Joho the BlogFacebook's Privacy Default - Joho the Blog

Facebook’s Privacy Default

[This post is also running at HuffingtonPost.]

With its new advertising infrastructure, Facebook is being careful
to protect privacy of information. But they are bucking — and
perhaps helping to transform — the norms of privacy. At
its most basic, Facebook is getting the defaults wrong.

The new ad infrastructure enables Facebook to extend their reach onto
other companies’ sites. For example, if you rent a copy of “Biodome”
from, Blockbuster will look for a Facebook cookie on
your computer. If it finds one, it will send a ping to Facebook. The
Blockbuster site will pop up a “toast” (= popup) asking if you want to
let your friends at Facebook know that you rented “Biodome.” If you say yes, next time you
log into Facebook, Facebook will ask you to confirm that you want to
let your friends know of your recent rental. If you say yes, that
becomes an event that’s propagated in the news feed going to your

Facebook has also created a new type of entity to allow non-people
to have a presence in the system. So, a company or a character can
now get a “page,” but not a profile. It can have “fans” but not
“friends.” And the fact that you decided to become a fan of Cap’n
Crunch is yet more information advertisers can use against you.

Facebook makes an astounding array of information available to its
advertisers so that they can precisely “target” likely suspects. This
is great for advertisers, and — given that the ad space is going
to be filled up one way or another — it’s arguably better for
users to see ads that are relevant than are irrelevant. (The
counter-argument is that targeting makes ads more successfully
manipulative, not just more relevant.) Facebook is scrupulous,
however, about not letting advertisers know the identity of those to
whom it’s advertising. So, Blockbuster might buy ads for all men aged
18-24 who have joined the Pauly Shore fan club, but Blockbuster
doesn’t know who those people are.

When Facebook talks about preserving user privacy, that’s what they
have in mind: They do not let advertisers tie the information
about you in a profile (your age, interests, etc.) to the
information that identifies you in your profile (your name,
email address, etc.). That is the informational view of privacy, and
Facebook is likely to continue to get that right, if only because so
many governmental agencies are watching them. I also think that the
Facebook folks understand and support the value of maintaining privacy
in this sense.

Yet, I find myself creeped out by this system because Facebook gets
the defaults wrong in two very significant areas.

When Blockbuster gives you the popup asking if you want to let your
Facebook friends know about your rental, if you do not respond in
fifteen seconds, the popup goes away … and a “yes” is sent to
Facebook. Wow, is that not what should happen! Not responding far
more likely indicates confusion or dismissal-through-inaction than
someone thinking “I’ll save myself the click.”

Further, we are not allowed to opt out of the system. At your Facebook
profile, you can review a list of all the sites you’ve been to that
have presented you with the Facebook spam-your-friends option, and you
can opt out of the sites one at a time. But you cannot press a big red
button that will take you out of the system entirely. So, if you’ve
deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the
list, if you go to a new site that’s done the deal with Facebook,
you’ll get the popup again there. We should be allowed to Just Say No,
once and for all.

Why? Because privacy is not just about information. It’s all about
the defaults.

If a couple is walking down the street, engaged in deep and quiet
conversation, it certainly would violate their privacy to focus
listening devices on them, record their conversation, and post it on
the Internet. The couple wold feel violated not only because their
“information” — their conversation — was published but
because they had the expectation that even though their sound waves
were physically available to anyone walking on the street who cared to
listen, norms prevent us from doing so. These norms are social
defaults, and they are carefully calibrated to our social
circumstances: The default for sidewalks is that you are not allowed
to intercede in private conversations except in special circumstances.
The default for showing up at a wedding party is that they can ask
whether you’re with the bride or groom’s party, but they can’t ask you
to show a drivers license. The default at some schools is that your
grades will be posted on a public bulletin board and at others that
they will not. When we violate these norms, various forms of social
opprobrium ensue. We even have special words for different types of
violations: eavesdropping, being nosy, being a blabbermouth, etc.

Facebook is getting privacy right where privacy is taken as a matter
of information transfer. But it is getting privacy wrong as a norm. Our expectation is that our
transactions at one site are neither to be made known to other sites
nor made known to our friends. We may well want to let our friends
know what we’ve bought, but the norm and expectation is that we will
not. Software defaults generally ought to reflect the social defaults. And
when you’re as important as Facebook — two billion page views a
day — your software’s defaults can nudge the social defaults.

Our privacy norms are changing rapidly. They have to because we’ve now
invented so many new ways to be in public. That’s why Facebook’s move
is especially disappointing. Although they are rigorously supporting
informational privacy, they are setting the defaults based not on
what’s best for their users but on what’s best for them. It’s clearly
and inarguably better for users to be able to opt out of the entire
third-party system, but it’s clearly more lucrative for Facebook to
make it hard to opt out (not to mention making it an opt in system).

Businesses always choose sides, implicitly or explicitly. Facebook has
been notable for being on its users’ side. Not in this case. In fact,
because this new ad plan invokes Facebook on other companies’ sites,
it feels like we’re being ganged up on. Even worse, in this case the
gang is so strong, it could reshape privacy’s norms.

[Tags: facebook social_networking_sites privacy advertising marketing ]

14 Responses to “Facebook’s Privacy Default”

  1. People are mistaking indications of preferences for non-critical issues (as to how they’d like information provided to them) as sufficient to grant permission, or serve as evidence of agreement (a binding contract).

    Firstly, the right to privacy is inalienable. One may well be able to sell private information (IP) to someone else (potentially making it public), or supply private information as part of a contract (that stipulates confidentiality), however, this does not grant any ability for a receving party to appropriate further private information.

    One may go through the motions of having no privacy, but one cannot actually surrender one’s right to privacy.

    Secondly, the information pertaining to transactions between two parties is naturally private to both parties – independently. Both buyer and seller are aware of the facts concerning a sale, e.g. Fred Bloggs buys pile cream for $20 from DiscreetInc. There is no obligation upon either party to keep the fact of this transaction private/secret. It is entirely a matter of trust/reputation. Of course, if the seller indicated confidence would be maintained, and yet defaulted on that, then they should expect considerable loss of reputation (and trustworthiness).

    Thirdly, some communication services are provided where the communications are not supposed to be privy to the service provider. If Facebook provides such a service then they have no right to inspect or disclose those communications (nor even the relationships). To contrive flaky mechanisms where people unwittingly privilege access to their communications and relationships to various parties is egregious.

    If any organisation gets silly when it comes to pretending they have their own customers’ permission to break their customers’ trust concerning expectations of confidence and privacy, then they will deservedly come unstuck.

    Of course privacy is valuable, and the ability to invade or violate it at will is bound to be highly coveted by nefarious organisations, but privacy being inalienable cannot legitimately be surrendered. Any private information obtained by deception or without specific, cognisant, and deliberate delivery by its owner should be subject to recovery at any time (and considerable damages if recovery is not possible).

    Privacy (control over ones private materials) is over a thousand times more precious than copyright (control over ones published materials), so that should be a guide as to the seriousness of the issue to those thinking privacy is on the way out.

    Au contraire, the less control there is to be had over what has willingly been made public, the far more important control over what is private becomes.

    People may well choose to publish ever more personal information, but it doesn’t follow that privacy has consequently become less important.

  2. Crosbie, can you say more about why you think privacy is an inalienable right? That’s a strong claim.

    I’m especially interested because it seems to me that some degree of publicness is inevitable. The line between the public and private seems to me to be not only situational, but also hugely conventional. That’s why I disagree with you when you say:

    “If any organisation gets silly when it comes to pretending they have their own customers’ permission to break their customers’ trust concerning expectations of confidence and privacy, then they will deservedly come unstuck.”

    Some organizations won’t come unstuck, I’m afraid. Rather, they will end up redrawing the line.

  3. I suspect much of the problem comes down to the misbegotten notion that one can continue to own and control information even after one has voluntarily parted with it. We’ve lived with this received delusion for three centuries, but are only now realising how much of a fiction it is.

    Privacy does not mean you have a right to control what people do with the information you give to them (whether it is of a personal nature or not), it means you have an inpenetrable barrier circumscribing your private domain and an absolute right of ownership and control over what happens to your information within that domain.

    The private domain behaves like a bubble, but it does not remain attached to the information you voluntarily remove from it. If someone removes some private information without permission, then of course, it remains your private property in its own little bubble and should be restored.

    The private domain is inalienable like one’s shadow. One may show it to another, but it cannot be detached and sold. Information may be brought into it and removed from it like any material property into safe keeping, just as things may be illegitimately planted or stolen.

    There are of course circumstances in which one person’s privacy may conflict with another’s, or circumstances in which life is at stake, that may necessitate invasion (inspection) or violation (exposure/removal).

    So, if you provide a communications service then when I use it to convey private information (I connect my private domain with the private domain of another) I am not providing that information to the service provider (they have no right to it). On the other hand, if I was using a broadcast service to communicate to the public, then the service provider being a member of the public is a legitimate recipient/accessor.

    This is the fundamental nature of privacy. It is not a tacit convention or norm open to adjustment for the purposes of commercial expediency.

    Even so, I won’t be surprised if the Facebooks of this world believe they can get legal privileges created to suit themselves, just as copyright was originally created to suit publishers.

    However, eventually, the public reassert their natural rights. This means they will assert their natural right to communicate what is in their private domain or in the public domain whenever and to whomsoever they want, and jealously guard the secrecy of their private domain otherwise. Any organisation that contradicts this will suffer opproprium, irrespective of what the law says.

    You can only redraw lines if you can patrol and enforce those lines. This applies to the state as much as any organisation.

    You can kid people you provide a privacy preserving service and then renege in an asset stripping process, but people learn (eventually) and will adapt to require more agreeable contracts.

    And there are far more individuals willing to draw and patrol lines delimiting their privacy than there are corporations or states who can redraw, erase, or blur them.

    There are two inescapable facts concerning the information revolution that everyone is going to have to come to terms with:
    1) Published information belongs to the public – its subsequent use and distribution by the public cannot be controlled by publishers or the state.
    2) Private information belongs to private individuals – it cannot be appropriated and exploited (except by those sociopathic organisations about to go out of business).

    And it doesn’t matter what contrary privileges get slipped into the statute books. They cannot be enforced upon the public without consent by the public.

    Ok, in extremis, fear may persuade a populace to stampede or be cowed into a police state, with privacy violating sanction for ‘total information awareness’, but such control over the masses doesn’t last.

  4. Crosbie, thanks for this. But I don’t see why you claim that privacy is an inalienable or natural right. If I were to deny that — and I think I do — how would you support your claim?

  5. Natural rights are constraints that all human beings are inclined and able to apply to each other in order to protect their interests.

    The right to life is the first and primary. This encompasses equality and fraternity (against negligence).

    The right to privacy is the second. This encompasses the right to private ownership and control over products or goods that one manufactures, discovers, or purchases whether of a material or informational nature. It also encompasses the right to exclusive occupation and control over one’s private space (including access whether material or informational).

    The right to truth is the third, with liberty the fourth.

    One could conceive of a world without private property (communism), but this is at odds with human nature. One might even stretch further to a Big Brother dystopia where no private space existed, i.e. that the state’s interest in its citizens overrode the citizen’s natural interest in secrecy. No doubt the state would not reciprocate by allowing continuous inspection of its open processes by its citizens.

    Privacy is fundamental to human nature. Human beings cannot help but pursue and guard it. If one respects this then one cannot permit people to divest themselves of their right to it. It must be considered inalienable. This doesn’t prevent people reducing their privacy (permitting continued access to, and scrutiny of, what would otherwise be a private space), nor prevent people giving away all their private property, but it prevents anyone else claiming a greater right to another’s privacy than the individual concerned.

    This is why rights to life and liberty are also inalienable. One can place one’s life in danger or give lifelong service as a servant, but no-one else can claim a greater right to another’s life, privacy, or liberty.

    Truth is also inalienable in that it is inviolate, one can keep facts secret, but one has no right to change the facts. Thus an author may have a right to anonymity (as part of their right to privacy), but they cannot surrender the truth of their authorship – though they are of course free to tolerate another’s falsehood.

  6. David, great post! I am thinking that Facebook has perhaps its own interests in mine and not just ours when it doesn’t divulge personal information. That’s because if it sold the personal information than the buyers might not come back, they might maintain their own lists. So its a way of protecting its assets.

    Perhaps the right to privacy derives from our right to conscience which is arguably greater than our right to life. (In the Jewish and Christian traditions, you can be sentenced to death, but you can’t have your conscience voided.) A certain degree of privacy (and of forgiveness) is essential so that people can be free enough of shame to have their own mind (even when they can’t speak it). That makes privacy relative to each person’s moral capacity – weaker people need more privacy. It also is compatible with the idea that it is wrong to shame people (applying social pressure to shut them down), but it is all right to help them feel guilty or simply question their behavior (applying personal position to open them up and ourselves as well).

  7. I’m emailing this post to lots of people – and wondering why the text is “centered.”

    It just makes it a little harder to read.

    My grandfather nearly didn’t get his first book published because he’d used a “script” font on his typewriter (a long time ago) when he wrote the manuscript.

    Moral of story: Readability matters. Just a suggestion.


  8. […] Joho the Blog » Facebook’s Privacy Default (tags: facebook privacy) […]

  9. Wouldn’t deleting the Facebook cookie be a way of opting out?

  10. vente de jeu de poker…

  11. keno download…

    Before that metodi roulette jugar poker internet roulette internet casino gratis senza deposito casino on line senza deposito…

  12. Hi, you might want to check out our new video, “Public is the New Private,” about how social networking sites have become forums for young people to post their personal business for everyone to see.

  13. […] there is no mention of a global opt-out, which I believe is a mistake. One of the critical problems with Beacon is it breaks boundaries of […]

  14. thanx big man

Web Joho only

Comments (RSS).  RSS icon