Social networking services really do a bad job with managing our privacy ... and the problem apparently is that we and they don't know and don't care to fix it
There's an old joke: What's the difference between ignorance and apathy? Answer: I don't know and I don't care.
When it comes to privacy in social networking I see both ignorance and apathy displayed by the users and the actual services that drive them, whether they're pure social networks like Facebook or social networks for business, like Etsy.
The problem of trusting social networking services with your personal data has been much discussed over the last couple of years and the issues are straightforward: They (the social networking services) want you (the consumer) to tell them everything about yourself, including who your friends are, where you go, and what you do, and provide pictures and videos of yourself and your friends ... oh, and could you invite all your friends so we know your connections and label those faces for us? Honest, we promise we won't do anything you wouldn't like with all of the data; honest!
What the social network services don't have is much risk of users suing them or defecting. To start with, users have to enter into agreements with the services and those agreements make it very hard for the users to take the services to court.
Moreover, and far more importantly, the consequence should you, the user, feel the need to leave a social network, is an onerous one: You will have to abandon your friends! You'll have to make a choice between leaving your friends or accept being held hostage by the prospect of losing your connections.
The result is most users will overlook whatever bad faith a social network has indulged in and hang on, eventually exhibiting the social networking equivalent of Stockholm Syndrome, "an apparently paradoxical psychological phenomenon wherein hostages express empathy and have positive feelings towards their captors, sometimes to the point of defending them."
This is exactly what happens because people who become annoyed over privacy issues in social networks will usually not do much about it. They will continue to engage with their friends on the network and focus on their experiences with people not their problems with the service ... social engagement always seems vastly more important than any service issues.
So, despite the fact that we know that social networking services have had major privacy failures, most users either believe, ignorantly, in the services' abilities to maintain their privacy or, apathetically, they don't care or can't be bothered and thereby ignore the failures.
This information resulted in data such as people's names and their friends' names being used by various advertising companies despite many of the affected users having set their privacy settings to the most restrictive level.
Although the data was actually collected by the third-party applications, the failure to maintain user privacy was strictly Facebook's fault as they didn't apparently monitor how data was being used by the third parties. That was bad enough, but the fact that Facebook didn't engineer mechanisms into its systems to detect or prevent the problem was bad engineering at best (ignorance) and negligence at worst (apathy).
The Federal Trade Commission recently finished its investigation into these issues and Facebook got off ridiculously lightly with just 20 years of adult supervision in the form of regular privacy compliance audits. Facebook CEO Mark Zuckerberg sagely admitted that the company had "made a bunch of mistakes." Really? Just a bunch of mistakes? No worse than, say, forgetting to buy milk on the way home? And did Facebook users do much more than grumble? Nope, apathy won again.
I mentioned Etsy ... it failed quite spectacularly back in March this year by trying to get all social.
What Etsy did was change users' privacy settings without telling anyone in an effort to, it hoped, foster more community. While users could still go into their accounts and reset how much of their personal details and purchasing from the site was public, most of them found out well after the fact. This meant that some people who had bought items of what we shall call a "personal" nature were horrified to discover that between the change and whenever they restricted their account, the entire world also knew what they now owned.
I think that most of the privacy problems that Facebook and Etsy users have experienced is born of naivety on the part of both companies. These are young organization moving as fast as they can and careful, big boy's engineering may not be their forte.
For example, you'd think that Facebook would be engineered to protect at least the privacy of its own CEO, Mark Zuckerberg. If you did, you'd be wrong. Just this week it emerged that Zuckerberg's private photos on his Facebook account had been accessed by the simple method of a user reporting that Zuckerberg's profile picture was "inappropriate". This exploit apparently gave the reporting party access to the rest of Zuckerberg's photo collection.
I find it astounding that such a flaw should exist in Facebook given the resources the company has and the simplicity of the exploit. Really? No one noticed the problem until it happened? That's like finding an open backdoor into Fort Knox being defended by a deranged squirrel.
The reality is that social networks of all kinds, despite the last few years of wild expansion, testing, and evolution, are very, very new and their management only slightly older. No one is demanding that they be serious and really careful with our data because we love our social networking apparently more than we demand our privacy be maintained.
Unless these companies were to do something epic like revealing the U.S. nuclear launch codes ... well, then we might get serious. Until something like that happens, the consequences for them fouling up are minimal.
Apparently, when it comes to social networking we, as a cultural, are like the answer to the joke: We don't know and we don't care.
Gibbs cares in Ventura, Calif. Tell him what you know at firstname.lastname@example.org.