Thursday, September 6, 2007

Facebook uses negative opt-out to make profiles public

Facebook users received notifications this week that the company is planning to make user profiles available to non-users and eventually make them searchable on the Internet, as reported today by the BBC:

The function will initially allow anyone who is not registered with the site to search for a specific person. More controversially, in a month's time, the feature will also allow people to track down Facebook members via search engines such as Google.

The firm said that the information being revealed is minimal.

… The public search listing will show the thumbnail picture of a Facebook member from their profile page as well as links allowing people to interact with them. But, in order to add someone as a friend or send them a message, the person will have to be registered with Facebook.

Users who want to restrict what information is available to the public or
opt out of the feature altogether can change their privacy settings. They have a
month to do so.

Facebook originated as a “closed” space, targeting university and college students whose e-mail addresses had to originate from their academic institution’s domain. Last year, Facebook opened its service to anyone, but part of the appeal to users is the ability to restrict access to your profile within the Facebook environment.

Now, Facebook is pulling down the walls of their environment and allowing anyone, anywhere to see its users’ profiles – unless users choose to opt out. The negative opt-out technique means that if users do not respond, Facebook will assume they have granted permission for their profiles to be made public.

Roger’s Cable in Canada tried the negative option technique in the mid-90’s, delivering a package of new speciality services with automatic increased costs to customers’ bills. Customers were outraged, the company backed away from their plan and by 1999, Canadian parliament outlawed the practice.

The negative opt-out is at best unfair and at worst a huge violation of trust:

It presumes that everyone will read the opt-out notification within the month – there are purportedly 39 million Facebook accounts, a large percentage of which have likely become inactive or are used infrequently, so those users’ information will probably go public without their knowledge or consent.

It takes advantage of a low response rate. Studies have shown that only about 15% of users will respond to a negative opt-out. Facebook stands to make a greater profit using this method than requiring users to opt in.

It takes advantage of the relationship developed between service provider and customer. Facebook is presuming that it can use its customers’ information in whichever way it deems fit, with a minimum of input from users.

It puts users – including minors – at risk by exposing their profile information to the wider world. Many Facebook users are not well-informed about the myriad of privacy settings required to lock down one’s profile. Many users leave their entire profile, including date of birth, workplace, residential neighbourhood and status (e.g. “I’m vacationing in Aruba all week!”) open to entire networks of thousands of members to view. While users’ entire profiles will not be available to search on the Web - not yet, anyway – it opens the door for greater abuse.

In using the negative opt-out technique, Facebook is violating the trust and the privacy of millions of loyal users. If users and regulators allow Facebook to proceed with this tactic - what's next? What other web services do you use that may decide to share your personal information or web history with a third party, assuming that your silence to a negative option grants them your "permission"?

2 comments:

Anonymous said...

Great post, Sharon. I spotted this on the BBC website too, and immediately logged on to Facebook and tweaked the search settings until I was comfortable.

Anyone reading this should do the same. Like, now.

Helen said...

i've had many conversations about the pros and cons of facebook with one of my daughters. She would like to join to socialise with her friends, but is wary of having them post photos of her on the web without her permission, by not using the privacy settings properly. In fact, as everyone seems to show all kinds of personal info to the whole network, i was surprised when i found that it was possible to set so much info as private.
Excuse me while i go lock down more stuff!