The first massive holes in Facebook’s security happened Wednesday the 6th, when a bug in the “Preview my Profile” feature allowed users to see other users’ profiles – including supposedly private information, such as pending friend requests and current chat conversations. Facebook temporarily disabled the chat function and fixed the bug, maintaining that the security hole was a small one, not a large-scale security issue. Unfortunately, not all press is good press for Facebook, as news of the security hole added to the growing discontent over the site’s ever-changing privacy policy, which is currently longer than the United States Constitution by over a thousand words. Yeow.
Security problems resurfaced on Tuesday, however, when George Deglin, a web security consultant, discovered a way to harvest Facebook users’ information from Yelp.com, Facebook’s “instant personalization” partner. A programming hole in the “instant personalization” feature, one of Facebook’s newest and least-loved additions that exports profile information to third-party sites, allowed Deglin to access users’ names, email addresses, friends’ email addresses, and other supposedly private details. Yelp and Facebook have since fixed the hole; however, Facebook has yet to fix the blows to its reputation.
Image courtesy of thereifixedit.com
In fact, the social networking site seems intent on simply making them worse. On Tuesday, the New York Times published an interview with Elliot Schrage, vice president of public policy at Facebook, in which Schrage answered a mere 14 of over 300 posed questions using corporate double-speak that required multiple readings in order to understand what he really meant. His answers boiled down to two basic points:
1. Facebook is sorry its changes confused people and it will attempt to simplify things in the future.
2. Facebook is not sorry it implemented the changes. Using Facebook at all is “opt-in” – nobody is being forced to use Facebook, or to fill out any of their information if they do so. “If you’re not comfortable sharing,” says Schrage, “don’t.”
That sort of attitude promises very little positive change in the future; in fact, it’s hard to believe that Facebook even cares about their users’ concerns over privacy. Either way, they’re certainly playing the part of concerned corporation: Facebook has scheduled an all-hands meeting for 4 PM this afternoon to discuss the site’s privacy policy. This may be coming just in time for Facebook, as an up-and-coming project threatens to usurp the social networking throne.
Four NYU students have proposed a new network entitled Diaspora, which promises to be an inclusive social network. Think Facebook without security holes, privacy issues, and Farmville. Hoping to raise 10,000 USD by June 1st in order to begin the coding process by the beginning of summer, Diaspora has already raised 100,000 USD through its interim site, joindiaspora.com, as of this morning, an indication of just how discontent the general public is with Facebook’s shenanigans. (Another strong indication is the rising popularity of the search query “How do I delete my Facebook account?” on Google.) The programmers have stated their goal is to have Diaspora up and running in three months after that June 1st date, leaving Facebook a very short window in which to get its act together.
Have you opted out of Facebook’s privacy policy yet? Have you tried the long and complicated process required to delete your Facebook account? Are you going to stick with the land of Farmville, or will you head to Diaspora’s greener pastures? Let's hear it!
Katherine
Deal of the Day: Dell Latitude D820 Laptop, because you'll need a place to keep track of all these social networking shenanigans.
3 Response to Facebook's Privacy Failure: Is Diaspora the Future of Social Networking?
I might check out Diaspora when it comes online. Will it do to Facebook what Facebook did to Myspace? It's a decent possibility. If they market themselves well and really are as innovative as they're trying to be, they might gain enough popularity to become the next Facebook (and not Friendster, Spiffbox, etc.). But it's going to boil down to getting that critical mass of users.
danah boyd gave an interesting talk at this year's WWW conference called Privacy and Publicity in the Context of Big Data. She pointed out, among other things, that just because data is publicly accessible, it doesn't mean people want it publicized, particularly if the information is taken out of context.
I have a couple of issues with Elliot Schrage's point #2:
1. While no one is being "forced" to use Facebook, it is becoming more and more difficult to function socially and form or maintain social networks without one. I don't have one, but most of my friends do. Most new people I meet do. Several friends of mine who live in different states or different countries do. People expect you to have one. "You don't have a Facebook?!" has become the new "You don't have a cell phone?!" The unspoken thought is, "Then how am I supposed to keep in touch with you?" There are other ways, of course, but many people don't want to bother, particularly for casual acquaintances.
Facebook is so ubiquitous and its use so expected that my grad school's distance learning program is phasing out its private social networking site in favor of a Facebook group. I will have a severe social networking disadvantage if I *don't* get a Facebook. But no, no one's FORCING me to.
2. "If you're not comfortable sharing, don't" is, first of all, a bit rude, and secondly, incredibly disingenuous, because Facebook does not make it easy to find out what you're sharing, who you're sharing it with, or how to change your settings. By DEFAULT, you share your information with EVERYONE. A company that truly cared about its customers' privacy would default to a sharing within a trusted network. You would have to consciously consider making something accessible to more people, rather than fewer. But Facebook, for its own corporate benefit, doesn't want you thinking too hard.
jedizero: Given the mass amount of non-commercial monetary support Diaspora has received just in these past few weeks, they probably stand a pretty good chance of getting the number of followers they need to catch up with if not overtake Facebook. Of course, this is if Facebook continues its privacy shenanigans.
ghettopeach: Sounds like boyd hit the heart of the Facebook debacle with that one.
1. The fact that Facebook is at the top of the heap and the new "cell phone" is likely the reason they're doing what they're doing - there isn't currently a competitor of similar size and function that Facebook's more disgruntled users could jump to if things go poorly. You're right - you don't have to get a Facebook, but it's certainly beneficial to your social networking.
2. This is exactly the heart of the debate. Facebook's new changes point to the fact that they'd rather make money than make things easier for their user base. Again, this is likely why Diaspora is getting so much support - it's promising what Facebook's failing to do. If it follows through, Facebook may well have a sizeable competitor on their hands or even be dethroned.
Post a Comment