I’m an idiot. And I know I’m an idiot because I’m on Facebook, and I’m supremely confident that my data is safe. That confidence is purely based on having dodged every other major data bullet that’s come our way. But the fact I have to face is that Facebook makes money by having access to my data, and the more they loosen my hold on it, the more they profit.
In surprisingly under-reported news, Facebook just got a joke of a settlement sentence for violations of federal privacy rules. The Federal Trade Commission announced that they had settled charges brought against Facebook for not holding to the privacy standards that had been promised to users.
Facebook’s violations include instances such as making friend lists public be default, giving third party apps to much more data than needed (including things shared with only friends, if the friends granted access to third-party apps), and sharing personal information with advertisers. These are the kinds of violations that people such as myself have said would finally drive them away from Facebook, yet membership keeps growing. Let me put it this way — if I told you that in exchange for being in touch with a bunch of people you already know, probably more than anyone should be, I will log what you do in your spare time, sell your info to advertisers, give unscrupulous companies access to you and your children, and place ads based on your activities around you so I can make money when you buy what you’ve been subconsciously seeing all day, you’d run.
Facebook is still standing for two reasons. One, nothing else has come along that fully takes its place as a social hub. Two, the slow heating method. One way to cook lobster without them twitching much is to slowly turn up the heat so by the time the water is hot enough for them to fight, it’s too late. We, my Facebook friends, are a bunch of mostly cooked lobsters, and the scary part is that we know it and aren’t doing anything about it.
So, what does Facebook have to do? If you’re drinking, please stop because I don’t want to be responsible for you choking to death:
- Facebook can no longer lie to you about privacy or security, as they have done previously.
- Facebook must have opt-ins for privacy changes.
- Facebook can’t allow access to a user’s account 30 days after an account has been deleted.
- Facebook must have a program to address privacy risks.
- Facebook must have third-party audits of said privacy program.
Seriously, that’s it! There is no fine, but future violations carry a fine of up to $16,000 for each instance. This doesn’t even qualify as a slap on the wrist. And with the strong ties between Facebook and the FTC, including hiring former FTC chair Timothy Muris as their lobbyist, it’s hard to take any threat of future action seriously.
Awesome Post Dani!!
I think you can get away with a lot of abuses when your website is “top dog” in its genre. Look how many people constantly complain about problems using eBay, yet it remains the #1 place to buy and sell on the internet. Look how popular payment processing via PayPal is, despite all the complaints levied against it. At some point, these sites seem to achieve a “critical mass” of regular users that becomes a huge benefit or positive in and of itself, no matter how poorly people view aspects of the site’s operation.
I guess I’ve always used Facebook with the expectation that anything and everything I post is logged indefinitely and potentially resold or studied as part of “data mining” operations. The site is, after all, free of charge to use (which wasn’t the case back in the day when all such sites were of the classmates.com type, with monthly fees). I don’t think there’s any way simple ad banner advertising on there can cover their infrastructure, bandwidth usage and labor expenses — so they’ve got to get it from somewhere.
Tom, part of what bothers is me is that I willingly signed up for some information sharing, much like with Google, but Facebook lied. They made certain privacy promises which sounded empty (“We will not seel your data!”), but they still made those promises and then broke them (“Oh, we totally sell you data to make money, sorry!”). They said apps were verified when there was no verification process. That gave people faith in companies like Zynga. I walk this line between thinking big corporations are evil and understanding how bureaucracies work (especially red tape). But there’s not excuse for what Zuckerberg did. If this were an individual instead of a site, you’d avoid that person, possibly get a restraining order against him/her.
That being said, I am much more bothered by the FTC’s handling of this than by what Facebook has done, most of which I knew already. It does not bode well for the general future, and I am currently assessing how to truly pull back on my Facebook use and generally manage my online data.