• Print

My Contrarian Stance on Facebook and Privacy

In a recent Inc Magazine live chat, I found myself, somewhat surprisingly even to me, defending Facebook regarding their ongoing and evolving privacy policy. Here’s what I said:

The essence of my argument is that there’s enormous advantage for users in giving up some privacy online and that we need to be exploring the boundary conditions – asking ourselves when is it good for users, and when is it bad, to reveal their personal information. I’d rather have entrepreneurs making high-profile mistakes about those boundaries, and then correcting them, than silently avoiding controversy while quietly taking advantage of public ignorance of the subject, or avoiding a potentially contentious area of innovation because they are afraid of backlash. It’s easy to say that this should always be the user’s choice, but entrepreneurs from Steve Jobs to Mark Zuckerberg are in the business of discovering things that users don’t already know that they will want, and sometimes we only find the right balance by pushing too far, and then recovering.

The world is changing. We give up more and more of our privacy online in exchange for undoubted benefits. We give up our location in order to get turn by turn directions on our phone; we give up our payment history in return for discounts or reward points; we give up our images to security cameras equipped with increasingly sophisticated machine learning technology. As medical records go online, we’ll increase both the potential and the risks of having private information used and misused.

We need to engage deeply with these changes, and we best do that in the open, with some high profile mis-steps to guide us. In an odd way, Facebook is doing us a favor by bringing these issues to the fore, especially if (as they have done in the past), they react by learning from their mistakes. It’s important to remember that there was a privacy brouhaha when Facebook first introduced the Newsfeed back in 2006!

What we’re really trying to figure out are the right tradeoffs. And there’s no question that there will be tradeoffs. The question is whether, in the end, Facebook is creating more value than they capture. I’m finding Facebook increasingly useful. And I think a lot of other people are too. Does anyone else see the irony in the screenshot below, from ReadWriteWeb’s article More Web Industry Leaders Quit Facebook, Call for an Open Alternative:

facebookLike.png

Almost an order of magnitude more people have used Facebook’s “Like” feature to approve of the suggestion to quit Facebook than have commented on the blog post!

That being said, T.S. Eliot’s judgment (from Murder in the Cathedral) that

The last temptation is the greatest treason:

To do the right deed for the wrong reason.

is hauntingly apt. Facebook is not pushing these boundaries for user benefit but for their own.

danah boyd goes to the heart of the matter when she writes:

The battle that is underway is not a battle over the future of privacy and publicity. It’s a battle over choice and informed consent. It’s unfolding because people are being duped, tricked, coerced, and confused into doing things where they don’t understand the consequences. Facebook keeps saying that it gives users choices, but that is completely unfair. It gives users the illusion of choice and hides the details away from them “for their own good.”

There’s a fabulous New York Times infographic that demonstrates just how complex Facebook has made its privacy controls: more than 50 settings with a total of 170 options. Now, Facebook may think you may need a dashboard of that much complexity in order to properly manage your privacy. But much of the complexity is of Facebook’s own making.

There was an excellent editorial in the San Francisco Chronicle this morning, outlining the “user bill of rights” that Facebook’s privacy policy ought to be based on:

Users have the right to:

1. Honesty: Tell the truth. Don’t make our information public against our will and call it “giving users more control.” Call things what they are.

2. Accountability: Keep your word. Honor the deals you make and the expectations they create. If a network asks users to log in, users expect that it’s private. Don’t get us to populate your network based on one expectation of privacy, and then change the rules once we’ve connected with 600 friends.

3. Control: Let us decide what to do with our data. Get our permission before you make any changes that make our information less private. We should not have data cross-transmitted to other services without our knowledge. We should always be asked to opt in before a change, rather than being told we have the right to opt out after a change is unilaterally imposed.

4. Transparency: We deserve to know what information is being disclosed and to whom. When there has been a glitch or a leak that involves our information, make sure we know about it.

5. Freedom of movement: If we want to leave your network, let us. If we want to take our data with us, let us do that, too. This will encourage competition through innovation and service, instead of hostage-taking. If we want to delete our data, let us. It’s our data.

6. Simple settings: If we want to change something, let us. Use intuitive, standard language. Put settings in logical places. Give us a “maximize privacy settings” button, a and a “delete my account” button.

7. Be treated as a community, not a data set: We join communities because we like them, not “like” them. Advertise to your community if you want. But don’t sell our data out from under us.

Everyone is right to hold Facebook’s feet to the fire as long as they fail to meet those guidelines. But let’s not make privacy a third rail issue, pillorying any company that makes a mistake on the privacy front. If we do that, we’ll never get the innovation we need to solve the thorny nest of issues around privacy and data ownership that are intrinsic to the network era.

We need to heed the advice of management gurus Tom Peters and Esther Dyson. Tom reminds us to “Fail. Forward. Fast.” Esther’s tag line is Always make new mistakes. With that in mind, I’m willing to cut Facebook some slack. For now.

tags: ,
  • Eddie

    Interesting! I’d like to know if your readers are deciding on quitting Facebook: http://bit.ly/8X3Cx1

  • Carlos A. Cabrera

    My problem with Facebook is their ownership of your information. I find unacceptable that users can’t remove their accounts (with their family pictures, thoughts, likes, dislikes). It’s damn easy to create an account but you can’t get out. But hey! Didn’t you read on the user agreements?

  • Joseph Dee

    Really good post Tim.

    We’ve been naturally evolving toward open, and technology is a huge part of why. My biggest disappointment with Facebook is that they haven’t respected that natural evolution and instead are playing “the creator” by forcing open. This is such a sensitive part of humanities evolution that we’re going through right now. I’d go so far as to say the enlightenment. And I think by taking the approach they have to privacy (for whatever reason, business or philosophical), they’ve set open back.

    We’re just not there yet. The trust isn’t there yet. We, as a civilization, are simply too afflicted to jump into open. We need to grow into it, and I think Facebook should respect that. People will get hurt, otherwise.

  • Sean

    Good post. I have been torn on the Facebook issue.I question it’s value for businesses. I get it, but some crazy social media guys come across as evangelists selling snake oil. I digress.

    I know that privacy in a connected world instills a sense of denial, but something about Facebook’s tactics is probably what bugs me most. We’ll just have to see how this all pans out.

  • jgreene

    There’s a sad sort of leaking
    From Facebook on your wall
    And the info on your profile, too
    And out to the advertise
    An absurd little Zuckerburg… See More
    Is popping out to say boo-hoo
    (boo-hoo, boo-hoo)

    boo-hoo Regretfully they tell us
    boo-hoo But firmly they compel us
    to be a dumb f**k
    boo-hoo
    To you

    So long, farewell
    Auf Wiedersehen, goodnight
    I hate to go and leave this pretty site

    (Children)
    So long, farewell
    Auf Wiedersehen, adieu
    (Zuckerburg)
    What’s new, what’s new
    To you and you and you

    (chorus)
    Who care, farewell
    Au revoir, Auf Weidersehen

    I’d like to stay
    And play my first farmville
    (talking to my boss) yes?
    (boss) no!

    (chorus)
    So long, farewell
    Auf Weidersehen, goodbye

    I leave and heave
    A sigh and say goodbye
    Goodbye

    I’m glad to go
    I cannot tell a lie

    I flit, I float
    I fleetly flee, I fly

    Your Privacy’s gone
    Back to Reality, so must I

    (chorus)So long, farewell
    Auf Weidersehen, goodbye
    Goodbye
    Goodbye
    Goodbye

    Goodbye

  • Alex von Thorn

    I haven’t deleted my Facebook account because:

    (1) It meets the Metcalfe’s law test of utility; more of my friends are on it than are on other alternatives.

    (2) There is not yet another web site that can properly aggregate inputs and outputs from Facebook and other social networking sites.

    The second point is a temporary situation. If I had a year to spare, I could code a web application to do this. The Diaspora folks down in New York may have something like this up and running by the fall.

    In the meantime, I have removed just about my entire Facebook profile. It’s not that I would mind sharing most of this, it’s just that they are changing the terms of how this gets shared in unpredictable ways.

    Facebook needs to fix its privacy problems and it needs to find a user community to discuss changes with, to identify problems before baking them into the main application. It’s got a short time scale to fix this. Think about the last time you used MySpace or LiveJournal for a status update, or used Alta Vista or Lycos for a search engine. On the internet, the worm can turn pretty fast.

  • David

    For me the last straw was the utter duplicity of the answers Elliot Schrage gave in the New York Times last week to a series of open and honest — if angry — questions. He pretended to be shaken by the degree of anger, but then danced around every single point, failing to even register the *causes* of the anger. No no no, he said, the only thing Facebook did wrong was not the big new security-breach-by-corporate-intent policy, but the *pace* and the *communication* of the changes.

    There would be room in my world for a Facebook I felt I could trust. But Schrage made clear that this Facebook isn’t it. So I deleted my account.

  • David M

    I quit just a couple days ago, something I had been debating about doing for a long time. For me the issues was the lack of choice when it came to being thier privacy guinea pig.

    Like the quoted article said: “It’s a battle over choice and informed consent.”. You are correct the Facebook is pushing the privacy enevelope trying find new markets, but they can do that with your data, not mine.

    I joined Facebook so I could stay connected with friends; not so that countless “Example Company”s can know I am 36, lives in Ontario, likes honey and has a girlfriend. Even with all their privacy settings (which may be changed at anytime, without my consent), I still don’t know exactly who has access to exactly what.

  • saidimu apale

    Tim, you are absolutely right about the “need to solve the thorny nest of issues around privacy and data ownership that are intrinsic to the network era.”

    But that isn’t the primary issue with Facebook, at least not to my understanding. It is rather a question of deceit on Facebook’s part; good ol’ bait-and-switch tactics. Precisely the kind of attitude that undercuts your call to innovation around privacy and data ownership.

    Companies that stymie this kind of innovation because of their underhanded behavior around privacy ought to be called out and vigorously so; not because they experimented with these issues but instead because they experimented unethically.

    Facebook has just made it much more difficult for any other company to ethically explore these boundaries. Zuckerberg et al have, paradoxically, greatly harmed the privacy-innovation space. For this, they deserve our unrelenting fire.

    For the record, I deleted my Facebook account 2 weeks ago.

    saidimu

  • Mike D

    I appreciate that you’ve posted this “alternative viewpoint” Tim. It’s right on the mark. However, I believe there is a middle ground which encapsulates where we are at as a global community dealing with an entity that has crossed the line. Which Facebook has – crossed the line. They crossed it some time ago, and it was uncomfortable, but we accepted it. Globally. There was outcry, and then it subsided. And then they did it again. The community threw another little fit, and then adapted. And Facebook did it again, and again, and again – like a small child testing their boundaries – trying to see what they could get away with. This time, they’ve gone too far, and a large number of people are not adapting. When an entity does something the community doesn’t like, or when the privacy or control we give away becomes “too much”, it’s the community’s responsibility to send that company a message. Unfortunately, Facebook have gotten so large and powerful, the message we send must be as loud as possible. (If you’ve got a better way to hold their feet to the fire other than leaving, I’d like to hear it). Sony and Google have crossed similar boundaries (my post has details – link below), and they responded very quickly to public outcry. However where Google and Sony have retreated, Facebook keeps pressing on and on.

    My personal issue with Facebook is not the privacy thing though. I can lock that down “good enough”. My issue is that they are overtaking the web, and tracking me in places I didn’t invite them to track me at. There is no option to turn it off (the “choice”, or lack thereof, which you touch on in your article). I didn’t sign up for them to do this – I signed up with them because they were a great social network. And I’m joining the small subset of the community who is leaving because it’s the only way we can think of to send them a message they might actually listen to. I posted more about my Facebook expatriation rationale here: http://post.ly/glcE

    Great post and great perspective Tim. Refreshing to read someone keeping things in perspective. Thank-you.

  • Brian Duper

    Great piece Tim.

    First view I have read on the topic that wasn’t emotional or wasn’t driving an agenda.

  • Christina Brentwood

    I think that regardless of what Facebook does, privacy online will continue to go in a more open direction as technology makes it easier and easier to share anything and everything about us. Could anybody have imagined something like DirtyPhoneBook being socially-acceptable a few years ago? It’s because of people getting more used to sharing about themselves online that these types of innovations happen.

    I think that the vast majority of people who are complaining about Facebook privacy are technical people. The real question is if normal people actually object to Facebook opening up their favorite movies or tv shows to advertisers. My guess is that there are more benefits than disadvantages and in the long run most everybody will accept the world opening up like this.

  • Janet

    Thoughtful post, Tim.

    I am reminded of some privacy advice I heard from a co-worker once: Never tell a co-worker anything about yourself that you wouldn’t want to hear on the 11:00 PM news tonight.

    The world of privacy is tricky these days all over. We need to scrutinize every piece of data we reveal about ourselves. For example, while including the date that I graduated from college in my Facebook profile helps me connect with long lost classmates, it may prevent me from being hired for a new job in high tech. (One of the interesting consequences of the openness of information on the Internet is that age discrimination has become easier to do and harder to prove.) On the other hand, it’s hard to see the harm that could come from Facebook revealing that I like Agnes Varda movies.

    This isn’t the olden days of anonymity on the net. The days of “on the Internet nobody knows you’re a dog” are over.

  • Sean

    Mr. O’Reilly pushes for open data because he advocates building a network centric society, designed by the Command and Control Research Center (CCRC) within the U.S. Department of Defense by people like Adm. Art Cebrowski and David S. Alberts. Tim knows where this is leading to, as one can discover by reading the book he published in 1995, “The Future Does Not Compute”.

    http://oreilly.com/catalog/9781565920859

    Start by reviewing the four tenants of this theory as described in Wikipedia:

    http://en.wikipedia.org/wiki/Network-centric_warfare

    Network-centric warfare, now commonly called network-centric operations, is a new military doctrine or theory of war pioneered by the United States Department of Defense.

    It seeks to translate an information advantage, enabled in part by information technology, into a competitive warfighting advantage through the robust networking of well informed geographically dispersed forces.[1] This networking, combined with changes in technology, organization, processes, and people – may allow new forms of organizational behavior.

    Specifically, the theory contains the following four tenets in its hypotheses:

    * A robustly networked force improves information sharing;
    * Information sharing enhances the quality of information and shared situational awareness;
    * Shared situational awareness enables collaboration and self-synchronization, and enhances sustainability and speed of command; and
    * These, in turn, dramatically increase mission effectiveness.

    Shame on you Tim for pushing these weaponized systems onto a naive audience.

    Interested readers can find more free material for download at the CCRP’s online library.

    http://www.dodccrp.org/html4/books_downloads.html

  • Alex Tolley

    Tim, I agree with you that the issue is not about privacy per se, but about the control you have over public/private boundary.

    We’ve built up social mores over centuries on various social boundaries and they tend to change slowly over time. This is for good reason; those boundaries only mean something if they are relatively stable.

    Facebook however, seems intent on deliberately creating temporary boundaries and then shifting them. After a few times, this behavior starts to look distinctly like baiting a trap for the unwary, rather than anything benign. It is entirely one thing to expect public spaces to to public, but quite another to think you were in a private space only to have it revealed that you were really in public after all.

    As regards my Facebook account, it wasn’t something that I used much, so it was fairly easy to pull the plug on it recently. However I can see that would be the equivalent of getting rid of a cell phone for a lot of people, including my daughter.

    Worse, I think Facebook poisons the well. They are raising the barriers of privacy concern for other entities because of their own behavior. If true, this means that Facebook might fail your own test of growing the ecosystem by adding more value that you extract.

  • Robert Richards

    Thanks for this very interesting post. The current Facebook privacy settings controversy might be a fine test case for Professor Helen Nissenbaum’s framework for evaluating changes to online privacy arrangements, expressed in her new book, Privacy in Context http://www.sup.org/book.cgi?id=8862

  • Joseph Scott

    “Apple is literally trying to replace the web with an Apple controlled information ecosystem”

    I found this statement odd. Is Apple pushing their app store? Yes, of course, and so is everyone else who decided an app store was a good idea and started launching their own. Is Apple limiting Internet/web access on their devices to only applications that are in their app store? No, their devices ship with a top of the line mobile web browser in mobile Safari.

    Let’s look at what Apple has done to advance web browsers. I think it could be argued that Safari and Webkit have done more in the last few years advance web browsers than anyone else. Before webkit and mobile Safari browsing on mobile devices was a joke. Now every high end mobile phone with any intent of having a reason browser is using webkit.

    Chrome, which is advancing browsers is other ways uses webkit. And just to drive the point home, Apple contributes resources to making webkit available to anyone who wants to use it.

    You can disagree with Apple’s approach to app store requirements, their policies and their hardware. But to say that Apple is trying to replace the web is ignoring the amount of resources they’ve put into advancing the web, perhaps more than any one single company in the last few years.

    As for Google vs. Facebook. It sounds odd to praise Facebook for making experimental decisions that will cause problems for (at least some) people, but call out Google as wrong for their experimental decisions. I agree that Google has done some foolish things, and it’s reasonable to call them out on it. I also agree that it is okay for people to call Facebook out on things they don’t agree with.

    I think it’s perfectly fair to criticize Apple, Facebook, and Google; as long as it in ways that make sense.

  • wmrandth

    Tim,

    I already cut Facebook some slack “for now.” way back in 2008 when the API opened up, then when it went public, then with the Beacon debacle, then the great TOS rebellion of early 2009.

    I see no reason to cut them any more slack.

    They have consistently failed again and again to either “tell the truth” or “keep their word.”

    This is more than just a pattern of behavior, it sis a deliberate choice by those who run the company: not an aberration, not a gray area, but a carefully chosen strategy.

    And as long as people keep “cutting them slack” this strategy is working.

  • Shel Horowitz

    Great post! I particularly like the Bill of Rights from the Chronicle–seems like common sense ethics to me. Zuckerberg and others can continue to push the frontiers, but they should do it in ways that respect their members.

    Personally, I go into the online world with the expectation that there is no privacy. And therefore the specific changes don’t bother me over-much. But as someone who writes about ethics, I have a problem with obtaining consent for one restricted set of behaviors and then wildly expanding it while requiring opt-out (and difficult opt-out at that) rather than opt-in. It’s nothing more than an electronic form of bait-and-switch–something I find unethical and in fact argue against in my latest book on business ethics, Guerrilla Marketing Goes Green: Winning Strategies to Improve Your Profits and Your Planet (co-authored with Jay Conrad Levinson)

  • Mark Petrovic

    Tim, you are a thoughtful man and I’ve been reading you and buying our books since before the dim past. But I expected better of you on this issue. Much better.

    There’s a difference between building an honest business and luring people in only to change the rules of engagement. A big, biblical scale difference. You’ve argued for openness and transparency since the day you put pen to paper. I honestly don’t understand how you missed this.

    I deleted my Facebook account a few days ago. Hell will freeze over before I reopen it.

    Mark S. Petrovic
    Petaluma, CA

  • Ken Jackson

    I agree with your detractors here Tim. There’s a difference between giving up privacy to get something in return vs a company making their privacy rules so obscure that you unknowingly give up your privacy.

    If Facebook wants you to give them your SSN and credit card number so you can play Advanced Farmville, I’m all for it, so long as it is consentual. My issue with Facebook is they’re trying to get the benefit of your data w/o you knowing it.

  • John A Arkansawyer

    I’m pleased but unsurprised to see a contrary argument from you, Tim, and am sympathetic to the question of “whether, in the end, Facebook is creating more value than they capture”.

    What you miss in that question is what Facebook destroys in the process of capture. Private information is an intangible which, unlike some digital goods, loses its value rapidly as it’s copied and shared. Facebook can capture that shrinking value, certainly for the shareholder and possibly for the user, but the rest swirls down the drain.

    Sunlight destroys more than infection. It fades drapes, ages books, melts glass, and causes skin cancer. Or, from the other end of the metaphor, I like Nick Carr’s phrase “cage of transparency”.

    (And that “thorny nest of issues around privacy and data ownership” still awaits.

    (Consider the op-ed column you quote: All through it, the two authors use the phrase “our data”. What I mean by “my data” is relatively simple to parse out. What we mean by “our” data is not.

    (But that’s another story.)

    The sort of change which can cope, possibly, with this wildfire of exposure is social. If we can no longer be secure in our secrets–and that’s where we’re headed–then the person who exposes personal secrets, traffics in them, or just idly gossips about them has to become an object of disdain and ostracism. There’s the social check on technological exposure.

    I can’t say I’m sorry to see that process begin with Mark Zuckerberg, who seems (in his public statements) to be clueless about why people might not want their pants pulled down in public.

    Another change to cope with loss of secrecy is a corresponding growth of shamelessness. So much secrecy is motivated by shame, itself fed by secrecy. Once secrecy is no longer available, it may be possible to shrink the shame. (So little of what people are ashamed of is shameful, and so much that is deeply shameful is brandished with pride. But again, that’s another story.)

    You’re dead right “there’s enormous advantage for users in giving up some privacy online”. I just don’t think Facebook is designed to maximize that advantage for users. Users are their product.

    Users working together create the advantage, not Facebook. Facebook industrializes (maybe post-industrializes) the process. That’s all (which I grant you is a big all).

  • David "Lefty" Schlesinger

    You’ve pointed out the key issues here quite ably, Tim, and I agree with the core point: there’s a complex set of cost/benefit/risk/reward ratios around both privacy and—relatedly—reputation here.

    I also see this as being ultimately a Good Thing, since pressure on these previously non-existing issues will result in some creative responses. In the case of Facebook, Diaspora is interesting. The increasingly discussed notion of “action streams” is also an excellent move in the direction of de-silo-ing the social graph.

    Facebook is no less a “walled garden” than AOL was, and, just like AOL, it’s going to get over- and out-grown.

  • Bikram

    I am not too sure whether this is a ‘privacy’ issue anymore, or this is a ‘data piracy’ issue? While having a conversation with a friend in Starbucks, Starbucks has no default right to record, sell or broadcast any conversation (and other customer preferences)! Why should facebook be different?!

    Facebook provides a way of communicating with family, colleagues, school-mates, and people tend to communicate as if they were meeting them in the privacy of their homes/offices, class/hostel rooms – and making many of these conversations public automatically, may probably do more harm than good (and would be socially irresponsible, with unpleasant consequences… and would probably be wrong if done to earn money).

    Moreover, as digital world increasingly replaces the brick-mortar world, it may be difficult to maintain privacy similar to brick-mortar types (like property tresspass laws), but this does not mean that privacy is not needed – implementing good privacy may be the only way to make technology really useful and pervasive (default public options in facebook is like putting a wiretap in all public phones and broadcasting conversations in public).

    While going ‘online’ has its benefits, I am not sure going ‘online and default public’ is same (to get driving directions only the service provider needs to know the location, not everyone with an access to internet). I am sorry I tend to disagree with so many points in the article, but this is the last point :) – I believe that innovation and improvement is a natural process, and would continue… :D

  • Tim O'Reilly

    Mark, Ken -

    Didn’t you read the part of the article where I said exactly the same thing about Facebook that you did – that the essence of the issue isn’t privacy, but the way they move the goal posts. I said that danah went to the heart of the matter when she said it was about informed consent.

    So we completely agree there.

    But I do worry, after privacy backlash after privacy backlash (think Google Buzz, for instance, which was well intentioned, or Google inadvertently picking up some private info when scanning for wifi hotspots – which lets them pinpoint location (very useful)), that companies are going to get so scared of anything that touches on privacy that we will slow down the rate of necessary innovation to actually get things RIGHT about privacy.

    This last temptation is the greatest treason:
    To do the right deed for the wrong reason.

    applies to activists too.

  • Steve

    Something very disturbing about this post which is saying: one way those of us involved in the internet industry can innovate is by not letting ethics and our Users expectations of privacy get in the way of new online profit models! You’re entitled to your opinion but I guarantee some kid, the next Zuckerberg, is saying hey Tim O’reilly says its ok to be a little deceitful, in the name of pushing out the boundaries of innovation.

    And to cite the banking industry as an example of this type of innovation we should follow, in your video? Are you kidding?

    P.S. don’t you think it’s more likely RRW readers “liked” an anti-Facebook article knowing that Facebook is tracking all their likes?

  • Tim O'Reilly

    Steve -

    That’s not what I said. I didn’t say it was OK to be deceitful – in fact, that’s the one thing that I say Facebook can’t do! (actually, I quoted danah saying it.)

    What I said is that we need to avoid making privacy a third rail issue.

    And I did not cite the banking industry as an example of innovation. I said that people let them off the hook on privacy while holding internet companies to a higher standard.

    My message here (to Facebook and everyone) is not that it’s OK to screw your users. My message is to keep trying new things to find out what works, and what doesn’t.

    Have you ever watched a baby trying to walk (or learn everything). It’s failure, failure, failure, until suddenly it isn’t.

    Facebook is apparently working on a new privacy policy. Hopefully a better one. And more than policy, hopefully better mechanisms, and a better business model.

    If they don’t succeed, I agree that we’re all screwed by them and ought to leave the service. But I’d rather they keep trying and eventually get it right.

  • Robin Wilton

    Congratulations on a post which is thought-provoking without being inflammatory… a balance which is hard to strike on this topic.

    I have to say, though, over-all I disagree with you. We are (or should be) way past the stage, with social networks, of just innovating “because it’s possible”; a more evolved attitude is to ask not just whether we *can* do something (because after all, these days online, pretty much anything is possible) but rather whether we *should* do it. Innovation does not trump ethics.

    By comparison, think what the reaction would be if, instead of personal data, Facebook’s raw material was genetically modified bacteria. Would we really be happy for them to be playing around with a 400 million-person petri dish, all in the name of “innovation”?

    No – if Mr Zuckerberg wants to push his agenda of “radical transparency”, he should be doing it with the knowing, informed and explicit consent of whatever subset of users want to take part, not with the vast majority of users who don’t have the information or the tools with which to make rational decisions about the privacy of their information online.

  • Geusen

    You speak of balance as if corporations will be responsible with the information they have gained [stolen].

    It’s okay to you that people have lost their jobs for having personal, dissenting opinions regarding the company they work for. . . posted on Facebook as a way to vent their frustration? It’s okay that prospective employers can search and find as much personal information as they want about me, even though my personal views should have ZERO bearing on my qualifications?

    Perhaps you feel, instead, that I should ostracize myself from the technological mainstream: Refuse to use such services or allow myself to be self-censored in a country which prides itself on Free speech and freedom of expression.

    So you say we give a little here, a little there. It could be years, even decades before corporations and government agencies decide to abuse such information to openly monitor and ultimately supress any negative, conflicting, or unpopular opinion. Don’t think it’ll happen? Look no farther than the MPAA and RIAA blatant abuse of DMCA takedown notices regarding “Fair use” content online. Just because we’ve allowed our privacy rights to be eroded to this point, it does NOT mean that it is right, fair, or necessarily Constitutionally legal.

    In my case I *HAVE* removed [as best as is possible] my personal information from social networking sites. I do not subscribe to information gathering “rewards” programs. I am VERY careful about who gets ANY of my personal information, and how much they get. After all, it’s *MY* data. If anyone REALLY wants it. . they can buy it from ME. Personally. I do not need to be selectively marketed at. I can’t leave my house without being saturated with junk advertisement media attempting to program me into being an even better consumer. It’s my mind, GTFO of it.

    Sorry for the rant fest, but in my eyes this is only the groundwork for a system that can already be abused to track our every move, our every opinion. Everytime I hear someone even begin to talk about how “maybe it’s okay. . the tradeoffs. . ” I think of the following:

    http://en.wikipedia.org/wiki/First_they_came

    “THEY CAME FIRST for the Communists,
    and I didn’t speak up because I wasn’t a Communist.

    THEN THEY CAME for the Jews,
    and I didn’t speak up because I wasn’t a Jew.

    THEN THEY CAME for the trade unionists,
    and I didn’t speak up because I wasn’t a trade unionist.

    THEN THEY CAME for me
    and by that time no one was left to speak up.”

    In my mind that paraphrases almost perfect the erosion of our privacy rights. It’s not about whether I have something to hide or not: It’s about my business being none of anyone else’s.

  • John Francini

    But let’s not make privacy a third rail issue, pillorying any company that makes a mistake on the privacy front. If we do that, we’ll never get the innovation we need to solve the thorny nest of issues around privacy and data ownership that are intrinsic to the network era.

    But privacy was, is, and must always be a ‘third rail issue’, precisely because, no matter what some futurists think, human nature doesn’t change. People will use private information to discriminate against you, to persecute you, to sell you stuff you don’t need or want.

    Mark Zuckerman needs to be called to account for the ‘boiled frog’ degree-by-degree privacy erosions he’s doing with Facebook.

  • Bob DuCharme

    I was trying to think of how to express my disagreement, and Ken Jackson [2010-05-21 06:57 PM] nailed it above.

    On your baby metaphor: if a baby taking a step falls down, at worst there’s a skinned knee. If the wrong person obtains overly personal information about someone else, the consequences could be much greater.

    I hope that no one gets hurt when Facebook makes one of these mistakes that you’re encouraging them to make. It could be much worse than a skinned knee.

  • trrll

    I don’t see what the big deal is with Facebook. I don’t presume that anything that I put out on the web is going to be private in any genuine sense, and I’m not going to take any representations to the contrary seriously, anyway. I appreciate that Facebook gives me some control over who is going to be poking around looking at my family pictures, but it’s a hook on the door, not a deadbolt. That’s fine with me. I don’t need to post anything terribly private on Facebook in order to have a good time with it.

  • Jason Treit

    “It’s okay that prospective employers can search and find as much personal information as they want about me, even though my personal views should have ZERO bearing on my qualifications?”

    I see this brought up countless times as grounds for panic about open sharing and search, with nobody batting an eye at the prospective employer’s culpability here.

    First, norms and laws oppose that kind of vetting. Flat out. No matter the medium. If an employer deliberately seeks out arbitrary non-professional details of a potential hire, they have already run afoul of fair hiring practices in most countries, crafted both internally by firms and externally by discrimination laws. Ease of access is not a defense: were that so, fair hiring couldn’t address race or gender discrimination, since the interview process (not to mention the fact of bodily existence) generally makes those details impossible to hide.

    Not to say agents of power won’t abandon discretion if tempted. We assume they might, and that’s why we impose checks. If a US President engages in subterfuge, Congress can intervene. If jurors’ access to public information makes them inclined to nose around and reach tainted verdicts, we boot or sequester them. Likewise, if employers’ access to facebook makes them more eager to sidestep fair hiring practices, the solution that cuts to the heart of the problem is to strengthen checks against employers throughout the hiring process.

    In other words, aim at the target.

    “Perhaps you feel, instead, that I should ostracize myself from the technological mainstream: Refuse to use such services or allow myself to be self-censored in a country which prides itself on Free speech and freedom of expression.”

    Then you go on to admit you’ve imposed this lockdown on yourself, which is your choice to make, just as an agoraphobe may choose to stay indoors. Nobody’s forcing your hand. Humans learn what trust is precisely by surrendering complete control. That’s how social contact worked before facebook, and it’s how social contact will work after facebook.

    I second what Arkansawyer said upthread about “the social check on technological exposure”. If FB continues to behave as a bad-faith intermediary, it will find, like a brazen gossip in a small community, that nobody trusts it anymore. Folks will simply stop sharing intimate things over facebook. ‘Fool me once’, &c. Nothing of this latest controversy will kill people’s general desire to share intimate things. Or to take new risks. They might open other channels to do it in, though. Which has always been the way of the Net.

  • curmudgeonly troll

    If you have a Google account, they know your contacts and what you email about, what you search for and what you click on, they can follow you around the web to most sites that use Google Analytics, if you use their mobile app they know your physical location.

    I’m sort of OK with it because I fundamentally trust them and get benefits in return. Steve Jobs may not agree, but I think Google’s “Don’t be evil” means something, see for instance the recent China episode.

    If Facebook wants to do the same – access to my contacts, messages, mobile app, following me around the web through their Open Social partners, I need to trust that they will do what they say.

    If I can’t trust them with everything, I can’t trust them with anything. So I’m gone. Peace out.

  • Tim O'Reilly

    Maybe I’m dense because I just don’t post stuff that is that personal on Facebook, and find it odd that anyone would think to put stuff there that they would consider secret.

    I totally agree with curmudgeonly troll: I am trusting Google with way more personal information than I trust Facebook with, and I do trust them to keep it private, to the best of their ability. I am trusting AT&T and Visa and Bank of America with personal information that Facebook will never see. Heck, I am trusting Flickr with personal information that I wouldn’t put on Facebook.

    I also agree that Facebook has shown itself to be fairly untrustworthy – I would hope that is clear in the post above, but from some of the reactions, it doesn’t seem to be. Or else people are so sensitized to the issue that they can’t hear any other point of view.

    I’m very much in agreement with Jason Teit when he says “I second what Arkansawyer said upthread about “the social check on technological exposure”. If FB continues to behave as a bad-faith intermediary, it will find, like a brazen gossip in a small community, that nobody trusts it anymore. Folks will simply stop sharing intimate things over facebook. ‘Fool me once’, &c.”

    If Facebook doesn’t clean up their act, they will lose in the market.

    Meanwhile, they aren’t the only ones getting hammered by all the “privacy above all” talk.

    As I said in the original post, there are hard problems here, and we need room to solve them.

  • Jason Treit

    Tim, I’ve told a secret or two over PM, and have used the privacy toggle right under the Share bar to narrow my audience when prudent. (They should highlight that toggle: it’s stupid easy and lets you specify down to the level of individual exclusions.)

    What’s forgotten in these debates is how much easier facebook has made it to manage a personal web presence and find sweet spots between the poles of broadcast and 1:1 than it was six years ago. The more they screw that part of the service up, the more they screw themselves.

  • Bob DuCharme

    Tim, you’re not dense at all. Obviously, you’re very tech-savvy, and so are most O’Reilly Media contributors and readers.

    It’s our less tech-savvy friends and relatives that I’m worried about–like all the people whose phone numbers are showing up on http://www.tomscott.com/evil/ , who thought that they were just communicating with known friends. They have less awareness of the oddness that you see, and Facebook is leveraging the difference between your awareness and theirs like futures traders leveraging the difference between the price of pork belly deliveries.

    I think that there’s a very real possibility that something bad will happen to some unsuspecting victim who didn’t fully appreciate the implications of Facebook’s policy changes, and Elliot Schrage will express regret over it with some hints that it was the victim’s fault for not appreciating Facebook’s features enough, and then Facebook will clean up their act, and everyone will say what a shame it was that it had to take something so awful to make them do this.

    Facebook’s resulting loss in the market that you mention, much like BP’s recent loss in the market, may not be enough to cover the damage done.

  • John A Arkansawyer

    Tim, I’ve got two answers to the question implied by your “Maybe I’m dense…”

    First, you are in (by all appearances–maybe I’m wrong) a settled personal life. You probably don’t have the sorts of secrets people routinely (oh, believe me!) share over Facebook, and you probably haven’t had some of the amazing conversations I’ve had (in person) with friends who felt that talking on Facebook was like talking in person. (Facebook has done a wonderful job.) It’s not your intellect that fails you here but your experience (and possibly your acquaintance network).

    Second, are you certain you haven’t stored a secret in Facebook? Not your secret necessarily, but someone’s, and not necessarily told explicitly but perhaps inferentially. You may have said more than you know–almost everyone does.

    There’s more to say, but first, do either of these ring true?

  • Tim O'Reilly

    John,

    You’re generally right on both counts.

    But given that talking on Facebook is NOT like talking in person (or at least is like talking in person while surrounded by other people) isn’t it better that people learn that? (Tis true that if FB wants it to feel that way, they are doing a good job of destroying the trust that might make that happen.)

  • Tim O'Reilly

    Alex Tolley -

    I agree that Facebook is poisoning the well for other folks by their clumsy thrashing around the privacy issues. I wish they were doing it better.

    But I’m also clear that they came to the correct conclusion that their original model, where everything was private, wouldn’t let them create new kinds of networked value.

    So they have tried to push the envelope. Yes, they’ve screwed up. A lot. Yes, their motives are suspect. But they are still right that pushing in the direction of more open will ultimately create a lot of value for users.

    I desperately want them to get this right. And I desperately want there not to be a big privacy backlash that makes it harder for entrepreneurs to experiment and innovate in this area.

  • Tim O'Reilly

    Sean -

    Yes, I am advocating a network-centric world. But the idea that this is for purposes of warfighting is a bit ludicrous. By a similar logic, we can trace the internet as a whole back to Arpanet, and thus DoD, and conclude that everything, from Google and Facebook to baby pictures online, is in support of network-centric warfare.

    I’m glad you brought up The Future Does Not Compute, though. It’s an important book.

    It highlights exactly the same issue as this post: computers raise hard questions about who we are and who we want to be. We need to strenuously engage with those questions, lest we find ourselves not at all who we want to be…

  • John A Arkansawyer

    Tim,

    The verbal portion of communication on Facebook is much like talking in person, especially in the moment. It’s the surveillance and the persistence that’s different. I don’t know that Facebook is designed for intimacy or privacy, but it feels like talking at a crowded table, full of friends, in a loud restaurant. That feels private and somewhat intimate, until the parabolic microphones, the hovering waiters, and the wire on your dinner partner are taken into account.

    (Notice that we aren’t having this conversation about LinkedIn, which is designed to fulfill an entirely different need for a different set of customers than Facebook, or about IM or IRC, where the level of persistent surveillance is considerably lower.)

    I don’t think most people are able to allocate the time and work needed to learn the subtle differences (which can have not-so-subtle results) among these modes of communication, especially ones not designed to help them make those distinctions (or worse, ones which blur them, by good design or bad). It’s my experience that people feel less surveilled in what they say and do online, especially when interacting with applications designed to facilitate their personal social lives.

    I also deeply agree with you that “there’s enormous advantage for users in giving up some privacy online”. I may have a more expansive set of beliefs than you about what those advantages might and should entail in practice.

    Those beliefs cant’ be separated from a demand for a much higher level of accountability for privacy and, more importantly, a higher level of capability to protect privacy than currently exists. Technology has burned gigantic holes in the ozone layer of obscurity which shielded our identities and our selves from that harsh, carginogenic sunlight. Perhaps that process should be slowed (’cause it can’t be stopped) while we evolve new norms and new behaviors to cope with it.

  • Bikram

    Tim,

    Maybe I think I understand your point on need for innovation, and allowing people some leeways so we can find good solutions to complex/hard problem. But, I am pretty much sure that I believe in the points in my previous post too. I think following may be some common ground:

    “Experimental, uninhibited, real-time innovation is ok and good for most applications, but not for all. And for applications which are the exceptions, experimental innovation might be strongly discouraged”. Exceptions could be:
    -finance (wall street innovations have done much harm of late),
    -medicine/biotech,
    -defense systems (if facebook was skynet, then probably after a goofup we may not have got a chance to discuss much )
    -personal security/privacy (if career and personal-relations become strained because of privacy breach, and we ignore this because innovation is more important, then I guess we need to reconsider our opinions). Many online password questions may become useless after a privacy breach – like pets name/teachers name, etc.

    I guess most of us could live without many new, hot innovations in above areas, until the time they have been evaluated/experimented in isolation like a new medicine evaluation process. Or, we could walk away saying – people should be more careful, people should learn… and accept it as a necessary cost of innovation… but this may not be the right thing to do (ace drivers never crash – learn and drive carefully!… but still, every car has basic passenger security systems in place, irrespective of driver’s skill).

    Facebook, and most private companies, are driven by revenue generation targets. They may overlook privacy concerns as unnecessary cost. If this persists, it might be good to have legislation/rules around online user privacy (even at cost of innovation) – this might be a price companies pay initially for providing sensitive services to users (online trading/banking/etc systems already do this) – if lot of people face ill-effects of privacy breach then facebook may qualify as a sensitive service (and other social networking sites too). Facebook is free to use, so revenue generation will be a challenge, here we all could use some real innovation, if done without compromising on privacy (Google did this with adwords/etc, many new other online revenue generation models are coming up) – in fact, good privacy may become a branding/marketing pitch to attract and retain more users.

  • Tim O'Reilly

    Bikram, I agree that different rules apply to different kinds of data. And I think that people intuitively know this for many areas.

    FWIW, part of why this is hard for Facebook is that they started with one privacy model (all your stuff is private unless you say otherwise) and have migrated to openness. Meanwhile, Flickr went the other way, starting with the premise that everything was open, and letting people put privacy in place where they want it.

    That is, where Facebook is trying to get to is already the default for other sites. So the problem is partly the switch, and the difficulty of making it.

    When you start with the expectation that everything is open, but have the option to keep some things private, you get the benefit of network effects but can add privacy as you need it.

    That strikes me as a really important distinction: do you think of privacy as something that is added, or something that is taken away?

    I think that “open by default, privacy an option” is the way things work in the real world, and is far and away the most powerful model for online sites as well. And when you work it that way, it’s a lot easier to make privacy simple.

    FB is in a hard place because their original architecture was completely the opposite.

  • bowerbird

    well, i’m not “quitting” facebook because
    i never put anything in it in the first place.

    i did get an account, to save my name, but
    i read the terms of service, which exerted
    ownership over everything i posted, and i
    decided that wasn’t a deal i could live with.

    but i was amazed and frightened by what
    i saw there. in spite of the fact that i had
    told it absolutely nothing, facebook knew
    lots of information on my social network,
    based on what others had told it about me.

    i could see — instantly — that this would
    enable facebook to use data-mining tools
    to easily plow through the six degrees and
    do a big bunch of some very wicked shit…

    so even if i hadn’t been run off by the t.o.s.,
    this big-brother aspect woulda scared me…

    but now add on all of the following debacles,
    from their constantly-changing t.o.s. to the
    beacon bullshit to all the privacy backtracks,
    and it’s clear these are a bunch of bumblers.
    (and on top of that, they might be evil too.)

    so, no, i don’t want to continue to give them
    the freedom to experiment with stuff that –
    for all we know — might well be even more
    dangerous than genetically-altered bacteria.

    so tim, if you sincerely want to save the right
    to do such experimentation, you better work to
    take it from the hands of that facebook squad…

    because if facebook causes a social disaster
    on a par with that b.p. leak down in the gulf,
    the oil will be washing up on your beach, tim.

    i’d feel more comfortable if it was taken from
    _all_ private companies — this tech should be
    in the public sphere — but it’s fully imperative
    that it be taken away from proven bumblers…

    -bowerbird

  • bowerbird

    tim said:
    > So the problem is partly the switch,
    > and the difficulty of making it.

    well, maybe it’s _partly_ the switch, yes.

    _and_ the difficulty of making it.

    _and_ the bait-and-switch.

    _and_ the dishonesty.

    _and_ the refusal to go with a simple (and fair) opt-in,
    rather than a promise-breaking opt-out.

    _and_ the trickery.

    _and_ the unwillingness to educate the users.

    _and_ the backpedaling.

    _and_ the lack of interest in soliciting user opinions.

    _and_ the insensitivity.

    _and_ the curious willingness to be abstruse, complex, opaque.

    facebook had a tremendous amount of good-will from its users.
    it could have solicited their help, and been overwhelmed by the
    reaction it received. but instead, it squandered that good-will,
    in ways that make it seem like it’s pulling a fast one on its users.
    it’s _intelligent_ of those users to be suspicious about facebook,
    because facebook has been acting in a very suspicious manner.

    it’s time to pull the cord on facebook.

    which is precisely why that diaspora foursome got so much
    money (and attention) from their kickstarter drive.

    -bowerbird

  • Fairfax

    Hmmm, I had it up to here (quite high!) with their regular dubious policy changes. I moved to http://www.folkdirect.com a couple of weeks ago (was featured in the Huffington Post last week). All cool.

  • Christopher Herot

    Tim, thanks for your reasoned commentary on a topic that can too easily generate emotional rants.

    People complain about the complexity of Facebook’s privacy settings, but it wasn’t that long ago that critics were demanding that FB provide more “fine grained” controls.

    It’s commonly accepted now that one could be in significant peril if certain information gets out, such as one’s phone number, yet Robert Scoble has had his cell phone number on his blog for years and reports he rarely gets unsolicited calls.

    I agree that Facebook’s primary transgression was changing the rules retroactively. It’s one thing to do that when introducing new functionality, such as the news feed, but quite another when the change is just flipping the default from private to public.

    In the end, Facebook is unlikely to suffer lasting damage over this latest imbroglio. More likely it will fade away along with MySpace when, as Yogi Berra once said, it becomes so crowded that no one goes there anymore.

  • Stephen Wilson – Lockstep

    The term “evolve” is completely wrong in this debate. Evolution denotes slow adaptive change, objective and undirected. It’s generally a good thing. Here the term is being coopted by those who are trying to justify Facebook and its ilk.

    What’s happening with Facebook is very simple, and tells us little or nothing about any true evolution of social mores.

    A specially self-selected cohort of largely uninhibited socialites are having a great deal of fun with a brazen seductive new tool, either ignorant of or indifferent to the consequences of their disclosures. There is a sort of suspension of disbelief when we’re in this digital world; the cues we receive are unreliable, and our responses are not entirely natural. Facebook users’ behaviour is largely directed; it has not evolved naturally. The OSN experience is just a few years old; anyone who jumps to premature conclusions about what it means for society is simply trying to sell us something.

    Why would we trust Facebook as a bellwether for the community? Facebook has long been sneaky with their plans for users’s data; and we should expect nothing less. These entrepreneurs have built a billion dollar Internet business, with all the expectations and pressures that go with that, and still have no clear business model. Recent remarks attributed to Zuckerberg not only show his contempt for his members but more importantly show that all along he saw Facebook as a datamine to be exploited for his own benefit.

    The only resource Facebook has to monetise is user data; it’s a recipe for pure piracy. Privacy stands in their way.

  • Roger Clarke

    Tim’s argument isn’t ‘contrarian’ – it’s just excusatory – a soft form of the rubbish that McNeeley, Schmidt, et al. peddle:
    “The essence of my argument is that there’s enormous advantage for users in giving up some privacy online and that we need to be exploring the boundary condition …”.

    (1) ‘exploring boundary conditions’ is what we’ve all been doing for the last 15 years, Tim
    (2) but actions that breach the law breach the law
    (3) and actions that breach reasonable public expectations have no future and will end in tears, and everyone who isn’t blinded by their own greed should have worked that out by now
    (4) Esther Dyson’s dictum of ‘Always make new mistakes’ has been comprehensively flouted by multiple ‘entrepreneurs’ – who just keep on making the same *old* mistakes, and deserve the bollocking they’re getting

    Here are my postings of the last few days:
    http://www.rogerclarke.com/DV/PrivCorp.html#FB
    http://www.rogerclarke.com/DV/PrivCorp.html#Goo10

  • Anonymous Coward

    I have a solution so simple it’s stupid: If you don’t want your private information shared online, don’t register with a social website. Do you really need Facebook to keep up with your friends and family? What happened to email, or – god forbid – a telephone call?

    The reason you’re on Facebook is because you want people to know that you’re hip enough to understand that it’s important to be on Facebook – because “everyone else is doing it”.

    You make the decision to join, to share your information, to upload your photos, to invite the world (even your smaller verion of it) to look at you, so don’t give me this nonsense about how we all want to be “informed” about our privacy.

  • Yves Bennaim

    As usual, very interesting article. Thanks.

    But I believe the real issue is not privacy. It’s not *what* everybody is saying, but rather *the fact that everybody is talking about it* more and more. Facebook disturbs more than just individual users, the whole industry sees is as a threat.

    My post: http://www.tokyo-genki.com/2010-05-17/facebook-is-dead/

  • Roy G. Biv

    Facebook is a movement of greater social openness in society. As it expands, it brings out the greatness as well as the limits of consciousness of the society; i.e. the people using it, and the developers who create it. As these forces, both positive and negative, come to light, there are discussions, digressions, and opportunities for further improvement. It is a process toward ever-increasing truth and benefit.

    There are also marked contradictions, ironies, and confusions in that process. For example, users want an endless array of social tools at the site, and yet then scream that they are not getting enough privacy! It’s like the people who rail against government debt and simultaneously against paying taxes. These contradictions are part of that normal process of development, including this domain of social/community software.

    These discussions on Facebook is ultimately a very complicated matter, because it involves the very way we interact as social beings, which is very complex. So I salute Tim’s discussions in this area, and may all of the conflicting views come to light, until we begin see the varied and deeper truth of things, including our own contradictory impulses and nature. To paraphrase Pogo, “I have seen the enemy, and it is me.”

    Roy

    http://www.growthonline.org

  • Alba

    “Everyone is right to hold Facebook’s feet to the fire as long as they fail to meet those guidelines. But let’s not make privacy a third rail issue, pillorying any company that makes a mistake on the privacy front. If we do that, we’ll never get the innovation we need to solve the thorny nest of issues around privacy and data ownership that are intrinsic to the network era.”

    Although you make some valid points, your defense of Facebook’s privacy is too reminiscent of those of Goldman Sachs executives’ who think financial regulation will halt “innovation.

    “We give up more and more of our privacy online in exchange for undoubted benefits.”

    I believe those in defense of the Patriot Act have also made similar arguments – ‘Selective totalitarianism for the good of the society.’ When I signed up with Facebook, the terms I’ve agreed to were vastly different from what it is today.

    The concept of Facebook is innovative, but Facebook itself is poorly designed. (e.g. NYTimes chart) I believe granular controls and simplicity shouldn’t be mutually exclusive, and same goes for privacy and innovation. So many people have invested their time and lives on Facebook, and people are simply in awe of what Zuckerberg has accomplished with Facebook, namely the sheer number of users it boasts, that the fear of it going away makes them defend its mistakes no matter how deplorable. I see the same kind of defense made on behalf of Apple even when it’s clear that some of Apple’s policies are contradictory to innovation.

  • Tim O'Reilly

    Alba -

    Ouch. I wonder if mention of Goldman Sachs will be the new version of Godwin’s Law.

    I hear you. It’s easy to be an apologist for things that are wrong.

    But I still worry about over-zealous privacy backlash. Google got pilloried over Buzz, for instance, for what seems to me to be fairly minor (and solvable) problems. Facebook detractors, meanwhile, are mixing up the real issue (Facebook’s lack of transparency, it’s apparent duplicity, and the lack of informed consent) under the rubric of privacy.

    It’s important to understand what the real problem is if we want to fix it. And a witch hunt atmosphere makes that harder to do.

  • Bikram

    Tim – “So the problem is partly the switch, and the difficulty of making it work… FB is in a hard place because their original architecture was completely the opposite.”

    – I did not know that they were trying to make it an open site. I personally thought they still wanted to continue old model, atleast in principle (because a lot of people joined FB because of older model), but still have people give out more public information.

    If FB is trying to switch its operation model, then yes this is difficult. But, maybe there could have been smoother ways of doing it. One possible smooth transition could be:
    1.FB could phaseout current site like any normal s/w phaseout works – announce and schedule the present website+content to completely go down in another few years (2 – 4 years). And till then only have necessary security patches and limited new s/w updates on it
    2.In parallel FB could launch a beta site (openbook, or FB 2.0…), which is public by default, and security by choice – communicate this to users.
    3.Allow users to migrate their account to FB2.0 as and when they feel comfortable over the next 2 – 4 year schedule time, and let users chose what they want to take along and what they want to leave behind or delete (anything left behind would be inaccessible, and deleted permanently after old site goes down) – highlight FB2.0 is a public site (not private), and try not to forcefeed settings to users nor import data into new site in stealth.
    4.Develop extensive/good features on beta – much better than what FB has ever developed. Stop the old site after few years, and facebook.com domain could be used for new site. Since new site is all public, they should avoid changing policies.

    This is theory, in reality, it is hard to say what might work; but still it might be cleaner, much easier/pleasant and cheaper than the perennial online and legal slugfests. There might also be other better ways of achieving a transition to open model.

    I am not sure users will be ok with this or not, some might still move (but they are already moving), others may stay. So, for FB the only loss is what data/preferences users delete, which is not exactly a loss, because people are creating more data on internet every few years than it has ever been created in history, and it will be created again if people stay. Number of people who stay on new FB might be roughly equal to the number of people who stay active on FB in current situation, but advantage for FB might be that more new people may willingly join FB if the open-model is truly successful and viable.

  • Sean

    @Tim O’Reilly:

    “Yes, I am advocating a network-centric world”

    You do realize, Tim, or you should realize, that people like Norbert Weiner and John von Neumann, as well as many others, have already demonstrated through science the purpose of network-centric systems – they are created to exercise more precise control over said system.

    http://www.amazon.com/John-Von-Neumann-Scientific-Deterrence/dp/082182676X

    In the military, they have adopted these cybernetic techniques under the label network-centric warfare or network-centric operations, with leaders such as Cebrowski and Alberts pushing what they call “force transformation” in order to create greater command and control of any given system or “battle-space”.

    In high tech aerospace cybernetics have been employed under the label “dynamics and control”, and are leverage in order to agile-stability in an inherently unstable aircraft design. Again, the techniques are employed to gain control over a chaotic system.

    Now, we have these same techniques and tools being deployed into the public domain, where individuals become the sensors on the edge as well as the actors who execute control. To create such a system, where realtime control is acquired, it is necessary to meet certain “tenents”, which I addressed in my first post (above) and which includes “information sharing” and “open data systems” and “self-synchronization”. All of these factors find themselves within the Facebook system, and on the Web in general.

    To not understand how military tools, techniques and science is now being replicated in the public domain is to be horribly naive about what we are building and what you are cheerleading.

    If my assessment is wrong, then don’t you owe it to yourself, and to all those who attend your events and follow your writings, to prove that Norbert Weiner’s & John Von Neumann’s theses does not apply to the existing Internet framework and to the public? Should we not be certain that we are not creating Karl Popper’s Open Society, where our liberties that we’ve worked so hard to secure, are not squashed under a algorithmically controlled system of sensors that mutes freedom of behavior?

    C’mon Tim, rise to a higher standard when you advocate major system changes such as loss of privacy.

  • Scott Koon

    Maybe the solution to Facebook disregarding it’s users privacy isn’t to delete your Facebook account, but instead to poison the well. Make sure that the information you put into Facebook is far from the truth?

  • tprivate

    I don’t agree with you at all. Facebook isn’t stupid. They did what they wanted to do because they want the biggest network. As you said, they decided to do this because it benefited them, “extract value” as Enron used to say.

    What if the US government decided to do what facebook did? Should we say, it’s ok because they were pushing the boundry? Or forwarded your dna to health care insurers and made it public because it wanted to create a big heath care network, as fast as possible?

    I don’t think so.

  • Robert Barksdale

    Tim you stated,

    “Facebook is apparently working on a new privacy policy. Hopefully a better one. And more than policy, hopefully better mechanisms, and a better business model.

    If they don’t succeed, I agree that we’re all screwed by them and ought to leave the service. But I’d rather they keep trying and eventually get it right.”

    Personally, I would rather a company state that we are looking to create new policy, better mechanisms and a better business model. If you are interested in helping us in this effort join our beta program.

    As exciting as it might be to be a test pilot, I would prefer to know what is what before someone straps me in the cockpit and I run the risk of having the wings fall off on take off. Having the facts in hand is important to me.

    Therein is the problem, the majority of Facebook users do not know how this information can be used and none of us are aware of how they distribute our personal information because they keep changing the rules.

    When May 31 rolls around, I will terminate my Facebook account and I will be sending out a communication to all of my friends and make them aware of why I am no longer a member. Remember, friends do not let their friends, or anyone else for that matter, drive drunk!

    Lastly, though I do not agree with you 100%, thank you for your insights. I do enjoy reading your posts.

    Robert

  • Jim R.

    I haven’t deleted my Facebook account – because I never saw the utility of publicly posting personal information that, if I want to share with my friends, I can send to them in an email (which only really good hackers and the NSA probably would bother getting to see…). Facebook’s concept does not – as your article mentioned – have adequate restrictions to protect the privacy implied in a login by password.

    Of course, there’s those terms-by-the-acre agreements that are in legalese that nobody but a lawyer could simply explain to the user who signs up, but that’s its own hornets’ nest to be addressed separately.

    The SF Chronicle article hit several nails on the head, since clarity, honesty, accountability to the community, etc. are missing from way too many websites, including Facebook.

  • Sean

    @Jim R.

    I’m curious, do you link to friends and groups on Facebook?

    As you know, the network of links that you create on your facebook account is also highly valuable and revealing in this semantic world. So, it’s not enough to limit ones postings to information that they would only share publicly, it’s also necessary to limit the linked relationships that one exposes as well, for building profiles is heavily reliant on all variables within the semantic engine, not just the content of your postings and information fields.

  • Sal Mangano

    Here is my suggestion for the signup page. :-)

    What is the truth about Facebook? That you are a slave .Like everyone else who signs up, you are in bondage. You are in a prison with friends you cannot smell or taste or touch. A prison for your time. Unfortunately, no one can tell you what Facebook is. You have to try it for yourself. This is your last chance. After this, there is no turning back. You press Cancel, the story ends, you have a life and do whatever you want to do. You press Okay, you stay in Wonderland, and we show you just how deep the News Feed goes. Remember, all we are offering is your loss of privacy (and some stupid games). Nothing more.

  • Jan Simmonds

    We need to heed the advice of management gurus Tom Peters and Esther Dyson… So BP is off the hook then? Sorry Tim, this is hogwash and Tom & Esther’s advice is as ridiculous applied to Facebook as it is applied to BP!

    This is how I feel about Mark Zuckerberg and the actions of the company – http://www.youtube.com/watch?v=qM-gZintWDc

    I think there is a fundamental issue here which FB is constantly coming unstuck trying to resolve. (Privacy, Integrity, Monetization, Scale, Purpose etc.) – As far as brands are concerned, if they want to stand out from the crowd, they can’t afford to become part of it. So Facebook’s perceived only hope is to create the mother of all big brother targeting systems to try and gain the ad dollars and restrospectively trying to poach Wikipedia’s data in a vein attempt to commercialize those pages within Facebook and attempt to force attention from brands to their highly presumptious community pages. (That action is highly suspect imho on the basis they are currently using those brand references within Facebook and selling ad space against them without explicit permission from the brands as they did to several of mine. I still question the legitimacy of using Wikipedia data provided by people as a public contribution to a public asset, now bent to Facebook’s favour in such a manner. I think Creative Commons has a lot to answer for here…)

    In any event, in both cases, they forget that they simply run a platform not a media company and in fact all that data is ours. In terms of public identities on the net, Facebook is the ‘long tail’ or the 80% of the 80:20 rule and no matter how hard they try they cannot re-invent themselves to resolve that. The ‘head’ or 20% is the final realisation of the migration of traditional media online and elegant platforms where brands can engage at a level of sophistication concomitant with their hard fought images. (IMHO all roads lead to Famebook of course, where all that will come together!)

    It is also amazing to see how much power Facebook has created over some sections of the media who have bowed in the face of such amoral actions and behaved like Facebook’s own PR departments. That’s scary.

  • Phil Windley

    In order to gain reputation in any system, you have to divulge personal information and link personas together. This is true in the physical world and it’s true online.

  • Peter Trudelle

    Thanks Tim, I agree with you right up to the point where the network effects create a natural monopoly, which seems to be happening with Facebook. On other social networking sites, this problem has not risen to such a level, as you just move on to the next one. Once a site grows to be larger than most countries though, the rules should change, because of the vastly greater potential for abuse of power, harm to individuals, and the difficulty of re-establishing your identity elsewhere. Quitting FB is the online equivalent to becoming an expatriate, having your account terminated is akin to banishment. Economies of such scale should permit/demand a more cautious approach.

  • http://www.bestpclaptop.info/ Mitchel Langer

    Personally, I know that privacy in a connected world instills a sense of denial, but something about Facebook’s tactics is probably what bugs me most. We’ll just have to see how this all turns out. On the Best PC Laptop, facebook still worries me. It is not reassuring that a company can have so much information about a person.