Facebook Open? not til they fix the privacy model

FaceBook has just taken two important steps away from being a walled garden by opening the API to stream data and by supporting OpenID. These things are very good. As someone who’s complained about the walled garden model, I think these are steps in the right direction. But these steps do not get FaceBook very far until and unless they fix the privacy model.

FaceBook is simultaneously too private and not private enough. This gets in the way of using it for information sharing AND for private information.

Facebook’s model for information about people is symmetric and mostly private. (Pages are a limited exception) I can only see information about you and from you if we mutually declare each other to be friends. This puts a break on the discovery of new people and new information. If you post an interesting link in Twitter, I can navigate to see your stream of tweets and choose to follow you. If you comment on my friend’s link in Facebook, I can’t see enough about you determine if I want to know more. Even if I could, “friending” is a different social gesture – I won’t friend you because I don’t know you. The mostly-private nature means that search is useless except to find people you already know.

ReadWriteWeb explains how this dramatically limits the utility of the newly open API:

Unfortunately, the data that developers are able to work with is severely limited. They will simply be able to make a call for a user to Facebook and get back the friends’ streams that this particular user has the permission to see. … Terms of Service will prohibit eyes outside of a user’s Facebook friends from seeing the massive amounts of friend-limited data. In other words, this is permission to build more interfaces for Facebook. That’s cool, but that’s not really what the world needs – more interfaces for giving Facebook love.

Meanwhile, Facebook’s model is not private enough. Facebook has been trying to be private but viral, and that makes it really hard to be private. Facebook actions leave trails all over the place. For example, if I comment on my friend’s link, others can see my comment. Facebook does have some granular controls over categories of friends and what is exposed to them. But these controls are not very easy to use. The API makes it possible to for developers to disclose information about your activities in unintended contexts, which may open new opportunities for privacy violation.

Until Facebook fixes its privacy model so that what’s open is open and what’s private is private, supporting open standards doesn’t make Facebook usefully open, and may make privacy issues worse.

One thought on “Facebook Open? not til they fix the privacy model”

  1. Totally agree. “Facebook does not do a very good job at all (in my opinion) when it comes to:

    1. Informing users as to which Facebook Connect applications are accessing their data for external purposes
    2. Notifying users of what data those applications are sharing externally
    3. Allowing users to set permission levels at a data item level per application (vs. global Connect settings) ”


Leave a Reply

Your email address will not be published. Required fields are marked *