Bits, Bytes, and Beats

In a report that apparently confirms what we already knew, the Wall Street Journal has an interesting story that points the finger right at Facebook, MySpace, Digg, and other social networking sites  for violating their own privacy terms by sending identifiable user information to advertisers.

The article cites a paper written by researchers at Worcester Polytechnic Institute that evaluated Facebook, Twitter, and other sites and found ways to share data that contained user ids that contained potentially personal information (for example, user names contain first and last names). Apparently nothing was done by these companies after they were contacted by WPI.

The article goes on to describe the various justifications for this data transmittal from Digg, MySpace, and other sites. And while some reasons make sense, it appears Facebook did change their code, but only after being confronted by the WSJ. The changes were made yesterday.

In a way, this article is a little like reporting that the earth is round and that the sun will indeed set in the west, again. But in reading the article, I hope folks don’t miss this one gem:

At the same time, lawmakers are preparing legislation to govern websites’ tactics for collecting information about consumers, and the way that information is used to target ads.

While it remains to be seen what this bill would include or mandate, Charles Schumer and several other notable senators drafted this letter to Mark Zuckerberg voicing their concern over the privacy changes since the release of Open Graph.

Is this the place for government to intervene? Have Facebook and other social networking sites finally gone so far that laws must be passed that “protect” users and their personal data? WPI thinks so; they have forwarded the matter to the Federal Trade Commission for investigation.

It is hard to argue that their behavior has not gone that far, especially in light of Facebook’s repeated privacy missteps over the last several weeks (this last one is egregious). Knowledge and full disclosure make it easy for users to decide whether they want their information shared, but if there is no full disclosure, then it is time to vote with your mouse and delete that account. That is, if you know how.

What do you think is the best way to curtail this behavior? Is policing necessary?

I’m going on five weeks now since I canceled my Facebook account. At the time, Open Graph had not been released, and the issues surrounding Facebook’s privacy policy changes were just a tiny ripple in the social Internet ocean. I learned about the proposal initially from this TechCrunch article and was immediately mortified. Not long after, I canceled and deleted my account, going through the same hoops now famously chronicled by Leo Laporte when he deleted his Facebook account (video below, a fun one).

And here we are, about a month removed from the release of Open Graph and the flood of Like buttons on the web in places that you’ve never been to before. Politicians, online privacy wonks, and the “social network conscious” are complaining loudly about not just the invasion of privacy, but the silly, convoluted method in place to permanently delete your account (watch Leo again if you missed this).

Cue ReclaimPrivacy.org. While the tool is going through some growing pains, I love it because of its functional mission (helping users easily identify, and tweak, their Facebook privacy settings), but I love the website even more. It’s easy to read. It’s lightweight. It’s standards-compliant. There are no advertisements. Their FAQs are simple to follow. But most of all, it is completely transparent – anyone can view the source code and track bug statuses at their GitHub repository.

What I think is most fascinating is how this kind of grassroots activism on the Web lends additional credibility to the developer. If McAfee or Symantec recognized this as a market opportunity, and sold a similar tool for a buck, would people still use it? I doubt it.  Those are established brands, yet we trust them less than a developer that has zero exposure or public track record. The appearance of their website, to me, puffs up this image of web “altruism”. This appearance obviously doesn’t work for everyone, but overall I think this is a classic example of less clearly being more.