May 8, 2010

Facebook and Privacy Issues: Reflections about the ever-changing interfaces of Facebook and the growing number of Facebook-connected websites.....

I joined Facebook in 2007 when I was taking a graduate HCI-oriented course about privacy and security.  Heather Lipford, the professor,  and some of my classmates were working on a study about Facebook and privacy, so I agreed to participate as a subject.  What I quickly learned is that even graduate IT students can be puzzled about Facebook privacy settings. Facebook has made numerous changes to the way it handles privacy settings, and this has fueled research on this topic for the past few years (see links below).  

Too many "regular" folks are unknowingly sharing things they do not want to share with the world, and it is difficult for most of us, including myself, to keep up with these rapid changes.   For example,  last month I came across a video of Mark Zuckerburg (founder of Facebook), announcing Open Graph which is a way of making "connected, mapped web that is more "social, personalized, smarter, and semantically aware."  Zuckerburg's keynote presentation at the f8 conference was delivered on April 21st, yet on the day I posted about it, only a handful of people had viewed the video. 

As of this post, only about 731 people had viewed the presentation, yet the key points that were reviewed will impact how the information we provide Facebook is used, stored, and perhaps shared by third-party web-based applications.  With over 400,000,000 people on Facebook, this is an open invitation for those "in the know" to manipulate things in a way that many of us may not understand.  

In the video below, Zuckerburg mentions that Facebook's policy for applications integrated with Facebook prohibited the storage or caching of  data and information from the user for more than 24 hours. The rationale for the rule was to protect the privacy of Facebook users.  
At about 4:58 in the video, Zuckerburg discusses this policy, and announces that it has been changed. He then goes on to say, "We're going ahead and getting rid of this policy."  (5:09) This made the audience very happy (about 5:10):

Zucherburg introduces the "One Step Permission" feature that provides third-party websites a simple means for users who have Facebook accounts to connect with the site.  The hitch is that the user can't move forward and access what they'd like to access on the site unless they make the quick decision to give up quite a bit of their Facebook information. This will now give the  host application use of your information, which they now can store ...forever, I assume.

Here is a screenshot of the single permissions dialog from the video at about 4:16:

Zucherburg's words:
"Now, if a person comes to your site, and gives you permission to access their information, you can store it. That means no more having to make the same API calls day after day. No more having to build different code paths just to handle information that Facebook users are (unwittingly?) sharing with you. We think that this step is going to make building with Facebook platform a lot simpler." 

I knew there was a BIG problem with Facebook's privacy settings when Nathan Yau, author of the Flowing Data blog, tweeted about his discovery of information that Facebook somehow shared without his knowledge. Nathan's recent post, "Evolution of Facebook Privacy Policies", contains a interesting visualization, created by Matt McKeon of the Visual Communication Lab at IBM, that provides an interesting look at Facebook's privacy policies from 2005 on.

The Evolution of Privacy on Facebook (Interactive graphic with options for viewing an animation or an image-based version.)

The blue area represents the default settings regarding the availability of your personal data. As you can see, the default settings allow a large set of personal information to be shared among your Facebook connections as well as the outside world.  As a member of Facebook, you must manually change your settings to make sure you have your preferred level of privacy. Don't assume this is taken care of for you by the application!


"Your information is being shared with third parties Privacy settings revert to a less safe default mode after each redesign Facebook ads may contain malware Your real friends unknowingly make you vulnerable Scammers are creating fake profiles "

Privacy bog causes Facebook to disable chat
Caroline McCarthy, CNET News 5/7/10
Video: Major Facebook Security Hole Lets You View Your Friends' Live Chats
Steve O'Hear, TechCrunch 5/5/2010

Nathan Yau and Flowing Data

f8 2010 Breakout Session Videos

Previous Post:  Mark Zuckerburg's Recent Keynote at f8: Facebook's OpenGraph

HCI Lab at UNC-Charlotte:
"At the Human Computer Interaction Lab (HCILab) at UNC Charlotte, we investigate novel ways for people to interact with computers, and through computers with their environments. Our research covers a broad range of areas within Human Computer Interaction, such as Novel Interaction and Multimedia, Privacy, Creativity, and Visual Analytics. We collaborate with researchers in a number of areas related to HCI, such as visualization, gaming, art, and psychology. We also study interaction in a variety of domains such as intelligent information systems, information privacy and security, image processing and graphics, and intelligence analysis."
UNC-C's HCI Facebook Research Articles
Lipford, H. R., Besmer, A., and Watson, J. "Understanding Privacy Settings in Facebook with an Audience View." In the Proceedings of the USENIX Workshop on Usability,
Psychology, and Security (UPSEC 2008), April 14, 2008. pdf
Lipford, H.R.,  Hull,G.  Latulipe, C., Besmer,A.,  Watson, J. Visible Flows: Contexual Integrity and the Design of Privacy Mechanisms in Online Social Networking. In Proceedings of the Workshop on Security & Privacy in Online Social Networking, August 2009. pdf
Lipford, H.R., Watson, J., Whitney, M., Froiland, K., and Reeder, R.W. "Visual vs. Compact: A Comparison of Privacy Policy Interfaces. In Proceedings of CHI'10. Atlanta, Georgia, USA. April 2010. pdf
Strater, K., and Lipford, H.R. "Strategies and Struggles with Privacy in an Online Social Networking Community". In the Proceedings HCI 2008, Liverpool, UK. 2008. pdf
Watson, J., Whitney, M., and Lipford, H.R. "Configuring Audience-Oriented Privacy Policies." In the Proceedings of the Workshop on Assurable and Usable Security Configuration, ACM CCS, November 2009. (abstract)
IBM's Visual Communication Lab is behind the Many Eyes website, which I used as a resource during when I was taking a course in information visualization and visual communication. At the time, I was looking at data related to the high-school drop-out problem in the US. I loved how the on-line Many Eyes application provided me with a variety of ways of looking at the data I had collected for my team's project. Since then, thousands of other people have utilized the Many Eyes website. Warning: If you are interested in data, stats, and information visualization, be prepared to spend a while exploring. It is an enticing rabbit hole!
Many Eyes: For Shared Visualization and Discovery

Cross-posted on The World Is My Interface

No comments: