No More Facebook
by Jeffrey Paul
Part One, aka TL;DR
I’m gone from Facebook, now and forever. Save the following info to your address book:
- My email address (and AIM screen name) is sneak@datavibe.net. (…and has been for well over a decade.)
- My website is http://sneak.datavibe.net (you’re on it now.)
- My forever-permanent phone number is +1 (312) 361-0355. (SMS texts and voice calls are both accepted.)
- My regular short “status updates” can be found at Twitter: http://twitter.com/sneakatdatavibe
- All of this and more, provided conveniently as a v-card file for automatic address book import: download
Staying “Safe” on Facebook, In A Nutshell
- The settings-checker tool over at Reclaim Privacy
- The list of settings which must be set to opt out of “Instant Personalization” of third party sites, as posted by the EFF
- Account -> Privacy Settings -> Basic Directory Information (at the top) -> “View settings” -> “See my friend list” -> “Custom” -> “These people” -> “Only Me”
Part Two
I’m deleting my Facebook account, and I’d like to take a moment to tell you why. Hopefully, this will provide you with a bit of perspective, should you wish to do the same.
The primary reason has nothing to do with Facebook’s policies, per se. Let me start with a little bit of backstory.
I’ve had the same email address for somewhere around 12 years. It’s published on my website (in easy-to-save vCard format, even), comes up on the third Google result for Jeffrey Paul (without quotes), and is accessible via Facebook, Twitter, and anywhere else I happen to frequent on the tubes. Most importantly, it’s on my business card, which I make a point of handing to very nearly every single person that I ever meet. (I’m at 1500+ and counting.)
I get a lot of email, both personal and business, and have great and well-worn battle-tested systems for triage and processing of this never-ending stream. Server-side rules executed on incoming mail with Procmail, coupled along with client-side searching and indexing via Spotlight or keystroke commands in mutt, combine to make my email one of the most useful tools I have at my disposal. Even further, I have an iPhone that gets my mail, as well, when I’m not in front of my laptop. Late last month I added an iPad to that lineup, bringing my total number of email-receiving devices to three.
All of that out of the way, here’s the rub. Facebook has a messaging system that allows anyone to send Facebook Messages to anyone else on the site. Despite all of the huge amounts of existing infrastructure in place to handle email, many of my friends choose to send me Facebook messages instead of email, perhaps out of convenience.
Facebook could, knowing the email addresses of both me and any message-sending friend, compose an email to me and send it to my inbox, with the “From” address listed as my friend, delivering the message quickly and efficiently and allowing me to handle it on my own terms. Unfortunately, this doesn’t allow them any ad revenue, so instead they store the message forever on their server, accessible only via the web. I don’t get to archive it, I don’t get to index it for search (as all of my other emails), I don’t get to control their retention of it, nothing.
Now, if this was all they did, it wouldn’t be very useful, so they do actually go through the process of sending me a notification email, containing a preview of the message itself, asking me to click a link to log into Facebook should I wish to reply to the message. Now, I have two different unread flags to reset – one in my email inbox, and one on the Facebook website. If you’ve ever sent me a Facebook message, chances are I’ve ended up reading it twice.
The whole process is just an eyeball-capturing technique, leveraging your friends’ desire to contact you in a transparent and tacky maneuver to get you to look at ads.
However, the long-term reason I’m leaving Facebook is much less understood or publicized. A lot of people are now looking at Facebook very critically as a result of their new privacy modifications, and I think that that’s a poor choice. Sure, it’s evil-overlord stuff to divulge your demographic information to the third-party websites you visit, but that’s peanuts compared to what I’m about to explain.
The stock answer, of course, to these issues about controlling access to the personal information that you put online, is simply to not put information into your Facebook profile that you wouldn’t want to be public. Unfortunately, this is completely ineffective. I’ll explain.
Facebook realizes that their core asset is something called a “friends graph”. Your friends graph is simply the list of people with whom you’re connected, e.g. your friends list. In the case of Facebook, it’s an undirected graph – that is, friends connections are bi-directional.
This doesn’t seem like a very big deal until you consider just how much data your friends graph reveals about you. Last year, a pair of students from MIT developed a tool called Gaydar that can make surprisingly accurate inferences about a user’s sexual preferences simply based on the data that their friends make public about themselves. There have been lots of examples of this technique, both above-ground and non, since.
This, in short, blows the whole idea of a “no-data Facebook profile” out of the water. Add enough friends, and a number of things are going to become obvious: age bracket, hometown, current town, sexual orientation, musical tastes, preferred recreational activities… and these are just the beginning. All sorts of things can be inferred with a high degree of accuracy from your friends graph alone, just from the data that your friends make public.
If this stayed within Facebook, I’d probably be okay with it, as Facebook’s motives are all pretty clear-cut; that is, advertising revenue and the stickiness to ensure that it continues into the future.
In poking around in the developer documentation a few months ago, I found that any third-party Facebook application (think Farmville and the like) can now access your friends graph, just from one of your friends using the app. The Facebook terms of service for third-party applications says that they can’t permanently store or otherwise use this data, but that’s irrelevant for the purposes of this discussion. Of course, you can block applications, but when I first discovered this, the default was for _any_ application that your friends began using to be able to access this data. Presently, there are over half a million active applications on the “Facebook Platform”.
I’m not sure if this is still the case, and a quick look through the developer documentation indicates that it’s probably not. However, your name and unique Facebook identifier are still available to third-party apps your friends install, which means that a good picture of your friends graph can be charted by an unknown third-party.
It gets worse. Now, thanks to the Open Graph system that Facebook is pushing, they’re partnering (read: getting paid by) other sites to leverage this data so that these sites can tailor your browsing experience. This means that the age-old idea of pseudonymity on the web (websites identifying you only by a random unique identifier) is out the window. Zuckerberg, et al are now selling your name and friends graph directly to third parties without your consent.
A lot of websites have jumped on this bandwagon, as increasing stickiness and personalization is a great way for them to get the jump on their competition. However, now you’re not only spraying your personal information across all of Facebook’s servers, but they’ll also happily proxy it to hundreds of third-party sites.
The terms of service with which they bind these sites is irrelevant. This data, then, becomes effectively public, with no controls available to you to prevent it from spreading into any manner of publicly searchable databases. Anonymity is very important, even for those that have nothing to hide, as it allows untrusted third-parties to interpolate data about you that you’ve never explicitly provided and don’t wish for them to have.
Facebook’s illustrated repeatedly that they don’t give a damn about user privacy, which has spawned a huge amount of backlash and publicity as of late, which is a good thing. Most people don’t give any second thought to providing Facebook with tons of personal data, which may or may not be a mistake. The real problem lies, though, in their publicizing your friends graph. Personal data you can withhold, but your friends graph speaks huge volumes about you even if you never provide them with anything directly.
So, in closing, I’m gone from Facebook permanently, and I hope very much that you’ll consider doing the same.
FYI, for the non-technical types, note that when you “delete” your Facebook account, nothing is actually deleted— instead the data is simply flagged “do not use” in their database, allowing them to un-flag it and restore you to full operation should you decide later to change your mind. I’m not sure if it’s possible to ever actually delete your data in full from their systems, but at least this way I won’t be automatically sold out to every single partner webpage that I visit.
Comments
That’s a really good reason to leave Facebook. I’m considering it right now because I pretty much hate all of my Facebook friends… But now I’m *really* considering it.
Incidentally, there is apparently a way to permanently delete your account that involves about 10 “are you sure?” screens. I don’t know the exact process… I assume it’s somewhat like the three seashells from “demolition man.”
smart move. i’m not long behind you. any thoughts on the effectiveness of http://suicidemachine.org/ ?
I may choose to delete my facebook; I have been considering doing so for essentially the reasons listed above. My biggest qualm with abandoning it is the connection it provides me to my family and distant friends.
great article …
I’ve been creeped out a tiny bit by how often and on how many different websites I see now that allow you to “like” something or them on facebook; and also how many of these websites allow you to connect via facebook. It’s a loooong way from facebook’s origins – needing to be a student of a school that was recognized on facebook to be a member – I wonder how many people remember that. It’s gotten to be almost like you don’t exist (on the web) if you are not a facebook member. And when anything becomes ubiquitous like that; and is a privately owned company; something is bound to go wrong one day.
I’m keeping my facebook for now, because for now at least I am ok with letting the highest bidder per se have the information I have chosen to make public by putting it on my profile, I don’t put any information I don’t want to be public on there (like my email address, phone number etc …) and I still communicate with my real friends via real methods. That said, I have been able to communicate with people I would never have found in real life, through facebook – namely old friends/lovers from high school – and that to me is worth the trade off, for now, but I am keeping my eyes open.
I agree that the facebook messaging is system is just plain
annoying – I rarely check those messages myself, so its not a good way to contact me at all – and I only use it when its the only means of communication I have for a particular person, or if I want to share something on facebook with a friend, or to contact the occasional person (though this is happening more and more) whom I know checks their facebook more often than their personal email.
Social Networking: synonym for target marketing capture device.
I’ve been playing with the twitter API the last couple of days. Give me an unprotected account and I’ll give you a reason to check out suicidemachine.org/
Twitter API + PHP + cURL + mySQL = a free database of your life.
I’m noticing a pattern: create social network, create dependency, slowly erode privacy agreement.
I’ve never minded sharing information about myself on the internet, as you know, but I very much concur that the most recent developments as far as the data that third party software can read from facebook goes is rather disconcerting. I’ve enjoyed facebook immensely since I first joined it and so, unlike it may be for others, this pains me – I’d rather it wasn’t so. But as it is, I am seriously considering leaving.
The first thing that served as a warning flag was when external websites started talking to facebook. You’d have to give them a permission to do so, which I’ve never done. In a fairly short timespan, I’ve come across two websites that wanted my facebook information. That disturbed me somewhat.
I’ve played around with application development on facebook, so I know that if they say read-only, they do mean read-only, in that you have no means as a developer to store the data, since what you get to put in is only a facebook-ML tag that stands for a specific function, e.g. someone’s real name would be something like , where you have -id-. (Very much pseudocode, the tag does not look like that. I think.) That fake-HTML tag is then turned, on the facebook server, into the name of the user. By that time, output has left your server and is out of your hands.
Mind, I’ve not toyed with FB and Ajax and I am positive that can be circumvented, so I don’t in the least mean that as a defence. Just as a snippet of info.
(By the way, I don’t believe that applies here, none of the symptoms you describe sound like it would. It’s just, I figure FB probably put some serious effort into figuring this stuff out. And failed miserably in this one case, but not for lack of thinking.)
I imagine I’ll stay since it doesn’t actually impact me that much – I publicise anything I can think of about myself, anyway. But it’s very unsightly and I’ll probably recommend a bunch of my friends to jump ship.
Really sad to see it come this far.
Thanks for sharing.