Why Facebook Won't Stop Invading Your Privacy

GMGruman writes "Every few weeks, it seems, Facebook is caught again violating users' privacy. A code error there, rogue business partners there. The truth, as InfoWorld's Bill Snyder explains, is that Facebook will keep on violating your privacy, no matter what its policies say, what promises it makes, or how shocked it claims to be at the latest incident. The reason is simple: Selling personal information on its users is how it makes money, and Facebook is above all a business."

Well, duh.

[BrokenHalo]

Selling personal information on its users is how it makes money, and Facebook is above all a business.

Why is this news? Nothing to see here, move on please...

Re:Well, duh.

[delinear]

Agreed. Facebook won't give up invading users' privacy until they get replaced by a site that cares about user privacy. And I can guarantee that that caring attitude will last precisely long enough to bury Facebook as a competitor before they start doing exactly the same thing. Users just have to accept they can have privacy or Facebook, but not both.

Re:Well, duh.

[Monkeedude1212]

I find myself re-iterating this fact to my family members every month.

See, yesterday or the day before the Wall Street Journal published an article, I guess they sent someone in and investigated the whole Facebook Application scheme, and found that 10 out of the top 10 developers are selling the information they gather and that it's not unusual for LOTS of Facebook apps to do so. This is technically a breach in the "privacy policy" set forth by facebook, but no one has ever done anything about it, ever, so its still rampant.

Of course, my mother works downtown in a nice tall skyscraper and she catches a glimpse of this, catching the words like "Facebook - Privacy - Security - Breach - Applications - Farmville" so she went and formed her own little news snippet in her head completely different from whats actually going on. She sends an email to the entire family along the lines of "Facebook announced that some popular apps like Farmville have been hacked, so double check your personal/financial info to make sure none of your banking credentials were stolen!"

My first reaction was a double take with a massive head jerk thinking that the makers of Farmville (Zynga? w/e) had managed to make their application place tracking cookies or other devices in the browser that could do simple keylogging and report back to their server. I immediately pull up my browser and start searching for anything regarding the subject matter - only to find nothing but that Wall Street Journal Article.

So I had politely drafted up an email to everyone in that email explaining the whole privacy issue with Facebook right now - making careful to note that their computer hasn't been hacked by accessing a facebook app - but any information they've put on Facebook is essentially on there, has probably been sold to advertising companies, and can't be removed.

I can't seem to get it to stick...

Re:Well, duh.

[mlts]

I am cynical, but if a site comes along that does respect user privacy, they won't make the ad revenue, unless other funding is obtained.

FB does not make a dime from the people who have accounts with them, other than the gift services. The real customers are the advertisers and the developers like Zygna. To FB, account-holders are considered whining maggots, a necessary evil so advertisers can be handed their information and in return, hand FB cash.

TANSTAAFL. Want to know how to change this? Have a social networking site paid for by either subscription fees, or by grants from governments/universities/funds in return for privacy/security guarantees of user data?

Re:Well, duh.

[Ash+Vince]

Agreed. Facebook won't give up invading users' privacy until they get replaced by a site that cares about user privacy. And I can guarantee that that caring attitude will last precisely long enough to bury Facebook as a competitor before they start doing exactly the same thing. Users just have to accept they can have privacy or Facebook, but not both.

I don't think this is limited to facebook.

Our privacy has been successively eroded over the past 20 years since companies realised how valuable information about their customers could be. We have gained many "free" services as a result of this that we otherwise would have had to pay for, but we have don so under the small print proviso that we would be allowing them to make money by selling information gleaned from watching us.

Even before the current days of the web customer loyalty cards were built on this premise. They could give us a small discount on our shopping in return for the data they could gather on us as a result of us identifying ourselves every time we purchased something.

The only way facebook would ever be overtaken by another company that did not behave this way would be if people cared enough to leave because of it, I have sneaky feeling that most people do not.

Re:Well, duh.

[idontgno]

That's an unfortunate chain of events. When you explain the facts and the "OMG, they're hacking my bank accounts" panic fades away, the truth winds up seeming a lot less grim. People may not be able to work up the appropriate levels of concern. Relief you haven't been shot may keep you from reacting to the fact you're being robbed.

Re:Well, duh.

[Glendale2x]

I can't seem to get it to stick...

Because, in the end, users do not want privacy. They want their Facebook, Gmail, et al for free, and are unable or unwilling to make the connection that "free" has a non-monetary price to them. These companies know this and will continue to do whatever they can get away with to make the money that keeps it "free" to the audience.

Re:Well, duh.

[X_Bones]

I can't seem to get it to stick...

you can lead a brain to knowledge but you can't make it think.

Re:Well, duh.

[rochberg]

"If you aren't paying for the product, you are the product." (I wish I could claim credit for the quote, but I can't. And I've heard it from so many sources that I don't know the origin.)

Re:Well, duh.

[nedwidek]

Advertisers are not handed the information. Advertisers specify the characteristics of the user they'd like to advertise to. I helped a friend advertise her bistro. We said who we'd like to show the ad to. Facebook then said how many people it was shown to each day, but never who. For all I know they could have lied on the number and charged her credit card anyway, but her fan count definitely took off quicker with the advertising and business went up. Was it the advertising onFacebook? It appears so, but I can't prove it.

As for application developers, of which I am one... Please tell me how you expect the social aspects of the games are supposed to work if I CAN'T pull information? Sure you can lock everything down. These are the same people who can't lock their account down. They're going to bitch when things don't just work in the games because they can't figure out how to open them up.

Here's what I tell people: If you don't want it known, don't tell it to Facebook. Belong to the Church of Satan, but don't want people to know? Don't put it in your profile. And maybe take 10 minutes to go through the privacy controls they're not that hard.

Still don't like it? Don't open a damned account. It's nice that you put up solutions, but the possibility of any of those happening is zero to nil.

Re:Well, duh.

[lgw]

So thats why it's getting so many attacks on it - there's a LOT of holes in the system and its not just "You gave it to Facebook" - it's a sort of "You gave me a check box that said ONLY people on my friends list could see it. Now an App developer has that information and is selling it. WTF"

Nah, it really is as simple as "you gave it to Facebook". Putting info on the internet is making that info public, period. If you believe Mark Zuckerberg when he says "trust me honey, I'll pull out in time", that's just your naivete. Companies tell you lots of things when they want you to use their product, all lies, and yet people are somehow surprised that this one specific company lied to them? Please.

If you put it on the internet, expect it to become public, simple as that. That includes email, VOIP calls, browsing history, search history, whatever: don't fool yourself that somehow some specific thing is sacred. Just be glad for whatever time we have left that encryption is still legal.

Re:Well, duh.

[mlts]

The social stuff can work, but FB's app model is all or nothing. You hand over not just your info to any app developer who comes along, but your friends' info too. I have yet to see a FB app developer ask for anything less than the whole shebang for their stuff.

The "love it or leave it" argument isn't valid either. I know when I was looking for work that I was turned down for jobs because I didn't have a FB profile, thus HR reps thought I was a dinosaur. I was even asked about it in interviews, and when I stated that I had no FB account, I'd get looked at like I just farted out a radioactive bunny which was playing the DN3D theme song. Employers actually look at candidate FB/Twitter/MySpace profiles these days. Some even demand full friend access. So, not having an account means hurting one's chances at finding gainful employment.

Re:Well, duh.

[lgw]

Email is effectively public, unless you encrypt it. Don't fool yourself. The law is increasingly treating email like post cards, where there's no expectation of privacy for the contents.

And your banking history is an open book to the government, and (especially for credit cards) plenty of personal info is sold to marketers, unless you carefully opt out (and even so, some stuff goes to the credit agencies). And, of course, if you don't encrypt your session with your bank, your money WILL get stolen. Encyption provides most of your (transactional) banking security.

Shocking.

[2names]

No really. Don't let the deadpan delivery fool you into thinking I am not shocked. I am. Really.

We should be used to it by now

[Drakkenmensch]

When Facebook announces new privacy-preserving settings for its users, what they mean is "we have implemented a new zero-day exploit that will allow hackers to steal all your info with a simple script and sell it all off on the internet with very little effort."

To quote someone on Metafilter:

[Mr_Silver]

If you're not paying for the service, you are the product, not the customer.

Re:To quote someone on Metafilter:

[technomom]

Really successful businesses are able to make you pay for the service, PLUS sell your data (or eyeballs). See the publishing industry (up until about 1999) and television.

Re:To quote someone on Metafilter:

[Mr_Silver]

Really successful businesses are able to make you pay for the service, PLUS sell your data (or eyeballs). See the publishing industry (up until about 1999) and television.

You're correct, but the problem with Facebook is that it needs you to share lots of information in order for them to sell it to others. It's well known that opt-in services, whilst being great for consumer privacy, typically have a lousy take-up rate. I'm amazed at the number of people who have completely open profiles, probably because they didn't know that they were like that.

Therefore it is in Facebook's interest (and their bottom line) to ensure that you have to opt-out and preferably in a way which is convoluted enough to make you not bother but not so convoluted that they're accused of being evil*.

Their goal of helping your connect with friends has long gone as the functionality available today is more than adequate for that purpose. All new features added in the last year or two are solely geared around you sharing more information that can be sold.

(* with the exception of Facebook Places, which they've blatantly decided that you cannot block check-ins from your friend stream without completely blocking the friend - presumably in the hope that you'll be persuaded to actually use the service)

In other news...

[gorzek]

...water is wet, the sky is blue, and Elvis is still dead.

Re:In other news...

[BitZtream]

No, Elvis is not dead, he just went home.

Re:In other news...

[gorzek]

I just knew that would be the first reply I got. Thank you, Slashdot, for not letting me down.

Facebook is NOT violating privacy

I'm sure this will be an unpopular post, but Facebook is NOT violating privacy.

Really, if you post something on the internet and expect it to be private, you are an idiot. You can't reasonably expect privacy on someone else's servers. Once you release information in the wild, you have no control over what happens to it. None. Those privacy settings mean jack shit. They are only veils. In fact, those privacy settings aren't even guaranteed.

If you don't want people to know something about you, don't post it on the internet. It really is THAT simple. If you don't want the evidence to make it to your wife, your boss, or whatever, don't put that evidence in an archivable medium AT ALL. And lastly, if you don't like the way Facebook uses your information, DON'T USE THE GOD DAMN SITE. If you aren't using it, they can't "violate" your "privacy."

Re:Facebook is NOT violating privacy

[RazorSharp]

I'm sure this will be an unpopular post, but Facebook is NOT violating privacy.

Really, if you post something on the internet and expect it to be private, you are an idiot. You can't reasonably expect privacy on someone else's servers. Once you release information in the wild, you have no control over what happens to it. None. Those privacy settings mean jack shit. They are only veils. In fact, those privacy settings aren't even guaranteed.

If you don't want people to know something about you, don't post it on the internet. It really is THAT simple. If you don't want the evidence to make it to your wife, your boss, or whatever, don't put that evidence in an archivable medium AT ALL. And lastly, if you don't like the way Facebook uses your information, DON'T USE THE GOD DAMN SITE. If you aren't using it, they can't "violate" your "privacy."

Bullshit. When you do online banking, you expect your information to remain private. When you click a box on Facebook that claims to protect your privacy, it dammed well better.

No one cares

[RazorSharp]

And that's what's so sad about this. When friends encouraged me to get on Facebook I told them about the profit model and why they shouldn't contribute to it, but they all had the same response, "who cares?" It was hard enough for them to understand why their personal information would even be profitable in the first place, but for them to actually care was impossible. Lets face it, Facebook users have the same view of privacy Zuckerberg has: they don't value it and they don't understand why anyone would (unless, of course, they had something to hide).

I value my privacy and I find Facebook to be the finest example of everything that is wrong with capitalism. But that's why I'm here on Slashdot and not there.

Re:No one cares

[Cro+Magnon]

My posts aren't supposed to be public. They are supposed to private, just between me and my 5,000 closest friends.

Re:No one cares

[CannonballHead]

If Facebook is the best example of everything that's wrong with capitalism, capitalism would appear to be a pretty good system. I doubt socialism is an inherently privacy-valuing system... it would seem to me that for a socialistic model to work, more of your privacy would have to be violated?

Re:No one cares

[thePowerOfGrayskull]

Lets face it, Facebook users have the same view of privacy Zuckerberg has: they don't value it and they don't understand why anyone would (unless, of course, they had something to hide).

And they're 100% right -- for if they do not see value in their privacy, then their privacy has no value.

For those whose privacy does have value - they'll do as you do, and avoid Facebook et al entirely.

Re:No one cares

[Monkeedude1212]

Even the private messages that go between you and someone else on Facebook are still technically posted "To Facebook" so it is "Facebooks Data" and within "Facebooks Data collection" and permissable for them to sell or do whatever they want to.

But that's not really the thing. Your name IS private. When there are only two parties involved, yourself and someone else, and they ask you your name, you can choose not to disclose that information. This is where aliases online became popular to help anonymize people. Facebook discourages anonymizing and wants to identify people, makes it easier to aggregate their data.

When I log onto facebook and when my girlfriend log onto facebook, we'll see different advertisements. Why is that? Clearly they've collected enough information on me to know that I like video games and she likes Jewelry. Simple enough matter - perhaps thats just gender profiling? Well when I log on compared to my brother, I see ads for MMO's, he sees advertisements for sports and poker.

The point is that basically all the stuff about you, even stuff you don't generally make public - ends up getting grouped together into a profile that gets sold to advertisers so you are constantly bombarded by the stuff you are most likely to buy. Just by creating that profile, and then clicking on certain links - that info gets put to work profiling you. Hey, you like Mafia Wars? This kid probably likes the idea of Gangs and guns. Lets grab some related clothing and see if he clicks on the ad that says SALE!

Then, when someone messages you "Hey, whats your Phone #?" Facebook gets that info. When someone asks "Hey where's your house again?" They get your address. "Whats your email?" - yada yada yada.

The big fear everyone has is that this will go much farther reaching than advertising. Oh hey, you were looking up medical conditions, you have a self diagnosis app on facebook... Health Insurance company buys the info... Oh look your premiums are going to go up, they suspect you might have something. You came down with something? Well theres some searches you made 5 years ago that suggests it might have been present before buying the insurance, so no payout.

Things like that.

Re:No one cares

[Abcd1234]

When friends encouraged me to get on Facebook I told them about the profit model and why they shouldn't contribute to it...

Wait... *why* shouldn't they contribute to it? You say that as if it's a given, but please, elaborate on this point for me.

Because it seems to me this is a classic example of a win-win situation: the users give information to Facebook, which Facebook deems valuable, and the users, in turn, receive a service they find useful.

Now, certainly people can choose whether they want to participate in that arrangement, and I can see why *you* shouldn't. But I fail to see why no one else should.

This is why we can't have nice things, children!

[kheldan]

If you actually use your real name and personal information on any social networking site, then you are an idiot, plain and simple. You may not even be able to exercise damage control at this point by erasing everything and deleting accounts; it's all still out there somewhere and someone has it -- and in many cases, it's people you never even met in person who you allowed on your friends list in the neverending quest to have more "friends" than your buddies do.
I already know I'm going to get modded down to -1, Troll or -1, Flamebait for posting this, but you can't escape the cold hard truth that so many of you have not been wise, and now you're paying the price.

This point keeps getting made

[SemperUbi]

again and again; it's old news by now. But there are a whole lot of people who just don't seem to either get it or care. Facebook is really good at exploiting that ancient "be part of the pack or else you'll die" thing that got us through the Pleistocene era.

Re:hmm

[RazorSharp]

Nothing and no one should have first amendment restrictions.

FIRE!!!!!!!!!

Anonymous Coward on Thursday October 21, @11:51AM(#33974432) rapes babies and strangles puppies!

The military is conducting an operation at coordinates x-y at 11:00AM (EST) on October 22.

Corporations funneling money into political campaigns are merely expressing their political opinions!

Need any other examples?

Re:This is why we can't have nice things, children

[ceoyoyo]

Why? Your name is generally a matter of public record. It's not private. Pretty much the opposite, in fact.

If you post any actual private information on a social networking site then you're taking a risk. You might be an idiot, or you might have weighted the costs and benefits and made an informed decision.

Re:hmm

[DarkOx]

Freedom of speech is about expressing beliefs and opinions and facts, that is what the ruling about "FIRE" is all about you are not free to tell blatant false hoods when they could case clear and present danger. This is also how liable, defamation, and slander laws are still permissible.

Beyond this there is no reason to curb freedoms of speech. The whole corporate campaign donations thing is a red herring. That ruling in and of it self is correct. The problem there if you will is the legal fiction that corporations are people and therefore can hide behind the bill of rights in the first place. Corporations are nothing like people:

they don't die eventually as people do

you can't jail them when the misbehave

because their size, wealth, and resources vary so widely as compared with individuals they don't have an equal sensitivity to fines and other defined civil penalties.

If you want to fix this country (USA) for real one place to start would be getting rid of the legal fiction corporations are people, drafting up a fare corporate bill of rights, which might leave some limitations on things like speech.

 

Sites that collect no PII can't sell or leak it

[Mr.TT]

A year ago, we launched a privacy site with the goal of providing a safe, secure, simple means to share information using end-to-end encryption. Without going into detail and without mentioning the name of the site, I can tell you that we succeeded and we have a small group of regular users. We don't have an advertising budget, so most users find us through google ("private secure encrypted"). Even those with no knowledge or understanding of how encryption works can figure out how to use this site. Since we collect no personal data, we have nothing to sell to advertisers. Eventually, there will be a nominal fee to use the highest privacy level ("secret"), but anyone creating an account this year will get to use the site free for life (or until the site is sold or terminated).

Why? Because people won't stop using it

[noidentity]

Since people keep using it, they're sending the message that they don't care about invasions of privacy. It's not too hard to figure out how to avoid this invasion: don't use the site.

"Privacy is Dead" Philosophy

[necro81]

One key part about it is that Facebook, and particularly Zuckerberg, is convinced that privacy is an illusory notion at best in today's world. Privacy was all some strange social construct that is now, or soon will be, thoroughly antiquated. It's an impediment to the future; a mental hangup. It's right up there with believing the Earth is flat and the sun revolves around us. The sooner we all realize this the better off we'll be.

Within this philosophy each move that Facebook makes isn't some sort of violation or theft. You can't steal what someone doesn't have. Instead, it is an object lesson to the unenlightened. I, for one, believe this is total bullshit. Then again, I'm also not on Facebook. The movers and shakers in technology have been all about this for a long time: dragging the masses kicking and screaming to that future only he has the genius to see. Usually, they have limited it to technical or economic matters, a'la Bill Gates. Or, like Steve Jobs, they have an overt social vision behind their technological heavy-handedness, but folks generally haven't been too offended by it. Zuckerberg is upping the ante in a dramatic way.

FB cares about privacy

[jDeepbeep]

FB cares about privacy in the same way that McDonald's cares about nutrition.

Re:This is why we can't have nice things, children

[Americano]

Oh and by the way: if you REALLY feel that way about it, then why not put up live internet cameras in your bedroom so we can watch you have sex with your wife? After all, you have nothing to hide and you honestly don't care with what anyone does with your personal information, right?

Funny thing is, GP didn't say he "had nothing to hide" - he said that the stuff he posts on facebook isn't that private anyway, and he doesn't care that it's up there, or that Facebook knows it. He didn't say "I post every detail of my life there," he said "I don't care if people know the details I do post up there."

There's worlds of difference between "I don't care that Facebook knows I like golf (but suck at it), have half a dozen friends who live in New York City, and like rock and alt-country music, and uses that knowledge to display advertisements I might be interested in seeing based on those interests." and "I don't care if Facebook films me having sex with my wife and posts that up on facebook.com/bobsmith_porking_lisajones/livestream, and uses it to sell male enhancement products and plastic surgery."

Reasonable people are able to draw the distinction between these two scenarios. You seem to have missed the distinction. Conclusions that may be drawn from these facts are left as an exercise to the reader. The rule to keep in mind on Facebook is: don't post it if you consider it private information.

Expectation of privacy.

[Evro]

You put your data on its server for the purpose of sharing it with others. Any expectation of "privacy" on a system designed to share information seems misinformed, especially when all that information is further shared with third parties (apps) over whom Facebook has no control. You might reasonably expect your FB inbox to be private but that's about the only type of information on the entire site that isn't "shareable."

Plus, if you're not accessing a service exclusively over SSL, do you really care how private the data is that you're transmitting?

Socialism 101, and Privacy

[cmholm]

Socialism 101: the employees own their place of employment. It could be directly, such as a partnership, or via proxy (ie. shares of stock). Period.

Some people prefer a more indirect proxy (ie. a Socialist government). Obviously, *that* model has had problems.

Social Democratic parties prefer the employee-ownership part. But, rather than require it and overturn the whole apple cart, accept that yer gonna have owners exploiting employees, and use social welfare programs to ameliorate the "getting screwed" parts of capitalism.

To manage a social welfare system requires records of the beneficiaries. On the other hand, large firms selling products purporting to ameliorate the "getting screwed" parts of life require records of the beneficiaries, and may sell those records to other firms.

Potaytoes, potahtoes.

Re:This is why we can't have nice things, children

[ScottMcD]

I use my real name on facebook. That makes me an idiot? Thanks for the classification.

I tend to believe I'm more informed than the average person. Maybe I'm mistaken. If you believe that social networking sites sharing this type of information is the greatest privacy issue at the moment then you are mistaken.

To provide an example, I recently remortgaged my house. I received no less than 2 dozen mail offers to my home address (the address remortgaged). Most of them were to either offer insurance protection in case I was disabled and couldn't pay my mortgage or to allow me, for a fee, to pay my mortgage more often thus saving money in interest. A service my bank offers for free.

These companies put information on the mailings that could only be found in the mortgage documents, including the principal amount. How did they get this information? All of it is readily available public information available on the internet. Any piece of property in the state I live in has this information available online. This includes deed information such as amount paid and any liens including mortgages and tax liens. These are full images of the documents, including the signature. For many cities and towns tax assessment information is also available: property value, floor plans, property acreage and address.

There are many other examples of information online that compromise privacy. To worry about people putting information they themselves decide to put out there is the least of our worries.

Re:This is why we can't have nice things, children

[lennier]

If you actually use your real name and personal information on any social networking site, then you are an idiot, plain and simple.

Exactly!

That's why I always walk around outside wearing a Guy Fawkes mask, a biohazard suit and use a different alias at every shop. Can't let just anyone know my real face or true name - and who knows what dark magics they might weave with a lock of my hair?

Plus it makes everyone who comes to the help desk at work really quiet.