Tuesday, May 11, 2010

Facebook privacy policies over time

Matt McKeon has just posted a marvelous visualization of the evolution of facebook privacy policies over time -- just cick on the image to advance the year.

Sunday, May 9, 2010

Facebook: Too Intrusive Even for Me

I've resisted a very small urge to blog for years, so why would I start now? Simply put, I'm divorcing Facebook, so I need a new place to bloviate.

I should start by saying that I'm a huge fan of Facebook, and that I have long thought it was one of the best things on the net for promotting happiness and improving the human condition. It broke my heart, at least a little bit, when I decided yesterday that I could no longer tolerate their ever more outrageous privacy policies. This excellent article from Wired pushed me over the edge.

So, I posted what will probably be my last Facebook status update, a pointer to that article and the simple text:
"This is a good explanation of why I've mostly stopped using Facebook. I'm far from being a privacy nut -- I believe privacy is an obsolete concept -- but Facebook has gone way too far."
That was hardly a profound addition to the Wired article, but it set off a small flood of messages -- the magic of Facebook, of course! -- including some from people I hadn't seen in as much as a decade. It felt like everyone was suddenly waking up to the same conclusion -- Facebook's turned into a bad guy, and we can't live without it, and we have no more trusted alternative. Like abuse victims, we still love our abuser and we don't want to divorce it, we just want it to change. But it won't change. Our privacy *is* Facebook's product, and it will milk us for as long as it can, until it is stopped either by competition or by regulation, neither of which are likely any time soon.

I've spent my whole career telling people that privacy is, regrettably, dead, and that the only useful response to the death of privacy is to practice and teach tolerance. (If everyone with something to keep private respected everyone else's similar wishes, then technology's effect on privacy would be much less worrying.) Now, all of a sudden, I've become a privacy nut? Or, as my friend Carlyn responded to my Facebook post, "Quite a comment coming from such an exhibitionist as yourself!"

I think what's bothering me is that my lack of faith in technological protections for privacy doesn't translate to a lack of belief in basic human decency. Sure, social networking technology opens up huge areas for "monetization," but some of them, to my mind, are downright unacceptable. There need to be limits, and Facebook shows every sign of having decided to push as far and as fast as it can and let external forces set those limits -- if they can.

Are government regulators even within light-years of addressing problems like this? When I recall that we can't even agree not to sell guns to people on the terrorist watch list, it's hard for me to be optimistic.

A lot of my friends seem to be buzzing, cautiously, around the idea of an open alternative to Facebook. Their idea, more or less, is to design open protocols for social networking (based, I would hope, around OpenSocial as a starting point), Such protocols would follow traditional Internet engineering principles and allow multiple services that interact to create a "federated" social network, and can offer alternate privacy policies (and other terms) to their subscribers. And, of course, the system would be implemented as open source software.

My concern is that the biggest cost of this kind of service won't be the software. I'm all for open source, but I bet Facebook spends way more running its service than on writing and evolving the code. A large-scale service like Facebook requires serious infrastructure. There have been a few non-profits, but the vast majority of such services have been delivered by for-profit corporations, and for a good reason: they require the complex marshalling and management of a significant number of expensive resources. Those are precisely the skills at which busineess majors excel.

It would be fun to try building a more open and privacy-friendly facebook alternative, but you'd need an institutional home. Unless you could convince investors that there are enough privacy-conscious citizens to make your service profitable as a new enterprise -- and I'm skeptical -- it might be smartest to do it under the sponsorship and protection of an existing relevant non-profit such as ACLU or EFF.

Ultimately, however, I must annoy my conservative friends by saying that the best answer is probably government regulation. The fact is, we're all upset beacuse Facebook is acting like corporations have nearly always acted in the absence of any relevant legal constraints. Dare I suggest that the solution might be legal constraints, as it has been every time a new industry has emerged, matured into a near monopoly, and become abusive?