Facebook Privacy Critics Challenge Zuckerberg to Make More Changes

By Brian Prince  |  Posted 2010-06-16

Facebook Privacy Critics Challenge Zuckerberg to Make More Changes

Facebook's privacy battles are not over at all. In an open letter to Facebook CEO Mark Zuckerberg, (PDF) privacy advocates June 16 released a six-point plan for the social network to follow to give users more control over the sharing of their information.

For the moment, Facebook does not appear to be budging, but said it was open to continuing a dialogue about privacy.

"Facebook won widespread praise from users around the world and the privacy community last month for introducing simpler and more powerful controls for sharing personal information," Facebook spokesperson Andrew Noyes told eWEEK. "We plan to continue to make control easy and effective for all the people who use our service and will continue to engage these groups and others in a constructive dialogue about these important issues."

In the letter, the Electronic Privacy Information Center, the American Civil Liberties Union of Northern California and several other groups acknowledged Facebook's recent improvements, but contended that additional steps are needed to "demonstrate [Facebook's] commitment to the principle of giving users control over how and with whom they share."

Chief among the concerns aired in the letter was what the groups called the "app gap," which the letter said needs to be addressed by "empowering users to decide exactly which applications can access their personal information."

Expanding on this term, the letter said, "Facebook's latest changes allow users a 'nuclear option' to opt out of applications entirely. While this is an important setting, it is not adequate for meaningful control. Facebook users should also have the option to choose to share information only with specific applications."

In a point-by-point response to the groups' letter, Noyes countered that a plan for a new data permission model was announced in summer 2009, and "the product is scheduled to launch to all developers in the coming weeks."

The groups also asked Facebook to, "Make 'instant personalization' opt-in by default." The feature was at the center of the firestorm of controversy a few weeks ago, as concerns were raised regarding user information being shared with third-party sites.

"The only information the three partners currently in the program receive from Facebook is users' public information," Noyes countered. "This means that our partners cannot access anything other than the same information that anyone could access simply by going to a Facebook user's profile."

He added, "In addition, we've made it easier for people to turn off the instant personalization pilot program, which prevents those, and any future, applications in the program from accessing their information. We have also imposed restrictions on how partners can use the information they receive from Facebook. That information cannot be sold or shared with others or used in any way other than to improve the experience of Facebook users visiting their site."

Six-Point Plan for Privacy

Here are the six steps advised in the groups' letter:

"1) Fix the "app gap" by empowering users to decide exactly which applications can access their personal information.

2) Make "instant personalization" opt-in by default.

3) Do not retain data about specific visitors to third party sites that incorporate "social plugins" or the "like" button unless the site visitor chooses to interact with those tools.

4) Provide users with control over every piece of information they can share via Facebook, including their name, gender, profile picture, and networks.

5) Protect Facebook users from other threats by using an HTTPS connection for all interactions by default.

6) Provide users with simple tools for exporting their uploaded content and the details of their social network so that users who are no longer comfortable with Facebook's policies and want to leave for another social network service do not have to choose between safeguarding their privacy and staying connected to their friends."

Most of Facebook's counterarguments highlighted the changes the company announced recently. In addition, Noyes said the social plug-ins referred to in point three "are widgets, and they work the same basic way all widgets do-the URL of the Web page the user is viewing must be sent to Facebook for Facebook to know where to render the socially relevant content. However ... we only store this information temporarily (for no more than 90 days) ... We do not use it for ad targeting, nor do we sell it to third parties."

As for point five, "We are currently testing SSL [Secure Sockets Layer] access to Facebook and hope to provide it as an option in the coming months," Noyes said.

In the letter, the groups said, "'Privacy' and 'social' go hand-in-hand: Users are much more social with people they know" than "when their actions and beliefs and connections are disclosed without their control or consent.

"We are committed to continuing this dialogue with you and ensuring that users can continue to be both social and private on Facebook. We hope you continue to engage with us and your users to make Facebook a trusted place for both public and private sharing. Please make the default 'social-and private.'"

Rocket Fuel