Blog Post

Who owns your social graph — you or Facebook?

Stay on Top of Emerging Technology Trends

Get updates impacting your industry from our GigaOm Research Community
Join the Community!

Facebook’s control over the information in your social graph is in the news again. The company recently blocked a Google Chrome extension that scraped your contact info so that you could export it somewhere else, such as into Google’s (s goog) new Google+ social network. The move has reignited debate over who exactly owns the information about your social graph — is it yours, or is it Facebook’s? Should you have the right to copy or move those email addresses wherever you want to, or is Facebook right to prevent you from doing so?

On Tuesday, after news broke about the Chrome extension being blocked, a Google engineer named Adam Lasnik wrote an open letter to Facebook CEO Mark Zuckerberg on Google+ asking him to reconsider his views on allowing users to export their contact data, saying:

Mark Zuckerberg, you seem like a good guy… so won’t you please let us (and third parties we explicitly authorize) access our own address books in FB without jumping through hoops? I’m a long-time FB user and I currently plan to continue using it alongside Google+. But the more you try to keep me locked in, the less comfortable I am using and trusting your service.

While Lasnik’s post was widely shared and voted up in Google+, and a lot of comments supported him, his viewpoint was far from unanimous. Jeff Jarvis, for example, a journalism professor and author of an upcoming book on privacy called “Public Parts,” said that he didn’t want other people in his social graph to be exporting his email and other information without his consent:

If you put in all the data in your address book that’s one matter. If I put in the data in my listing in your address book, that’s another. I don’t want Facebook enabling you to export and use that as you wish… I absolutely agree about Facebook and other services should make our data portable: my list of friends, for example. But make sure it is our data before we demand it.

This debate is not a new one. The Chrome extension that Facebook blocked this week was originally released last fall, when the social network was embroiled in a fight with Google over whether users could export their contact information, including email addresses. As we described at the time, the fight started when Google changed the terms of its API so that any third-party that wanted to import information from the web giant’s various services had to allow its own information to be exported as well.

This was seen by many as a shot across Facebook’s bow, since the social network has never made exporting contact information easy, and a Google source confirmed at the time that the search company made a deliberate move to go after Facebook on the issue, which it sees as an important principle. Google not only allows users to export all their information from most of its services, but provides prominent links to this feature — including in Google+, where it offers a one-stop export tool called Google Takeout, a service that was developed by the company’s internal “Data Liberation Front” team.

After Google tried to block Facebook from pulling data out of its services, the social network responded by linking directly to Google’s data-export page. Google then replaced that page with a new version aimed at Facebook users called “Trap My Contacts Now,” in which it warned users that any information they exported would be controlled by Facebook, and advised them not to submit to this kind of “data protectionism.”

Facebook has not really discussed its views on the issue publicly, apart from some comments by Mark Zuckerberg at the Web 2.0 conference, where he said that Facebook was still thinking about ownership of contact info and how to deal with it. But when the Google affair first blew up, a Facebook engineer named Mike Vernal posted some comments that provided some insight into the social network’s reasoning: he said that in Facebook’s view, users do not have the right to export another person’s email address.

The most important principle for Facebook is that every person owns and controls her information. Each person owns her friends list, but not her friends’ information. A person has no more right to mass export all of her friends’ private email addresses than she does to mass export all of her friends’ private photo albums.

So is Facebook right? In some ways, the social network seems to want to have its cake and eat it too on this issue: after all, the personal information that you share with the company plays a huge role in the value that it offers to advertisers and others — which in turn helps produce the revenue that justifies the company’s estimated $50 billion market value (and allows it to provide all its services to users for free, of course). So naturally, it wants to control this information as much as possible. And yet, it allows users to export contact information if they have a Yahoo account, and it also allows them to sync their contacts, including email addresses, with their iPhone via Exchange.

So if I can import my Facebook contact information into my Yahoo Mail account or my Exchange account, and I can also sync my Facebook address book with my iPhone contact list, why can’t I move those email addresses directly into another service such as Google+? If Facebook wants to protect those who don’t want their information shared in this way, it could always send an alert to someone whose data has been exported, so that they can reconsider whether they share it and with whom. But just blocking that ability seems blatantly anti-competitive.

Facebook may claim that it is respecting the wishes of my friends to keep their information private, but to me it says more about how the company wants to control that information for its own purposes than it does about how it wants to respect the rights of users.

Post and thumbnail photos courtesy of Flickr user Gabrie Coletti

23 Responses to “Who owns your social graph — you or Facebook?”

  1. i suspect some day soon this debate will end up in DC just like do-not-call lists and anti-spam legislation. at that point we are looking at the DRM arugments of the music and media industry – namely, you can lisense my content, but you don’t own it. We will be copy writing our personal content and lisensing it to our ‘friends’. i get final say as to who does what with my email address for example. import it to your phone sure… sell it to a marketer, no.

  2. It seems the root of Facebook’s problem is their privacy model is crap…. If Facebook made it easier for users to control what personal information (email addresses) were shared with which circles of friends then their would be no argument here. Yes the reference to ‘circles’ was deliberate. Regardless, Facebook makes that level of control a PITA and in doing so encourages people to grossly overshare personal information with “Facebook friends”. On FB you can’t control contact information sharing on a list by list basis, only Everyone, Friends of Friends, Friends, or if you navigate through custom options Only Me and selected individuals.

  3. Kat Armstrong

    I agreed for the most part up until you stated: “If Facebook wants to protect those who don’t want their information shared in this way, it could always send an alert to someone whose data has been exported, so that they can reconsider whether they share it and with whom.”

    Why the heck would I want FB to alert me AFTER the fact? Shouldn’t I have the option to allow someone to export my information? I don’t want to know about it later and then choose whether or not to continue being their friend. The damage is already done at that point.

  4. Simple technical solution to Facebook’s export concerns: If exporting out e-mail addresses is really a concern, then just use a one-way hash of the e-mail address and export that. Then when you import this into Google+ or some other service that already has e-mail addresses, they can use this to match to an existing e-mail address. So good services can compete fairly, but bad spammers can’t use this info.

  5. If you friend someone, and share information with them…then the information belongs to both of you, you gave up sole ownership. Insisting you own the data you shared via Facebook is like trying to insist ownership of the emails you send.

  6. Derrick Harris

    The craziest part of this to me is how FB takes some sort of ethical stance about your friends owning their data, but then double talks on FB users owning their own data. You own it, sure, except that you have to license it to FB to use for its purposes.

    I don’t mind FB’s terms of service, particularly, but don’t play both sides of the issue.

    Plus, this whole idea of privacy around contact information is a social construct. If data really is property to be licensed, given away, etc., as we generally hold it to be, then we should be free to do with data what we please once someone gives it to us. Especially for our own uses.

  7. KidPhat

    Well, they could easily provide a setting that prevents your email address from being populated when I friend exports their contacts. But knowing Facebook, this would be opt-in unlike most of their other privacy features.

  8. Phillip

    Google also blocked the Facebook Android app from adding to the phone contacts because it gave the false impression that Facebook contacts were open.

  9. Isn’t it simply a matter of adding another setting in user profile along the lines of “allow friends to export my email address”? By default this should be allowed because that is the norm across all the other services. Jeff Jarvis’s of the world can go ahead and disable that giving them ‘control’.

    One only needs to go back a decade to learn the pitfalls of ‘walled garden’ approach. I was at AOL at that time and witnessed it firsthand.

  10. I Agree with you on that Facebook wants more control rather than being concerned about its users. The first proof is its Terms & conditions itself. See its stand on having more than one profiles.

  11. Couldn’t this be solved by having fb add a setting where a user can declare their email public? So, if I try to export to google, only my friends that list their email as public will go. Does that make sense? Seems like it would at least solve the issue Jarvis has.

  12. brown_te

    Can someone explain Jeff Jarvis’s position above? It seems to be: “it’s okay if all my friends see all my contact information on, but not okay if they (the same friends) put it into their smartphone”?

    People with any privacy concerns whatsoever probably shouldn’t use social networking sites…particularly Facebook.

    • MrktMind

      Jeff doesn’t have a position as far I’m concerned: FB already allows you to keep your email private. If you allow your friends to see your email then he wants to be able to say that his friends can import his email address into Outlook but not Thunderbird? Or Yahoo mail but not gmail?? This doesn’t make sense. If you don’t want your friends exporting your email address make your email private and your friends can PM you on FB – FB forwards all PM’s to your email anyway.

  13. This problem is far worse than most people realize. Beneath what appears to be a (export/import) feature, company policy, ownership conflict really lurks the internet’s most dangerous ticking time bomb, identity. The good news is a solution is coming. The bad news is if history is any predictor, the only plausible wake up call is a worldwide cataclysmic disruption event occurring.

    To borrow a phrase from my astrophysicist buddies, it’s not a matter of if, only of when.


  14. This is one feature Facebook can’t replicate so fast: trusting them with your own data and allowing you to export your own data.

    Another one would be turning Facebook into a privacy-aware service. It’s just not their incentive to do that. If they were to do that, their revenues would probably take a big hit, so don’t expect that from Facebook anytime soon.