Chris Peterson

The sustained blowback from the Facebook community has been as powerful as I’ve ever seen it, which is really quite inspiring.

AllFacebook calls for Facebook to “make instant personalization opt-in immediately”, calling its practices “unethical” otherwise:

It’s pretty outrageous to watch Facebook defend something which is obviously unethical. I’m talking about the company’s “Instant Personalization” program which the company forces users into, whether they like it or not. Despite the ongoing public criticism about the service, and a number of other products, Facebook is standing strong, arguing that users “love” what Facebook is doing.

…

Not only is [Facebook’s position that users love the service] a complete lie, but it’s a violation of the trust of the hundreds of millions of users who support the service.

Plus, Matt McKeon has a great graphic illustrating the EFF’s timeline of how Facebook has opened up.

Don’t want to leech his graphic, so click through and check it out.

As Vonnegut would say – strong stuff.

A lot has tumbled out of the woodwork about Facebook privacy over the last week, so here’s a quick review:

• via PCWorld: Facebook’s New Features Secretly Add Apps To Your Profile.
  

  If you visit certain sites while logged in to Facebook, an app for those sites will be quietly added to your Facebook profile. You don’t have to have a Facebook window open, you don’t need to be signed in to these sites for the apps to appear, there’s no notification, and there doesn’t appear to be an option to opt-out anywhere in Facebook’s byzantine privacy settings.

• via AllFacebook: Why Is Facebook Dead Set On Pushing Limits of Privacy?
  

  Does this mean that this is the way the world is going? Or does it simply mean this is the way that internet startups have chosen to “innovate”? I’d argue that it’s the latter and ultimately, Facebook will win when users have complete control of all their information.

  While sharing information has become an integral component of our daily communication, who we share that information with differs from person to person. With close to 450 million users, Facebook has plenty of opportunities to make money while simultaneously releasing new innovative technologies. None of this need to violate users’ privacy.

  Despite this, Facebook continues to release products that violate the users’ trust and ultimately, that’s going to be more damaging to the company than anything else.

  Nick is totally correct about this, and I think it’s telling that AllFacebook – which for a long time has seemed to be a simple fan front for Facebook – is calling them out pretty hard here.

• via AllFacebook: Chris Kelly Does Not Like “Instant Personalization”
  

  Facebook’s former Chief Privacy Officer, Chris Kelly, made a public statement against Facebook’s new “Instant Personalization” service, days after the program came under attack from a number of Senators. In a public statement, Chris Kelly distanced himself from Facebook saying, “Facebook’s recent changes to its privacy policy and practices with regard to data sharing occurred after I left the company.”

  Even Chris Kelly – who was in charge of privacy during Beacon – thinks this goes too far.

• via DeObfuscate: Facebook’s Anti-Privacy Monopoly

The biggest response I get from people when I point out these arguments is that “you can just delete your account”. But really, no, I can’t. Nor do I want to. I like using Facebook too much, and not having an account would feel like being a hermit. Facebook use is becoming a somewhat integral part of our society. But that doesn’t mean I can’t argue and fight against what I see as harmful anticompetitive conduct that destroys the bargaining relationship between Facebook users and Facebook, Inc.



• Rocket.ly and PrimeVector on why they (and you) should cancel your Facebook account.
• PeteSearch on how Facebook threatened to sue him for revealing some of their data practices.
  

In “Losing Face” I mention the technology of “privacy mirrors”, a concept which has been developed in the HCI literature over the last decade or so. Briefly put, a “privacy mirror” works just like a real mirror – by reflecting how your profile/data/etc appear to others.

There are two great privacy mirrors now available for Facebook users.

The first is Facebook’s ViewAs functionality, which has been available for some time but has been refined recently. It allows you to assume the “mask” of any Friend and see how they see your profile.

The second, by Berkeley student Ka-Ping Yee, doesn’t have a name, but it does the same thing for your open graph. Type in your username and this tool will show you all of the data that are available to everyone on the web with the new change. Most people will want to look closely at their Likes, Status Updates, and Photos, since they tend to get pretty squirrely.

Good luck!

From one of the new privacy tutorials released today:

What your friends can share about you through applications and websites

When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card

If your friend uses an application that you do not use, you can control what types of information the application can access. Please note that applications will always be able to access your publicly available information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages) and information that is visible to Everyone.

Emphasis mine.

Outrage, I imagine, is shared.

The EFF had a good article up the other day about the new “Community Pages” functionality that was announced in a recent blog post. It’s a bit complex, but the upshot is that from now on, whenever you “Like” a Page (because “Becoming a Fan” is too involved and procedurally onerous for Facebookers), your “Liking” of that page is totally public.

Facebook has, in other words, restricted your privacy to your sphere, and redefined the sphere as being your profile. They say this in a way that sounds nice and community-centric:

Community Pages are a new type of Facebook Page dedicated to a topic or experience that is owned collectively by the community connected to it…Keep in mind that Facebook Pages you connect to are public. You can control which friends are able to see connections listed on your profile, but you may still show up on Pages you’re connected to.

But this is largely a way of reframing a loss of control such that users don’t even know they’ve lost what they once had the ability to control. Even the shills (and I say that with love) at AllFacebook recognize this as “New, Half-Functional Privacy Settings.”

That’s annoying – I went through and “Unliked” all of the Pages of which I had previously become a Fan – but not totally debilitating.

Today, though, Master Zuckerberg posted an update – with the anthematic title of “Building the Social Web Together” – outlining the new “Open Graph” initiative Facebook is undertaking.

Open Graph will allow website partners to detect your Facebook information and relate the data on their site to your social network. So, for example, if you are reading an article on CNN, you can see which of your other friends have also Shared that article, like this example from WaPo:

If it seems a little like Beacon, that’s because…it seems a little like Beacon, except somewhat the mirror-image. Rather than tracking what you do on other websites and importing it in to Facebook, Facebook is tracking what you do in Facebook (and, by extension, on other sites) and exporting it to other sites.

Now, it’s not yet clear what the extent of this will be. It could be that this only exports links you’ve shared, in which case it’s less offensive – after all, they’re simply locating your action (sharing content) with the content more directly, which can be a nice service, and may add some serendipity to the web.

It potentially gets scary pretty quickly, however. What if you simply read an article or access a webpage? And, potentially more subversively, how closely will the Open Graph respect the convoluted (and in many cases multilayered) privacy preferences of Facebook?

This is a question I myself just emailed to Facebook:

Hi –

I’m in need of clarification on the new Social Graph:

So suppose I go to CNN.com, and I share a link on Facebook.

Now, I’ve set up my privacy preferences carefully. I know that my friend Alice, who is on my “Trusted Friends” Friends List and can see my wall, can see that I have shared that link on Facebook.

And I know – or at least hope – that complete stranger Bob CANNOT see that I have shared that link – I’ll be one of the anonymous number of people who shared it.

The question I have, though, is about Carl. I’m Facebook friends with Carl, but he’s on my “Scrubbed” Friends List. Carl can’t see anything on my Facebook – no pictures, no video, and definitely no wall or status updates.

If Carl goes to CNN, would Carl see me as being one of the people who has shared the website? On the one hand, I am his friend; on the other hand, he can’t see my status updates on Facebook.

In other words, does the new Social Graph functionality respect the Friends Lists or only Friendship/NotFriendship?

Thanks. This is very important to me and the answer will affect whether I (and I imagine others) will continue to use Facebook (or at least its social functionalities).

I hope that whatever answer I (do not expect to) receive will tell me that they respect Friends Lists. If not, I don’t think I will be able to continue to share links or content through Facebook, because there will be no way for me to differentiate between my social contexts outside of the Facebook environment. If that happens, it will remove tremendous utility for me, and I expect many others as well.

Which brings me to my next point – why am I still using Facebook? I’m wearying of it. Every time something new is introduced, I find that I have to go through great lengths to reestablish my environmental equilibrium, if indeed I can at all. I can’t be the only person who feels this way: trapped between the network effects of Facebook and the concern that it’s leading you down the garden path to privacy catastrophe.

Something’s got to give.

When the NYT linked to Saving Face (my thesis), I saw thousands and thousands of downloads from my server – I think I calculated at the time that it would’ve made it the 7th most downloaded article ever from SSRN.

A few days ago, I was informed that Losing Face (my revised article) had made the top ten list for (recent) articles in the eBusiness & eCommerce eJournal.

I also found out that Losing Face has been already cited in three peer-reviewed papers, including one in First Monday and two law review articles.

While I’m honored that so many folks have found my writing to be interesting and useful, it is a bit ironic that Losing Face appears to be good enough to be widely read and well-cited but not good enough to merit publication on its own, at least judging by the stream of rejections from law reviews to which I’ve submitted. Guess not having a J.D. is a bigger issue than I’d hoped…

Via AllFacebook:

While you may never have signed up for a specific site, Facebook may begin giving away some of your data without your permission according to a new privacy policy change the company is considering. While it may not be a Beacon fiasco yet, it’s a similar idea. As the company writes, “In the proposed privacy policy, we’ve also explained the possibility of working with some partner websites that we pre-approve to offer a more personalized experience at the moment you visit the site.”

…

Granted, we are not totally clear about the instances in which Facebook will share your information, but it’s pretty clear that this is another sort of “opt-out” feature that led to a heated privacy debate years ago. In addition to potentially sharing your data with participating sites the moment you visit them, Facebook is announcing some other privacy changes, including a previous emphasis on adding “a location to something you post.”

So it’s Beacon, except launched with a savvier approach to avoid the Beacon backlash.

I’ve met profoundly deaf people who are more on pitch than the Facebook privacy people.

Clay Shirky, via Kevin Kelly, via James Grimmelmann:

“Institutions will try to preserve the problem to which they are the solution.”

Original insight? No. Perfect phrasing? Yes.

Then again, that’s Shirky’s M.O. If you haven’t read Here Comes Evertbody, read it; I’ve already pre-ordered Cognitive Surplus.

(all those “via”s – no wonder “RT” needed to be invented!)

(Apologies for the alliteration. The sad truth is that I once attended a session at the NEYWC run by a senior Sports Illustrated editor. When he reviewed my journalism samples he told me that, whatever other weaknesses my style might have, it was refreshing free of the tropes that had haunted his early writing, mainly alliteration, bad puns, and catchy clauses jammed into sentences where they didn’t belong. He then gave me a sample of that bad writing so as to not emulate it. And I’ve been writing like that ever since).

(Anyway,)

Via James Grimmelmann, the tragic story of yet another individual who found himself tripped up by the confusing design of Google Buzz.

Except, in this case, the individual was Andrew McLaughlin, i.e. the Deputy Head of Internet Policy for the White House and former Head of Global Public Policy for Google itself.

Quote:

Maybe Mr. McLaughlin needs to read Grimmelmann’s Privacy as Product Safety so he can get to regulating his former employer!

edit: immediately after hitting submit I saw this blog post from Google Public Policy about the changes they made to Buzz. Good. But not good enough.

Readers of this blog will recall Saving With Shoeboxes: An Open Letter To My Bank, in which I reviewed some research from behavioral economics and suggested that banks might leverage the bracketing effect to help people visualize their budget. The general idea is that if you provide some structure which breaks up a pool of money into discrete chunks, people can actually budget better, because once you break down that $1000 of “free” money in your checking account into constitutive categories (groceries, utilities, etc), you’re much less tempted to blow it on an iPod.

I suggested that consumers could benefit if their banks allows users to create these ad-hoc, constitutive categories within a checking or savings account, and then allocate their total funds within these categories. Basically, if you could build your budget structure into the architecture of your online banking, you’d be able to bank better.

The post drew a fair response, in part because it was linked on Cass Sunstein and Richard Thaler’s NudgeBlog. And in the comments, a fair number of readers shared their stories, saying they’d been doing similar things for years with multiple checking accounts, or suggesting software packages like Mvelopes and BucketWise. And while these software packages have their perks – BucketWise, in particular, is almost exactly what I think the final solution should look like – they suffer from the disadvantages of disintegration from one’s actual online banking. Saving with shoeboxes should be simple and integrated into the process – it shouldn’t be disassociated and living on your desktop.

So I did the next best thing – I opened up about 8 checking accounts with Bank of America, and moved my money around within them. It wasn’t the simplest thing in the world, and getting 8 bank statements a month was sort of annoying, but it allowed me to improvise a crude shoebox system. Plus, checking accounts were free and easy to open online. And all was well for a time.

Note the past tense. Last week, Bank of America announced new monthly maintenance fees for checking and savings accounts that did not meet certain prerequisites (direct deposit, or a minimum balance of $1500 for the former and $300 for the latter). They launched a painfully kitschy “Facts About Fees” page, with a tiny talking woman named “Janet” strolling confidently onto my screen, explaining in a vaguely condescending tone stuff that was, in fact, unrelated to why these fees were suddenly necessary.

For most people, I admit, this probably isn’t an issue, as they most likely meet the minimum balance or direct deposit requirements on their one or two accounts. For me, obviously, it was unsustainable – I’d be paying upwards of $80 a month just for my budgeting system!

I tried calling Bank of America to see if they’d waive the fees. No dice. So I began looking around for other options.

I returned to the comments from that original post and found some promoting ING Direct, the online-only counterpart of banking giant ING. ING Direct, it seems, allows you to open up to 25 savings accounts for free, with no fees or minimums. Plus, they have “Automatic Savings Plans”, so one could say (for example) “Transfer $100 from my paycheck to my ‘Holiday Savings’ fund every month”.

Now, is this a perfect shoebox solution? Not at all. You still have to open several accounts, and you can’t easily allocate everyday expenditures within those accounts – you can only transfer money from “groceries” to “checking” to cover the expense.

(One of the keys to BucketWise is that you can allocate directly. Suppose you have $500 in your checking account, and $175 of that is devoted to grocery budget. You spend $50 at the grocery store on your debit card. When you enter that $50 into BucketWise, you can allocate it to your grocery budget. Now, your total account total goes down to $450, and your total grocery budget goes down to $125. This integrated allocation would be a killer feature to a true “shoebox” system in any online banking environment. I’ve been advocating a true design to anyone who will listen – and many who won’t. I’m still pushing for it as hard as I can. But I digress.)

However, ING Direct is much better at this sort of stuff than any other organization I’ve seen, including, unfortunately, MITFCU (I wanted to go Credit Union because of my distaste for banks, but apparently federal law does not allow individuals to open more than one checking/savings account per person, and MITFCU hasn’t gotten around to implemented a shoebox system as SDCCU has). So, for the last 24 hours, I’ve been transferring everything over to them.

While some aspects of the transition to an online-only bank aren’t easy – the two-day ACH waiting period, the comparable lack of ATMs, etc – so far I’ve been very satisfied. Their online banking portal is excellent, their rates are great, and the service is fantastic. It’s weird how weird it is to pick up a phone, call customer support, and be connected to an actual human being in two rings or less. I can’t even remember the last time I was on hold with Bank of America for less than 15 minutes.

When you include the fact that ING Direct will allow me to continue my (admittedly imperfect) implementation of the shoebox system, it’s really a no-brainer.

So if you’re out there, and want to try better budgeting, or about to get hit with ridiculous fees by comically money-grubbing financial institutions, I recommend ING Direct. I only wish I’d followed the advice of those comments before.