Facebook THE example of data portability
Every now and then privacy issues of Facebook are addressed when a new feature, like News Feeds, show the accessibility of information. This discussion deserves to be in the limelight even when the media are not creating a hype over privacy. An examination of Facebook shows that users consciously and unconsciously share their information, which goes further than, the worn out example of, the embarrassment of access to your personal pictures.
The leading mechanism behind my privacy concerns with Facebook is data portability, the ability to transfer data from one web application to the other. It started as an initiative to reduce the time spent on administration when a user wanted to make use of a new social network and had to add all his friends to this network. Data portability is the answer, in that it can significantly reduce the time spend on starting up your network. In this post the term data portability is stretched beyond its original meaning, to include all data transfer between two or more databases.
Facebook has three area’s that are platforms for data portability: creation of an account, your ‘friends’ and third-party applications. Let’s start with the creation of an account. After the initial form requiring your name, e-mail, country, sex and age you are greeted by three different screens. The first one is the most important, because it asks if you are interested in loading the contacts of your e-mail account into Facebook. Clicking on ‘learn more’ makes clear that not all is what is seems:
Facebook uses the email addresses you upload through the Friend Finder to help you connect with friends, including using this information to generate Suggestions for you and your contacts on Facebook. Please click the “Remove” button below if you want Facebook to remove these contacts. Note that it may take some time before your name will be completely removed from Suggestions.
When you give Facebook permission to search through your contacts it will, even if you decide not to load any contacts, make suggestions for friends. These suggestions not only contain your contacts with a Facebook account, but also friends of theirs, that are not present in your contact list. Facebook applies, without notifying the user, the friend-of-a-friend (FOAF) principle to suggest a meaty network for a startup Facebook user.
When a user builds a network of friend, these friends are a source for data portability. This is made possible because a user is part of a network that is larger than his own friends list. Person A can add person B to his network. Person B adds person C to his network, resulting in a connection between person A and person C, without the active linking of these two users.
Part of the data portability of friends are third-party applications of Facebook. They originated in May 2007 and have become immensely popular, but at a cost of privacy. Chris Soghoian writes about this part of Facebook and warns the users:
Many are given access to far more personal data than they need to in order to run, including data on users who never even signed up for the application. Not only does Facebook enable this, but it does little to warn users that it is even happening, and of the risk that a rogue application developer can pose.
If you allow an application or website to connect with your Facebook account, that application or website can access information on Facebook related to you and your friends and generate and publish stories about actions you take on that application or website without any additional permission. Unless you change your privacy settings, an application or website that you connect with can generally access the same information that you can see about yourself and your friends, and an application or website that your friend connects with can access the same information about you that the friend can see. If you want to change the information that these third parties can access about you when you or a friend uses Facebook Platform, you should modify your privacy settings. If you want to change the stories they can publish on your Facebook profile, you should modify your application settings.
If you set your profile to private, and one of your friends adds an application, most of your profile information that is visible to your friend is also available to the application developer–even if you yourself have not installed the application.
The privacy issue is the fact that you are dependent on your friend for a protection of your information. One entry into your network by a third-party application and you run the risk of unknowingly sharing all of your information. There is a partial solution hidden away in the settings tab of your account at settings à privacy à applications à settings. Facebook tucked it nicely away and when a user does go to these settings he will find out the default setting is to share almost all of your information instead of a default setting that blocks the access to your information.