privacy

Facebook for Android and Why Zuckerberg Now Owns Your Ass

A little while back, I wrote about my concerns with the Facebook Messenger app, and the Permissions it ~~needed~~ demanded to function. It was these Permissions that saw me uninstall Messenger and ultimately close down my Facebook profile.

I’ve since activated a very stripped down Facebook profile, where I share a lot less than before and have it locked down to a very small number of family and friends – a very different experience from my “pretty much share everything” use on the deleted account.

Since I commute a lot, I installed the full Facebook for Android app. Usually, I have my apps to manually update, but because I had been testing the beta version of the new Android app before switching back to the “official” one, I’d neglected to change my app update settings.

This let Facebook download the latest update yesterday. And, originally, I was impressed – the new UI was slick and the experience far superior. So impressed, I shared a couple of screen grabs of the new interface.

As you can see, it’s a clean, easy-to-navigate experience. Finally, Android users had the app they deserved, right? Not quite.

The Devil Gives Better Choices than Facebook

You’ve probably heard the term “making a pact with the Devil”. Essentially, it allows you to have anything you want, in exchange for your soul being the property of the Devil when you die.

Facebook’s new Permissions kinda reminded me of this, given that they’re forcing you to give up any semblance of privacy you may have thought you still had left.

When I shared the pictures on Google+, Al Spaulding made me immediately regret the fact I was on auto-update. From his comment on the post:

It looks great. However I refuse to download it and am still using the older version from 2 mth ago. Why? Because the new one says pretty clearly that they can access your phone for anything. They can read your texts – take them off your phone and upload them to their server, place phone calls on your behalf, and even disclose your location without you wanting them to.

While I’m used to Facebook’s Draconian privacy settings, the part about accessing my SMS and MMS messages caught my attention. I don’t recall this being as explicit before (although it may have been), so I uninstalled the app and set about re-installing to check the Permissions out fully.

The results were a mix of scary and extreme.

The Calendar I’d seen on previous Permissions, and the Calls (while annoying) I’m pretty sure had been there too. But check out the exact wording of the SMS/MMS Permission, and that of the Contacts one.

Doesn’t that alarm you as a user? Read that wording again, especially this statement:

This allows the app to read all SMS messages, regardless of content or confidentiality.

Wow. Just… wow. Not even my wife gets access to my SMS messages (and no, Jacki, I have nothing to hide!). What honest and useful reason can Facebook have to get access to my texts? Seemingly they’re running with the “It will help us target better” message.

I call bullshit.

Target Publicly and Respect Privacy

I’m a marketer. I get that data helps us target campaigns better, and (in an ideal world) meet the needs of our customers and audience by that very targeting. Yet as I say time and time again, this has to be opt-in, and publicly available data.

The moment you track data beyond public access, you’re moving into both immoral and – you’d like to believe – questionably legal areas.

Facebook requiring access to my SMS messages, as well as the friends I speak with privately on the phone, sets off major alarm bells, and this from someone that benefits from the amount of data publicly available.

I’m not naive enough to think anything we put on the web is private. And, since the NSA-Snowden affair, I’m even less naive to think that we don’t face the prospect of being snooped on by our respective security forces.

But it could be argued it’s in the interests of public safety for this level of monitoring (though some of the arguments are very tenuous). Facebook doesn’t protect us, nor does it seem to have our interests at heart. All it wants are numbers, pure and simple, and the data that comes with these numbers to sell to the highest bidder.

These Permissions for their Android app merely confirm that, and is why my use of Facebook will now be restricted to the web version.

Your privacy, and how you place it in the Facebook ecosystem, is something Facebook is counting on you to ignore. The choice is yours.

Why Storify Misses the Point on Protecting Privacy

When is a private thought not a private thought? When online curation tool Storify decides to bypass privacy wishes and share that thought publicly.

Over at AGBeat, there’s an interesting (and alarming) story about how Storify can be used to post private updates on Facebook publicly. By using their curation tool, someone in a private or secret Facebook group (where only members can view content) can share something meant for a limited audience for the whole web to view.

Storify co-founder Burt Herman seems to think this is okay, and the perfect example of why you should be careful in who you trust online.

But he’s missing a very key point.

People Can Make Mistakes – Technology Should Be Smarter

In a post on the Storify site addressing the AGBeat article, Herman suggests that curating private posts into a public stream is no different from taking a screenshot of a private update and posting that too.

While technically that may be true, in reality there’s a big difference between the two methods. Founder of business network pioneer Adholes, Marc Lefton, succinctly sums up the issue:

Screenshots are malicious. This [a Storify share] can happen by accident. That’s the difference.

Because Storify makes it simple for people to be browsing a site or network and share something that catches their eye, users (rightly or wrongly) will not always consider the limited audience the original update was meant for.

That’s the equal beauty and fallacy of human nature – excitement about content that grabs attention can result in the emotion of finding that content override the logic of respecting the audience limitation.

Technology like Storify, however, isn’t built on an emotional reaction – it’s bits and bytes taking a logical approach to enabling you to share emotionally-rich content.

Or at least it should be – but as the AGBeat article and Storify co-founder Herman’s shifting of blame to the user proves, the technology only works logically if the developers build it to do so.

Herman’s logic – that you should trust who you share content with not to reshare it if it’s meant to be private – would carry more weight if his platform was consistent in that mindset across all networks. But it isn’t.

If you try and share content via Storify from a protected Twitter account, the privacy settings from the micro-blogging platform prevent Storify from being able to quote the tweet. So it’s clear that Storify’s technology can be stopped by a network’s API.

Which suggests both Facebook and Storify are at fault here – Facebook for not preventing sharing the way Twitter does, and Storify for not recognizing a private group or community’s restricted access settings. Unfortunately, Storify doesn’t really see it this way.

It’s Your Fault

In the comments section of the AGBeat article, I questioned Herman’s stance on user blame after he stated it wasn’t a technology issue, but one of etiquette.

Herman’s answer, ironically, highlights Storify’s failing – the “power” effected by being able to share easily needs to be countered by the ability to identify whether that content should be shared.

Herman’s logic suggests if a private update is shared, it’s your fault for trusting the wrong friends to begin with. But that’s simply absolving responsibility from the platform that offers the public sharing of a private update. Former journalist, and General Manager of Social Media at New York-based technology startup Internet Media Labs, Amy Vernon identifies the flaw in this logic perfectly:

This is the difference:?

You protect your tweets, Storify won’t allow people who are allowed to see your tweets to Storify them. You protect your Facebook posts, Storify will allow people who are allowed to see those posts to Storify them.

Plain and simple.?

Is it, at its root, a human problem? Sure. But all this is changing faster than the average person can keep up. That doesn’t absolve tools and platforms from trying to abide by privacy levels.

Instead of blaming the user, why doesn’t Storify take the higher road and have a filter/blocker in place (similar to the Twitter scenario) where a message pops up prior to the sharing that asks the simple question: “This content is from a restricted source – are you sure you wish to share?” Or, better still, simply change the way Storify scrapes network API’s and only allow sharing of clearly publicly available content.

Of course, to do this would mean admitting Storify (and, by association, Facebook) have a problem. And no-one likes to admit they have a weakness…

image: AGBeat

Instagram, Social Media and the Opt-Out Economy

If you follow any kind of tech or social media news, you’ll know about the announcement from mobile photo app Instagram and its new Terms of Service that come into play on January 16.

If you haven’t seen any of the stories, the main gist of it is this:

Instagram’s owners, Facebook, will have the perpetual right to license all public Instagram photos to companies or any other organization, including for advertising purposes.
Ads may or may not be disclosed to the user.
A business may take your uploaded photo, use it in an ad, and not have to compensate you.
If you continue to upload images after January 16 and then decide to delete your account, your images can still be sold by Facebook as their property.

While there are some questionable inclusions on these new terms – I’d love to hear what the FTC has to say about non-disclosure of ads, which completely contradicts their edicts – it’s the last one that is the most concerning, since it enforces my view that we’re now part of the opt-out economy.

Whatever Happened to Permission Marketing?

In 1999, author and marketer Seth Godin published the seminal Permission Marketing. While the ideas in the book weren’t completely new, it was a wake-up call to marketers and businesses everywhere.

Instead of spamming people with crappy marketing messages they didn’t want, and invading email inboxes with newsletters they weren’t subscribed to, a new best practice emerged – let the people choose what they subscribe to, and what messages they received.

Since then, various laws have come into place to protect consumers – the CAN-SPAM Act covers all commercial messages, while the U.K. introduced the Privacy and Electronic Communications (EC Directive) in 2003, requiring opt-in for all email marketing campaigns.

So far so good, right? Except in today’s digital landscape, where it seems?we’re moving more towards the opt-out economy versus the opt-in one we fought so hard to create and support.

Social Scoring and Signing In Before You Can Leave

For most social networks – Facebook, Twitter, etc., – you still use the opt-in process. So, I need to physically sign up to use Twitter’s platform if I want to tweet. For the most part, this is how social platforms work. Then social scoring arrived and opt-out seemed to be the new opt-in.

The most well-known of the social scoring platforms, Klout, created a profile for you whether you liked it or not. If you had a public Twitter account, you had a Klout account.

If you didn’t want to partake in Klout’s promotion of you to their advertising partners, you actually had to create an account with Klout just to delete it, completely going against the idea of permission marketing and consumer wishes.

Klout’s reasoning is that they’re only accessing information that is publicly available, and that’s true. The main problem is your Klout score can impact how you’re perceived by companies and other online users – and you have no say in that, unless you sign up to try and play that system.

However, the bigger picture here is the question of opt-out versus opt-in, and Klout’s successes (millions of users and supporters and thousands of partners) seems to indicate opt-out can be a workable process.

The Instagram Question

Which brings us back to Instagram’s recent policy announcement. While it could be argued that unless you pay for the product you are the product, Instagram’s wording goes way beyond that. Consider this:

When you share photographs on Instagram that include other people, and that photo is then sold or used by an Instagram partner in a promotional campaign that goes against the beliefs of your friend in the picture (she supports PETA and Instagram use your image in a fur coat promotion), your friend can’t do anything about it because it’s your photo.
If Instagram has the right to access your friends’ details on Facebook during the sign-in process, you’ve essentially sold their details to Instagram’s partners and they may never know that until they start getting bombarded with partner ads.

These are just two areas that the new policy could potentially be used. Not only can you not opt-out of this happening if you stick around after January 16, your friends (who may not even be on Instagram) have even less of a chance to opt-out of their likeness being used for promotional gain.

Here’s another angle to take:

I get a picture taken with you. I work for a brand, and I use Instagram. I tell Instagram all pictures are my property and all people in them agree to be shared. Then I, as the brand employee, put that picture up with a promo for Westboro Baptist Church (let’s say they’re a client), with the caption “We support the ban on gays” next to a book entitled “Why The Real Family is a Man and Wife Family”.

By definition, and your inclusion in that picture, you now endorse both Westboro Baptist Church and are anti-gay. Would you be happy with that possibility?

Understanding this, and seeing what could potentially happen, is the reason Facebook posts and news article comments are alight with concern from current Instagram users, many of who have said they will be deleting their accounts.

You could argue that we give up the right to any true privacy when we open up an account with these apps and, for the most part, you’d be right. When you use something for free that costs money to maintain, there needs to be some revenue option that kicks in.

The problem with the Instagram change, though, is that Facebook are essentially saying “You’re our new freelance photographer but we’re not paying you” as well as curtailing your basic right to hold on to your property when you leave a platform.

And it’s that last point that could well be the straw that breaks the Instagram camel’s back. Time will tell.

Update: December 18, 5.00pm EST – Instagram co-founder Kevin Systrom has updated the corporate blog with an explanation (though it doesn’t address the FTC/non-disclosed ad concerns).

Update: December 23 – A class action lawsuit has been brought against Instagram for breach of contract.

image: Casey Neistat