Joho the Blog » Facebook’s Privacy Default
Everyday Chaos
Too Big to Know
Too Big to Know
Cluetrain 10th Anniversary edition
Cluetrain 10th Anniversary
Everything Is Miscellaneous
Everything Is Miscellaneous
Small Pieces cover
Small Pieces Loosely Joined
Cluetrain cover
Cluetrain Manifesto
My face
Speaker info
Who am I? (Blog Disclosure Form) Copy this link as RSS address Atom Feed

Facebook’s Privacy Default

[This post is also running at HuffingtonPost.]

With its new advertising infrastructure, Facebook is being careful
to protect privacy of information. But they are bucking — and
perhaps helping to transform — the norms of privacy. At
its most basic, Facebook is getting the defaults wrong.

The new ad infrastructure enables Facebook to extend their reach onto
other companies’ sites. For example, if you rent a copy of “Biodome”
from, Blockbuster will look for a Facebook cookie on
your computer. If it finds one, it will send a ping to Facebook. The
Blockbuster site will pop up a “toast” (= popup) asking if you want to
let your friends at Facebook know that you rented “Biodome.” If you say yes, next time you
log into Facebook, Facebook will ask you to confirm that you want to
let your friends know of your recent rental. If you say yes, that
becomes an event that’s propagated in the news feed going to your

Facebook has also created a new type of entity to allow non-people
to have a presence in the system. So, a company or a character can
now get a “page,” but not a profile. It can have “fans” but not
“friends.” And the fact that you decided to become a fan of Cap’n
Crunch is yet more information advertisers can use against you.

Facebook makes an astounding array of information available to its
advertisers so that they can precisely “target” likely suspects. This
is great for advertisers, and — given that the ad space is going
to be filled up one way or another — it’s arguably better for
users to see ads that are relevant than are irrelevant. (The
counter-argument is that targeting makes ads more successfully
manipulative, not just more relevant.) Facebook is scrupulous,
however, about not letting advertisers know the identity of those to
whom it’s advertising. So, Blockbuster might buy ads for all men aged
18-24 who have joined the Pauly Shore fan club, but Blockbuster
doesn’t know who those people are.

When Facebook talks about preserving user privacy, that’s what they
have in mind: They do not let advertisers tie the information
about you in a profile (your age, interests, etc.) to the
information that identifies you in your profile (your name,
email address, etc.). That is the informational view of privacy, and
Facebook is likely to continue to get that right, if only because so
many governmental agencies are watching them. I also think that the
Facebook folks understand and support the value of maintaining privacy
in this sense.

Yet, I find myself creeped out by this system because Facebook gets
the defaults wrong in two very significant areas.

When Blockbuster gives you the popup asking if you want to let your
Facebook friends know about your rental, if you do not respond in
fifteen seconds, the popup goes away … and a “yes” is sent to
Facebook. Wow, is that not what should happen! Not responding far
more likely indicates confusion or dismissal-through-inaction than
someone thinking “I’ll save myself the click.”

Further, we are not allowed to opt out of the system. At your Facebook
profile, you can review a list of all the sites you’ve been to that
have presented you with the Facebook spam-your-friends option, and you
can opt out of the sites one at a time. But you cannot press a big red
button that will take you out of the system entirely. So, if you’ve
deselected Blockbuster and the Manly Sexual Inadequacy Clinic from the
list, if you go to a new site that’s done the deal with Facebook,
you’ll get the popup again there. We should be allowed to Just Say No,
once and for all.

Why? Because privacy is not just about information. It’s all about
the defaults.

If a couple is walking down the street, engaged in deep and quiet
conversation, it certainly would violate their privacy to focus
listening devices on them, record their conversation, and post it on
the Internet. The couple wold feel violated not only because their
“information” — their conversation — was published but
because they had the expectation that even though their sound waves
were physically available to anyone walking on the street who cared to
listen, norms prevent us from doing so. These norms are social
defaults, and they are carefully calibrated to our social
circumstances: The default for sidewalks is that you are not allowed
to intercede in private conversations except in special circumstances.
The default for showing up at a wedding party is that they can ask
whether you’re with the bride or groom’s party, but they can’t ask you
to show a drivers license. The default at some schools is that your
grades will be posted on a public bulletin board and at others that
they will not. When we violate these norms, various forms of social
opprobrium ensue. We even have special words for different types of
violations: eavesdropping, being nosy, being a blabbermouth, etc.

Facebook is getting privacy right where privacy is taken as a matter
of information transfer. But it is getting privacy wrong as a norm. Our expectation is that our
transactions at one site are neither to be made known to other sites
nor made known to our friends. We may well want to let our friends
know what we’ve bought, but the norm and expectation is that we will
not. Software defaults generally ought to reflect the social defaults. And
when you’re as important as Facebook — two billion page views a
day — your software’s defaults can nudge the social defaults.

Our privacy norms are changing rapidly. They have to because we’ve now
invented so many new ways to be in public. That’s why Facebook’s move
is especially disappointing. Although they are rigorously supporting
informational privacy, they are setting the defaults based not on
what’s best for their users but on what’s best for them. It’s clearly
and inarguably better for users to be able to opt out of the entire
third-party system, but it’s clearly more lucrative for Facebook to
make it hard to opt out (not to mention making it an opt in system).

Businesses always choose sides, implicitly or explicitly. Facebook has
been notable for being on its users’ side. Not in this case. In fact,
because this new ad plan invokes Facebook on other companies’ sites,
it feels like we’re being ganged up on. Even worse, in this case the
gang is so strong, it could reshape privacy’s norms.

[Tags: facebook social_networking_sites privacy advertising marketing ]

Previous: « || Next: »

Leave a Reply

Comments (RSS).  RSS icon