February 25, 2013

It seems almost every other day that logging in to Facebook presents you as a user with a new warning about some fantastic life-altering evil or creative invention that threatens to alter our lives forever; cooking food in plastic containers in the microwave causes cancer, the old classic put your pin number in backwards at the ATM to summon the Police, and the recurring “Olympic torch” virus warning – this is the one that supposedly physically burns your hard drive to make it unusable.  All of these are complete fabrications of course, generated to elicit fear in the readers and to propagate the message far and wide.

But what about the less fantastic?  What about those scary messages that we frequently see regarding privacy on Facebook itself? “Facebook are sharing everything. Stop them now!”  “Please stop my kids’ photos from being seen by your friends that I don’t know”, the list goes on.

One of the biggest privacy issues that has faced users on Facebook in the last six months is when Facebook updated the look and feel of the Timeline around August / September 2012.  This included an easy way to navigate to posts further in the past than had previously been possible.  Suddenly it seemed that a lot of old “private” messages that had been sent between users around 2009 and prior had been published publicly on users’ timelines.  Facebook’s official response was:

“A small number of users raised concerns after what they mistakenly believed to be private messages appeared on their Timeline. Our engineers investigated these reports and found that the messages were older wall posts that had always been visible on the users’ profile pages. Facebook is satisfied that there has been no breach of user privacy.” – guardian.co.uk

I have to confess that after reviewing some of these messages that suddenly appeared on my own timeline I was pretty keen to hide them too.  Judging by the content of them I’m fairly certain that at the time of writing them I assumed that these messages were private, but in fact Facebook had no such method of protecting the privacy of messages that long ago.  There was certainly no robust private messaging system like that which they have now.  So what’s the real issue here? It’s simple. User perception.  That which we thought was private in fact was not and never had been.  But Facebook never said it was, either – so the end users have made a massive assumption.

Since 2009 a lot has changed with Facebook and the privacy of its users.  One of the bigger changes was when Google+ appeared on the scene in June 2011 and with it brought the concept of sharing to “circles” or groups of friends.  Facebook was very quick to adopt a similar privacy scheme as users very soon identified this as a major selling point for changing their primary social network.  But what does that really mean?  Just because you’re sharing some of your content with only a small subset of your friends you might feel like you have more control, but is more control synonymous with more privacy?

We all have those friends that post those privacy warnings, asking you to make sure you protect their privacy.   They usually request you to change your own privacy setting to protect their personal information and family photos by stopping your other friends seeing their posts and photos you are commenting on.  This might work for the general public, but take a look at the Facebook legal terms and see what Facebook are allowed to do with your intellectual (and arguably your emotional) property.  Paragraph 1, clause 2 states:

“…you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook (IP License).”

Does that clause sound familiar?   It should.  It’s the same one that got Instagram (now a Facebook subsidiary) in trouble with it’s user base late in 2012 (read more about that in our blog post by Chris from last month).  So that means Facebook effectively own your content? Yup, it sure does.  You can hide those personal holiday snaps from friends-of-friends, but you can’t stop Facebook using them for pretty much any purpose they like.   So once again, there’s a perception of privacy to the end user here that in reality does not exist.

Add third party (non-Facebook) applications in to the mix – the Mafiaville Virtual Slot Machine Adventures games with the endless requests –  and you’ve got a whole new privacy nightmare.  Most users probably don’t check what information they’re allowing these 3rd party apps access to.  I’d be wary of any game or app that requested anything more than my Facebook user ID or real name.

So what can we do about it?  Well firstly, Facebook provides a service to its end users free of charge.  One argument is that if we’re not paying for the product, then we are the product.  Probably largely true with social networks – especially Facebook with its highly targeted advertising.  Secondly, Facebook has a publicly available terms of usage that we all agree to when we sign up.  This document clearly states that we give up most of our rights to our material when we post it on Facebook.  So what’s left to do?

Three things.

  1. Actually read the terms of usage for your social networks.  Get familiar with what rights  you do and do  not have and what rights the network assumes over your content.
  2. Check which permissions that third party app is requesting.  Most app developers will only ask you for access to what they need to provide you with a good user experience, but some may step over that line completely.
  3.  If you value the privacy of the content you post on Facebook so highly that you wouldn’t want anyone outside of your circle of friends to see it… Just. Don’t. Post. It.

For the record, if you’re ever tempted to want to share or forward on an unbelievable warning message like those I mentioned earlier in the post, please stop by and check out Snopes.com.  They describe themselves as “the definitive Internet reference source for urban legends, folklore, myths, rumors, and misinformation”, and while their site may look very 1998, they have a massive archive of information regarding these types of stories and the amount of truth they contain.  Also, check out the Data use policy on Facebook for more about how your information is stored and used on Facebook.