Facebook’s modus operandi is pushing the boundaries of user expectations, rolling out new features to user outcry, and making minor adjustments and rollbacks while continuing to pursue its lofty visions. But the company has done an especially bad job of explaining recent user privacy changes.

Facebook’s modus operandi is pushing the boundaries of user expectations, rolling out new features to user outcry, and making minor adjustments and rollbacks while continuing to pursue its lofty visions. It’s a two-steps-forward, one-step-back approach. A company that makes something so many people care so much about should always have a clear messaging strategy and crisis mode at the ready. But Facebook has been especially weak on explaining its bold changes around user privacy in the last six months.

First of all, the relationship between privacy and Facebook is always going to be complicated. This is *the* issue for the company, and will continue to be. Facebook needs its users’ trust in order to provide them value. But the company has been slipping up — on a number of fronts. First, it overstepped user comfort levels with the rollout of instant personalization features that are opt-out rather than opt-in. (It’s also setting itself up for another maelstrom over user data retention.) Meanwhile, Facebook’s privacy controls continue to be way too complicated — the whole product itself needs significant improvements. And lastly, it’s suffering multiple unintended security holes, both by itself and its partners.

Facebook's privacy setting landing page

These problems build on each other. Now the leading narrative in the media is that Facebook is cavalier about privacy. Last night came the news that Facebook had to shut down one of its three carefully chosen instant personalization partners, Yelp, for repeated insecure protection of user data. Some prominent users are leaving the site altogether, and they’re perceived as level-headed technologists rather than Chicken Little-types. An upstart group of four programmers building a private alternative to Facebook called Diaspora has gained steam incredibly quickly. And some widely read tech commentators say they believe Facebook’s leadership is evil.

Facebook can handle all of this. (See my GigaOM Pro piece (sub req’d), “There’s No Stopping Facebook,” for an in-depth discussion.) The company has incredible strength right now, and has laid out a compelling vision for what it can offer to the rest of the web. Those four college students that raised $10,000 in 12 days to build the anti-Facebook are hardly a serious threat.

But the company’s messaging around its changes is just terrible. Facebook seems pathologically incapable of laying out a compelling rationale for why less privacy would be a good thing for its users — instead insisting that nothing about their privacy has changed. Then it leaves it to the media and users’ alarmist messages spread through Facebook wall posts to construct conspiracy theories in the absence of explanation. This hamfistedness dates back to last December, when Facebook first rolled out an ambitious set of privacy changes.

I remember a reporter asking on the press call in December whether the changes would make user information more private or more public. Facebook stonewalled her, saying that the changes were intended to encourage more sharing, because users would be more aware of with whom they were sharing any one item. But as soon as we were all able to get off the call and look at the new settings it became obvious that Facebook was asking users to default much of their information to be seen by the public. So just say that! Explain why and how it’s a good thing.

Similarly, the new, tricky instant personalization feature was tacked onto the end of Facebook CEO Mark Zuckerberg’s f8 keynote last month, with a quick demo of Pandora. I remember turning in my seat and saying to Om, “I didn’t get that feature.” Only after I sat down with a Facebook platform engineer for half an hour did I understand that this was an entirely separate feature from the core open graph and social plug-in launch, available to just three sites and using dramatically different privacy settings than other features. Now, maybe I was a little slow on the uptake, but it shouldn’t be so hard! If this is the most complicated and foreign feature you’re launching at a massive press and developer event, take the time to justify and explain it.

Last night The New York Times posted a reader Q&A with Elliot Schrage, Facebook’s VP of public policy. Schrage’s tone on privacy is apologetic. “Trust me. We’ll do better,” he writes, adding that:

It’s clear that despite our efforts, we are not doing a good enough job communicating the changes that we’re making. Even worse, our extensive efforts to provide users greater control over what and how they share appear to be too confusing for some of our more than 400 million users. That’s not acceptable or sustainable. But it’s certainly fixable. You’re pointing out things we need to fix.

But Schrage sounds too much like a politician for my taste. On advertising, he writes, “I think people still ask because the ads complement, rather than interrupt, the user experience. They think, ‘That can’t be it.’ It is. The privacy implications of our ads, unfortunately, appear to be widely misunderstood.” Schrage promises better messaging, but he also implies that users just don’t get what the benevolent Facebook is trying to do.

Facebook VP of Public Policy Elliot Schrage

Maybe it would help if Facebook offered up a sacrificial lamb — instant personalization, perhaps. Like the company’s user activity tracking Beacon product of three years ago, instant personalization was probably launched before its time, and needs the market to grow around it. Or maybe Facebook can just ride this whole privacy uproar out — an option that would be greatly helped by an end to any privacy breaches and security holes, effective immediately.

I don’t think Facebook is evil. The company’s leaders believe that each perceived privacy erosion is actually an improvement to user experience — and if that’s true, they need to tell us, show us and convince us. They brought this privacy fiasco upon themselves, and they need to deal with it.

Please see the disclosure about Facebook in my bio.

  1. Whenever a company (or government) says “if we just communicated the changes better . . .” it is a sure sign that there is something really, really wrong and that they were taken by surprise.


  2. [...] Facebook has come under increasing scrutiny for a number of reasons and many were left with a sour taste in their mouth following a New York Times reader Q&A with Elliot Schrage, the company’s Vice President [...]

  3. Never ascribe to malice that which can be explained by incompetence. – Napoleon

  4. Hey guys, could you please write out “subscription required” on the links to your Pro posts? “Sub req’d” is both nonsensical and it looks like you’re trying to hide something.


    1. Hi JR, I think it’s our style to conserve space, but I’ll look into it.

  5. How about a more Machiavellian interpretation of FB’s actions: FB intentionally goes too far with each release just so they can offer up a sacrificial lamb like Beacon and say, “see… you were right, we fixed it.” i.e. They’re using anchoring to make you think the end result isn’t too bad. I don’t know if this is true but I’m having fun speculating.

    1. +1 Nivi.

    2. @Nivi – The (lack of) explanation of these features does lend some credence to your conspiracy theory. :)

  6. Remember Myspace and how it lost the groove!!! Facebook is heading the same way. I definitely do not trust what the facebook leaders are saying about privacy and beating around the bush.

  7. About the only time I go to FB now is to re-check my privacy settings.

  8. It looks like conflicting themes may be playing out at the same time, which confuses issues and also provides Facebook with cover for sleaze.

    First, users are probably in conflict about what they want. They want non-friends to be able to find them, and they want to distinguish themselves from other people (especially others with similar names). Many users want to impress non-friends with friend counts, bio information, etc., while at the same time they want to be safe from mis-use of the information that will distinguish them and impress others.

    Some groups of users (especially younger users) want to share everything. How large is this group? Large enough to define Facebook’s default settings? It’s relevant that nearly everyone who works at Facebook belongs to the younger cohort of heavy sharers, and working at Facebook probably just makes them want to brag all the more. Facebookers probably believe that they are demolishing privacy like Gorbachev demolished the Berlin Wall – it’s a cause to them, even beyond their self-interest.

    Facebook wants to make the site valuable by sharing its user info, but they also want to demonstrate to users the benefits of sharing this information. They probably believe that if they just take a few liberties now, we’ll all agree that they’re right later. From social introductions to games, to better quality news and product/service ratings, there’s a good case to be made for the user benefit of sharing more information (and few people tell Facebook employees ‘no’ these days, from VCs to real estate agents and cute thing in bars).

    If users are speaking with conflicting voices (and actions), and Facebook sees intertwined public and selfish opportunities in opening up private info, it will be very difficult for them to declare a clear path on privacy. Even the US and the EU disagree bitterly about the issue, which has caused ongoing tension for companies serving both markets.

  9. [...] the rest here: Facebook Needs to Find Its Voice on Privacy // Tags: and-making, and-rollbacks, boundaries, facebook, has-done, lofty-visions-, [...]


Comments have been disabled for this post