Kien Tran’s Daily Blog

I wanted to wait a few days days for the fervor to settle down and to see if Facebook will recant or at least explain their design decisions (and to cool down a bit as to not sound so ranty).  As that has not happened, I have little choice but to take them to task on their poor choices.

Once again, Facebook as proven themselves to be totally unethical and morally corrupt in the way they conduct business. Their new privacy system is nothing more than a play to compete with the likes of Twitter and Google to provide even more of your private data into the public realm. By default, a massive amount of personal information is set viewable by the entire world, and as most users will just use the recommended settings, they are exposing sensitive information that they have previously set as private into the public space.

Everyone means....everyone

The first issue stems from their recommendation that you share most of your information with the "Everyone" category. This does exactly what you think it does, it allows anyone to see information allowed to "Everyone" regardless of if they are a user of Facebook or not. Unaware users will inadvertently set their private information as viewable by everyone, causing a major security risk.  How easy will it be for someone nefarious to steal your credit card, look your profile up on Facebook, and then answer the bank's challenge questions based on the information they can find about you on your public Facebook page?  That is merely one example!  

As a developer, you have an ethical and moral obligation to protect your users from not only the black hats but themselves as well.  Twitter has always been a public facing entity, and it's users know this.  Facebook on the other hand was built on the idea that it was a private circle where people could share private information with their friends.  Trying to force their information into the public space goes against their original brand message!

Why can't I hide my friends and interests?

The second issue I have is the fact that Facebook has removed the ability to hide your friend list, fan page list, and your group list.  Before, while it was difficult to find, you could hide your list of friends and pages from prying eyes with the usual privacy levels.  In the new implementation, this information is by default, public to everyone.  You cannot hide it from the public at large, and you cannot suppress the ability for Facebook applications to see this information.  This means that anyone, and I mean anyone, can see who your friends are and what pages you are a fan of.  The ability for outside groups to datamine your information and determine information about you is a very real risk now.  

For example, say you are against federal healthcare but do not want to put yourself at odds against your friends and co-workers.  Before, when you join a fan page oriented this way, you could hide that information from your co-worker friend list and keep yourself from an argument that you don't need or want.  Now, the fact that you are a fan of that page is public information and anyone who is looking even at a glance will see this information, and your personal and private stance is now completely public, open to attack and criticism by your co-workers.

Another example is in how easy it is to extrapolate personal information about you based on your friend list.  Back in September, a team at MIT created project "Gaydar."  This project took your publicly facing friend list and extrapolated whether or not you yourself were gay.  Even if the results were incorrect, (you just have a lot of friends who are gay), the inference is very real.  Now that your friend list is permanently public information, anyone will be able to datamine and come to conclusions about your personal life.

Ethically, how is it acceptable that you as a developer, will force it upon your users to reveal this type of information to the public against their will?  While the argument will be that if you do not want this information public, you would not join Facebook is true, this is different in that it previously was private information.  Now it is public information and there was no notice or option otherwise for users who have already established themselves.

This isn't the first time for shenanigans

This is not the first time Facebook has pulled this type of unethical behavior.  Back in 2007, Facebook launched their "Beacon" system, which tracked purchases on Facebook connected sites and provided that information back to Facebook.  One of the most glaring examples was when a man bought an engagement ring for his girlfriend, and then his girlfriend started seeing "Joe likes this engagement ring store!  Maybe you will too!" advertising on his wall.  With no opt-in or opt-out available, user's private shopping habits were now public domain.  Even advertisers such Coca-cola, once they realized what was going on, thought this was wrong and pulled their support.

Recently, in a 2009 example, Facebook started allowing advertisers to pull your friend's photos to use as advertising, as if they were public domain royalty free images.  The example in this case was a man received a singles ad featuring a picture of his wife, an ad seen by not only him but any other person that the ad targeted. I don't know how anyone who could think this is ethical behavior.  Not only is it immoral to use other people's work without permission for your advertising, it is also dangerously illegal.

Another example is my article about how Facebook connect implicitly implies that you require Facebook to use a site, forcing an novice user to either give the website permission to access their Facebook account or to not use the site at all.  This is a great boon to nefarious websites who use the Facebook connect system who can trick users into giving them permission to get acces to your information.  There is a major security risk in creating this type of false impression, and it is an obviously overlooked or ignored ethical issue.

Who is to blame then?

In my opinion, the blame falls on the management and the developers who allow this situation to arise in the first place. Mark Zuckerberg owns this company, and therefore it is his responsibility to run the company in the interest of the user base.  It is unknown what person exactly is behind this latest fiasco, but it is in my opinion that Zuckerberg has a moral and ethical obligation to see these types of glaring issues and not allow them to exist in the first place. Though I don't know for sure, I would assume Harvard's computer science program required a course in computing ethics.  My program not only required it, it was required in the first semester you were in the program.  Zuckerberg needs to take back control of his company and the developers need to be more vocal about the moral implications of their projects.

What's to happen now?

Jason Calacanis asks what is going to be the result of all of these new developments.  

The first fallout we will see is the imminent lawsuits that are pending between users on Facebook who have had their lives disrupted by someone else simply because their information is public.  Employees will file wrongful terminations thinking they were fired by content posted on Facebook.  Companies will sue their contractors who inadvertently leak private information of their projects they are working on.  Friends will sue their other friends as they find out they've been wronged in some form or fashion.

I feel like as more and more people realize what's going on, that the lawsuits are going to start flying between Facebook, class action user groups, and advertisers.  In the mean time, this will likely raise the ire of the government and we are at risk of a major intervention that no one who believes in laissez faire wants.  There is already precedent in Florida where judges are asked to not friend lawyers as it creates an air of conflict of interest.

Do I trust Facebook?

Well, as I do not trust Facebook itself, to cut myself off from a 350 million person user base is rash.  I will though be highly conscious of what information I post and how I set the privacy levels on my content.  It is still a massively powerful tool to use, and until I find an alternative, it has to continue to be one of my primary tools.

There used to be a day when I wanted nothing more than to work for Facebook and be in the middle of the biggest revolution in networking in the history of the internet.  While I still wish I could work there, I feel that my moral and ethical stance would forever be at odds with the apparent policy and business strategy in place.  In the mean time, I just hope I can raise public awareness to force the decision makers at Facebook to rethink their ethical stances.