By Ed Oswald | Wednesday, June 16, 2010 at 12:54 pm
The issue of privacy has been nagging Facebook for quite awhile now, and it looks like advocacy groups are still not happy with the company’s progress in the space. In an open letter to CEO Mark Zuckerberg, the ACLU, the Electronic Frontier Foundation, and eight other groups are asking the site to do more.
“We are glad to see that Facebook has taken steps in the past weeks to address some of its outstanding privacy problems,” the letter begins. Among the recommendations is to give users more control over exactly which applications may access their information, as well as more control over how their information is shared with external sites.
Facebook’s “Like” button gets some of this ire, especially the new ability for it to appear on sites all over the Web (which you see here on Technologizer). For those of you logged into Facebook, even if you do not click the button the site still knows you were here. While any data is anonymized after 90 days, the groups argue it should be anonymized completely if you do not interact with it at all.
“If Facebook wishes to retain aggregate or anonymized information for other purposes, as it states, it needs to make its anonymization procedure public so that its effectiveness can be evaluated,” they argue.
The issue of unencrypted data has also arisen, as any information you share is passed over the Internet which could be snooped on by hackers. The groups argue a secure connection (HTTPS) should be provided, and turned on by default. In addition, users should have full control over the information they share — essentially it seems as if these groups are arguing to make profiles completely private if that user so desires.
In defense of Facebook, I think the company has taken great strides in working on its privacy issues. Will it be perfect? Of course not. But sometimes I am led to think that some of these groups have gone overboard and are losing sight of other services whose privacy controls are far more problematic.
[…] Is FOX Creating Its Own Marvel Movie Universe? [via Forces of Geek] Hollywood's Fuming Over IMDB Age Listings [via NewsFeed] Paramount To End Delay In Providing DVDs To Redbox [via LA Times] True Blood's Alexander Skarsgard To Star In Battleship [via The Hollywood Reporter] Facebook '09 Revenue Neared $800 Million [via Reuters] Privacy Groups Still Not Satisfied With Facebook [via Technologizer] […]
[…] as Pandora. Controversy over the changes’ privacy implications rages for weeks, and proves hard to extinguish even after the site adds additional […]
[…] such as Pandora. Controversy over the changes’ effect on privacy rages for weeks, and proves hard to extinguish even after the site adds additional […]
[…] in through arrogance, complacency, confusion, or a combination thereof. Facebook makes its share of blunders–maybe more than its share–but it’s awfully good at bouncing back. Google+ might […]
June 16th, 2010 at 1:05 pm
Facebook Response to Privacy Groups’ Open Letter
Facebook won widespread praise from users around the world and the privacy community last month for introducing simpler and more powerful controls for sharing personal information. We plan to continue to make control easy and effective for all the people who use our service and will continue to engage these groups and others in a constructive dialogue about these important issues.
Point-By-Point Responses:
1) Fix the “app gap” by empowering users to decide exactly which applications can access their personal information.
We have heard these concerns and announced our intention to build a new data permission model last summer. Details were announced in April and the product is scheduled to launch to all developers in the coming weeks. Also, as part of the recent changes, we added a simple way for people to completely turn off Platform applications and websites, so that none of their information is ever shared with applications, even information otherwise available to everyone.
2) Make “instant personalization” opt-in by default.
The instant personalization pilot program has been widely misunderstood. The only information the three partners currently in the program receive from Facebook is users’ public information. This means that our partners cannot access anything other than the same information that anyone could access simply by going to a Facebook user’s profile. In addition, we’ve made it easier for people to turn off the instant personalization pilot program, which prevents those, and any future, applications in the program from accessing their information. We have also imposed restrictions on how partners can use the information they receive from Facebook. That information cannot be sold or shared with others or used in any way other than to improve the experience of Facebook users visiting their site.
3) Do not retain data about specific visitors to third party sites that incorporate “social plugins” or the “like” button unless the site visitor chooses to interact with those tools.
Social plugins are widgets, and they work the same basic way all widgets across the Internet do. The URL of the webpage the user is viewing must be sent to Facebook for Facebook to know where to render the socially relevant content. However, different from many other services, we only store this information temporarily (for no more than 90 days) solely for the purpose of improving and protecting the service. We do not use it for ad targeting, nor do we sell it to third parties.
4) Provide users with control over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks.
As part of the changes we announced last month, Facebook reduced the amount of user information that must be available to everyone. This information is now limited to name, profile picture (should a user choose to have one), gender (though this can be hidden on the profile), and networks (should the user join any). We also responded to concerns by allowing users to restrict visibility of their friend lists and pages they “like.” Just like with other fields of data, users can decide to share this content with friends, friends of friends or everyone. It has been our experience that people have a more meaningful experience on Facebook when they share some information about themselves. That way, they can find friends and friends can find them, which is the reason most people come to Facebook.
5) Protect Facebook users from other threats by using an HTTPS connection for all interactions by default.
We are currently testing SSL access to Facebook and hope to provide it as an option in the coming months.
6) Provide users with simple tools for exporting their uploaded content and the details of their social network so that users who are no longer comfortable with Facebook’s policies and want to leave for another social network service do not have to choose between safeguarding their privacy and staying connected to their friends.
Users rely on us to protect their data and enforce the privacy decisions they make on Facebook. We take this trust seriously and work aggressively to protect it. Facebook imposes no restrictions on users that prevent them from exporting the content that they have posted themselves on Facebook. We have open APIs that permit applications to export this information. However, we don’t allow exporting of content that is created by others because it doesn’t respect the decisions users make on Facebook about how to share their data. Frankly, we’re surprised that these groups would advocate for a tool that would enable one person to strip all of the privacy protections for any information that has been shared with them. We created Facebook Platform to permit the sharing of user information in a controlled manner that does respect the decisions people have made, and we continue to build tools for developers to make Facebook more open.
For additional information contact press@facebook.com
July 16th, 2010 at 5:59 pm
Use Adblock Plus to block the following:
http://www.facebook.com/plugins/comments.php?*
http://www.facebook.com/plugins/like.php?*
http://www.facebook.com/ajax/wallkit_get.php?*
http://connect.facebook.net/en_US/all.js
That should get rid of the Facebook stuff on external pages.
Unchecking “Accept third-party cookies” may also be beneficial.