulative, not just more relevant.) Facebook is scrupulous, however, about not letting advertisers know the identity of those to whom it's advertising. So, Blockbuster might buy ads for all men aged 18-24 who have joined the Pauly Shore fan club, but Blockbuster doesn't know who those people are.

When Facebook talks about preserving user privacy, that's what they have in mind: They do not let advertisers tie the information about you in a profile (your age, interests, etc.) to the information that identifies you in your profile (your name, email address, etc.). That is the informational view of privacy, and Facebook is likely to continue to get that right, if only because so many governmental agencies are watching them. I also think that the Facebook folks understand and support the value of maintaining privacy in this sense.

Yet, I find myself creeped out by this system because Facebook gets the defaults wrong in two very significant areas.

When Blockbuster gives you the popup asking if you want to let your Facebook friends know about your rental, if you do not respond in fifteen seconds, the popup goes away ... and a "yes" is sent to Facebook. Wow, is that not what should happen! Not responding far more likely indicates confusion or dismissal-through-inaction than someone thinking "I'll save myself the click."

Further, we are not allowed to opt out of the system. At your Facebook profile, you can review a list of all the sites you've been to that have presented you with the Facebook spam-your-friends option, and you can opt out of the sites one at a time. But you cannot press a big red button that will take you out of the system entirely. So, if you've deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the list, if you go to a new site that's done the deal with Facebook, you'll get the popup again there. We should be allowed to Just Say No, once and for all.

Why? Because privacy is not just about information. It's all about the defaults.

If a couple is walking down the street, engaged in deep and quiet conversation, it certainly would violate their privacy to focus listening devices on them, record their conversation, and post it on the Internet. The couple wold feel violated not only because their "information" — their conversation — was published but because they had the expectation that even though their sound waves were physically available to anyone walking on the street who cared to listen, norms prevent us from doing so. These norms are social defaults, and they are carefully calibrated to our social circumstances: The default for sidewalks is that you are not allowed to intercede in private conversations except in special circumstances...

Facebook is getting privacy right where privacy is taken as a matter of information transfer. But it is getting privacy wrong as a norm."

No comments: