How Facebook Can Out Your Most Personal Secrets

McGruber writes "The Wall Street Journal is reporting that Facebook revealed the sexual preferences of users despite those users have chosen 'privacy lock-down' settings on Facebook. The article describes two students who were casualties of a privacy loophole on Facebook—the fact that anyone can be added to a group by a friend without their approval. As a result, the two lost control over their secrets, even though both students were sophisticated users who had attempted to use Facebook's privacy settings to shield some of their activities from their parents. Facebook spokesman Andrew Noyes responded with a statement blaming the users: 'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"

Truly horrible.

[noh8rz9]

this is a tragedy... I'm truly sorry for the students who were violated. No snark from me today...

Re:Truly horrible.

[AK+Marc]

What, Black people are holding public demonstrations with signs "un-raped white women are going to hell"?

One group was wrongly associated with a "bad" act. The other purposefully and deliberately associated themselves with a "bad" act, and continues to spend millions to support that association. I don't see the correlation. What, you believe in an invisible friend, but don't like being lumped with the others that claim to believe in the same imaginary friend?

Re:Truly horrible.

[nedlohs]

How is that treating you with hatred or intolerance? It's being closed minded, yes (which I guess is technically the definition of bigoted but we usually use it to mean a more aggresive subset). Though not knowing the person involved it could also be that he'd been bored to tears to many times by the same old libertarian arguments and simply didn't want to talk politics about them anymore.

Did he threaten you with violence? Did he demand you renounce those opinions/beliefs?

There are people I know with whom I disagree strongly on some issue, that we've decided not to discuss that particular issue doesn't make either of us bigoted. Sometimes it just isn't worth spending energy when you know neither is going to convince the other and it'll be an unpleasant waste of time.

Re:Truly horrible.

[Solandri]

Actually, my experience has been that most religious bigots aren't actually religious. They are bigots first and foremost, or rather psychotic or borderline psychotic and just want to be able to hate and do bad things to other people. They will latch onto whatever convenient excuse they can come up with to justify their behavior, such as citing specific parts of religious texts out of context while ignoring the parts which contradict their behavior. e.g. abusive husbands citing the Bible verse telling wives to obey their husbands, while completely unaware of the very next verse which tells husbands to love their wives. Even in the complete absence of organized religion (e.g. Communist China), you still see widespread bigotry in the form of prejudice based on what region of the country someone comes from.

My current hypothesis is that there's just something about human nature which makes us want to feel superior to others. That can manifest itself as being religiously moral (e.g. judging others by values they don't believe in), adhering to science and atheism (e.g. the constant bashing of religion on slashdot), coming from a more "sophisticated" cultural background (e.g. characterization of Southerners as backwards uneducated "trailer trash"), high school cliques (the stereotypical jocks vs nerds), belief in conspiracy theories ("how can you be so naive as to believe the government"), and even gossip ("I know something you don't know" and presumably that makes me superior). My guess as to the mechanism behind it is that people don't have enough time (nor interest) to join every social group there is. Consequently they try to seek self-affirmation of the groups they belong to (even when there wasn't a choice, such as what region of the country you come from). If your group is better than others, then obviously you made a better choice or were luckier at birth and thus are a superior human being.

Hey, PR drone, read this!

[girlintraining]

'Our hearts go out to these young people. Their unfortunate experience reminds us that we must continue our work to empower and educate users about our robust privacy controls.'"

How about instead of giving them some false sympathies deep fried and battered in guilt, served with a side of buzzwords, you put your money where your mouth is? You people don't have a heart to speak of, so it's not going out anywhere -- so why not send them something you actually value, like the cash you earned in extra publicity and selling of their personal data after you outed them?

Your entire business model is built on invasive marketing, selling people's personal data to the highest bidder, and despite numerous high-profile security and privacy failings, including pictures that don't get deleted off servers and remain publicly accessible for years after they've been pulled from user profiles and indefinate storage of all data ever submitted to facebook, even after it has been deleted and the profile removed, you people still have the gumption to say you have "robust" privacy controls? Screw you. Give the kids some money, then maybe I'll believe you actually give a damn.

Re:This issue is slowly becoming a non-issue

you're missing the point if you believe sexual orientation is the core of this story

Blaming users is a bad stance.

[MartinSchou]

If one user gets it wrong - sure, that's a dumb user.
Ten? Yeah.
100? Probably still that, considering how many users FaceBook has.

But they should really take a clue from Coursera - in Daphne Koller's TED talk on Coursera she touches on something very similar, namely students having misconceptions on a subject, and how they instead sort of blame the course material, and help correct the students' misconceptions.

This, by the way, is something we see entirely too little of in many types of development.

Not just software - the Stockholm Metro system has automatic gates that open and close to let you through, if you have a valid electronic ticket. And people get hit by those gates and in some cases hurt or stuck.

The company's response? Educate the users on how to use a fucking automatic door!

Honestly, when I read that, I felt like hitting the spokes person in the face and telling him that he obviously needs to be educated in the use of my fist.

Re:IF YOU HAND THEM OVER IT WILL TAKE THEM !!

[Blue+Stone]

Those "robust security policies" are nothing but paper walls, that can be slid back or removed entirely at the whim of your host, whose house you're visiting.

And your esteemed and generous host is a businessman who's stated quite clearly that your privacy is for sale for his own profit, and that you are a complete fool for trusting him.

Maybe at some point in the future, people will wise up and stop visiting.

"you should never post"? Get a clue.

[QuasiSteve]

"you should never post". Get a clue - it may not be you doing the posting.

Here's the problem. They didn't post. They, in fact, used what little privacy controls they had to shield off any posts and activities that would let on their sexual orientation to friends and the public at large.

Who did post, was the then-president of a choir group called Queer Chorus. He added these two individuals to their facebook group. He did so while the group was set public (an 'open' group).
facebook, in turn, notified all the 'friends' of these two individuals that they had joined the group, because that's just how facebook - in all its "privacy? what privacy?" ways - works.

The only time these two individuals ever did anything related to the chain of events was when they friended, or accepted a friend request, from this choir group in the first place. If you're saying that they shouldn't have done that unless they were 'ready and willing' to own, that's fine.

I suppose if they had never befriended the choir on facebook only dealt with them in person, and the then-president had merely mentioned them in passing in a wall post and somebody who knew them had stumbled on that, and posted about it publicly, then they should simply not have dealt with the choir in person.

Maybe you believe that if they weren't 'ready and willing' to own to being gay, they should just have kept up appearances of being straight through all aspects of life.

Rather dangerously close to an "if you have nothing to hide"-argument, I'd say.

Personally, while I agree that anything you post online should be considered a matter of public record, just like picking your nose from the sanctity of your home doesn't mean people won't talk about it the next day if they happened to look through your windows. But then, I have curtains, and I feel that I can reasonably expect that nobody is going to peer through a small slit in those curtains - just as I feel that I should be able to reasonably expect that if I set facebook settings to hide practically everything about me, that they then don't betray that effort by opening up another vector to third parties that is public by design. Naive in both cases, perhaps, but I certainly wouldn't say that it boils down to blaming the users. It's just not that simple.

Re:Stopped using facebook 8 months ago

[Lisias]

f you're being added to 'fairly extreme view' groups, then I guess you have 'fairly extreme view' facebook 'friends'. If you'd rather not be part of those groups, you may wish to review the status of that 'friendship'.

I strongly disagree. I have religious friends, I have gay friends, I have some few extreme guys as friends.

These groups does not mix up, but these people are my friends nevertheless.

If all your "friends" think as you, act as you and looks as you, this is not friendship. This is narcissism.

Re:This issue is slowly becoming a non-issue

[Dogtanian]

Surely you recognise the word "becoming"

Yes, I do. Iraq has "become" a significantly more dangerous place for homosexuals in the past few years. It's grossly blinkered to assume that the rest of the world has all followed the United States and Europe, and it's also dangerously naive to assume that the direction of public opinion couldn't change.

If a defense is impossible, you have to fall back on the next best defense. That doesn't change the best defense. The best defense against your parents finding out about your sexual orientation from someone else will always be to tell them yourself, from whatever distance is safe.

That's an idiotic comeback. If you live in a country where people are prepared to kill members of their own family over "honour" (translation; face-saving murder) and such things, then telling one's parents about such things isn't the "best defense".

Yeah, it'd be nice if everyone could tell their parents about such things, and it'd be nice if we all had a pony. Meanwhile, some people have to live in shitholes where a mentally-backward Christian girl in her early teens is threatened with her life because she allegedly burned a koran- though it's just as likely a witchhunt incited by religious leaders- or another teenage girl is shot for speaking up in favour of education for her peers.

Facebook is social networking, and people have to realize that their socializations will be revealed.

The risk will always exist. Facebook's behaviour is comptemptible because they pay lip service to mitigating it while (as you agree) intentionally undermining privacy and making things worse than they need be for their own self-interest.

Facebook's position is the only sane one in this case, since people do need to be educated about this sort of thing.

I'm not sure what you're trying to say here. Is it that- given that Facebook are intentionally undermining privacy, because their business model depends on it- they should educate people about the privacy controls anyway.

While this might technically make logical sense at some level, it's absolutely fucked up. Nor does it take into account the fact that Facebook aren't being open- that is, they try to give the impression they care about privacy and giving people the tools to manage it, when they're not open about the fact they're really doing the complete opposite.

And soon it won't matter. Not soon enough, but tolerance is growing in general.

Indeed, and (for example) Jamaican society tolerates the burning and killing of gay men, so we should all encourage people there to come out to their parents.

When they're dead, it'll comfort them to know that tolerance is growing in general.

Maybe in 50 years time, things will be better there, but it takes a peculiarly tolerance-spoiled type of insensitivity to assume that this makes it okay for everyone around the world to have their secrets revealed today.

Frankly, I don't think we'll ever live in a world where we won't have the need- and shouldn't have the right- to some level of privacy. If Facebook wants to undermine our privacy while weasel-ishly pretending to do the opposite, I'm quite happy for people's attention to be drawn to this.

Re:IF YOU HAND THEM OVER IT WILL TAKE THEM !!

[crath]

Internet 101: anything you post will eventually become public; if you you want to keep it a secret, don't post it in the first place. The fact that these two individuals thought that they could mantain two different public personas and keep one of them a secret is simply a testement to their ignorance.

Re:IF YOU HAND THEM OVER IT WILL TAKE THEM !!

[Dekker3D]

But their joining that choir wasn't online.. it wasn't posted by them. The only thing they did wrong was either pursueing their interests by joining the choir or being like everybody else by having a Facebook account. Since science has taught us that everyone who doesn't use Facebook is a horrible murderer-to-be, the latter can't be ruled out-... so they weren't supposed to join that choir?

It is not about what you do

[betterunixthanunix]

This is not just about what you do online, it is about what you and all the people you associate with do online. I am not on Facebook, yet Facebook still manages to collect information about me (and spread it around): people "tag" me in photos, sometimes people invite me to join Facebook, and people might mention me in messages they send to each other on Facebook (including public messages). So despite the fact that I have no Facebook account, at least part of my personal life is being collected by that system.

That is the point of TFA. These people did not announce their sexual orientation on Facebook, someone else did, without their permission.

RTFA

[BeanThere]

Read The Fucking Article - she didn't put the information on there, someone else did (and Facebook's extremely poor privacy controls allowed it). That was kind of the point:

... the president of the Queer Chorus, a choir group she had recently joined, inadvertently exposed Ms. Duncan's sexuality to her nearly 200 Facebook friends, including her father, by adding her to a Facebook Inc. discussion group

Do you understand what this is about? Facebook allows other people to add you to groups - in other words, your 'friends' can basically edit an aspect of your profile. It's bizarrely stupid, and has been a common complaint for a long time, and this wouldn't have happened if Facebook didn't do this, but Facebook defends this practice.

Re:IF YOU HAND THEM OVER IT WILL TAKE THEM !!

[TranquilVoid]

Correction: only friends can add you to groups but you cannot stop them, only leave when you receive the notification. I thought I saw this setting somewhere but it's either gone or more likely I confused it with another setting.

I guess this system does a lot to encourage group membership. In the same way people wouldn't bother joining they won't bother leaving. Hence Facebook gains a valuable/insidious source of user data typing.

Re:IF YOU HAND THEM OVER IT WILL TAKE THEM !!

I do not have a Facebook account

Do you have any friends that use Facebook on their smartphone? Uploaded photos and tagged you? Mentioned you in a wall post? If so, then Facebook already has an account for you, you just haven't set a password on it yet.

IOW, Facebook has enough users that they can identify gaps in the social graph corresponding to people who don't use Facebook. It's naive to think they don't do anything with this information.

Re:IF YOU HAND THEM OVER IT WILL TAKE THEM !!

[AliasMarlowe]

There is a privacy setting so you can't be added to groups without your permission which undercuts the claim that they were 'sophisticated users'. To be fair I think Facebook set this to false by default when they added the feature.

And you have to be a Facebook user to apply that setting. And then you must repeatedly find and re-apply it when Facebook rearranges its privacy settings and resets them to default (usually undesirable) values. Even a brief period with the setting the wrong way could be disastrous, if the tagging (and consequent promulgation of the tagging) occur during that time.

Those of us who are not Facebook users can apparently be added/tagged/whatever entirely without permission. For all I know, I've been named and tagged in all sorts of photos/groups in malicious ways. That's a nasty problem for some folks, which will likely remain unresolved until it is regulated in some way. By avoiding and actively denying decent self-regulation, Facebook is almost demanding that its actions be limited by legislation. I have no idea what happens to tags or suchlike applied to Facebook users who subsequently renounce/cancel their Facebook accounts. Potentially yet another divisive issue.