So their theory here is that when I add a friend on Facebook, I am really saying this: "I share some of my contact info with you, but only as long as we both use Facebook?"
That's a convenient notion if you happen to work for Big #3b5998. But I think almost anyone would agree that it's really two people making a connection, and Facebook is just the middleman.
The theory is that by accepting someone's friend request you're not automatically granting them the ability to export your email address to any application that asks for it. If it were possible there's a good chance your inbox would quickly be filled with spam from apps your friends use. I know of no social network, including Google's own Orkut, Twitter, and Myspace, which allows this kind of mass exportation of friend emails via its API.
Plus it's pretty clear Facebook itself needs to make a distinction between something like a "export application" (that does generate nothing-like-spam) and something like Farmville (which is only generates something-like-spam).
While this lack of distinction is a serious problem for Facebook ... it hardly qualifies as a good argument for Facebook being able to export from everyone else but not allowing exports to anyone.
So on the other hand, by emailing someone, you are granting them the right to download your contact information to a third party application who will then ... email you that you should join ... Facebook?
A slightly different way to look at it is "I share some of my contact info with you as long as I can control how you use it (e.g. look but don't re-share, I can revoke it later, etc.)." Facebook allows that kind of control by preventing data export.
Facebook allows that kind of control by preventing data export.
In other words, "If everyone uses Facebook for their data control needs, we'd all have perfect data control."
This sounds suspiciously like an argument for DRM, which all end up failing and being bogus. Remember those email client plugins that would keep people from printing or remailing an email, that would have only worked if just everyone you sent something to had it installed?
Obligatory DRM argument, check. But why even have privacy settings if you're not going to try to enforce them? Just make everything public, resulting in people hardly posting anything, and then the whole social networking thing can just shut down.
My point is that the DRM-style argument can't work because bits can't be restricted in this manner.
I mean, I'm still trying to figure out what "look but don't re-share" means. There's absolutely no way to enforce that.
Facebook saying that they are honoring user's settings is a false sense of security, because your address is accessible to me via my email program, that's how I was able to give it to facebook. I can still use your email address I already had for any purpose.
The only people their policy protects is people you friended on facebook without using email address book integration, but that's not the topic here.
I suppose if the false sense of security gets people to use your website, you can exploit that, but that doesn't mean you can actually enforce it. And somehow I doubt people's email addresses being exposed via facebook is going to keep the majority of people from using facebook: everyone already gets spam, and most people don't know how to track how an email address ends up in spamming lists. Facebook may already be selling email addresses to spammers and most people would never know.
It's actually in facebook's interest to sell email addresses rather than expose email addresses to third party apps that contact you via facebook, because third party apps that contact you via facebook reflect badly on facebook's other (maybe legit) emails that come from facebook's servers/domains.
But why even have privacy settings if you're not going to try to enforce them?
That's a question for Facebook, not us. Don't you think?
However, the thing about Facebook isn't just that doesn't respect own privacy settings (which it hasn't). The thing is the concept of providing strong privacy while sharing within a set of intersecting friendship is essentially contradictory and impossible.
This (impossible) promise is very convenient for Facebook, however, since serves as an incentive, a pretext, for all-controlling environment. Consider, how do you keep your information safe while sharing it? The answer isn't "something sort-of like DRM". The answer is that is exactly, fully the definition of DRM. What Facebook is promising boils down to personal DRM (ie, impossible and opens the door nefarious third parties, etc).
Laugh while you can. During the Buzz launch, I recall Google found it just as hard to negotiate the intrinsically tricky balance between privacy and openness. There is a real trade-off between the two in products that allow you to share information with groups larger than one.
I'm fully aware of this. However I happen to personally believe that Google's missteps have been far less than Facebook's - and less intentional.
I'm sure that both companies will continue to fail to find the perfect balance. I'm strongly inclined to believe that Google will fail less. (However people will continue to hold us to a higher standard.)
I'd refer you to Hanlon's Razor. You might also want to introspect as to why the singular social privacy fiasco whose decision-making you've seen internally strikes you as less evil than the privacy fiascos you've witnessed as an outsider.
Also, life is long, and the valley is small. We may work together someday. Let's try to presume good faith when possible, eh?
This does not mean to say that most, or even very many, people working at Facebook are as morally challenged as Zuckerberg seems to me to be. But the fact that I think that some of Facebook's controversial decisions come from Zuckerberg, and that I don't think Zuckerberg is acting in good faith, is why I view various incidents involving Facebook as being more evil.
As for the valley being small, it is but I don't live there. And it seems unlikely that I will ever live there. Furthermore my feelings about any particular company don't generally extend to the rank and file working there. Similarly I don't let my hatred of Microsoft's policies get in the way of my having friendships with people who work at, or used to work at, Microsoft.
Sorry for any perceived "valley-centrism"; feel free to substitute "small industry" for "small valley."
What does Zuck's level of personal awesome have to do with anything? This strikes me as a major confusion about the business/consumer relationship. I know Zuck, and I happen to think he's a fine guy, but you don't, and you shouldn't have to.
I don't trust Google because Eric Schmidt is spiritually advanced, or because an engineer who now works at Facebook coined a tongue-in-cheek "Don't be evil" motto 12 years and 25,000 employees ago; I trust it because its search business' incentives are aligned with mine as a searcher.
So, what are Facebook's incentives? Facebook wants you to use its service to communicate with friends, so that it can show you targeted display ads. In the long run, using the service requires you to feel comfortable with who has access to your data, so Facebook's business has to get privacy and openness approximately right. Like everything about a customer-facing service, that turns out to be harder than it looks, at least while providing a stream of new features, but get it right we must for the business' health. But you're about to find out all about that...
What does Zuck's level of personal awesome have to do with anything? This strikes me as a major confusion about the business/consumer relationship.
The answer is, "a lot". And there is no confusion.
I believe that Facebook's behavior stems from attitudes I dislike at the top. Believing this, I believe that they will continue to push the boundary. You're right that they need to find the right balance between openness and privacy. However the corporate DNA looks to me like they consistently err on the side of openness for profit.
Worse yet, the corporate belief seems to be that while people will moan, they will accept continued encroachment on privacy. As someone who has things that I really need to keep private, I don't trust that and don't want my information there.
As for Google's social ventures, I have nothing to do with that and know little about it. If Google starts doing the sorts of things that I see Facebook doing, then I'll readjust my thinking about Google. Companies do change. In the meantime I have my preferences.
Would anybody like to actually read the words, understand them, and engage with the argument they contain, rather than snark about how FB == teh hatez? The meat of it is:
"Each person owns her friends list, but not her friends’ information. A person has no more right to mass export all of her friends’ private email addresses than she does to mass export all of her friends’ private photo albums.
Email is different from social networking because in an email application, each person maintains and owns their own address book, whereas in a social network your friends maintain their information and you just maintain a list of friends. Because of this, we think it makes sense for email applications to export email addresses and for social networks to export friend lists.
Facebook Platform and the Graph API enable everyone to bring their own information to millions of sites and applications, including even Google’s YouTube."
He is talking out of both sides of his mouth though.
If Facebook exports a list of friends, what do you get? A list of names with no links? That isn't really useful. You either need email addresses or Facebook profile URLs to actually make a graph. What if your list is Billy Bob, Joe Smith, John Doe, and Mike Collins. How many of those are there are facebook? Dozens? Hundreds? It is meaningless.
If Facebook exports a list of all of the friends' Facebook profile URLs, that is a step in the right direction.
The graph API provides exactly what you are asking for. It doesn't provide friends' names, but FBIDs. http://www.facebook.com/profile.php?id=<id>; is the user's profile, and http://graph.facebook.com/<id>; is the public JSON for that ID. If you have an access token (on behalf of a logged in user), the graph API will also let you see other information for the user that you are entitled to see.
Have you ever used a Facebook Connect site, like Google's YouTube? Have you noticed you can find your friends on the site? This works because the service gets FBIDs of both logged in users and friends.
The problem is FBIDs are not independent of your social network provider, in this case, Facebook.
If I want to take my social data from Provider A, I want it in an independent format, so that I can do whatever I want with it. So that I can back it up, and later import it to some other Provider. If there were some social networking standard for friends list independent of any provider, then great, use that, and skip the private email addresses. For now, email addresses are the best online standard for identifying my friends, independent of social network Provider. Names, or FBIDs are not.
> Email is different from social networking because in an email application, each person maintains and owns their own address book, whereas in a social network your friends maintain their information and you just maintain a list of friends.
1) People are automatically added to my address book as soon as they email me. Maybe not my "personal" address book or whatever, but their address has been recorded regardless. This is not something I have to maintain, it happens as soon as you contact me.
2) If I change my primary email address I need to send out a blast mail to everyone who I might care to have my new address. A pain in the ass. I'd much prefer to have contact information pushed to me through, say, existing networks.
I honestly don't see a difference. I look at my address book as a "friends list" as well - just an annoying one that I need to keep up to date, instead of allowing my contacts to update as they need to. And if someone doesn't want me to have their contact information, why would we be friends in the first place? (I suppose you could fence off access to a select group, but really)
Facebook is being completely two-faced about this. They're obfuscating the situation by turning this into a matter of "Google-owns-mail," whereas "Facebook-owns-contacts". In other words, Facebook's stance is that users own contacts in Facebook, meanwhile users own email addresses in Gmail. The truth is: all this really boils down to is email addresses and nothing else. If you said, "No duh!" to that last sentence and you're still siding with Facebook, re-read that last sentence again and think about it. Let me explain.
According to Facebook: Facebook can get email addresses from Google, but Google cannot get email addresses from Facebook.
Huh, does this sound fair?
I see the gears in your are head turning, stop thinking about this as a matter of "Gmail users own email" vs "Facebook users own contact lists."
That Facebook argument is fallacious because it's a lot like saying, "If Google were to deal drugs, it'd be okay for Facebook to acquire said drugs from Google. On the other hand, it would be oh-so-bad for society if Facebook were to sell drugs, when they're actually in the matchmaking business." Whether or not it's morally reprehensible to distribute drugs, at least one's stance on the matter should be consistent. Don't insult a user's intelligence by turning this into a matter of business and occupation, which is what they're doing. This is a matter of email-contacts between parties A and B, and nothing more.
I don't think Google is as open as they COULD be, but they have a long history of doing a helluva lot better job than Facebook.
As I said to you earlier, why can't I, the user, download whatever data my friends make available to me, subject to whatever privacy controls the data is already under and (perhaps) to load restrictions or resource availability?
And this is the important point, I could do the same thing manually by visiting my friends' pages. So this is all about convenience for the customer, not about some crusading policy position.
If my friends don't want me to "mass export" "private" email addresses, they shouldn't leave them out where I can cut and paste them (and sell to 419 scammers, if I were the vengeful type). The same argument applies to all my friends' data.
That is a really fine line they are drawing there. You have access to the same information on both services and you acquire it in essentially the same way i.e. by the other party volunteering it. Facebook is effectively asserting that their users rely on the fine details of how the service works to maintain their privacy, even though Facebook has never had much regard for that principle themselves.
He is right about the "when it's convenient" thing though. If you want to adhere to a moral standard then great, do it, consistently. What other parties do is irrelevant.
And corporations morally crusading against each other is a complete joke. Corporations will slit your throat for a nickel. My stomach is not looking forward to the "who's less evil" war Google has started.
> Because of this, we think it makes sense for email applications to export email addresses and for social networks to export friend lists.
But a list of friends is useless without their emails or at least, their facebook ID which the dump doesn't give. Why can't you give a hash version of their friend's email?
Also, if I'm able to import emails from gmail or yahoo into facebook, I should be at least allowed to export those friends emails as it is proven that I already have them! If you allow users to import emails but you don't allow them to export those same emails, I'm sorry but that means Facebook is a closed silo.
Here's my problem: Since when is my email address your information? Why is it okay for you to hand it over to a complete stranger, just so you can play Farmville? I understand that there's always a risk that my email address might become public, but when the recipient is responsible, it's a violation of trust.
Yes, let engage with this position. I claim it's conniving double-talk: "Email is different from social networking because in an email application, each person maintains and owns their own address book, whereas in a social network your friends maintain their information and you just maintain a list of friends. Because of this, we think it makes sense for email applications to export email addresses and for social networks to export friend lists."
Hmm, so the (arguable) implication first is that an email address are more personal than a friend-name. They're more like photos, somehow. So sharing these is a more personal thing than just sharing the name of a friend. But then, email program should still export email addresses? (why, 'cause it's an "email program"!) I suppose then, a photo sharing program should allow you to export your friends' photos where-ever too??
The whole idea of what's appropriate to share is ill-defined and nebulous but this particular effort to draw a line is just a hoot... "Time flies like an arrow, fruit flies like a banana"
I'm trying to find a way to figure out how this line of reasoning wouldn't also apply to arguing that facebook shouldn't exist at all, and I'm not having much luck.
A friend won't care that you have their email address it's sorta expected, and one could also argue about whether an email address is even private information.
Or maybe Facebook could allow the export of some other friend identifier.
If, for example, you used the email of your friend to email them, you would have the address in your email program...
So Facebook is saying that it's OK that you could take the email address and put it in your email program and address book - but that automatically doing so is "just crossing the line"...
Google did break the Orkut data exporter, then completely removed it when people were trying to switch out of Orkut. I'm not sure how that's accusing them of committing a crime they didn't commit - it's a fact.
Who cares. Seriously, this stuff is very much inside baseball which is why Facebook doesn't even care to comment. Changing the icon on the Like button will generate far more negative PR than this ever will, and spawn 10,000 "OMG, I hate the new like button" groups.
They made up their contorted Social Expectation. Most of us have never really thought of what we expect our friends to be able to do with our information. I think we all assume that we trust our friends to occasionally share too much but you have to trust them to some point to just use their best judgement, even now they can go share your email anyway.
One way network grabs are cheap tactics. A user should be able to leave a network with the data that's been entrusted in them, just like with Address books, Calendars, or other trustingly shared data.
This is all about crippling the convenience of people leaving their network for competitors. You can already share with out permission, just not easily. This isn't about protecting our privacy, it's just about slowing down our power to go elsewhere at will.
Its been just about a year since I joined Facebook and started using it a lot. I have to say I'm kind of over it. I'm not closing my account or anything. I just think my usage is going to drop a bit precipitously.
I don't really trust Facebook anymore. I don't think they're evil, I just think at some point they're going to have to make some tough choices to live up to their valuation and the only real value they have (outside of ad eyeballs) is their user and graph information. Its going to end up in 3rd parties hands and I'm not very comfortable with that.
Anyway, not sure thats on point but it was something I've kind of been thinking about the last few days and this just drove a few points home.
It's interesting how noone wants to actually respond to the arguments that Mike Vernal is making, instead resorting to the equivalent of "Facebook is evil, how dare they say they aren't!".
Man, I can't believe we have these huge discussions about some petty fights. We know both parties are talking crap to uphold their selfish positions, don't we?
A person has no more right to mass export all of her friends’ private email addresses than she does to mass export all of her friends’ private photo albums.
Email is different from social networking because in an email application, each person maintains and owns their own address book, whereas in a social network your friends maintain their information and you just maintain a list of friends.
Not really, exporting your address book is the exact same thing as exporting a list of your friends' email addresses.
I think the difference is that if you email someone, most everyone understands that you're giving the user your email address and permission to email you back unless you use a disposable email address. Contrast that "knowledge" with facebook email addresses. How many people are really aware of whether or not their email on facebook is public, friend of friend, friend, etc?
I suppose that's a separate usability and privacy concern than what we're discussing, but exporting data of friends just seems different to me than exporting contacts from Google. Janet may have exposed her email address and phone number to me on facebook by "friending" me, but she's really just an acquaintance I met through a friend and emailing or calling her is more intimate than either of us want. Conversely, Judy and I met through a work colleague and she wants to do lunch and talk about a startup so she asked for my email address. I now feel like I have permission to email her as well.
My argument doesn't sound convincing, even to myself, but I still feel like the two forms of interaction and communication come with different inherent understandings. I have ~130 friends on facebook all of whom I've met in person save a single contact. The one I haven't met I would and have emailed, but out of the others I'd say 20% are people that would be welcome to receiving an email from me and vice versa. Emailing the other 80% would feel like an encroachment on my part. That said, why would I never need to mass download or import facebook contact details? I've already added the people I am inclined to email into my Google contacts, because there has been a mutual and deliberate decision to exchange contact information.
Not sure where I'm going with this, thinking out loud perhaps. ;)
Contrast that "knowledge" with facebook email addresses. How many people are really aware of whether or not their email on facebook is public, friend of friend, friend, etc?
This doesn't mean that your gmail contacts are non-private. I could have a private email address that I only use with close friends and a public one I use for signing up for services and business correspondence, etc. This misuse of contact information has already happened to me. I'm pretty sure Facebook knows all about who I know even though I have never had an account just because a number of my friends have signed up and pulled in their contacts from gmail.
Your complaint seems more like an argument for not allowing address book importing at all by any services. Which makes sense, actually, since I don't think address book exporting was meant to be sucked up by social networking services. It was meant to allow you to take your address book with you if you wanted to change email services.
And gmail doesn't want access to your friends list so they can import it into gmail, they want it for their forthcoming social networking product.
I wonder if it is common strategy to have an export feature but willingly leave it broken. Some users will think they made a mistake and stay with the service out of inertia (?). I have seen broken exports in suspiciously many online services, most recently in everyone's favorite commenting engine. After filing a bug report, they quickly sent me my data and told me they are working on the issue. I want to believe !
That's a convenient notion if you happen to work for Big #3b5998. But I think almost anyone would agree that it's really two people making a connection, and Facebook is just the middleman.