With all of the discussion of Facebook having gone rogue, I’m beginning to wonder if it isn’t time to dump my Facebook account. This post is an attempt to (1) talk things out, (2) solicit comment, and (3), if I decide to go through with pulling the plug on Facebook, explain my reasoning to people (without the use of Facebook, since my account there would be gone).
I consider myself to be a privacy advocate. To some extent, I rationalize my use of things like Facebook as “research”: the best way for me to understand Facebook is to use it, so that I am equipped to answer questions about it, and to be able to guide my daughter when she gets old enough to have a Facebook account. I similarly have been urging other parents to use Facebook to understand it before their kids get to that point.
Facebook has been a useful tool. I have reconnected with friends from the past, some of whom have gone on to do surprising and cool things. It has been through Facebook that I first learned that my cousin is now a grandfather, and through Facebook I have learned of both great and sad milestones in my friends’ lives.
What I’m Experiencing
I’m noticing an uptick in unusual activity involving my friends on Facebook that neither they nor I are able to explain. Starting a few months ago, I began receiving invitations to various weight loss “events”, allegedly sent by one of my Facebook friends (a former co-worker). While I can definitely stand to lose some weight, it didn’t seem like something this friend would do, and sure enough, he didn’t. I warned him that his account had likely been compromised, and he reported the problem and asked for his account to be shut down, but apparently was told it would take “up to fourteen days” do that. That makes no sense to me [but is partially explained here]. In any case, I have since received a few more of these.
In the past week or two, I have gotten notifications on three occasions that friends have posted things to my Wall. Clicking through the included link, I get the message, “The post is not available anymore.” I asked two of the alleged posters if they in fact posted something and then deleted it, and neither had actually posted anything. I’m not sure what the motivation for an attacker would be to do this, but it makes me a little uneasy.
In another instance, a posting allegedly from a Facebook friend that I know professionally appeared on my Wall from an application called “BFF Quiz” that asked questions like, “Do you think Jim Fenton is hot?”. Of course, he didn’t really post this.
My guess in all of these cases is that some rogue application may be using its privileges to do this. Applications routinely ask for privileges to post things and access friends’ data without explicit consent. I don’t know whether the permissions that applications can be granted is necessarily that coarse, but I generally don’t know why applications need such broad access.
I haven’t opted into Facebook Connections, which supposedly means that work and education information is no longer in my profile. If this happened widely, I would expect the value of Facebook as a way to connect with people would go down; it should not, for example, be possible to find me by searching by my high school class. But it is! Even though that information has supposedly gone away, my profile still lists my employer and my college and year. Hmm. It seems Facebook isn’t being completely transparent about what information is there and what isn’t.
Facebook privacy settings have never been simple, but they seem to be getting more arcane all the time, and seemingly designed to encourage information to be shared. Even though I’m concerned about privacy in general, I’m actually less concerned about my privacy. However, some of the (ironically named) “security questions” used for password recovery at websites use questions like, “What is the name of your High School?” This might cause even the most clean-living individual to think twice about information that is widely shared.
What I’m Hearing
There has been a lot of concern about Facebook expressed lately from organizations such as the Electronic Frontier Foundation (EFF) and Electronic Privacy Information Center (EPIC). EFF has published information including a timeline showing the evolution (erosion) of Facebook privacy policies, and detailed instructions for opting out of Facebook’s instant personalization feature. EPIC has led a legal complaint filed with the Federal Trade Commission and provided guidance on managing Facebook’s privacy settings. Both organizations have done a wonderful job of getting the word out.
Of course, this has mostly to do with the privacy concerns on Facebook, and not the unauthorized posting from accounts that I have been seeing.
What to do?
I have a range of options, but I’ll put them into three categories:
- Keep using Facebook, pretty much as I do now. Which means that I’ll need to be careful, and will need to keep a watch out for things that appear on my Wall (like the BFF Quiz above) that need to be deleted.
- Minimally use Facebook. Remove all but the most vital information, and rely more on other sites, such as LinkedIn and Flickr, for sharing information.
- Quit Facebook entirely. Since I don’t approve of what they’re doing, perhaps I shouldn’t be contributing (however minimally) to their value by being a member. However, I don’t expect that quitting will be easy — Facebook won’t make it easy to quit, and some friends that communicate with me primarily on Facebook will have to use a different medium.
OK, readers, any opinions? Please feel free to suggest what I should do via comments, or via Facebook (if I’m still there!). Or, if they’re short, tweet them.