Image source courtesy Dan Taylor.

Facebook started as a closed system that protected users from the mistakes of their friends — it acted proactively to protect privacy.

But, now (according to Facebook CEO Mark Zuckerberg), Facebook cares about your privacy only as much as complete strangers do.  He says that Facebook will simply follow “social norms” in deciding privacy policies.  Is this a responsible position for somebody who controls one of the largest privacy ecosystems in the Web 2.0 world?  Or should Facebook step up and serve as a privacy gatekeeper?

The backstory: Facebook started as a closed environment with thorough privacy controls.  It was different from Google in that you were effectively in control about what information about you was made available — if you didn’t want to post anything and de-tagged yourself, then very little information about you would be visible. It was a welcome change that allowed people to feel comfortable expressing themselves without the whole world having to know.

Facebook changed all that with Newsfeed, which started to automatically inform groups of people that somebody uploaded new content.  More recently, Facebook stirred headlines by changing its privacy controls and encouraging users to make all of their content visible to all other users (“A guide to Facebook’s new privacy settings“).   There have been some unintended consequences of that decision (e.g., “Facebook loophole allows extensive data mining“, “Online exhibitionists undermine our right to live a quiet life“), but most analysis has focused on the impact on users’ own choices: are you fully aware of the consequences of choosing to make your photos visible to the world?

At the Crunchies awards, Facebook founder and CEO Mark Zuckerberg was interviewed by TechCrunch’s Mark Arrington (video here).  When given the opportunity to talk about what Facebook was doing for privacy, Zuckerberg turned it over to users and said that Facebook would just reflect “social norms” for privacy:

Mike Arrington (TechCrunch): “Where is privacy on the web going over the next couple of years, do you think?”

Mark Zuckerberg (Facebook): “Well, it is interesting looking back.  When we got started just in my dorm room at Harvard, the question a lot of people people asked was ‘why would I want to put any information on the Internet at all?  Why would I want to have a website?’  Then in the last 5 or 6 six years blogging has taken off in a huge way and all these services that have people sharing more information.  And people have gotten comfortable not only sharing more information and different kinds but more openly and with more people.  That social norm has evolved over time.   We view it as our role in the system to constantlybe innovating and updating what our system is to reflect what the current social norms are.  A lot of companies would be trapped by convention and their legacy and the systems they built.  Doing a privacy change for 350 million users is not the type of thing that [crosstalk] a lot of companies do.   We view it as a really important thing toalways keep a beginner’s mind and think ‘what would we do if we were starting the company now and starting the site now?’   We decided that these would be the social norms now and just went for it.”

Facebook privacy settings

Analysis: According to Zuckerberg, Facebook’s privacy stance reflects only “social norms” for privacy.  In other words, your privacy is protected only if other people want it to be protected.  And it sounds like Zuckerberg thinks people are pretty exhibitionistic these days.

There’s nothing wrong with empowering users to control their own privacy—some people want to be public and some people want to be private; Facebook appears to accomodate both types.  Facebook should be commended for giving users the choice to make their own photos visible to the world, to just their friends, or to nobody at all.

But, what Zuckerberg seems to be missing is the fact that Facebook is about more than just your own photos; every action on Facebook affects a much larger privacy ecosystem.  The dangerous part is that Mark Zuckerberg doesn’t even seem to know it.

The privacy ecosystem: Every action on Facebook affects a larger ecosystem.  To take just one example, let’s say your friend Steve uploads a photo of you and tags you: if Steve has the new default privacy controls then Steve’s decision will affect his wall (showing the new photo), your wall (showing that you got tagged), Steve’s friends (their Newsfeed shows Steve’s upload), your friends (their Newsfeed shows that you got tagged), and your mutual friends (their Newsfeed shows both the tag and upload).  If Steve followed the new default Facebook privacy settings then the photo of you will be visible to every single Facebook user: over 350 million people.

Even if you have your privacy set to the highest level (or have turned off photo tagging entirely), the photo is still automatically displayed according to Steve’s privacy settings—and because many of your friends are probably Steve’s friends too, they’ll still see the photo of you. 

The result: Even if you try to control your own privacy on Facebook (by setting your privacy to the maximum) Facebook has now empowered other people to destroy your privacy for you. Facebook started as a closed, privacy-protective system.  But Facebook has become Google: an open platform where anybody can see anything about anybody.  It’s a new Wild West out there.  And, thanks to facial recognition, it might not even matter that you de-tag every photo of yourself.

The subtleties of Facebook’s decision to encourage users to make more content available to more people makes the privacy problem much worse.  Under the old system, if an acquaintance posts an embarrassing photo of you that was only visible to his friends, then maybe 100 people would see it (stat: the average Facebook user has 130 friends). That’s bad, but not the end of the world.  But if your acquaintance makes that photos visible to friends-of-friends, then suddenly the photo is visible to an audience two orders of magnitude larger (theoretically, up to 17,000 people, but realistically more like 10,000 because of social overlaps).  The same goes for any other embarrassing, false, outdated, scandalous, or private content: a revealing photo intended for an audience of 1, a drunken mistake, information about your sexual orientation or health status, etc.

In the old days of Facebook, the site respected privacy choices.  Before Newsfeed, your own wall was the only effective way to communicate.  New information was not automatically blasted out to hundreds (or even thousands) of people.  But now, thanks to Newsfeed and Facebook’s push toward reduced privacy, if anybody uploads a photo of you, hundreds or thousands of people are instantly notified (your friends, the uploader’s friends, and the friends of anybody else who is tagged in the same photo).  Even if you turn photo tagging off, many of your friends will still receive an automatic update–thanks to the inter-twined nature of social groups, you will probably have many friends in common with anybody who is uploading photos of you, writing about you in “notes”, or gossiping about you on their wall.

The dangerous catch is that you can’t solve the problem by leaving Facebook.  Normally, when a company creates a privacy problem, there is a risk of a mass exodus.  This risk is enough to get most companies to clean up their acts and protect their users.  But leaving Facebook doesn’t solve the privacy problem—people will still upload photos and other content, which will be blast-distributed to hundreds of people.

To be clear, Facebook isn’t the end of the world and Zuckerberg isn’t evil.  I use Facebook every day and Mark Zuckerberg is an outstanding entrepreneur.  But, Facebook is still polluting the privacy ecosystem.  Every day, Facebook takes more privacy control away from you and gives it to other people — your friends, acquaintances, and enemies.

Maybe reducing third-party privacy is a savvy business move for Facebook—paradoxically people have more power over their privacy after joining Facebook than before: they can detag themselves completely and be notified when new content about them is available.  But not all profit-increasing decisions are good for the privacy ecosystem?  Or should Facebook recognize that it has a leading (rather than following) role in choosing how privacy should be protected in a complex ecosystem?  Should Facebook have a social responsibility to encourage privacy protection?

—
Do you run a startup or a small business?  If so, Google drives your PR, consumer education, and public opinion.  Take control over what Google says about you and your company with MyEdge Pro.  Learn more now or call a MyEdge Pro consultant today.