Thursday, April 22, 2010

Facebook's new initiatives: Is the safest approach to wait and see?

I've been traveling for a few days, so this is the first opportunity that I've had to cover the announcements that Facebook made on Wednesday at its F8 Developer Conference. The biggest announcements were:
  1. The Open Graph protocol, which enables website developers to integrate their sites and content into the Facebook social graph, primarily by providing descriptive metadata and adding "Like" buttons that allow Facebook users to share content and preferences with their friends.
  2. A library of plugins that provide drop-in access to Facebook features for website developers and bloggers.
  3. A new, simplified Graph API that's dramatically easier for developers to use and supports industry-standard OAuth 2.0 authentication.
  4. Removal of the requirement that developers purge the personal data that they get from Facebook every 24 hours, requiring users to reauthorize access. Now, developers can keep and use the data indefinitely.
With these announcements, Facebook has become both a much richer social services integration platform and a much easier platform for developers to use. However, the response to the announcements has been mixed. The reason is Facebook's "shoot first and ask questions later" approach to privacy protection. You may remember Beacon, an ill-fated Facebook initiative launched in late 2007 that sent member's information to selected websites in order to allow those websites to personalize ads and content, and that sent web browsing history from the participating sites back to Facebook. Initially, Facebook members had no way to opt out of Beacon, but the company was forced to offer an opt-out option a few months later after enduring a firestorm of criticism. Facebook shut down Beacon entirely in September of last year.

Late last year, Facebook made dramatic changes to its default privacy settings, which made public an enormous amount of personal information that had previously been private. The company promoted the changes as a big benefit for members, but a backlash from privacy advocates forced the company to publicize its changes in more detail and make it easier for members to restrict access to their personal information.

Now, Facebook has introduced these new initiatives, which will enable potentially all the information that members have listed as "public" in their profiles to be shared with participating websites. In light of yesterday's announcements, Facebook's actions on privacy defaults last year now make more sense...for Facebook. By making much more personal information available publicly by default, Facebook's new services are far more valuable to partners and advertisers.

Facebook's previous "tone-deafness" about privacy issues and inability to think through the ramifications of its actions suggest that there could be some dangerous consequences, both intended and unintended, for Facebook's members, partners and the company itself. If I were considering implementing Facebook's new features on my website, I'd wait a few months for the inevitable privacy and technical issues to be addressed. As for Facebook members, they should go to their profiles immediately and decide whether or not they want to share their "public" information with Microsoft, Pandora, Yelp and who knows who else in the future.

Update: The Electronic Freedom Foundation is weighing in on some of the changes made by Facebook. It turns out that under Facebook's new scheme, there is no way for members to prohibit sharing of certain information, including (but not necessarily limited to) current city, hometown, education and work, and likes and interests, with Facebook's partners. In other words, that information becomes public, and you have no way of limiting access to just your Facebook friends unless you remove the information altogether. EFF is recommending that Facebook members protest the changes and/or remove the information, while TechCrunch reported that the changes are causing a number of Google's engineers, including some of the company's best-known privacy advocates, to leave Facebook altogether.
Reblog this post [with Zemanta]

No comments: