Today Facebook announced three new features that help move the social networking giant closer to satisfying EFF's Bill of Privacy Rights for Social Networking. While EFF continues to have outstanding issues with Facebook, we greatly appreciate these important steps toward giving Facebook users more transparency and control when it comes to how the information they post to Facebook is shared, and more power to take their Facebook data with them if they ever choose to leave the service. While Facebook has taken some good steps here, and we recognize that this is just the first iteration of the new features, we do have several additional recommendations, noted below. We will continue to dialogue with Facebook on these issues.
Clearer Application Controls and The Right to Informed Decision-Making
Today Facebook introduced new application controls, which offer more transparency regarding when and what user information is requested by third-party applications running on Facebook's Platform. Facebook is also moving the application controls into the privacy controls section of the site, where users concerned about app privacy are more likely to find and interact with them.
We think that this is an important step forward in terms of providing more transparency to users about where their Facebook data is going and who’s using it. However, we hope that Facebook will soon take a few steps farther, both by providing a more complete picture of how much information is going to the apps that you install, and also by providing information about how much information is going to the apps that your friends have installed.
This would help address privacy concerns over the "app gap," by which Facebook apps that your friends install can access your information even if you don’t use the app yourself. Additional transparency that shows when those apps are accessing your data can help you make informed choices about your privacy options, and may make you rethink whether you want to share any information at all over the Facebook Platform.
Even though we appreciate the steps Facebook has taken, in the future we would like to see even more transparency on the information pulled by applications. The new controls very helpfully showed the most recent information obtained by each app. However, to give a more complete understanding of applications’ behavior, we have two suggestions.
Recommendation 1: Allow users the option of receiving a notice in their newsfeeds whenever a selected application requests data, rather than just allowing them to see only the last data request. While perhaps few users would adopt this option, those that did could evaluate and rate those apps and tell the world about any unusual behavior.
Recommendation 2: Showing a more complete history of an app's behavior, beyond just the last information that was pulled, would allow users to see the frequency and patterns in application information requests and would help them make better choices about which apps they want to continue using.
The Redesigned "Groups" Feature and The Right to Control
Next, Facebook is introducing additional user control through a redesigned "Groups" feature, which should more easily allow people to choose to share certain information only with subsets of their friends. If widely adopted by users, this will go a long way to enabling better control over contextual privacy.
Context is critical for people to effectuate their privacy preferences. Users know that information that is appropriate to share with one set of their Facebook friends may not be appropriate to share with another. For example, a school teacher might wish to share information about her vacation or family with family and personal friends, but not with other teachers, parents, or students. To get the most out of social networking without unduly sacrificing privacy, it is critical that users be able to easily share information with subsets of one's Facebook friends. Facebook has had "friend lists" for this purpose but they were complicated and difficult to use correctly. So while the "friend list" function could be a useful feature for power-users, it was not widely adopted.
Accordingly, we greatly appreciate the additional control provided by the newly redesigned Groups feature, which will allow people to more easily share information only with particular subsets of their friends. Notably, rather than setting the default for new groups to "Open" — where both group membership and content is public — Facebook has wisely set the default group privacy level to "Closed," meaning that although group membership is public, the content shared within the group is only available to group members. Facebook has also provided an even more private option: "Secret" groups, where both the membership list and content are only available within the group itself.
EFF applauds this new Groups feature, which goes a long way to providing users even more control over their contextual privacy.
We have a further suggestion, however:
Recommendation 3: As a strong proponent of the power of anonymous and pseudonymous speech, EFF further recommends that Facebook also allow for another category of groups: anonymous groups. There are many people, such as violence survivors or HIV positive individuals or religious groups, who may want to have a group discussion without revealing their identities. Facebook should enhance the Groups feature by allowing for the creation of groups where the membership list is secret from members (i.e. just available to the group’s administrators, if anyone), and where group members can interact using pseudonyms rather than their real names.
Our longstanding concern for anonymous speech aside, though, EFF is very pleased with today’s Groups revamp, which we hope will provide users with a powerful new tool for managing their privacy on the Facebook site.
The New Downloadable Data Option and The Right to Leave
EFF's Bill of Privacy Rights states users "should be able to easily, efficiently and freely take their uploaded information away from that service and move it to a different one in a usable format." EFF believes that data portability is a critical component in encouraging competition among social networks on privacy. We are very excited to see that Facebook is taking a big step in this direction by giving users the ability to download and locally store copies of most of their information in a single ZIP file. This new downloadable data file including an archive of your Facebook "wall" as well as your photos, videos, notes, events, and private messages, along with a list of your friends’ names.
The ZIP file does not include your friends' contact information, however. This raises the somewhat tricky question of how to treat contact information of other users for portability purposes. While many people consider their address books to be "theirs," those whose addresses are in someone else's address books may have an independent privacy interest in their email addresses and similar contact information. Friends may have a legitimate concern about their contact information being given to other services, be they social networking or something else, via Facebook export. This makes address books a hard problem when trying to draw the line between your data and your friends' data. Thankfully, Facebook has indicated a willingness to consider possible solutions to this problem, and we at EFF have a few concrete recommendations on that score.
Currently, Facebook users can export their friends’ contact information in two rather roundabout ways. First, they can sync their iPhone address book using Facebook’s iPhone app. Second, they can export their friends’ email addresses to Yahoo! Mail, and then pull the information from Yahoo! (instructions here). However, these options don’t provide sufficient portability for the majority of users, and also don’t consider the privacy of the friends whose data is being exported.
Recommendation 4: EFF thinks that the best balance between privacy interests and portability is to allow an easier and more direct export of contact information of people on your friend list (to the extent that information has been made visible to you), while also...
Recommendation 5: ...providing a setting whereby your friends can opt-out of such export of their contact information. This opt-out should also apply to other export options such as those available through Yahoo! Mail and the iPhone.
Recommendation 6: As an additional privacy measure, we think that the contact information of your friends — subject to their opt-out — should be available as a separate file, rather than or in addition to being included in the downloadable file of all your Facebook content. While contact information can be the most critical aspect of portability for moving to a new service, people may not want to share their complete Facebook data file with a new service as a part of a transition. A separate contacts file would enable users to easily upload to another service only the contact information of their friends, without simultaneously having to provide all of the other data they’ve downloaded from Facebook, such as photos, wall posts, etc.
Turning back to today’s changes, we have two additional suggestions to better enhance privacy, the final one aimed at users rather than Facebook itself.
Recommendation 7: To help preserve privacy, the privacy permission level for each piece of data should be included in the export — e.g., if you shared a photo with only your friends, there should be metadata attached to that photo in the downloadable file that indicates that privacy setting. This would allow users to upload their data to another service without having to re-assign privacy levels to every post.
Recommendation 8: Finally, a suggestion for users: while we’re pleased that Facebook is giving users an easy way to export all of their data, it’s important for users to recognize that the ZIP file will contain a ton of sensitive information, and may reside on your computer indefinitely. Accordingly, we recommend that users encrypt the data after downloading. GNU Privacy Guard, a robust free software encryption program that implements the OpenPGP standard, can provide an appropriate level of protection, and there are other tools that can do the same.
Remaining Concerns About Facebook and Privacy
In June of this year, EFF, the ACLU of Northern California, and a coalition of privacy groups wrote a letter to Facebook CEO Mark Zuckerberg urging Facebook to give users true control over their personal data by taking six critical steps to protect members' information. Facebook's response to the privacy group letter was only notably positive on one step: protecting the privacy of users’ communications with the site by using HTTPS encryption, which remains a work in progress.
Today, we are delighted that Facebook implemented another one of these steps, by making it far easier to export user's uploaded information. However, the remaining steps are important, and we will continue our dialogue with Facebook on each of these issues.