In apparent response to recent furor, Facebook called an all-hands meeting at the company with one topic in mind: privacy. What did they emerge from the shindig with?
An anti-hacking system. Talk about missing the fucking point.
This is why it’s hot
Facebook is on top of the world in two different ways right now. First, it has rather masterfully become the default social network for a significant portion of the Internet’s residents, and they got there with the careful application of very strategic moves.
In 2004, the site’s beginning, Facebook was strictly for Harvard students. Zuckerberg coded and built it as a book of faces to get everybody on campus listed together in a central location so they could easily find and talk to each other. It expanded to the rest of the Ivy League schools and, at that time, was still called TheFacebook.
It then grew to include all university students American and Canadian–a way to link friends who went away to college and find new friends and interests on campus. It flourished thanks to tech-savvy students who knew a decent thing when they saw it. They evangelized it to their friends, and a massive network began to spread.
Meanwhile, everybody outside of college saw the fun their college-age friends were having, and the seed of desire was sown. Everybody wanted in on the fun, new thing. In response, Zuckerberg expanded it yet again to include high school students and changed the name to Facebook after securing the facebook.com domain.
Again, a clever move: high school students are also traditionally savvy, and at least more likely to try new things and expand the social experience that Facebook wanted to become. It also became available to certain companies, including Microsoft and Apple. More techies rejoiced. The network grew, and so did the influence and appeal.
Up until September 2006, then, you had to be part of certain networks–affiliated with a college or company email, or an invite to a high school group–to become a part of Facebook. Zuckerberg also toyed briefly with the concept of providing Facebook to 500 different geographic regions, but he finally did the inevitable and opened the doors to anybody older than 13 with a valid email address.
By that time, most of the under-30 crowd had heard of and was aching to get in on Facebook, and the population jumped. Five million users in 2005 became 12 million users by 2006. Users were treated in 2007 to the introduction of the Facebook Platform, which offered the ability to tag users in notes, send e-gifts, post classifieds and create events. Facebook applications exploded in popularity and Facebook’s users skyrocketed to 50 million by mid-2008.
Fast-forward to 2010, and that number has octupled to 400 million users. Not bad for a startup at Harvard.
This is why it’s not
If Facebook has a fatal flaw, it’s CEO Mark Zuckerberg, who has shown a relentless disregard for privacy.
Zuckerberg’s precursor to Facebook was Facemash, a Hot or Not clone built as a gag, and it needed people. Facemash, however, didn’t have people. Zuckerberg got people by. . . well, by hacking Harvard’s dorm networks and grabbing the student ID images. Classy.
When he later released TheFacebook, several of Harvard’s faculty members complained that they worked with Zuckerberg to create a site, but their ideas were stolen when he went a different direction. When the Harvard Crimson, the university’s paper, began to investigate, Zuckerberg trawled TheFacebook looking for students who identified themselves as members of the rag. Comparing their accounts with failed login attempts, he figured out their Harvard email account passwords and accessed them. Even classier.
Facebook, however, was relatively quiet on the privacy front for the large majority of its existence–another very clever business move for Zuckerberg. In the beginning, nothing in the entire site was visible to the entire Internet; only four pieces of information–your name, your gender, your profile image and your networks–were visible to Facebook members by default. Throughout 2007, the vast majority of a profile’s information continued to remain private outside of the networks to which users belonged.
Then 2009 hit, and the world was rudely informed that Zuckerberg fully intended to monetize his users’ information. In November, updates to the privacy policy resulted in your name, picture, gender and networks being publicized by default. Your friends became exposed to all Facebook users, too. In December, your friends became fully public, as did your “likes.” Your privacy options got simultaneously smaller. Quoting the EFF on the subject:
Looking even closer at the new Facebook privacy changes, things get downright ugly when it comes to controlling who gets to see personal information such as your list of friends. Under the new regime, Facebook treats that information — along with your name, profile picture, current city, gender, networks, and the pages that you are a “fan” of — as “publicly available information” or “PAI.” Before, users were allowed to restrict access to much of that information. Now, however, those privacy options have been eliminated. For example, although you used to have the ability to prevent everyone but your friends from seeing your friends list, that old privacy setting — shown below — has now been removed completely from the privacy settings page.
In Facebook’s own words, they just made it simpler for you, since nobody really used those options anyway:
With these changes, a limited set of basic information that helps your friends find you will be made publicly available. This information is name, profile picture, gender, current city, networks, friend list, and Pages. The overwhelming majority of people who use Facebook already make most or all of this information available to everyone.
The web roared. How could Facebook make such a bold step to make all of that information–including Pages, which many users consider sensitive–completely public, even to Google searches? It was abhorrent. In a hilarious flub, Mark’s profile suddenly became incredibly public as well, though he later tried to explain it away as an intentional update.
This move to publicize everything was nevertheless right up Zuckerberg’s alley. In an interview with Michael Arrington in January, he tried to justify it by saying that people already shared most of this information. The “social mores” were changing, and conveniently in Facebook’s profit-boosting favor.
When I got started in my dorm room at Harvard, the question a lot of people asked was ‘why would I want to put any information on the Internet at all? Why would I want to have a website?’ And then in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time. We view it as our role in the system to constantly be innovating and be updating what our system is to reflect what the current social norms are.
A lot of companies would be trapped by the conventions and their legacies of what they’ve built, doing a privacy change – doing a privacy change for 350 million users is not the kind of thing that a lot of companies would do. But we viewed that as a really important thing, to always keep a beginner’s mind and what would we do if we were starting the company now and we decided that these would be the social norms now and we just went for it.
In other words, if Mark was doing it all over again, everything would be public from the start. Here in 2010, somebody creating a new profile today would only keep his or her contact information and birthday private. Everything else? Fair game.
The seeds of that ambition can already be seen. Your interests, favorites, work and education now link to Pages, which (surprise!) makes them available for all to see. Anything you “like” can create a connection, which instantly goes public as well. The Instant Personalization service even allows sites to poke their heads into your profile and harvest your information: the music you like, the movies you watch, your name, gender, affiliations. . . everything.
The pride before the fall
So, with the wrath of the Internet at their doorstep and famous folk publicly deleting their Facebook account, Facebook called an all-hands meeting to discuss its site-wide privacy strategy. The company emerged with just one announcement: new tools to prevent unauthorized computers from logging into your account.
Facebook will now allow you to specify (like a banking site) which computers you’re usually going to log in from. Facebook will notify you of attempted logins from other computers, and it may even ask you security questions to determine your identity should you log in from an abnormal computer.
It’s a decent tool. It also completely fails at addressing the root cause of the growing backlash.
Facebook has become big enough that it can afford to do this, however. Whether you don’t know how or can’t find the motivation, Zuckerberg knows the vast majority of you will not leave the service.
The ones that try are treated to full-on guilt trip. Go on, click it. At the time of writing, Facebook’s account deactivation page tries to prevent you from doing so by displaying a selection of your friends, noting that they (and all the rest) will miss you if you go. Good luck even accessing the account deletion page while looking through the site – it’s harder to find than a needle in a haystack comprised of needles.
The sad part is that they’re entirely correct. Farmville alone draws 80 million unique users per month. Many people, myself included, also retain a Facebook account because they make life easier. It’s starting to push that line, though.
I’ve thoroughly neutered my profile by removing virtually every relevant bit, and you can do the same by following Rob Hallock’s privacy guide. You can also support the Diaspora project, which intends to offer an open version of Facebook that puts the privacy reins firmly in your own hands:
As they describe it, the Diaspora* software will let users set up their own personal servers, called seeds, create their own hubs and fully control the information they share. Mr. Sofaer says that centralized networks like Facebook are not necessary. “In our real lives, we talk to each other,” he said. “We don’t need to hand our messages to a hub. What Facebook gives you as a user isn’t all that hard to do. All the little games, the little walls, the little chat, aren’t really rare things. The technology already exists.”
With any luck, Facebook’s anti-hacking measures won’t be the only outcome of today’s meeting. Hell, maybe they’ll roll back some of the privacy changes like they have before, but only continued dissent and the prospect of viable alternatives will help keep Facebook honest.
Without changes to the service, Facebook will inevitably suffer losses, either of users as they quit, or of revenue as people strip their profiles. I know Zuckerberg doesn’t want Facebook to go the way of MySpace, so we can only hope he makes decisions that reflect a desire to win users’ trust back.
