There’s a limited market for the Facebook privacy beat, since most problems can be solved by young Zuckerberg flicking a particular switch. After all, one key aspect of a well-designed technical architecture (and Facebook has demonstrated that it is one) is the ability to reconfigure it without much difficulty. And sometimes it’s as simple as cleaning up the user interface.
Consider the phone system and the vertical service codes (*57 et al, originally known as Local Area Signaling Services). I believe that services like call tracing were available through an operator in the 1980’s ; in 1990, it began being available directly to subscribers. Still, how many people know to dial *57 to trace a call? The instructions are listed in the phone book; but not on each phone. Phone designers figured that phone tracing (and similar services) were uncommon enough that people would learn the codes as they needed.
In the software world, of course, you have a lot more user interface to work with. Telling the user to type in a special code just won’t cut it; hunting and pecking through various menus has its limits as well.
Facebook and Third Party Applications
What interests us is Facebook’s statement for Privacy Settings for Other Applications:
“Applications that you opt into are not subject to the privacy settings below.”
This has been a cause for consternation, and rightly so. In May 2007, the ACLU of Northern California noted “if you use Facebook, you should be aware that the advent of third-party platform applications means that Facebook may no longer be solely responsible for keeping your personal information safe.” A Facebook user asked a question to the SuperPoke forum in June.
More recently, Adrienne Felt at the University of Virginia (working with adviser David Evans) probed further, finding that 90% of Facebook applications are given more privileges than they need. Her research page didn’t cite any prior sources (not that there was very much, though what I found above could have been noted). Also, their proposed solution doesn’t quite illustrate how the user experience would change.
Chris Soghoian, a PhD candidate at Indiana University, wrote up Felt’s research at CNet a couple of weeks ago, and checked with Facebook Chief Privacy Officer Chris Kelly on their ability to track rogue apps. Kelly’s answer didn’t satisfy Soghoian, who felt that they were being evasive. That said, the Facebook Developer blog had a recent post which discussed some of the mitigation techniques used against malicious and deceptive developers, whom they discover through “multiple violations of Facebook policies, generating an anomalously high level of user complaints.”
Also, a resource page on Facebook Privacy at EPIC is a comprehensive list of issues, though it’s not clear whether they had added the concerns on third party applications before reading Felt and Soghoian’s work. In addition, GWU Law Professor Dan Solove blogged about his article today.
Here’s what you see:
What we have here is a user interface problem. The links at right are so far away from the apps at left that it is difficult to know which click is associated with which app (Not that people can’t do it; simply a greater percentage of people won’t bother.) Furthermore, the text is misleading. The link says remove— does that mean remove the application? Click it and it says undo. Huh? Undo what? The links should say share/unshare.
Take “Jewish Dates 2.0” — this app does nothing more than convert the familiar Gregorian calendar date to the Hebrew calendar date, so it can calculate your birthday if you are so inclined. Here’s what I see after clicking remove:
From this, it seems to me that the proper place for the user to select what is shared is on the application page itself. Facebook, as the setter of standards, could simply mandate that each application post a link “What [This Application] Knows About You” — and from there the users can simply specify which properties they would like to share with that application.
[Funny, several months back I gave the same advice to mighty Google. I hope I have more luck with Facebook.]
As to those applications with “multiple violations of Facebook policies, generating an anomalously high level of user complaints” — it seems like this interface could be a little more transparent to users as well. When I choose/use an app, I should get an idea how many complaints are open.
Note that I haven’t looked at the Facebook API in much detail, though I intend to in the future. But this could well be a case where the UI drives the API. Suppose that the UI requirements are that the user can choose precisely what data they want to share or not (along with the complaints tracker, natch.). So come up with an API for that.
New group in Facebook
“Dear Facebook, please limit third-party applications access to my profile“