Trusting Facebook

In the past two years many in the general public and in legislative bodies in multiple countries have begun questioning whether we or they should trust FaceBook. Some are reaching the conclusion “NO” based on recent activity on FB, especially during the US and UK elections.

I suggest we should never have trusted FB. To support this position, here are two emails I shared widely with friends in May, 2010.

=-=-=-=-=
Sent: Sunday, May 09, 2010 1:05 PM
Subject: Why I’m Leaving FaceBook

Friends & Family  All,
   This note is to tell my friends, to include all of my current Facebook Friends, that I am dropping out of FaceBook and why. Each of you will see my profile data minimized, and, if I can do so, remove
each of you from my list of FB Friends, and then kill the account. This is nothing personal about any of you.

It is all about the demonstrated attitude of Facebook for the past year, over a series of site “enhancements,” that the FB company wishes to destroy all semblance of personal privacy, and further, to do so while reneging on previous statements of privacy policy. I’ve been
concerned about this trend since the big changes at FB last fall [2009]. The last straw was the recent partnership that FB set up with Microsoft, Yelp, and other sites, with more planned in their FB marketing effort.

To put it simply, FB cannot be trusted to maintain my privacy or to keep its promises. Thus, I’m outta there.

Many of you know that my profession for the past dozen years has been in the field of information security, also called information assurance or computer security. You may not be aware that this field
overlaps with and includes the extremely important arena of privacy protection. What the privacy policy and protection community cares about requires the full involvement of the computer security community to put into place and enforce. Very many of my colleagues in both fields have been concerned about the implications of FB for several years. The best and most recent commentary on this topic I have seen hit the web just this week, in a WIRED blog post,
 Facebook’s Gone Rogue; It’s Time for an Open Alternative     * By Ryan Singel      * May 7, 2010
http://www.wired.com/epicenter/2010/05/facebook-rogue/

I encourage you all to read that post, and to follow many of the links
in it, especially “No wonder 14 privacy groups filed a unfair-trade complaint with the
FTC against Facebook on Wednesday.“
(http://epic.org/2010/05/new-facebook-privacy-complaint.html)

Note, also that I am using regular e-mail to send you this message, for a particularly important reason. From Ryan’s WIRED post:
“In Facebook’s view, everything (save perhaps your e-mail address) should be public. Funny too about that e-mail address, for Facebook would prefer you to use its e-mail-like system that censors the messages sent between users.
(http://www.wired.com/epicenter/2009/05/facebooks-e-mail-censorship-is-legally-dubious-experts-say/)”

For some of you, FB is the main, or nearly only, way you communicate online. Please keep me in your regular e-mail address list, and stay in touch with me by e-mail. I originally opened a FB account to stay in touch with a couple of you because it was the only place you would respond to me. I don’t want to lose the ability to communicate with you. However, FB can no longer be the method of communication.

Please feel free to pass the information in this mail on to anyone you wish. If it is to someone I don’t know, just say you got it from a friend. If it is to a mutual friend, you can forward this with my name on it, and please CC me on those messages. I’m using BCC addressing to minimize the hassle to each of you and avoid spreading e-mails across. However, this means you don’t see who among our mutual friends has also seen this. Thus, for immediate family, and college friends, you might want to check before forwarding it again.

Thanks, all. See you on AIM [no longer/2018] and e-mail!

Cragin

=-=-=-=-=
Sent: Thursday, May 13, 2010 11:08
Subject: A bit more on RE: Why I’m Leaving FaceBook

A couple of days ago, an old college fraternity brother and friend replied to my original mail with a simple question.

The question:
“so  craig tell an undereducated about computer security more. I have a facebook page that basically says I am this old and live in okc and am single and I have this list of friends with pictures of all of us and some pics my kids posted of me in places like England. most of this except the pictures can be captured by google search or similar or just by the old way a few phone calls to someone.
So what are security concerns and how should I really be protecting myself”

My reply:

 This is not about security, the way most people usually think about it. It is about privacy. Every e person makes either explicit or implicit decisions about how much privacy to give up. For instance, ever time we use a member discount card at the grocery store, we give the chain more information about our lives. We do that knowingly, bought off by the discounts.

 In today’s environment, interlocked corporate databases are more of a “Big Brother” than the government.  The direction FB has been going is to set up conditions that most anyone can put all of your life pieces together easily. If you are OK with that, no big deal.

 When I started being active on Facebook, I was OK with the amount of exposure among friends and family and across several social group lines. However, in the past year, FB has made several changes, each time extensively opening up cross-community exposure of members’ information by default, sometimes in violation of previous privacy policies, using an opt-out method, instead of opt-in, and further, making the opt out process frustratingly obscure and complex.

Basically, I’m dumping active FB use because I can’t trust them to state and follow a privacy policy and keep it in place. They keep changing their rules, and always by exposing more information about me in more places than before, and putting me on an Easter egg hunt to put my rules back where I left them before. If FB were to make these changes by opening up the new services with an opt-in rule (“hey, we can do this fun new thing or you, go here to start it happening for you”) and they made it simple to change my personal rules whenever I want, I’d still be on the site. However, that is not what has been happening.

Everyone makes their own choices on the privacy sharing. However, I want to make my own, not have FB make them for me. For instance, did you know that when you join a FB game like Farmville, you give the folks who run the game permission to see all of your information and contacts, even stuff you said to be limited access in other rule pages?

=-=-=-=-=-=