Over the years, Facebook has developed features and made policy changes that have routinely put privacy advocates on the warpath, so much so that blogger Lora Bentley wonders if they don’t pay people to dream up new ways to annoy them.
Despite the privacy concerns, Facebook remains hugely popular and as a company appears set on the path to constantly push the privacy boundary. A reader from The New York Times summed it up this way:
When will the great analysts of today finally get it? We, the 20-somethings of today, are not that concerned about privacy. Facebook has become a way of life.
This slideshow features some of Facebook’s more spectacular blunders.
Click through for six spectacular Facebook privacy blunders.
In May 2011, it was reported that more than 500 million people who use Facebook may have been put at risk after it was discovered that users' personal information has been leaked to third-party companies.
Symantec discovered that close to 100,000 applications were inadvertently leaking millions of access tokens to third parties like advertisers or analytic platforms. These access tokens allow Facebook applications to access personal profile information, photographs and chat logs. According to Symantec's blog, third parties also had the ability to post messages and mine personal information. Says Symantec:
We estimate that over the years, hundreds of thousands of applications may have inadvertently leaked millions of access tokens to third parties.
However, the company goes on to say:
There is no good way to estimate how many access tokens have already been leaked since the release of Facebook applications back in 2007. We fear a lot of these tokens might still be available in log files of third-party servers or still being actively used by advertisers.
Facebook's facial recognition feature has raised a number of privacy concerns. The feature automatically recognizes and then tags people, or suggests friends whose faces might be in photos posted on the site. According to Reuters, the technology was first automatically activated for Facebook users in the U.S. It was recently expanded to users in several other countries, all without letting users know what was coming. And users complained.
Sophos Senior Technology Consultant Graham Cluely wrote:
Yet again, it feels like Facebook is eroding the online privacy of its users by stealth.
In January 2011, Facebook scored another one for its "act first, apologize later" strategy. The company announced it would make user information – including phone numbers – available to application developers. But they wouldn't get access to the data until after they got express permission "through the usual permission dialogues," according to the INQUIRER.
After only three days, however, Facebook suspended the program, indicating it had received feedback that users weren't exactly clear on when they would and would not be giving up access to their information, even with the standard permissions dialogue boxes.
In October 2010, privacy advocates became concerned about Facebook’s revamped Groups service. Once again the problem stemmed from the auto opt-in that was set as the default for Facebook Groups. Users could add their friends to groups without their friends' knowledge, let alone their permission. Take for example the prank TechCrunch's Michael Arrington played on Facebook CEO Mark Zuckerberg. Because Zuckerberg is Arrington's Facebook friend, Arrington was able to add Zuckerberg to a North American Man/Boy Love Association group without giving Zuckerberg a heads-up first.
In August 2010, Facebook’s Places feature once again had privacy advocates on the warpath. Places uses the geo-location technology in mobile devices to allow Facebook users to share their location (or "check in") and to tag any friends who are with them at that location. Startups like Foursquare and Gowalla offer similar functionality, so it's not surprising that Facebook would want to go in this direction.
But the ACLU and other consumer advocates were concerned because there is no easy way to opt out of the service. According to the ACLU of Northern California:
When it comes to opting out of [allowing friends to check you in], you are only given a “not now” option (aka ask me again later). “No” isn’t one of the easy options…And if you use Places yourself, you aren’t even given a “not now;” you’re just told that friends are able to check in for you and left to discover for yourself that you can change this setting.
To Facebook's credit, the company has been quick to respond to the ACLU's concerns. The New York Times quoted a statement from Facebook's policy communications director, Barry Schnitt, who said:
No one can be checked in to a location without their explicit permission. Many third parties have applauded our controls, indicating that people have more protections using Facebook Places than other widely used location services available today.
In April 2010, Facebook drew lawmaker scrutiny when it made changes to its privacy controls so that it could share user information with third-party websites unless users opt out of said sharing. Privacy advocates and individuals alike were concerned – and they said so.
Facebook users posted messages about the changes in their status updates to alert friends and explain how to opt out. The Electronic Frontier Foundation went so far as to post instructions on blocking the so-called "automatic personalization" from collecting your information even if your friends allow theirs to be collected.
Facebook maintains all of its changes have been made to improve the experience for its users, and some actually give users more control over their information, but so far, not many seem to be buying that line.