Why Storify Misses the Point on Protecting Privacy

 

Facebook groups privacy

When is a private thought not a private thought? When online curation tool Storify decides to bypass privacy wishes and share that thought publicly.

Over at AGBeat, there’s an interesting (and alarming) story about how Storify can be used to post private updates on Facebook publicly. By using their curation tool, someone in a private or secret Facebook group (where only members can view content) can share something meant for a limited audience for the whole web to view.

Storify co-founder Burt Herman seems to think this is okay, and the perfect example of why you should be careful in who you trust online.

But he’s missing a very key point.

People Can Make Mistakes – Technology Should Be Smarter

In a post on the Storify site addressing the AGBeat article, Herman suggests that curating private posts into a public stream is no different from taking a screenshot of a private update and posting that too.

While technically that may be true, in reality there’s a big difference between the two methods. Founder of business network pioneer Adholes, Marc Lefton, succinctly sums up the issue:

Screenshots are malicious. This [a Storify share] can happen by accident. That’s the difference.

Because Storify makes it simple for people to be browsing a site or network and share something that catches their eye, users (rightly or wrongly) will not always consider the limited audience the original update was meant for.

That’s the equal beauty and fallacy of human nature – excitement about content that grabs attention can result in the emotion of finding that content override the logic of respecting the audience limitation.

Technology like Storify, however, isn’t built on an emotional reaction – it’s bits and bytes taking a logical approach to enabling you to share emotionally-rich content.

Or at least it should be – but as the AGBeat article and Storify co-founder Herman’s shifting of blame to the user proves, the technology only works logically if the developers build it to do so.

Herman’s logic – that you should trust who you share content with not to reshare it if it’s meant to be private – would carry more weight if his platform was consistent in that mindset across all networks. But it isn’t.

If you try and share content via Storify from a protected Twitter account, the privacy settings from the micro-blogging platform prevent Storify from being able to quote the tweet. So it’s clear that Storify’s technology can be stopped by a network’s API.

Which suggests both Facebook and Storify are at fault here – Facebook for not preventing sharing the way Twitter does, and Storify for not recognizing a private group or community’s restricted access settings. Unfortunately, Storify doesn’t really see it this way.

It’s Your Fault

In the comments section of the AGBeat article, I questioned Herman’s stance on user blame after he stated it wasn’t a technology issue, but one of etiquette.

Danny AGBeat

Herman’s answer, ironically, highlights Storify’s failing – the “power” effected by being able to share easily needs to be countered by the ability to identify whether that content should be shared.

Herman’s logic suggests if a private update is shared, it’s your fault for trusting the wrong friends to begin with. But that’s simply absolving responsibility from the platform that offers the public sharing of a private update. Former journalist, and General Manager of Social Media at New York-based technology startup Internet Media Labs, Amy Vernon identifies the flaw in this logic perfectly:

This is the difference: 

You protect your tweets, Storify won’t allow people who are allowed to see your tweets to Storify them. You protect your Facebook posts, Storify will allow people who are allowed to see those posts to Storify them.

Plain and simple. 

Is it, at its root, a human problem? Sure. But all this is changing faster than the average person can keep up. That doesn’t absolve tools and platforms from trying to abide by privacy levels.

Instead of blaming the user, why doesn’t Storify take the higher road and have a filter/blocker in place (similar to the Twitter scenario) where a message pops up prior to the sharing that asks the simple question: “This content is from a restricted source – are you sure you wish to share?” Or, better still, simply change the way Storify scrapes network API’s and only allow sharing of clearly publicly available content.

Of course, to do this would mean admitting Storify (and, by association, Facebook) have a problem. And no-one likes to admit they have a weakness…

image: AGBeat

 
Get my latest posts as soon as they're published

Enjoy this post? Then join 12,603 other smart subscribers and receive my latest posts as soon as they're published - simply enter your email below (I respect your privacy and will never spam you).

Alternatively, click here to subscribe to the RSS feed instead.

26 comments
Danny Brown
Danny Brown

CanadianWebBiz Yeah, that's one of the main issues, the fact Facebook doesn't seem to care all that much, essentially saying to Storify, "It's OK, hack away." One of the reasons I like Twitter when it comes to privacy, at least they seem to respect it more.

CanadianWebBiz
CanadianWebBiz

It's unethical, and probably illegal, to bypass privacy settings in any way, shape or form.  If someone has a reasonable expectation of privacy (which posting in a closed group should fall under), it should not be violated.  It's hacking, at best, to access that information. At the very least, Facebook should block access according to privacy settings, and networks as a whole should have a universal blacklist for API's that violate privacy settings.

Storify isn't just trying to shift blame here (which is a bad PR move all by itself), they're also trying to shift legal responsibility.  From formal privacy violations to private court action for job losses, etc., Storify would be wise to admit they've erred in judgement and stop scraping private content.

CanadianWebBiz
CanadianWebBiz

It's unethical, and probably illegal, to bypass privacy settings in any way, shape or form.  If someone has a reasonable expectation of privacy (which posting in a closed group should fall under), it should not be violated.  It's hacking, at best, to access that information. At the very least, Facebook should block access according to privacy settings, and networks as a whole should have a universal blacklist for API's that violate privacy settings. Storify isn't just trying to shift blame here (which is a bad PR move all by itself), they're also trying to shift legal responsibility.  From formal privacy violations to private court action for job losses, etc., Storify would be wise to admit they've erred in judgement and stop scraping private content.

garrysmith
garrysmith

@miniver @Storify Aren't there privacy concerns around inspecting someone else's privacy settings? And, how do you prevent a screen cap?

garrysmith
garrysmith

miniver Storify Aren't there privacy concerns around inspecting someone else's privacy settings? And, how do you prevent a screen cap?

hrn212
hrn212

@DaniParadis Holy crap. I didn't realise private FB posts could be storified.

hrn212
hrn212

DaniParadis Holy crap. I didn't realise private FB posts could be storified.

Alex Vess
Alex Vess

Danny, I totally agree that Storify should take the higher road and add another screening question before sharing is allowed. My dad growing up told me to always be careful of what I put in writing and that is why any post that could ever be seen as offensive in a public or private chat I try to avoid.

Clay Morgan
Clay Morgan

Danny, there seems to be a growing lack of concern with privacy on the part of those running various social media platforms. I'm not paranoid (sometimes the paranoid have reason to be), but I have reached a point where I just doubt that Facebook's consistent privacy screw ups are accidents.

My concern is, must I go into every single social media platform and establish privacy settings one by one? Or do I really get to choose what I keep private and what is public?

Yes, there is a degree of personal responsibility, and ultimately, if I want something truly private, I should keep it off all social media. Part of the reason for that extreme is the simple fact that sometimes, the head of some social media platform decides my privacy desires do not matter.

Clay Morgan
Clay Morgan

Danny, there seems to be a growing lack of concern with privacy on the part of those running various social media platforms. I'm not paranoid (sometimes the paranoid have reason to be), but I have reached a point where I just doubt that Facebook's consistent privacy screw ups are accidents. My concern is, must I go into every single social media platform and establish privacy settings one by one? Or do I really get to choose what I keep private and what is public? Yes, there is a degree of personal responsibility, and ultimately, if I want something truly private, I should keep it off all social media. Part of the reason for that extreme is the simple fact that sometimes, the head of some social media platform decides my privacy desires do not matter.

Tim Bonner
Tim Bonner

I agree with you whole-heartedly here Danny.

If I set my privacy settings on Facebook, I set them for a reason. I don't want someone to come along and scrape things without my permission, just because they can.

Putting the onus firmly on the user as to what they post is totally unacceptable as that's really what the whole point of a privacy setting is surely; to keep things private! Sorry for stating the obvious. Storify really do need to reconsider their actions here.

Tim Bonner
Tim Bonner

I agree with you whole-heartedly here Danny. If I set my privacy settings on Facebook, I set them for a reason. I don't want someone to come along and scrape things without my permission, just because they can. Putting the onus firmly on the user as to what they post is totally unacceptable as that's really what the whole point of a privacy setting is surely; to keep things private! Sorry for stating the obvious. Storify really do need to reconsider their actions here.

AmyVernon
AmyVernon

Thanks for this, @dannybrown:disqus, and thanks for including my opinion. I started out totally feeling Facebook was to blame on this, but after having an infuriating conversation yesterday with the Storify founders on Twitter, I realized they don't actually care what the privacy status of a post is and placed the onus completely on the user.

I'm the first one to tell people that they should assume everything they do online (including private email to only one other person) could be made public. But that doesn't mean that the tools we use should ignore the privacy settings that exist.

AmyVernon
AmyVernon

Thanks for this, @dannybrown:disqus, and thanks for including my opinion. I started out totally feeling Facebook was to blame on this, but after having an infuriating conversation yesterday with the Storify founders on Twitter, I realized they don't actually care what the privacy status of a post is and placed the onus completely on the user. I'm the first one to tell people that they should assume everything they do online (including private email to only one other person) could be made public. But that doesn't mean that the tools we use should ignore the privacy settings that exist.

Amy Sept
Amy Sept

Thanks for raising/sharing this issue, Danny; I agree with you and think Amy Vernon sums it up perfectly. For Burt Herman to call it an ettiquette issue carries the unrealistic expectation that the average Facebook user actually understands and stops to think about such things; I think the vast majority simply don't.

Danny Brown
Danny Brown

That's the disappointing factor - Facebook makes it difficult enough for the average user to understand their constantly-changing privacy settings, so as a third-party dev, be responsible when providing a backdoor route to bypass privacy settings. Cheers, Alex!

Danny Brown
Danny Brown

What makes the Storify case worse is they don't even use the Facebook API - they're simply doing the equivalent of scraping content, which raises further questions about their practice. And the co-founder is being obtuse with his blaming of the user.

Danny Brown
Danny Brown

And that's the key point right there, Tim - "... just because they can."

When your technology bypasses privacy settings (through user error) that's a glitch that needs to be addressed. It's not too difficult to change the way your API communicates - it just seems it's like too much work for Storify to do, and that's a shame and a bit of a letdown, to be honest.

Danny Brown
Danny Brown

And that's the key point right there, Tim - "... just because they can." When your technology bypasses privacy settings (through user error) that's a glitch that needs to be addressed. It's not too difficult to change the way your API communicates - it just seems it's like too much work for Storify to do, and that's a shame and a bit of a letdown, to be honest.

Danny Brown
Danny Brown

The response from Herman especially has been disappointing. Our mutual friend Marc Girolimetti got it spot on with his comment over on Facebook about the vision being on the wrong goal. Hey ho.

Danny Brown
Danny Brown

Exactly, Amy. While we definitely need to take responsibility for our actions, the fact that more than 25% of Facebook users don't even know about the privacy options means the tools accessing Facebook also have to share responsibility. Here's hoping Storify see sense.

Amy Sept
Amy Sept

Well, isn't that ironic! Thanks for linking me to that post.

AmyVernon
AmyVernon

Right? I did enjoy my convo with Josh. He was much more receptive to the conversation overall.