Blog Post

Facebook Needs to Find Its Voice on Privacy

Stay on Top of Enterprise Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Facebook’s modus operandi is pushing the boundaries of user expectations, rolling out new features to user outcry, and making minor adjustments and rollbacks while continuing to pursue its lofty visions. It’s a two-steps-forward, one-step-back approach. A company that makes something so many people care so much about should always have a clear messaging strategy and crisis mode at the ready. But Facebook has been especially weak on explaining its bold changes around user privacy in the last six months.

First of all, the relationship between privacy and Facebook is always going to be complicated. This is *the* issue for the company, and will continue to be. Facebook needs its users’ trust in order to provide them value. But the company has been slipping up — on a number of fronts. First, it overstepped user comfort levels with the rollout of instant personalization features that are opt-out rather than opt-in. (It’s also setting itself up for another maelstrom over user data retention.) Meanwhile, Facebook’s privacy controls continue to be way too complicated — the whole product itself needs significant improvements. And lastly, it’s suffering multiple unintended security holes, both by itself and its partners.

Facebook's privacy setting landing page

These problems build on each other. Now the leading narrative in the media is that Facebook is cavalier about privacy. Last night came the news that Facebook had to shut down one of its three carefully chosen instant personalization partners, Yelp, for repeated insecure protection of user data. Some prominent users are leaving the site altogether, and they’re perceived as level-headed technologists rather than Chicken Little-types. An upstart group of four programmers building a private alternative to Facebook called Diaspora has gained steam incredibly quickly. And some widely read tech commentators say they believe Facebook’s leadership is evil.

Facebook can handle all of this. (See my GigaOM Pro piece (sub req’d), “There’s No Stopping Facebook,” for an in-depth discussion.) The company has incredible strength right now, and has laid out a compelling vision for what it can offer to the rest of the web. Those four college students that raised $10,000 in 12 days to build the anti-Facebook are hardly a serious threat.

But the company’s messaging around its changes is just terrible. Facebook seems pathologically incapable of laying out a compelling rationale for why less privacy would be a good thing for its users — instead insisting that nothing about their privacy has changed. Then it leaves it to the media and users’ alarmist messages spread through Facebook wall posts to construct conspiracy theories in the absence of explanation. This hamfistedness dates back to last December, when Facebook first rolled out an ambitious set of privacy changes.

I remember a reporter asking on the press call in December whether the changes would make user information more private or more public. Facebook stonewalled her, saying that the changes were intended to encourage more sharing, because users would be more aware of with whom they were sharing any one item. But as soon as we were all able to get off the call and look at the new settings it became obvious that Facebook was asking users to default much of their information to be seen by the public. So just say that! Explain why and how it’s a good thing.

Similarly, the new, tricky instant personalization feature was tacked onto the end of Facebook CEO Mark Zuckerberg’s f8 keynote last month, with a quick demo of Pandora. I remember turning in my seat and saying to Om, “I didn’t get that feature.” Only after I sat down with a Facebook platform engineer for half an hour did I understand that this was an entirely separate feature from the core open graph and social plug-in launch, available to just three sites and using dramatically different privacy settings than other features. Now, maybe I was a little slow on the uptake, but it shouldn’t be so hard! If this is the most complicated and foreign feature you’re launching at a massive press and developer event, take the time to justify and explain it.

Last night The New York Times posted a reader Q&A with Elliot Schrage, Facebook’s VP of public policy. Schrage’s tone on privacy is apologetic. “Trust me. We’ll do better,” he writes, adding that:

It’s clear that despite our efforts, we are not doing a good enough job communicating the changes that we’re making. Even worse, our extensive efforts to provide users greater control over what and how they share appear to be too confusing for some of our more than 400 million users. That’s not acceptable or sustainable. But it’s certainly fixable. You’re pointing out things we need to fix.

But Schrage sounds too much like a politician for my taste. On advertising, he writes, “I think people still ask because the ads complement, rather than interrupt, the user experience. They think, ‘That can’t be it.’ It is. The privacy implications of our ads, unfortunately, appear to be widely misunderstood.” Schrage promises better messaging, but he also implies that users just don’t get what the benevolent Facebook is trying to do.

Facebook VP of Public Policy Elliot Schrage

Maybe it would help if Facebook offered up a sacrificial lamb — instant personalization, perhaps. Like the company’s user activity tracking Beacon product of three years ago, instant personalization was probably launched before its time, and needs the market to grow around it. Or maybe Facebook can just ride this whole privacy uproar out — an option that would be greatly helped by an end to any privacy breaches and security holes, effective immediately.

I don’t think Facebook is evil. The company’s leaders believe that each perceived privacy erosion is actually an improvement to user experience — and if that’s true, they need to tell us, show us and convince us. They brought this privacy fiasco upon themselves, and they need to deal with it.

Please see the disclosure about Facebook in my bio.

49 Responses to “Facebook Needs to Find Its Voice on Privacy”

  1. I have to disagree. I think there are many reasons why Facebook is evil, here are a few:

    1. It’s created, directed, and modified by humans.
    2. They think they’re improving our experience.
    3. Facebook is actually a market research tool.
    4. Mark Zuckerberg is the youngest self-made billionaire.

    Need I say more? The point is that Facebook has found its voice on privacy. What they are trying to find is the closest they can get to users’ information without crossing all those fine lines. When there are so many fine lines in play, it might as well be politics.

  2. This article and those like it are inciting fear with invalid information and misunderstandings. It is the responsibility of the press to convey valid information and I just don’t feel this article does that.

    f8 is a developer conference, not a press conference. The developers, myself included, understood what was happening straight away, and how it was more secure for users privacy. There is no justification for your uninformed comments where you have obviously not consulted a web professional.

    Facebook will be forcing the new, more specific, privacy settings onto applications and websites 1 June. This will include a bullet delimited list of the information that application or website wants to use/store.

    The ‘instant personalisation’ features are secure. I don’t see the problem. Users give permission for applications to access their data. Where in the context of a website, that website doesn’t have access to displayed information. It is controlled by

    What am I not getting?

    • What you don’t seem to get is that GigaOm is a well respected tech publication: they do get confused, and can be wrong sometimes, but all writers represent the better-understanding end of all web professionals, and us readers tend to be people earning a living from the web. If I remember correctly, Om Malik himself was siting in the first row during the press event associated with f8, so… the first thing you didn’t get, was your tone right.

      Second thing that you have missed is that one of the three preferred partner had a security breach since: nothing was exposed apparently, but Facebook felt the need to warn users—so yes, that plan does increase links, and the weakest link can only be weaker. It’s an acceptable risk, but all web professionals will tell you, rarely new feature or partnership doesn’t raise similar questions.

      Of course, a more comprehensive understanding of what users do, less clicks, integrated communication channels between trusted parties have resolved many possible breaches—but less options don’t always mean less problems. Some issues with Apps have been adressed, but the weakest link of all, the one between the chair and the keyboard, is increasingly confused, and no one will describe this as a security win.

      Finally, a hint: when you disagree with someone, instead of writing “You are misinformed.” or “I don’t see the problem.” try to ask a question, or try to Google further: some users were legitimately concerned that it was confusing to prevent their Facebook account to be associated with a “intant personnalisation” account (because they use the same browser as another person, but share no history so never cross cookies before; because they love for Classical music would have make their Ghetto Street Cred drop; because they didn’t want the fake Yelp account they use to trash competition to be associated to their own cookery, etc.)

      No changes on-line go without hurting someone: those in charge should acknowledge the issues, try to adress them; this won’t make the over-all impact less positive. And those trying to support them should help with sorting the mess, not denying it.

    • Vischameel

      Most users who are not technical and not “in the know” are never going to understand how to properly navigate the morass of choices now given by Facebook. That’s the problem you aren’t getting. It’s a average person that will never read a 5000-word long privacy policy. It’s ridiculous for the simple fact that all Facebook is trying to do is dominate the world.

  3. Hi Liz,

    I think Facebook needs to find what it has lost – it’s conscience.
    Having a voice without that will just be a conscience-less entity articulating well.

    Or perhaps as far as privacy is concerned Facebook (or more accurately, Zuck) never had a conscience.

  4. jenkins

    This headline is so naive. Facebook doesn’t have a voice on privacy. Zuck’s own people have leaked the notion that he doesn’t believe in privacy.

    They will do whatever it takes to achieve their business goals. This means confusing their users in ways that make them less able to truly use the site. The default will be that Facebook gets what they want — always.

    Don’t you understand this?

  5. FB really could easily put it to a straight, per user “vote” on their next login, here’s how:

    1) “I want everything to be completely private, no one but my friends sees nothing. 2) “I want everything to be completely open. 3) “I want to muddle through with the detailed settings somewhere in the middle,which will be my responsibiliy.

    — And then arrange people’s detail settings accordingly. My bet would be on about 80% opting for “private”. Either way, everyone could be happy with their choices again. But of course FB is not going to do that. That would be giving too much control/mastery back to the users…

    Facebooks bizarre problem seems to be its insistence that everybody should be the same.

    And unless there later is a trojan horse ad system to be launched through “Open” Graph (after site owners have gotten so used to the extra traffic they may be getting from FB, even though click-through rates from within FB are still very low at this point, and thus would be less likely to resist by turning it back off), there really is no compelling reason for FB to open things up so much:

    They already had most of the data they ever needed to target you with Facebook Ads. Why spread things around?

  6. “The company’s leaders believe that each perceived privacy erosion is actually an improvement to user experience…”

    You are sadly naive if you truly believe this. Facebook’s customers are advertisers, not end-users. Once you accept that, everything makes sense.

    • OK, maybe I’m naive. But I think the Facebook team is naive in the same way. If they wanted to make decisions just based on advertising they would have looked like MySpace or even uglier sites a long time ago.

  7. Facebook is leaking way to much information to way to many applications. I remember something in an article I read last week saying that new web 2.0 sites are popping up that will not let you access the content of said site without being logged into your FB account.

    According to the article, after you login to FB, those sites then have access to all of the information you have listed in your FB account.

    Things like this scare me.

  8. Nivi:
    Zuckerberg is a Psych minor, and had more important things to do during his years in College so any Psych 101 trick is certainly part of his meager set of personal references. Anchoring is rather obvious, albeit possibly involuntary—don’t forget they’ve been working on those for a long time.

    I don’t think we need Sacrificial lambs, although that will probably be how the blatantly necessary set-up of privacy features on ‘Connections’ will be painted. I just can’t understand how they could get away with preventing a user to belong to a Gay group without the choice to hide it to his parents, or have religious discussion away from his colleagues’ mockery.

    We need:
    * easier by-Group filtering (5 clicks? Seriously?), and
    * similar filters for more than updates and photos, but also Likes & Community,
    * more importantly clarity in privacy settings. I can’t imagine Facebook got away with such a committee design for these (and I mean it in the “steaming pile of manure” sense).

  9. I never put any private information on Facebook, so I am not worried about whatever changes they make. I understand why others are concerned, but I never understood why they put things like addresses and phone numbers on the site.

  10. I am begining to wonder if Facebook see’s itself as a company which can push anythign it likes to the dismay of its users?
    This could be a dangerous thing it it does not listen to it’s user base. Their mode of operation seems to be to push things and define how the future of the web will be built through Facebook standards whether users like it or not. They are trying to set the standards around privacy issues and trying to make the web truly open, I don’t think people will accept the web to be fully open and their lives to be seen in public, there will definitely be a cut off point and Facebook could very well push that cut off point sooner if and when users revolt.

  11. It looks like conflicting themes may be playing out at the same time, which confuses issues and also provides Facebook with cover for sleaze.

    First, users are probably in conflict about what they want. They want non-friends to be able to find them, and they want to distinguish themselves from other people (especially others with similar names). Many users want to impress non-friends with friend counts, bio information, etc., while at the same time they want to be safe from mis-use of the information that will distinguish them and impress others.

    Some groups of users (especially younger users) want to share everything. How large is this group? Large enough to define Facebook’s default settings? It’s relevant that nearly everyone who works at Facebook belongs to the younger cohort of heavy sharers, and working at Facebook probably just makes them want to brag all the more. Facebookers probably believe that they are demolishing privacy like Gorbachev demolished the Berlin Wall – it’s a cause to them, even beyond their self-interest.

    Facebook wants to make the site valuable by sharing its user info, but they also want to demonstrate to users the benefits of sharing this information. They probably believe that if they just take a few liberties now, we’ll all agree that they’re right later. From social introductions to games, to better quality news and product/service ratings, there’s a good case to be made for the user benefit of sharing more information (and few people tell Facebook employees ‘no’ these days, from VCs to real estate agents and cute thing in bars).

    If users are speaking with conflicting voices (and actions), and Facebook sees intertwined public and selfish opportunities in opening up private info, it will be very difficult for them to declare a clear path on privacy. Even the US and the EU disagree bitterly about the issue, which has caused ongoing tension for companies serving both markets.

  12. Anonymous

    Remember Myspace and how it lost the groove!!! Facebook is heading the same way. I definitely do not trust what the facebook leaders are saying about privacy and beating around the bush.

  13. How about a more Machiavellian interpretation of FB’s actions: FB intentionally goes too far with each release just so they can offer up a sacrificial lamb like Beacon and say, “see… you were right, we fixed it.” i.e. They’re using anchoring to make you think the end result isn’t too bad. I don’t know if this is true but I’m having fun speculating.

  14. Hey guys, could you please write out “subscription required” on the links to your Pro posts? “Sub req’d” is both nonsensical and it looks like you’re trying to hide something.


  15. Whenever a company (or government) says “if we just communicated the changes better . . .” it is a sure sign that there is something really, really wrong and that they were taken by surprise.