Many people have been complaining recently about all the privacy issues with Facebook. There’s even a group of people promising to quit using Facebook after May 31^st. At the time I’m writing this, they have just under 5 thousand people who have promised to quit. While that’s a fairly impressive number, it’s still only about 0.00125% of the Facebook population. There was a short time when I considered joining their ranks, but I eventually decided against it. Here is some of the rationale behind my decision.

Privacy? What Privacy?

Something most people apparently don’t realize is that whenever they browse the web, they’re already giving up some of their privacy. Just by visiting a website you give them information about yourself. Your IP can be used to get an idea of where you are in the world. The server can even determine what operating system and browser you are using, and unless you disable cookies, it can even remember you if you visit again. None of these things are a real problem, but they illustrate the point that online privacy doesn’t really exist.

When you interact with any website, you give them even more information. Register an account? They now know your email address. Most websites encrypt passwords before storing them on their database, but you never know when a web site might store it as plain text, potentially giving the administrator access to any other accounts you’ve created with the same password. Any other information you provide (age, gender, interests, address) is also no longer private. For the most part that isn’t a problem, but there’s really nothing keeping the owners of the website from using that information in any way they please.

Consider Gmail. I use it (or at least Google Apps, which is essentially the same thing) for my email. Something I noticed early on was that the ads that are displayed next to my emails aren’t random. They often have something to do with the subject of my emails. Not only that, but they’ve become more and more related over the years as I’ve used Gmail. What this suggests is that Google not only “reads” my emails to figure out what ads to show, but they’re keeping track of my interests in order to provide more relevant ads. There’s not necessarily anything wrong with this. Google needs to make money just like anyone else, and offering relevant ads seems like a pretty good way to do that, but this serves as another example of online activities not really being private.

Finally let’s consider Facebook, Twitter, and social networking in general. We’ve now added an extra layer of information distribution. Not only is your information being shared with a web server, but it’s now being distributed to people around the globe. Most social networks have methods by which you can hide certain information. Facebook has detailed privacy settings and Twitter allows you to “protect” your tweets, requiring users to send you a request before they are allowed to view them. What you have to remember, though, is that any information you’ve shared with the social network is really no longer private, regardless of your “privacy” settings. So when you complain about your boss, or post embarrassing pictures of yourself online, you’ve already made the first mistake. Privacy settings are convenient, but you have to remember that no information is really private once it’s been posted to the internet.

So what’s this all mean? Should you be scared to use the internet, much less visit social networks? No. Just remember that anything you don’t want the world to know probably shouldn’t go online, especially not to a social network.

Other Issues

Ok, so I’ve explained why I think Facebook privacy is a non-issue, so why did I consider leaving Facebook? Put simply, applications and security.

If you’ve used Facebook for more than a couple months, then you probably remember the FarmVille and MafiaWars craze that so many people bought into. I remember a period of time when it seemed like every other entry on my feed was either “So-and-so needs help with a job” or “So-and-so just won a blue ribbon in X”. I refused, on principle, to participate in either of these games, and was constantly annoyed by all the noise. Today there are dozens of these kinds applications, with new ones showing up almost daily. I use social networks to connect with people socially, not to play games, so I find it annoying to be bombarded with random “news” items from applications my friends happen to be using. I understand that not everyone shares my views on this, but it seems like it should be possible to opt out completely, hiding all applications from showing up in my feed.

Facebook’s security is fairly robust. They even added a new feature recently that lets you receive notifications whenever somebody logs into your account from a different machine. My problems with Facebook security lie, again, with applications. Over the past year, I’ve seen dozens of “applications” that provide no useful functionality. If you add the application, it sends notifications to your friends, asking them to add the application. If they do, the pattern continues. These applications are little more than glorified viruses, and I think the Facebook management should be doing more to eliminate them and prevent new ones from being created.

Alternatives

Right now there aren’t very many alternatives to Facebook. Twitter is a great service that I enjoy using, but it caters to a different crowd of users. I don’t really expect my Grandma to ever use Twitter, so if I want to connect with her online I have to use a network that she can understand and use.

One alternative that has a lot of promise is BuddyPress, an open source project backed by the same people behind WordPress. It essentially allows you to build your own social network. It’s a pretty slick tool, with a lot of room for customization, but the main problem with this kind of distributed network is that almost all friend connections are lost. The great thing about Facebook is that I can visit one website and see updates from personal friends, fellow college students, and relatives. This is more difficult with a self hosted solution like BuddyPress.

There is group of students who want to create a “distributed Facebook”, called Diaspora. At the time I’m writing this, they’ve acquired over $180k in funding, which is quite impressive. The main idea for their project is to create a completely distributed social network, so rather than posting your data to a central hub, you host it on your own node, allowing you to have more control over what information you make available and who can see it. This sounds like a fantastic idea, but once again, my Grandma is a problem. I don’t expect her to ever be able to set up her own server to host her own node. My guess is that less than 1% of the Facebook population has the knowledge and resources that kind of setup requires. For an idea like this to work, they’re going to need to provide an alternative “hosted node” option. Even then, it would take a long time before enough people switched networks for a Facebook exodus to be feasible.

Conclusions

In closing, I believe that people’s privacy issues with Facebook arise from a misunderstanding of online privacy, not necessarily just from poor Facebook policies. By no means do I look at Facebook through rose-colored glasses, but I think too many people are expecting the Facebook administrators to protect their information, rather than taking responsibility for their own privacy.

Remember. Nothing you do online is truly private.