Hacker News new | past | comments | ask | show | jobs | submit login
Zuckerberg responds to privacy concerns (washingtonpost.com)
69 points by evancaine on May 24, 2010 | hide | past | favorite | 66 comments



Without judgment, I think it's important to point out in that at no point did he admit that Facebook screwed up, nor did he at any point apologize for anything.


He did say they sometimes move "too fast".


Which has the sleazy, downright-asshole assumption that He and He alone knows what's right. It's just us loser Luddites that don't get it. That's not an apology, it's a syrup-dipped middle finger.


What he didn't say is that "too fast" is a risk they willingly take, not a problem they will even try to avoid. Their self-described mantra is "work fast and don't be afraid to break things."


Nothing more than a PR / shill piece with a bare bones disclosure at the bottom, "Washington Post Chairman Donald E. Graham is a member of Facebook's board of directors."

Time to read the NYT and WSJ for the real view on how mass print media views the privacy issue. I won't waste 10 seconds reading another Post piece on Facebook.


Who cares "how mass print media views the privacy issue"? I prefer to read facts and decide for myself.

Here are some facts that I got from this piece:

  - They have heard and discussed our feedback.
  - They are responding to the demand for simpler privacy controls by giving simpler privacy controls.
  - They are giving an easy way to opt out of ALL third party services.
I, for one, am happy to hear these things, but will be reserving judgement for when the privacy changes are launched.


What? It's not a Post piece. It's an op-ed written by Mark Zuckerberg. Of course it paints Facebook in a favorable light. That doesn't mean it has no value.


I keep having an image of Donald E. Graham hovering over Zuke and waiting for him to complete the article in long script and then handing it off to some flunky to be typed. Then Donald says "good job Zuke" and pats him on the head and Zuke smiles and says "yeah...privacy - my ass". And both leave the conference room they were in laughing manically.

Of course...that's my imagination...it runs wild.


Zuck.


the whole piece is totally disingenuous and it isn't anything new from what we've heard from them before.

the worst part is the end when he subtly tries to use the fact that it started out as a dorm room project as some sort of excuse as to why the company is having all of these problems.




If he truly believes what he writes, why not default privacy to only displaying say your name and display picture. No problems for anyone to find you then and if you really want to share everything you write to the world you can alter from the default.


We do not share your personal information with people or services you don't want.

Ah, so I guess all those people whose phone numbers are streaming through "Evil" or whose updates about their rectal surgery are being exposed through the Open Graph API want this information to be floating around the Web.


The phone numbers thing is really their own fault. Evil is streaming from open "everyone post your numbers" groups.


If people make their profile public, then yes their updates will be made public.


Except if facebook makes their profile public without their knowledge (or consent)...


Except that didn't happen. There's no evidence that a large portion of Facebook's users were confused about the privacy changes in December, yet many people keep repeating that as fact.


Jesus, a guy asks for a citation and gets voted to -4. If it's that dumb a question, post a link to a page with some sourced numbers in it and humble him.


Where was the previous poster asking anything? He stated something blatantly false that could easily be disproven by a simple web search. How does him stating something provably false place the burden of proof on everyone else?


I can't seem to find this proof via a simple web search. Care to assist me?


It just seems like a drab, corporate BS message lacking any sincerity.

(tongue-in-cheek humor) I propose UNIX style privacy controls - user, group, world.


Don't even joke about Unix "security". The hacks in Jersey thought it was just faster to pack 10 bits into a PDP word, than to implement a decent permission system, an example of which already existed:

http://www.schneier.com/blog/archives/2007/09/the_multics_op... (read the linked PDF; linking to Bruce as sort of "peer review" and "don't take my word for it")


When you write a language and an operating system that both endure for more than 30 years; across numerous hardware platforms; emulated and rewritten dozens of times; becoming the fundamental underpinning and architecture of the greatest information network in the history of mankind, sparking a global cultural and technological revolution; Then you can call the guys from Jersey "hacks".


The same arguments can be made for MS DOS, don't you forget. Something has to be said for being at the right place at the right time.


Zuckerberg acknowledges that complex privacy controls are a problem. But I suspect that's only true because the defaults are evil. If users didn't have to worry about being deceived, they wouldn't complain about complex controls because they'd rarely use them.

Like simplicity, defaults are hugely important in UI design. But Zuckerberg appears to be carefully avoiding the subject.


This. The granular privacy controls were a good thing when they defaulted toward the side of privacy. The problem is that Facebook has increasingly been adding new features and new privacy options while defaulting them to being world-viewable.

What has people angry isn't that the privacy settings are complex; it's that Facebook has essentially used the increasing complexity to pull a bait and switch with their privacy of the past few years.


Facebook users' privacy is directly in conflict with the company's stated goal:

"If people share more, the world will become more open and connected. And a world that's more open and connected is a better world. These are still our core principles today."

In other words, Zuck is bent on setting your personal information free so that "people share more".

That "response" doesn't make me feel so warm and fuzzy.


Not necessarily. The sentence immediately before your quote adds some more context:

"If we give people control over what they share, they will want to share more."

I read that as saying that if people have control over who sees their information, they will become more comfortable with sharing more widely over time. You may not agree with that sentence, but it conflicts with your conclusion.


This time I am going to wait to see what changes they bring

I'm still happy to give FB a break over this; they've done a lot to improve privacy in recent months and IMO get credit for that. I'm still having a hard time verifying the vast majority of "privacy violations" people seem to be finding; I suspect they don't really exist in the way they are presented. Obviously there are one or two that are a problem (and I hope they address that) such as the information that can no longer be hidden from search.

I've been playing the Facebook privacy game for a long time - and from that perspective most of this current reporting/outrage is either a) people getting on a bandwagon/following the crowd or b) misinformed. Amongst that the smattering of genuine complaints has mostly been lost to the noise. In a few months it will be back to a few of us pressing those issues again....

Bottom line is; the problem is in creating effective controls people understand. They really need to crack that, and if that is what the current fad achieves then great.


I actually do think their privacy controls suck and I think all this is overblown.

They've sucked since day one, they make it steadily worse, but after all, it's no big deal because my facebook page is mostly empty, it's just a shingle to help people find me if they're looking for me (it's not like the whole world reads HN :) ).

Facebook could do a lot better in this respect, and they should default new features to 'off' if their users check a single box, once that says 'default new features to 'off''.

That should do it.

After that they can do a one time announcement of that one checkbox and anybody that doesn't check it will have nothing to complain in 6 months when they roll out new features that affect your privacy somehow.

And they should stop the double speak just say it like it is, we're not stupid.


Facebook could do a lot better in this respect, and they should default new features to 'off' if their users check a single box, once that says 'default new features to 'off''.

Yes, that would be the #1 best fix to be honest.


Why does Zuckerberg make this announcement, which ultimately affects all of his 400 million customer base, in a buried article for the Washington Post?

Surely it's best to communicate with your customers directly, y'know, with a Facebook message or something?

Looking at blog.facebook.com right now, there is no sign of this, nothing officially on facebook.com. This is why people don't trust Facebook.



I'd guess because he wants to avoid new laws/regulation. Thus the Washington Post.


did the post criticize fb? if not, giving them this "exclusive" could also be a middle finger wagging at the nyt, wsj, and others who attacked them.


Yes oh mighty and complex one. The problem is that we're too simple to grasp your controls. Asshat.

How about a simple radio button: [] Share my information with 3rd parties [] Do not share my information with 3rd parties

Put it right at the end there as an override in case we can't understand some of your more complex settings.


In the article: "We will also give you an easy way to turn off all third-party services."


More B.S. from Zuckerberg. He should have said, "We screwed up. We're sorry, we're fixing it, and we won't do it again." Instead we get nonsense about how "The biggest message we have heard recently is that people want easier control over their information."

Um... no, the biggest message you have heard recently is that people don't want you destroying the terms of service they agreed to with unilateral, opt-out changes, you greedy tool.


It's good to hear that Facebook is addressing the privacy issues, but it's a bit like closing the barn door after the horse has bolted. A lot of information which people believed to be private has already been disclosed, and they'll have to live with any consequences which may arise from that. Once trust is gone it's difficult to win back.


Yeah. I'm not convinced.


See the comments on this post on Facebook itself

http://www.facebook.com/posted.php?id=20531316728&share_...


The best response would be to stop mucking with the information that your users want to be private.


Here are the principles under which Facebook operates:

-- You have control over how your information is shared.

-- We do not share your personal information with people or services you don't want.

-- We do not give advertisers access to your personal information.

[clip]

Ahahahahahahahahahahahahah. This is why Queerty and Pandora silently installed applications on my profile and had access to my data without me opting into anything (I've never used Connect or anything like it). Or why Instant Personalization was turned on automatically.

You pissed off a population of users, arguably who are tuned-into this discussion and many of which are technical enough to call you on your BS. The candy coated, lets see how little we can get away with, isn't going to work. In fact, it's only going to make things work.

If the new settings are good, good. Maybe they will avert some of the mistrust that many view towards them. I certainly won't forget the shit that went down on my profile w/o my permission in the last 2 months. Maybe an apology, an admission of a bad idea, etc would be more convincing.

At least Google had the stones to say, rather quickly, Oops, sorry, we shouldn't have done that.


"We do not share your personal information with people or services you don't want."

Apart from all the personal information that Facebook doesn't allow you to hide from non-friends, non-Facebook members, and search engines.


It appears that you can fix that now in the privacy settings.

That said, I still consider the initial "outing" of fan pages to be a huge breach of trust.


I consider my 200 x 160 px profile picture personal information, or at least I would had I not purposefully uploaded a picture in which you can't see a thing at that size. Can't hide that.

Then there's the "This information, such as your Pages and list of friends, is still public, so it could appear elsewhere on the site and be accessed by applications you and your friends use" note on top of the Friends, Tags and Connections privacy page, which doesn't seem to be true at the moment, but which is very unnerving nonetheless. I consider my friend list on Facebook to be personal information.


How does Facebook claim to make money if they also claim the above points?


They make money through demographic targeted advertising. If you try out the process to set up an ad, you'll notice that, as an advertiser, you never receive anyone's personal information. That seems in keeping with the points above.


Actually, they are known for making it pretty hard on advertisers. They're rules for what ads are acceptable are pretty strict, to the point where showing almost anything other than just a plain description of your product/service can be interpreted to break the rules.

Most ads that you submit get rejected on sight, but if you post the same exacting thing at another type of day it gets through.

Mainly their ad platform is surviving because the sheer volume of impressions they can serve is hard to ignore. Other than that, they damn sure aren't making it easy for advertisers to give them money.


I guess they don't actually give advertisers your information, the way the point is written. Advertisers target and they match to people in the target, as good as giving information, just not that way it's worded.


Last number I saw was that Facebook makes ~$75m a year from selling "virtual gifts" alone.


Beacon, too.


> This is why Queerty and Pandora silently installed applications on my profile

There is no way for an app to install on your profile without your permission, it's just not in the API and I see no reason why Facebook would give them access to a secret API. Are you sure you didn't sign in to Pandora with your Facebook account? This is a pretty serious accusation. I'm no facebook fan but we need to be honest in our criticism if we want to be credible.


I bought tickets on Fandango and later found the Fandango App in my FB profile. I never installed it or approved it--it just appeared. To me, that's simply wrong.


"Facebook spokesperson David Swain contacted us and confirmed that the appearance of unauthorized apps was a bug:

In this case, there was a bug that was showing applications on a user’s Application Settings page that the user hadn’t authorized. No information was shared with those applications and the user’s list of applications was not shown to anyone but the user. This bug has been fixed.

It does appear that unauthorized apps are no longer being added to users' pages, however any unwanted applications that were previously added will still need to be removed manually."

http://www.macworld.com/article/151087/2010/05/facebook_addi...


Yeah... I dont buy, it being a bug.


I randomly had an OK magazine app installed. I don't remember going to that page, it must have been a link off of Google news.


There certainly was a way for apps to do this. I had removed all third-party apps a few months ago (after allowing only a couple), but logged in a few weeks ago to find two third-party apps that I hadn't authorized.

It may have been a bug, and it may be different now, but there was certainly a period of time that apps could add themselves without my explicit permission.


From what I understand, what you say is true. When you go to Pandora, a bar pops up, on which you have the option to click 'No, Thanks'. If you click it, they won't have access to any of your Facebook information.


The Instant Personalization is opt-out, not opt-in. App admins are supposed to delete you data when you opt-out, otherwise they have access.


I went to pandora.com for the first time in years. It immediately started playing a song from a band that I have a fan page for on Facebook. I was not logged into Pandora.

There was the blue Facebook bar on top saying that Pandora is connected with my Facebook. I could click no to disable it.

There is a special service that Pandora, yelp and a few others are using. It is on by default and opt-out.

Not very private if you ask me.


>There is no way for an app to install on your profile without your permission

How I understand the concept of the like button is this:

The like button is an extremely easy version of Facebook connect. When you are logged into Facebook and visit a site with the like button implementation, you have automatically logged in. You do not need to click the like button. (Remember you could once sign in automatically to TechCrunch's commenting system by just visiting).

This way Facebook can monitor the sites you visit and in future can serve you better ads on those websites than Google. (that is how they are a major Google competitor.

The so called apps that were installed without permission was was just a internal tracking tool that was made public. It still exsits but users just don't see it any more.


I have never clicked 'Like' on a non-Facebook page. Ever. The only content I have liked is other users' statuses or content. I even unliked all the things that it wanted to link to my profile to further farm usable data about me. Also, I'm rather convinced that the 'Like' ecosystem exists independently of the Instant Personalization -slash- "Selected Partners" stuff I'm more worried about.


Yes. It has been revealed that Facebook shared info behind the scenes with select partners. I believe that the Instant Personaiiztion feature (that was turned on without my consent) would allow app installs. Pandora doesn't even have Facebook Connect.

Trust me, when I opened Pandora and saw "Kyle Blahblah" likes the same music as you, I was furious. Which is when I found out I now had apps on my profile I had never approved.

The only app I ever wanted on my Facebook was Twitter, and oh boy, did I have more than that. Trust me, I know what I'm doing and I know that I can say with 100% confidence that I did NOT agree to install those apps. I understand how hard is is for me to convey my sincerity, but I know full well how an app is supposed to be presented for access to my profile, and that never happened.

edit Just checked Pandora. It definitely is piggy backing on Instant Personalization which is now turned off. Apparently Pandora even kindly gives one a way of shutting it off while still on a Pandora.com page which is nice. I must have missed that in my rage to go shut it off in my Facebook profile.


They must have recently added this. I found the same ("so-and-so who you never, ever contacted on Pandora, ever likes this artist"), and had to go into Facebook and remove Pandora as an "approved" application.

Actually, the ONLY reason I even knew it grabbed the info from Facebook was by the profile picture they automatically used, and would not let you change or delete.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: