Top Reasons To Drop Facebook
Facebook has only been around for a few short years (since 2005), yet it has managed to turn almost completely around in its approach to user privacy. Initially, you defined who could see your information — in essence, you defined your "social" network and how big it could grow. More recently, Facebook has taken that control away and now decides for itself who your social network can include. You still control who your friends are (for now) but you no longer control who can see a disturbing amount of information about you. The EFF has posted [a very interesting timeline][facebook-privacy-timeline] showing the relatively rapid decline in your available privacy on Facebook. The links to the Facebook Terms of Use from that EFF post provide all the proof of the company's desire to erode your privacy most reasonable people require, but putting it all together isn't necessarily so easy. It's a lot easier when you have a Facebook employee saying the CEO (Mark Zuckerberg) doesn't believe in privacy, but the Terms of Use aren't always very clear and quotes can be wrongly interpreted without context or knowing how well this source actually knows Mark Zuckerberg. Here I will try to make the Terms of Use a little more clear and show how both the Terms of Use and the implementation of Facebook itself demonstrate why we should all drop Facebook and find (or create) a better social networking platform.
Facebook Terms of Use
The first thing to notice is that the Facebook Terms of Use are (almost) entirely one-sided — and certainly not in your favour. For one example, read Sections 2.1, 2.3, 4.7, 5.7 and 14 all together:
For content that is covered by intellectual property rights, like photos and videos ("IP content"), you specifically give us the following permission, subject to your privacy and application settings: you grant us a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use any IP content that you post on or in connection with Facebook ("IP License"). This IP License ends when you delete your IP content or your account unless your content has been shared with others, and they have not deleted it.
When you use an application, your content and information is shared with the application. We require applications to respect your privacy, and your agreement with that application will control how the application can use, store, and transfer that content and information.
You will keep your contact information accurate and up-to-date.
If you violate the letter or spirit of this Statement, or otherwise create risk or possible legal exposure for us, we can stop providing all or part of Facebook to you. We will notify you by email or at the next time you attempt to access your account....
That's a lot of text that actually doesn't say very much. Here's an English language translation of what this effectively means for you:
Facebook can do anything they want with anything you post on Facebook, including their records of what you do on Facebook, anywhere in the world. You can't stop them unless you delete all content you don't want them using. Even then, if that content has been shared with anyone else, you must make them delete it as well or Facebook can still use it. Facebook won't pay you anything for this (but they'll sure try to make lots and lots of money). Applications (like Farmville) have their own privacy agreements that you have to agree to. We want them to "respect your privacy" but we're not likely to do anything unless you prove conclusively they're not. You must keep contact information (home address, phone number, email address, etc.) valid and current. If you don't do everything in this agreement, even if we only implied that you should do something, we may stop you from using Facebook. We haven't yet, but we can.
That's right folks, Facebook can (but hasn't yet) cut off your access to Facebook if you fail to keep your contact information current. Or if you do something they've only implied you shouldn't do (or didn't do something they've implied you should). Not even Google demands that, and they're the ones everyone is up in arms about for trying to index all our data and use it for some nefarious purpose.
There's two more sections of the Terms of Use that are cause for a good deal of concern:
Section 2.4:
When you publish content or information using the "everyone" setting, it means that you are allowing everyone, including people off of Facebook, to access and use that information, and to associate it with you (i.e., your name and profile picture).
Section 6.3:
You provide all rights necessary to enable users to sync (including through an application) their contact lists with any basic information and contact information that is visible to them on Facebook, as well as your name and profile picture.
Section 2.4 essentially says that "everyone" should be taken about as literally as possible — it's everyone in the world, even if they're not on Facebook. Marketers no longer need to register with Facebook and deal with pesky things like privacy settings to get the data they want if you mistook "everyone" to be everyone on Facebook. Not only that, but they can even associate all this stuff with your name, picture, and other publicly-available information about you on Facebook. Anyone who may want to stalk you doesn't have to be on Facebook to do it — they just need to use an application that speaks to the Facebook Open Graph API and enter your name.
Facebook Privacy Policy
This leads nicely into the next reason to drop Facebook — their privacy policy. Because what exactly is "public information" anyway? Well, at the time of writing, Facebook considers all of the following to be "public information" available to anyone in the world:
- Name
- Profile picture
- Current city
- Gender
- List of networks
- Complete friends list
- Complete connections list:
- Pages you were a "fan" of
- Home town
- Education information
- Work information
- Activities
- "Likes"
- Interests
- Likes & recommendations from non-Facebook pages (sometimes)
The more astute among you may have noticed that your privacy settings appear to allow you to hide some of these things from "everyone". However, because it's deemed "public information" Facebook can provide it to anyone at any time with or without your knowledge. Unless you (and everyone on Facebook that has copies) deletes that information of course. Good luck deleting your name.
The information you enter on Facebook isn't all that their privacy policy fails to protect. Information about you entered by someone else (including photos others tag of you) is subject to the privacy settings for that user, not your settings. If you post something on someone's wall, it's their settings that control who sees that post. If someone else posts a picture and tags you, it's their settings that control who sees that picture (and your name on the picture). You can prevent people from going to your profile and getting a list of photos you've been tagged in, and you can remove your tags from photos, but you can't stop someone from tagging a picture with a link to your profile and you can't stop others from seeing that you were tagged in a photo. If a friend is using an application, that application can access anything your friend can access unless you specifically block the application. Stop and think about that for a second. An application you've never even heard of, with a privacy policy you've never agreed to, can access anything any friend using the application can access. So if you have a very personal wall post that you only want your one friend to see, be warned that any application they use can also access that post. Suddenly "Friends Only" isn't quite as narrow as it seems. How many of your Facebook friends use Farmville? Is Farmville or any of its developers a friend of yours? Note that I use Farmville as an example because it's widely used and incredibly popular, and because I've heard unverifiable rumours of poor privacy practices in the past. I've not heard conclusive proof of nor experienced any issues with Farmville (aside from its near-unusability at times of moderate to high load), its developers or its data collection (such as it may be) now or in the past.
Mark Zuckerberg's Views
Although nothing has been legally proven in a court of law, there are serious questions about the ethics of Facebook's CEO dating back to the beginnings of Facebook. One accusation, Zuckerberg's alleged use of personal Facebook data to access members' email accounts is pretty serious. Again, nothing was proven, and as far as I'm concerned the burden of proof rests with the accusers and Zuckerberg is legally innocent until legally proven guilty, but the accusation (among others) provides the starting point of the real issue. According to an unnamed source close to Facebook, it was early privacy violations like this, and the resulting litigation, that has shaped who Zuckerberg is today. What this suggests to me is that Zuckerberg's complete reversal from saying that privacy is the "vector around which Facebook operates" to flying in the face of user statements (read their Site Governance page and comments to see what I mean) and saying that "not only sharing more information and different kinds, but more openly and with more people" and that privacy is no longer a social norm. If this is how Zuckerberg reacts to being accused (with pretty convincing evidence) of privacy violations, I'm worried about how he'll react to the more current accusations. Will we lose the ability to hide photos next? Wall posts? Religion and political views? Email addresses? Zuckerberg's legal innocence or guilt is far less important than his reputation, and it's been taking a beating almost since the day Facebook launched.
Open Graph Protocol
Facebook's new Open Graph protocol allows anyone on any web site to add features to integrate their web pages into Facebook's social graph. This sounds great, except the way it's done makes it seem like "Closed Graph", or better yet "Facebook Graph", would be a more accurate name. This is where Facebook's recent changes cross the thin line between "shady" and "unethical" — Facebook is quite happily telling everyone how to access your data with the new API, but they're not telling Facebook users how this affects them. The ACLU of North Carolina has posted a quiz outlining the potential dangers of Facebook applications from June 2009, and the situation hasn't improved any since then. If anything, Open Graph amplifies this danger. A pair of MIT students wrote an application dubbed Project Gaydar that used statistical analysis of publicly available information at the time to determine with disturbing accuracy the sexual orientation of users. Similar methods were used to determine the political affiliation of Facebook users. It may not be feasible to run that analysis on all Facebook users, but it's not outside the realm of possibility for an unethical person to run this analysis on a few users and, for example, refuse employment or run smear campaigns. Unlike some other issues, you don't have a way to turn this off except by deleting your Facebook account. Not disabling, deleting. There's a huge difference.
If that wasn't enough, Facebook is trying to convince you that your data is secure. People often refer to Twitter as proof that people will post details publicly. The major difference is that Twitter's privacy policy makes only very basic, easily-verifiable claims. My tweets (unless I protect them) are expected to be public and I make those tweets with that knowledge in mind. My Facebook wall, on the other hand (which is the equivalent to Twitter tweets) I expect to be visible to only my friends, because that's how I set it up. On Twitter, if I protect my tweets that way, only my approved followers can see my tweets. On Facebook, if I protect my wall, not only my friends but also applications my friends use can view my wall.
Facebook's Revenue Stream
Another reason you should drop Facebook is their business model. It's based off the concept of new people joining, both users and advertisers. It's not exactly a secret that Facebook ads are annoying and useless (and in my case, completely hidden from view on top of all that) but from a marketing perspective, the ads may be worthwhile as long as there are new users to view the ads. With Google ads, or indeed any ad displayed based on information present on the page, the displayed ad is likely to be relevant (if annoying) and may actually bring the user exactly what they want. On Facebook, the ads are useless. Using myself as an example, I blocked Mafia Wars and Farmville (among others), marked the ads displayed as uninteresting and irrelevant and offensive, yet I continued to be shown those ads months later. So I just prevented the entire right sidebar from loading. It may seem like a big loss, but all that information (friend recommendations, requests, etc) are available elsewhere. Pokes, possibly the most useless feature of a profile, has definitely not been missed. Other people I know have told me that they don't even notice the ads anymore, and no one I know has ever indicated that they've seen anything interesting. Eventually, marketers will (hopefully) get the hint and spend their money on more effective advertising methods. If this does happen though, it'll be the end of Facebook. Unless there's something no one outside of Facebook knows about, advertising is a major component of their revenue stream and there's nothing to take its place short of charging monthly usage fees.
Deleting Your Facebook Account
As I've already said, you should all be deleting your Facebook account about as fast as you can. However, if it weren't for this handy link directly to the page to begin deleting your Facebook account you may have trouble finding it. That's because Facebook doesn't make this an easy process, and (from their perspective) with good reason. If you only disable your account, which they make very simple, they get to keep your data and continue to use (read: monetize) your data. If you actually delete your Facebook account, assuming you've had all other copies of your data deleted as well, Facebook no longer can use any of your data. For them, that's a Bad Thing(tm).
Facebook Itself is Terrible
No, not from a time wasting perspective, and not even looking at the applications and privacy problems and anything else discussed so far. I mean Facebook itself, the very core of the site that you absolutely must interact with no matter what. We all understand that change is good, sometimes necessary, and as much as we griped and complained about the user interface changes the technologies used are improved. They're applied in a bad and sometimes inconsistent way, but they're better technologies than what was originally used. Did the original Facebook interface have dynamic updates to the news feed without reloading the whole page? It was easily available at the time, but Facebook didn't use it, so there's your one thing that Facebook did better in the new interface. Not right, but better. They still can't get "Top Stories" right. And from whose perspective are these stories "top" anyway? They can't remember whether I was last on "Most Recent" or "Top Stories" and so every so often they decide that I really wanted "Top Stories", not the "Most Recent" I clicked on. It's understandable though, Facebook can't remember what we asked for in our privacy settings, something so terribly complex as what grouping of stories we want can't be expected to work either.
Facebook ads are no better. Before I blocked them, I spent a lot of time providing feedback. I think I've seen every ad that was on the site, and they all got marked Irrelevant, Offensive, Uninteresting and Other with a comment of "Useless". Mafia Wars, vacations, Tampax tampons (my profile identifies me as being a male, in case you were wondering) and wedding bands were far more persistent than I, so I just blocked all the ads from displaying at all. Because I could and it was the only way to get them marked right.
The last issue with the core Facebook application itself is somewhat obvious if you've paid attention. They obviously care very little for privacy, so can we trust them to care any more about security? With how many people they give data to, would they even know the difference between a data breach and legitimate access? Would we? Should we wait to find out?
