[When I sat down to write last night, this post was originally going to be about the things I like about the F8 platform announcements. I'll still write that post later, because there are a lot of things to like. Edit: I wrote it.]
Like others, I deactivated my Facebook account tonight.
(Update: Apparently this is now a story, though I disagree strongly that this should be a story about where people work. Reducing it to that misses the point. And if you read the comments there, the vast majority of people, including some who are clearly quite tech savvy, still have no idea about the pre-approved data sharing facebook just enabled, and are confusing it with connect.)
Not for lack of trying, but I couldn't figure out exactly what personal information I was now sharing via Facebook, or with whom. I made a sincere effort to understand the privacy preference settings, and I thoroughly read the documentation, but even after a day it still remained unclear to me. And if it wasn't clear to me, just imagine how much sense it would make to the average Facebook user.
I find it troubling that Facebook's recent policy changes allow the company to share personal data with the sites you visit, and that this change was made unilaterally with no reasonable opportunity for the user to say no first. I say "no opportunity to say no first" both because it defaulted to "on", because it wasn't clear what was going to happen if you didn't disable it, and also because it was so difficult to figure out how to turn disable it if you wanted to. The average user will almost certainly not make the effort I did, nor will they even know they should.
(Update: Someone made the comparison with other networks, like AdSense or analytics. I wonder if that person understands the (I thought obvious) difference — that those programs don't share individual data directly with the publishers or advertisers. Besides, there's a very simple opt-out for that anyway.)
To get a sense of the user experience of someone trying to opt-out, please view the screenshots I posted of the experience last night.
You'll note that, even reading closely and taking the most reasonable path I could find, (and clicking far, far more pages into the flow than a normal user would), I still ended up on the wrong privacy page, and never ended up disabling the site sharing features I thought I did.
Digging deeper, I found more precise information in the relevant changes to the Facebook Privacy Policy. Specifically, in the new section that begins:
(Update: Someone made the comparison with other networks, like AdSense or analytics. I wonder if that person understands the (I thought obvious) difference — that those programs don't share individual data directly with the publishers or advertisers. Besides, there's a very simple opt-out for that anyway.)
To get a sense of the user experience of someone trying to opt-out, please view the screenshots I posted of the experience last night.
You'll note that, even reading closely and taking the most reasonable path I could find, (and clicking far, far more pages into the flow than a normal user would), I still ended up on the wrong privacy page, and never ended up disabling the site sharing features I thought I did.
Digging deeper, I found more precise information in the relevant changes to the Facebook Privacy Policy. Specifically, in the new section that begins:
Pre-Approved Third-Party Websites and Applications. In order to provide you with useful social experiences off of Facebook, we occasionally need to provide General Information about you to pre-approved third party websites and applications that use Platform at the time you visit them (if you are still logged in to Facebook). Similarly, when one of your friends visits a pre-approved website or application, it will receive General Information about you so you and your friend can be connected on that website as well (if you also have an account with that website). In these cases we require these websites and applications to go through an approval process, and to enter into separate agreements designed to protect your privacy. For example, these agreements include provisions relating to the access and deletion of your General Information, along with your ability to opt-out of the experience being offered. You can also remove any pre-approved website or application you have visited here [add link], or block all pre-approved websites and applications from getting your General Information when you visit them here [add link]. In addition, if you log out of Facebook before visiting a pre-approved application or website, it will not be able to access your information. You can see a complete list of pre-approved websites on our About Platform page.
The term General Information is defined as:
Connecting with an Application or Website. When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. We may also make information about the location of your computer or access device and your age available to applications and websites in order to help them implement appropriate security measures and control the distribution of age-appropriate content. If the application or website wants to access any other data, it will have to ask for your permission.
Unfortunately, the opt-out links in the first paragraph are broken. But more to the point, this should have been an opt-in to begin with, not an opt-out, given that the historical expectation on the network that profiles were private. (In fact, just a year ago, that profile data would have been private. An earlier policy change made certain profile data available to "everyone" by default. A cynic might suggest that now we know why.)
I'm actually all for public profiles, and for more sharing on the web. But the most important thing is transparency, and in giving users the ability to understand and control what is happening, all of which appear to have been rushed right past in the race to grow the network. The weird thing is, I might even have opted in, given a choice.
So for now, I'm deactivating the account altogether, in hopes that there will be a more clear policy in place someday, and better tools on the network to keep personal data personal and to understand when it isn't.
If you're curious, here's what the opt-out flow looks like, as found at:
In pictures:
[several pictures of friends who will "miss me" when I leave hidden out of respect for their privacy]
Thoughts?
