Crossing the line on privacy: Facebook story

It was a case of conventional wisdom at odds with itself.

Information security community has long maintained a very glib outlook on privacy. On the one hand embracing such enablers or paranoia as Tor, offshore data-havens and untraceable ecash, on the other hand griping about the indifference and cavalier attitude that most users  have towards  their own personal information. The failure of privacy-enhancing technologies to break into the mainstream has a consistent history from PGP to the failure of Zero Knowledge Networks to commercialize its network.

At the same time Facebook was the new poster-child for web 2.0 applications, the social network threatening to take over MySpace, flush with cash after having recently inked a lucrative advertising deal with MSFT after sitting in the middle of a bidding war against Google. It could do no wrong, and certainly not in such a trivial area as privacy. Scalability, performance, features– this is what makes or breaks social networks, as Friendster found out the hard way.

It turned out users did care about privacy after all. Long before a popular outcry from users, critics such as Cory Doctorow were writing blistering reviews of the Facebook
business model, referring to its view of users as “bait for the real customers, advertising networks.” In this case it did not take very long for popular sentiment to catch up. The Beacon feature crossed the line from dubious monetization strategy into outright abuse of customer data. At its core Beacon was a data linking scheme: Facebook partnered with several prominent ecommerce merchants including Amazon, Blockbuster and Fandango to access the transaction history of users at these external sites. This data stream which included purchase history was incorporated into a user feed, visible to other users. (A challenge considering that there is no shared identity spanning these sites– email address would have been the only link, which is good enough for advertising purposes.) In effect every time the user bought anything at one of these merchants, they became an unwitting walking billboard, advertising to other users what they purchased and the merchant.

Great value proposition for merchants on the face of it: through a process of viral marketing,  friends can be inspired to click on the link and visit the same merchant to purchase identical item, in a case of keeping-up-with-Johns played out on a social network. Meanwhile those users particularly drawn to cataloging their material possessions online would have the data stream automatically generated. At least that must have been the elevator pitch in some PowerPoint presentation that inspired this scheme.  One minor detail: viral marketing depends on willing participants who are impressed with the product and voluntarily rave about it to their contacts. Creating the appearance that users are implicitly endorsing everything they have bought is a non-starter, and forcing the endorsement to be carried out in a very public way demonstrated complete disregard for privacy.

A group of users 50K strong petitioned, more bad PR followed and eventually Facebook changed the feature to opt-in from opt-out. This is a very unusual and perhaps encouraging demand for privacy. Even in the original flawed design users had the option to disable the involuntary enrollment into the advertising program but they were sticking to the principle that meaningful consent must exist before people unwittingly become part of a dubious business plan with no clear value proposition for them. The storm is not over yet: a CNET article reports that EFF and CDT are planning on filing complaints with the FTC. Meanwhile Fortune/CNN is running a piece arguing that mismanaged PR and disregard for privacy is seriously damaging the company’s future prospects.  Next up: damage-control time.


Leave a Reply

Please log in using one of these methods to post your comment: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s