Blown To Bits

Facebook sort of apologizes, and fixes one problem

Wednesday, May 26th, 2010 by Harry Lewis

A couple of days ago Mark Zuckerberg had an opinion piece in the Washington Post explaining that Facebook would be doing another rev on its privacy policies. Here are some key sentences:

The biggest message we have heard recently is that people want easier control over their information. Simply put, many of you thought our controls were too complex. Our intention was to give you lots of granular controls; but that may not have been what many of you wanted. We just missed the mark.

We have heard the feedback. There needs to be a simpler way to control your information. In the coming weeks, we will add privacy controls that are much simpler to use. We will also give you an easy way to turn off all third-party services. We are working hard to make these changes available as soon as possible. We hope you’ll be pleased with the result of our work and, as always, we’ll be eager to get your feedback.

We have also heard that some people don’t understand how their personal information is used and worry that it is shared in ways they don’t want. I’d like to clear that up now. Many people choose to make some of their information visible to everyone so people they know can find them on Facebook. We already offer controls to limit the visibility of that information and we intend to make them even stronger.

There are two threads here. The first is that the privacy controls were too granular and too complex. Certainly true, as the NYT graphic beautifully illustrated. Second is that not everyone wants lots of stuff public. Certainly true also. Glad they are addressing both problems. Or are they?

The tonal problem remains, I am afraid. The implication is that we geniuses at Facebook thought everything was cool, the problem was with the users. “Many of  you thought our controls were too complex.” Well, no; they were too complex. The point of privacy settings is so people, ordinary people, can keep stuff private. It shouldn’t take hundreds of clicks to do that. You are a consumer oriented company now, and the customer is always right. Imagine if a washing machine had a hundred knobs on it and had to be retrofitted. Would Whirlpool say “Many of you thought our controls were too complex”? Why didn’t Facebook run some user tests first?

And then there is the problem of defaults. Zucerberg’s post contains no hint that the defaults are wrong. In fact, there is deceptive language that suggests that the defaults are other than they are. “Many people choose to make some of their information visible to everyone.” No; “choose” suggests opt-in; the fact is opt-out. You, MZ, chose, on behalf of all of us, that some of our information will be visible to everyone, unless we do something to hide it. Big difference.

At least the programmers got cracking and fixed the data leakage Ben Edelman pointed out. But this was a kind of design bug that never should have happened in the first place. It wasn’t a coding error; they just failed to have some smart person looking over the engineers’ shoulders for privacy issues with their implementation. Again, some process failure is evident here.

Finally, the character-of-the-leader issue isn’t helped by the report that came out a couple of months ago that Zuckerberg, while still at Harvard, had used failed Facebook login attempts to guess email passwords of student journalists. Now there is a place where you really can only trust your web site. How would you ever know that when you type the password for one site into another, that the second isn’t grabbing the key you typed to see what it might unlock?

So the question will remain in the minds of lots of people: Can Facebook be trusted with personal information? I am betting there will be increasing Congressional interest in that question.

Comments are closed.