title:

Can Facebook privacy be simple?

By: Scott Bradner

Facebook, according to its CEO, is built around the simple idea that people want to share things with "their friends and the people around them." (http://blog.facebook.com/blog.php?post=391922327130

). Facebook, from the beginning, has been all about sharing. At first it was sharing with your list of friends and with others (including non-friends) at your location, where your location was your school. So, from the beginning, your default sharing included people you did not know and had not listed as people you wanted to share information with. Seven years later that is still the case, and Facebook's business plan seems to depend on you being willing to share with strangers.

Facebook's default sharing profile has changed over the years. See Matt McKeon's great visual presentation of the changes at http://mattmckeon.com/facebook-privacy/. The scope of who gets to see information about you if you do not exercise any control has grown significantly as has, until very recently, the complexity of what you had to do to rein in the scope.

After months of relentless bad publicity about their privacy assumptions and controls Facebook has heard a message - maybe not "the" message, but at least "a" message. They have significantly simplified their privacy controls, but their recommended, and I assume, default setting is very broad. Facebook still wants the world to know you, and part of that world includes Facebook applications and partner websites. The latter function is benignly called "instant personalization." Facebook has now added a way to configure what information instant personalization will hand off about you.

I first got my Facebook account in March 2004, just about the time that Facebook expanded from being just Harvard to include Stanford, Columbia and Yale, because my boss wanted me to see if Facebook's privacy seemed OK. As Harvard's CIO, he was curious, even though Facebook was not a university effort. I did some poking around and remember talking with Mark Zuckerberg on the phone or via email. Things seemed fine to me. But, when I was asked for my birthday as part of the registration process I did not see a reason that they needed this information so made one up.

I quickly forgot about this made up birthdate, but recently it did come back to get in the way. I did wonder about the birthday greetings I received on the wrong day from people I did not know all that well but dismissed it as flukes. Earlier this year I signed into Facebook from Toronto when I was there on a business trip. Facebook would not let me login because I was not at my normal location. I suppose that is a reasonable anti-hacking feature but I was blocked when Facebook asked me to verify myself because it asked for my birthdate as part of the verification process. So I was stuck. I tried and failed to raise a human through Facebook's on-line help process. It was a few weeks later that I figured out that I could tell Facebook that I forgot my password and get a new password emailed to me. Facebook let me login once using the new password. That gave me a chance to find out what birthdate I had used (it does not seem possible to change it even if I wanted to), so when I was challenged the next time I tried to login I was able to verify myself. Such a relief.

The new Facebook privacy configurations are a big improvement over what went before but I think they are still missing a major concept - not all friends should be equal in terms of sharing. Friends are not equal in the real world - there are many things that you tell some friends and not others. Adding this bit of real world reality would not make things simpler and it would run counter to Facebook's expansive picture of sharing so I doubt it will happen.

disclaimer: Harvard tries to prepare students for a real world, maybe one that they help make (as Mark did) but the above review and story is mine and not the university's.