Why Storify Misses the Point on Protecting Privacy

Facebook groups privacy

When is a private thought not a private thought? When online curation tool Storify decides to bypass privacy wishes and share that thought publicly.

Over at AGBeat, there’s an interesting (and alarming) story about how Storify can be used to post private updates on Facebook publicly. By using their curation tool, someone in a private or secret Facebook group (where only members can view content) can share something meant for a limited audience for the whole web to view.

Storify co-founder Burt Herman seems to think this is okay, and the perfect example of why you should be careful in who you trust online.

But he’s missing a very key point.

People Can Make Mistakes – Technology Should Be Smarter

In a post on the Storify site addressing the AGBeat article, Herman suggests that curating private posts into a public stream is no different from taking a screenshot of a private update and posting that too.

While technically that may be true, in reality there’s a big difference between the two methods. Founder of business network pioneer Adholes, Marc Lefton, succinctly sums up the issue:

Screenshots are malicious. This [a Storify share] can happen by accident. That’s the difference.

Because Storify makes it simple for people to be browsing a site or network and share something that catches their eye, users (rightly or wrongly) will not always consider the limited audience the original update was meant for.

That’s the equal beauty and fallacy of human nature – excitement about content that grabs attention can result in the emotion of finding that content override the logic of respecting the audience limitation.

Technology like Storify, however, isn’t built on an emotional reaction – it’s bits and bytes taking a logical approach to enabling you to share emotionally-rich content.

Or at least it should be – but as the AGBeat article and Storify co-founder Herman’s shifting of blame to the user proves, the technology only works logically if the developers build it to do so.

Herman’s logic – that you should trust who you share content with not to reshare it if it’s meant to be private – would carry more weight if his platform was consistent in that mindset across all networks. But it isn’t.

If you try and share content via Storify from a protected Twitter account, the privacy settings from the micro-blogging platform prevent Storify from being able to quote the tweet. So it’s clear that Storify’s technology can be stopped by a network’s API.

Which suggests both Facebook and Storify are at fault here – Facebook for not preventing sharing the way Twitter does, and Storify for not recognizing a private group or community’s restricted access settings. Unfortunately, Storify doesn’t really see it this way.

It’s Your Fault

In the comments section of the AGBeat article, I questioned Herman’s stance on user blame after he stated it wasn’t a technology issue, but one of etiquette.

Danny AGBeat

Herman’s answer, ironically, highlights Storify’s failing – the “power” effected by being able to share easily needs to be countered by the ability to identify whether that content should be shared.

Herman’s logic suggests if a private update is shared, it’s your fault for trusting the wrong friends to begin with. But that’s simply absolving responsibility from the platform that offers the public sharing of a private update. Former journalist, and General Manager of Social Media at New York-based technology startup Internet Media Labs, Amy Vernon identifies the flaw in this logic perfectly:

This is the difference: 

You protect your tweets, Storify won’t allow people who are allowed to see your tweets to Storify them. You protect your Facebook posts, Storify will allow people who are allowed to see those posts to Storify them.

Plain and simple. 

Is it, at its root, a human problem? Sure. But all this is changing faster than the average person can keep up. That doesn’t absolve tools and platforms from trying to abide by privacy levels.

Instead of blaming the user, why doesn’t Storify take the higher road and have a filter/blocker in place (similar to the Twitter scenario) where a message pops up prior to the sharing that asks the simple question: “This content is from a restricted source – are you sure you wish to share?” Or, better still, simply change the way Storify scrapes network API’s and only allow sharing of clearly publicly available content.

Of course, to do this would mean admitting Storify (and, by association, Facebook) have a problem. And no-one likes to admit they have a weakness…

image: AGBeat

Sign up for free weekly content

Enter your first name and email below to get my free weekly newsletter with the latest posts, recommended reading, content tips and more.

(I respect your privacy and will never spam you)

Blog consulting with Danny Brown

Comment Policy: Your words are your own, so be nice and helpful if you can. Let’s treat the guests (and that includes you) nicely. Otherwise, you will be moderated and deleted where I feel it’s applicable. Please, only use your real name and limit the amount of links submitted in your comment. Apart from that - have at it!

    Share Your Thoughts

    Your email address will not be published. Required fields are marked *

  1. says

    Thanks for raising/sharing this issue, Danny; I agree with you and think Amy Vernon sums it up perfectly. For Burt Herman to call it an ettiquette issue carries the unrealistic expectation that the average Facebook user actually understands and stops to think about such things; I think the vast majority simply don’t.

  2. says

    Thanks for this, @dannybrown:disqus, and thanks for including my opinion. I started out totally feeling Facebook was to blame on this, but after having an infuriating conversation yesterday with the Storify founders on Twitter, I realized they don’t actually care what the privacy status of a post is and placed the onus completely on the user.

    I’m the first one to tell people that they should assume everything they do online (including private email to only one other person) could be made public. But that doesn’t mean that the tools we use should ignore the privacy settings that exist.

    • says

      The response from Herman especially has been disappointing. Our mutual friend Marc Girolimetti got it spot on with his comment over on Facebook about the vision being on the wrong goal. Hey ho.

  3. Tim Bonner says

    I agree with you whole-heartedly here Danny.

    If I set my privacy settings on Facebook, I set them for a reason. I don’t want someone to come along and scrape things without my permission, just because they can.

    Putting the onus firmly on the user as to what they post is totally unacceptable as that’s really what the whole point of a privacy setting is surely; to keep things private! Sorry for stating the obvious. Storify really do need to reconsider their actions here.

    • says

      And that’s the key point right there, Tim – “… just because they can.”

      When your technology bypasses privacy settings (through user error) that’s a glitch that needs to be addressed. It’s not too difficult to change the way your API communicates – it just seems it’s like too much work for Storify to do, and that’s a shame and a bit of a letdown, to be honest.

  4. says

    Danny, there seems to be a growing lack of concern with privacy on the part of those running various social media platforms. I’m not paranoid (sometimes the paranoid have reason to be), but I have reached a point where I just doubt that Facebook’s consistent privacy screw ups are accidents.

    My concern is, must I go into every single social media platform and establish privacy settings one by one? Or do I really get to choose what I keep private and what is public?

    Yes, there is a degree of personal responsibility, and ultimately, if I want something truly private, I should keep it off all social media. Part of the reason for that extreme is the simple fact that sometimes, the head of some social media platform decides my privacy desires do not matter.

    • says

      What makes the Storify case worse is they don’t even use the Facebook API – they’re simply doing the equivalent of scraping content, which raises further questions about their practice. And the co-founder is being obtuse with his blaming of the user.

  5. Alex Vess says

    Danny, I totally agree that Storify should take the higher road and add another screening question before sharing is allowed. My dad growing up told me to always be careful of what I put in writing and that is why any post that could ever be seen as offensive in a public or private chat I try to avoid.

    • Danny Brown says

      That's the disappointing factor – Facebook makes it difficult enough for the average user to understand their constantly-changing privacy settings, so as a third-party dev, be responsible when providing a backdoor route to bypass privacy settings. Cheers, Alex!

  6. garrysmith says

    miniver Storify Aren’t there privacy concerns around inspecting someone else’s privacy settings? And, how do you prevent a screen cap?

  7. CanadianWebBiz says

    It’s unethical, and probably illegal, to bypass privacy settings in any way, shape or form.  If someone has a reasonable expectation of privacy (which posting in a closed group should fall under), it should not be violated.  It’s hacking, at best, to access that information. At the very least, Facebook should block access according to privacy settings, and networks as a whole
    should have a universal blacklist for API’s that violate privacy
    Storify isn’t just trying to shift blame here (which is a bad PR move all by itself), they’re also trying to shift legal responsibility.  From formal privacy violations to private court action for job losses, etc., Storify would be wise to admit they’ve erred in judgement and stop scraping private content.

  8. says

    CanadianWebBiz Yeah, that’s one of the main issues, the fact Facebook doesn’t seem to care all that much, essentially saying to Storify, “It’s OK, hack away.” One of the reasons I like Twitter when it comes to privacy, at least they seem to respect it more.