By James Kwak
I recently deleted most of my personal information in my Facebook account. (I am keeping the Baseline Scenario page up for the convenience of people who want to read the blog within Facebook, and I need to have my personal account in order to manage that page.) This is only a tiny bit related to the fact that, for several days recently, Facebook was blocking access to this blog. It’s mainly because I’ve decided that the costs of Facebook outweigh the benefits.
First, take a look at this fantastic graphic by Matt McKeon (hat tip Tyler Cowen). You have to click on it to advance through time; it shows what information is, by default, available to whom, and how that has changed over time. (Click on the link to the “image-based version” if you’re having trouble.) Then come back here.
In short, there has been a massive, one-directional shift in how much of your information is visible by default either to everyone on Facebook, or to everyone on the Internet. Now, the usual defense of Facebook is that this is only by default; you can control information access via your privacy settings, which have gotten more fine-grained over time.
But this argument doesn’t fly for me. First of all, there is the problem that many people don’t realize they have this control and don’t use it. Second, finding and using those privacy settings is not trivial. But for years, I figured that I was savvy and careful enough to protect myself adequately. I’m not that paranoid about personal information on the Internet to begin with–there are various versions of my biography already floating around–and besides, I worked in the software industry for eight years (some of that time helping to design and configure software, not just market and sell it), so I should be able to figure this stuff out.
But I can’t, at least not in the amount of time I’m willing to dedicate to the problem. Recently, Facebook made yet another structural change. Before, information about where you used to go to school or work was simple text fields in your profile. (I’m not talking about networks here; I’m talking about the “education and work” section of your profile.) Then Facebook switched it so that each prior school or job became an active link to a new “community page.” (There’s no option to have a simple text field anymore.) These community pages appeared to aggregate posts (formerly status messages) made by community page members that were “related” to the topic of the community — meaning that the name of the community (e.g., “Yale Law School”) appeared in the text of the post. I could see lots of posts by people I have no apparent relationship to. I checked the privacy settings, and there was no new switch for community pages, so I couldn’t tell how the filtering was working. Maybe I was only seeing posts from people who let me see them by virtue of being in the same network (or people who let all of Facebook see their information), but I’m not sure. And nowhere does Facebook clearly explain how their privacy filtering works.
(It turns out this “feature,” which goes by the name of Facebook Connections, is even more frightening than I thought, according to the Electronic Frontier Foundation. Here’s #4 of six warnings:
“Facebook will continue to store and use your Connections even after you delete them. Just because you can’t see them doesn’t mean they’re not there. Even after you ‘delete’ profile information, Facebook will remember it. We’ve also received reports that Facebook continues to use deleted profile information to help people find you through Facebook’s search engine.”
But I only found that out when doing research for this blog post. People shouldn’t have to do third-party research on the web to understand how to use Facebook.)
Of course, this isn’t the first time Facebook has unleashed a privacy-affecting change to the way it organizes information. There was Beacon, a “service” that took information about what you did elsewhere on the Web and published it to Facebook. Not only that, but Beacon was even harvesting information that Facebook executives did not realize it was harvesting (Wikipedia; original source).
Beacon is very old news. But it points out two things about Facebook that I don’t think have changed. First, Facebook doesn’t care about its customers. It has a huge and largely loyal customer base, so it must be doing something right. But it is primarily concerned with the need to generate revenues from that customer base, and as a result it is constantly experimenting with new programs that may enable it to earn money. Facebook should know that a large minority (if not majority) of its users are concerned about privacy and do not like these unannounced, poorly explained changes to how their information is used.
Second, Facebook is just bad software. This manifests itself in various ways. The performance (speed of response) for many user actions is terrible. The user interface manages the improbable dual achievement of being both non-intuitive (it’s not obvious why the page is organized the way it is, nor how Facebook classifies different kinds of information, nor how to do rather simple things) and under-functional (you have to click and click and click to do certain things, like un-liking a fan page, leaving a group, or deleting an application).
And it’s worse than that. Last week, TechCrunch reported a “security hole” that allowed to see their friends’ live chats and pending friend requests. Now, you may think, “Windows has thousands of security holes — what’s one more?” But this isn’t a securities hole in the Windows sense, meaning a vulnerability that a malicious hacker might exploit. This is a flaw that Facebook inflicted on itself, all by itself, that was sitting there waiting for any ordinary user to find.
Then there’s the problem that Facebook marketing, and Facebook executives, are unable to explain clearly what exactly their software does. That could be studied vagueness in order to obfuscate. Or it could be that their data model, user model, and security model are so screwed up after several years of experimenting that they don’t actually know what is going on: they make changes to the software, cross their fingers, and use their customers as testers. I would bet on the latter.
This is what happens when software grows and grows over several years. It’s especially what happens when the software evolves far from what it was initially designed for, without a plan for how it should evolve, as is clearly the case with Facebook. And it’s what happens when you have a company that is growing much too fast, under too much pressure from investors, competitors, and the outside world.
The people who run Facebook may or may not be evil. And I imagine that they will continue to be very successful; I have never been a good predictor of what technologies or companies will do well. But in any case I don’t think they’re very good at writing software. And I don’t want to devote my time to figuring out what Facebook may or may not be doing (knowingly or accidentally) with my information.
As I said above, I’m keeping the Baseline Scenario fan page for the convenience of Facebook users who happen to like this blog, and I need to have a personal account for that purpose. But from now on I’m erring on the side of non-disclosure.