Time to Unfriend Facebook?
With all of the discussion of Facebook having gone rogue, I’m beginning to wonder if it isn’t time to dump my Facebook account. This post is an attempt to (1) talk things out, (2) solicit comment, and (3), if I decide to go through with pulling the plug on Facebook, explain my reasoning to people (without the use of Facebook, since my account there would be gone).
I consider myself to be a privacy advocate. To some extent, I rationalize my use of things like Facebook as “research”: the best way for me to understand Facebook is to use it, so that I am equipped to answer questions about it, and to be able to guide my daughter when she gets old enough to have a Facebook account. I similarly have been urging other parents to use Facebook to understand it before their kids get to that point.
Facebook has been a useful tool. I have reconnected with friends from the past, some of whom have gone on to do surprising and cool things. It has been through Facebook that I first learned that my cousin is now a grandfather, and through Facebook I have learned of both great and sad milestones in my friends’ lives.
What I’m Experiencing
I’m noticing an uptick in unusual activity involving my friends on Facebook that neither they nor I are able to explain. Starting a few months ago, I began receiving invitations to various weight loss “events”, allegedly sent by one of my Facebook friends (a former co-worker). While I can definitely stand to lose some weight, it didn’t seem like something this friend would do, and sure enough, he didn’t. I warned him that his account had likely been compromised, and he reported the problem and asked for his account to be shut down, but apparently was told it would take “up to fourteen days” do that. That makes no sense to me [but is partially explained here]. In any case, I have since received a few more of these.
In the past week or two, I have gotten notifications on three occasions that friends have posted things to my Wall. Clicking through the included link, I get the message, “The post is not available anymore.” I asked two of the alleged posters if they in fact posted something and then deleted it, and neither had actually posted anything. I’m not sure what the motivation for an attacker would be to do this, but it makes me a little uneasy.
In another instance, a posting allegedly from a Facebook friend that I know professionally appeared on my Wall from an application called “BFF Quiz” that asked questions like, “Do you think Jim Fenton is hot?”. Of course, he didn’t really post this.
My guess in all of these cases is that some rogue application may be using its privileges to do this. Applications routinely ask for privileges to post things and access friends’ data without explicit consent. I don’t know whether the permissions that applications can be granted is necessarily that coarse, but I generally don’t know why applications need such broad access.
I haven’t opted into Facebook Connections, which supposedly means that work and education information is no longer in my profile. If this happened widely, I would expect the value of Facebook as a way to connect with people would go down; it should not, for example, be possible to find me by searching by my high school class. But it is! Even though that information has supposedly gone away, my profile still lists my employer and my college and year. Hmm. It seems Facebook isn’t being completely transparent about what information is there and what isn’t.
Facebook privacy settings have never been simple, but they seem to be getting more arcane all the time, and seemingly designed to encourage information to be shared. Even though I’m concerned about privacy in general, I’m actually less concerned about my privacy. However, some of the (ironically named) “security questions” used for password recovery at websites use questions like, “What is the name of your High School?” This might cause even the most clean-living individual to think twice about information that is widely shared.
What I’m Hearing
There has been a lot of concern about Facebook expressed lately from organizations such as the Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC). EFF has published information including a timeline showing the evolution (erosion) of Facebook privacy policies, and detailed instructions for opting out of Facebook’s instant personalization feature. EPIC has led a legal complaint filed with the Federal Trade Commission and provided guidance on managing Facebook’s privacy settings. Both organizations have done a wonderful job of getting the word out.
Of course, this has mostly to do with the privacy concerns on Facebook, and not the unauthorized posting from accounts that I have been seeing.
What to do?
I have a range of options, but I’ll put them into three categories:
- Keep using Facebook, pretty much as I do now. Which means that I’ll need to be careful, and will need to keep a watch out for things that appear on my Wall (like the BFF Quiz above) that need to be deleted.
- Minimally use Facebook. Remove all but the most vital information, and rely more on other sites, such as LinkedIn and Flickr, for sharing information.
- Quit Facebook entirely. Since I don’t approve of what they’re doing, perhaps I shouldn’t be contributing (however minimally) to their value by being a member. However, I don’t expect that quitting will be easy — Facebook won’t make it easy to quit, and some friends that communicate with me primarily on Facebook will have to use a different medium.
OK, readers, any opinions? Please feel free to suggest what I should do via comments, or via Facebook (if I’m still there!). Or, if they’re short, tweet them.
Altmode 
Jim,
I’d say (2); and see if there is a way to interest enough people to make (3) a viable option. I have exactly the same concerns as you, and looking for something alternative. Alas, they are all very alpha for now.
But the good thing is that they are all built with the distributed architecture in mind from the start.
I looked at http://onesocialweb.org, but it seems a bit specific so far. http://www.get6d.com/ – very alpha. Also interesting discussion here: http://news.ycombinator.com/item?id=1329496 – which shows at least a lot of people are trying to do things.
Would be interesting to organize this activity somehow so we could get interoperable results in the end – is there any workgroup dealing with this in IETF ?
cheers,
andrew
Andrew, there’s nothing going on in the IETF in the line of Facebook-style social computing, because there’s no interest from the practitioners to standardize anything. Facebook “wins” by being the top social site, and I don’t get any indication that they see value in interoperating except on their own terms (they have an api for building applications, for example).
We are working on standards for virtual worlds, because Linden Lab does have that interest, along with other developers of similar virtual-word technologies (I am a chair of the VWRAP working group, which is developing standards for “regions” of a single “world” to be built by different developers, allowing interoperation).
There would have to have the same level of interest in Facebook-like services, in order for us to get anywhere with standardizing these things. If someone should come along with a serious proposal for an open-standards-based social-network service, and if there were enough interest from others to work along with that, we might be able to get something going in the IETF.
Barry, thanks for the info!
From the facebook itself, indeed, there can not be much interest (they have a lock-in, why break it?).
But as the “distributed social” gains more momentum, there would be interest to make it interoperable, I think.
A “self-hosted” solution is one of its notable goals – and this implies having conventions; to be able to communicate between the particiating systems and develop further at the same time.
I’m very concerned about FB’s eroding privacy practices. When I started, you could customize all kinds of things as to who could see what and when. Now you can customize very little, and a lot of info has become a choice of it being completely public or removing the info entirely. So, for example, all my profile info is now removed because there was no way for me to make it visible only to my friends any more. On top of that, Consumer Reports’ latest issue came out with a discouraging artcle about FB’s eroding privacy. And that was written before their latest changes, which have resulted in at least two damning technical articles in the SJ Mercury in the last couple of weeks (and if I were clever, I’d have noted who wrote them and the titles of the articles so that I could post links, but I wasn’t) and those are very scary.
I haven’t made any final decisions. I’m on FB daily, and many of my friends are, too, and lots and lots of friends post irregularly but post info of interest or usefulness that I wouldn’t get otherwise. Lots of people seem to post photos to facebook that they don’t post anywhere else, more’s the pity. FB’s ability to tag people in photos is IMHO a great benefit to finding photos of yourself, for example. Also, I’ve been somewhat casual about my appearance on the web in general for many many years–most of my security & spam issues come from things that I did wayyyy back before I had ever received a spam message or a virus-contaminated email or web site, so I’m pretty well distributed anyway and not sure how much more FB contributes to that assuming that I remove pretty much all my personal info. The biggest problem is how much of my *friends’* info becomes available simply because they’re my friends and friend lists are considered to be public info and so, by default, is any info they’ve posted.
It’s brutal. I’d like to just sign off but not sure I really want to.
Here’s one link, that says really not much has chnaged but it’s too complicated for most folks:
http://www.mercurynews.com/ci_15065184?nclick_check=1
This wasn’t the article I was looking for, which appeared sometime during the last week or so and not finding it on a search.
Oh, here’s a cool graphical one!
http://mattmckeon.com/facebook-privacy/
Ellen,
this is absolutely brilliant representation! I injected the link into my feed on FB.
One of my friends found also this one: http://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html
On the topic of quitting FB – after some consideration I think this would not be a rational choice:
They already have the info, if they make changes the ToS, why would I really believe they do delete it after I delete the account. And as you say – privacy issues aside, this brings quite some value.
So I came up with modifying the avatar photo to contain big red dot (like the one on camera when recording), and a text reminder “smile, we’re on camera”, and going to stick around until I can find the viable distributed solution that could interoperate with facebook.
Thanks, everybody, for your advice (both here and, ironically, on Facebook). There has been a ton of press about Facebook privacy issues this past week, and I have to believe that things will improve.
I have decided to stay on Facebook, but I have uninstalled all but a very few trusted applications. If you decide to do this, go to your application settings but make sure you’re viewing “authorized” and not just “recently used” (although I was surprised at some applications it claimed I had used recently). I have also unfriended my former co-worker whose account had posted repeatedly to my wall, and sent an explanation via email to him.
Finally, I got a realistic-looking phishing message claiming to be from Facebook but containing a deceptive link. The message actually came from somewhere in Brazil. Do be careful of mail like this; on my home machine it was obvious that it had not been DKIM signed by Facebook but on my iPhone it wasn’t possible to tell nor to see that the link was deceptive.