Four simple things that Facebook can do to regain its users' trust

There's no doubt that Facebook is in a "heap of trouble" due to changes in its privacy policies, but there are four simple things that the company can do to regain trust and help to prevent future flare-ups:

1. The company has to stop assuming that "what's mine is mine and what's yours is mine" when it comes to personal information. It has to stop making more and more of its members' information public.
2. When the company introduces new features that will expose more personal information, it needs to make the announcement well ahead of implementation, and give its members an easy way to opt-out.
3. There needs to be a way for members to say "I want my information to be made available to friends ONLY" without having to make dozens of selections. The current fine-grained controls are confusing and are leading members to deactivate their profiles or leave altogether for fear of missing some critical settings.
4. Mark Zuckerberg needs to make a public statement that he and the company have heard the complaints, understands them and is taking action, now and in the future, to anticipate privacy issues and protect users' privacy.

Here's the downside: If Facebook does a "mea culpa" and then changes the rules again a few months from now, the company is likely not to survive the firestorm, at least in its current configuration.

We're taking pictures! (Slap!) Wardriving! (Slap!) Taking pictures! (Slap!) Wardriving!

Forgive the gratuitous "Chinatown" reference in the title, but Google just got caught with its own privacy scandal. It seems that its Street View cars aren't only taking pictures of streets; they're also refining Google's maps and other geolocation services. There's nothing wrong with that, of course, but one of the techniques that the company has been using has been to detect Wi-Fi networks along the way and map their locations to GPS coordinates.

There's nothing wrong with that, either; Wi-Fi access points and routers broadcast their MAC addresses, which are usually (but not guaranteed to be) unique for each device. Map a MAC address to a pair of coordinates, and as long as the access point doesn't move, if you can pick up the access point, you're near those coordinates. However, that wasn't all that Google was doing. For some reason that completely escapes me, Google has been collecting not just MAC addresses and locations, but actual data being broadcast by open (unencrypted) access points, possibly for as long as four years. They've been doing this everywhere in the world where Google has Street View cars.

The company says that it has temporarily stopped collecting data with Street View cars and will permanently stop using Wi-Fi network data, and that it will delete the collected Wi-Fi data "real soon now." Google claims that, since its Street View cars were constantly moving, it only collected a small amount of data from any access point. Also, it's been known for years that running an open access point is a lot like taking the drapes off all your windows and keeping the lights on 24 hours a day. But that neither explains not excuses why Google has been collecting this data since 2006. They don't need it for geolocation. Shouldn't someone have caught on when Street View cars went out empty and came back full of spurious data, say, four years ago?

Google's been violating privacy laws and laws against interception of transmissions in the U.S., Europe, and probably everywhere else Street View goes. This is likely to have very serious consequences for the company worldwide. Further, between what's been going on with Facebook and now Google, I wouldn't at all be surprised to see action taken in the U.S. to strengthen data privacy laws, much along the line of the EU's rules.

If you haven't already locked your Wi-Fi access port down with WPA encryption, now would be a good time.

Amazon: All your highlights are belong to us

A popular and useful feature of Amazon's Kindle is that highlights and notes that you put into one of your eBooks are stored on Amazon's servers and automatically applied to other copies of the eBook that you own. So, for example, you can put highlights into a copy of an eBook on your Kindle 2. If you download and open the same eBook using Kindle software on your PC, the highlights will be there.

However, according to MSNBC.com, Amazon is now aggregating highlights from its customers into a feature that it calls "Popular Highlights". If at least three people highlight the same passage, those highlights are made available to any Kindle user who wants them. The names of the people who made the highlights aren't displayed, but from a privacy point of view, that doesn't matter; Amazon is keeping track of its customers' highlights and is revealing that information without their consent.

When readers put notes and highlights into a printed book, they usually do so with the expectation that those annotations will remain private. Amazon has decided that it can do whatever it wants with your highlights, as long as it anonymizes them. Some Kindle users have reported that they've tried to opt out of the program and were told that they would lose the ability to backup their annotations on Amazon's servers and to share annotations between readers if they did so. In short, using Amazon's Whispernet service to store your annotations is tantamount to giving Amazon permission to use them as it sees fit.

Given the reaction to Facebook's recent privacy moves and Amazon's previous missteps (for example, deleting without warning eBooks that consumers had already purchased because of a copyright ownership question,) you'd think that it would have thought Popular Highlights through with a bit more care before implementing it. In any event, look for yet another "mea culpa" letter from Jeff Bezos real soon now.

Hey kids, let's play Facebook Privacy Roulette!

Let's put two Facebook tricks together to violate a random person's privacy:

1. Type "http://graph.facebook.com/nnn" into your browser, where nnn is a number from 1 to who knows how big (try 4 and see who you get). If Facebook returns "false", try another number.
2. Open up another browser tab or window and type in "http://zesty.ca/facebook/". When the page opens, type the same number (nnn) that you typed in step 1 above, and find every piece of public information stored about that person on Facebook.
3. If you know your own Facebook ID number, type it in and find out everything that Facebook knows about you that it's making available to others.
4. If you don't like what you see, change your privacy settings or disable your profile.

Facebook's new initiatives: Is the safest approach to wait and see?

I've been traveling for a few days, so this is the first opportunity that I've had to cover the announcements that Facebook made on Wednesday at its F8 Developer Conference. The biggest announcements were:

1. The Open Graph protocol, which enables website developers to integrate their sites and content into the Facebook social graph, primarily by providing descriptive metadata and adding "Like" buttons that allow Facebook users to share content and preferences with their friends.
2. A library of plugins that provide drop-in access to Facebook features for website developers and bloggers.
3. A new, simplified Graph API that's dramatically easier for developers to use and supports industry-standard OAuth 2.0 authentication.
4. Removal of the requirement that developers purge the personal data that they get from Facebook every 24 hours, requiring users to reauthorize access. Now, developers can keep and use the data indefinitely.

With these announcements, Facebook has become both a much richer social services integration platform and a much easier platform for developers to use. However, the response to the announcements has been mixed. The reason is Facebook's "shoot first and ask questions later" approach to privacy protection. You may remember Beacon, an ill-fated Facebook initiative launched in late 2007 that sent member's information to selected websites in order to allow those websites to personalize ads and content, and that sent web browsing history from the participating sites back to Facebook. Initially, Facebook members had no way to opt out of Beacon, but the company was forced to offer an opt-out option a few months later after enduring a firestorm of criticism. Facebook shut down Beacon entirely in September of last year.

Late last year, Facebook made dramatic changes to its default privacy settings, which made public an enormous amount of personal information that had previously been private. The company promoted the changes as a big benefit for members, but a backlash from privacy advocates forced the company to publicize its changes in more detail and make it easier for members to restrict access to their personal information.

Now, Facebook has introduced these new initiatives, which will enable potentially all the information that members have listed as "public" in their profiles to be shared with participating websites. In light of yesterday's announcements, Facebook's actions on privacy defaults last year now make more sense...for Facebook. By making much more personal information available publicly by default, Facebook's new services are far more valuable to partners and advertisers.

Facebook's previous "tone-deafness" about privacy issues and inability to think through the ramifications of its actions suggest that there could be some dangerous consequences, both intended and unintended, for Facebook's members, partners and the company itself. If I were considering implementing Facebook's new features on my website, I'd wait a few months for the inevitable privacy and technical issues to be addressed. As for Facebook members, they should go to their profiles immediately and decide whether or not they want to share their "public" information with Microsoft, Pandora, Yelp and who knows who else in the future.

Update: The Electronic Freedom Foundation is weighing in on some of the changes made by Facebook. It turns out that under Facebook's new scheme, there is no way for members to prohibit sharing of certain information, including (but not necessarily limited to) current city, hometown, education and work, and likes and interests, with Facebook's partners. In other words, that information becomes public, and you have no way of limiting access to just your Facebook friends unless you remove the information altogether. EFF is recommending that Facebook members protest the changes and/or remove the information, while TechCrunch reported that the changes are causing a number of Google's engineers, including some of the company's best-known privacy advocates, to leave Facebook altogether.