As Facebook scramble to try to head off prohibitive legislation in the UK, Europe and the USA, it’s trying to reinvent it’s history and mission. I’m no Facebook historian, developer, professional watcher but it’s worth remembering some of it’s actual history, bugs, screw-ups and the often terrible defaults it implemented with new features.
I’d long imagined that Mark Zuckerberg was the embodiment of Zeke Hawkins character in the 1993 movie, Sliver. One of the things Hawkins said in the movies about his surveillance was the Google-esq:
We’ll do only good things.
All of the recent disclosures about access to Facebook data isn’t about hacking or other malicious activity, it is about poor design decisions; defaults in privacy that were good for Facebook but not for the user; and ultimately necessary for Facebook’s’ business model. They were not, as Facebook and Zuckerberg oft refer to them as data breaches.
As the voiceover says at the end of the Sliver trailer:
The view from the outside is nothing…. compared to the view…. inside.
My history with Facebook goes back to when it was “thefacebook”. I’d been a regular speaker and panelist at the Silicon Valley World Internet Center between 1998 and 2003 when I gave my last session on Open Source. The center was housed at Stanford University. Over my time there, I made contacts with many professional and personal contacts.
I started using livejournal as an emerging platform for “blogging” and tracking news for my then key triathlon interests in January 2004. That April, through one of the contacts I’d made at the World Internet Center, I was offered a userid to take a look at “thefacebook”. I didn’t spend much time on it, it was fascile, juvenille and voyeristic. I wasn’t surprised to hear that in 2003, the Harvard University administration had charged Zuckerberg with breach of security, violating copyrights, and violating individual privacy.
That set the path that Facebook has followed since then, their design decisions, their defaults, everything has been aimed at making your information publicly available, searchable and collectable. As I texted a few days ago, none of this need happened if Facebook actually cared about privacy. Each and every time they implemented a new feature, they did so by setting the user privacy to the least private allowed.
Great work, completely agree except the last paragraph opt-out. Want the feature? You need to opt-in. This is Facebook problem. Everytime they [Facebook] change something, they take the best default for them not the user, not privacy.
— Mark Cathcart (@cathcam) April 8, 2018
While Facebook claimed they were not selling data, which was probably legally true, but they were always selling access to the data. If privacy was really central to Facebooks management of data, then they would have made the defaults very different than they did.
All those infuriating apps and quizzes that your “friends” were playing Farmville, Candy Crush, etc. let alone the apps that wanted to know actual personal information, like where you’d travelled to etc. For a while in 2007 there was even a class at Stanford known as the “Facebook class” where students, many of whom went on to make hundreds of thousands of US Dollars, were instructed on how to make Facebook apps.
As early as 2010, many of us were imploring people not to give companies like OK Cupid and apps like Lover of the Day access to your data, it was only ever going to end badly for someone.
Lover of the Day was installed nearly a million times. If every user that installed it had at least one hundred “friends” on Facebook, that meant through a single app, four hundred million facebook users data could have been exposed and scraped. Even if “Lover of the Day” hadn’t overtly exploited this, it was totally naive rather than malicious.
By the end of 2010, there were hundreds of website scams that were, as far as I can see, just there to harvest your data, and that of your friends. There were numerous websites set up to track these, of which Facecrooks, was and still is one of the best.
When I got my Facebook data, before #DELETEFACEBOOK, I spent an hour searching through the data and my timeline to find interesting posts, pleas that I’d made to my friends about the lax controls, bad defaults and bad app choices they were making.In 2010 alone, I posted the following on my wall.
January 10th: “Well get used to it, the Facebook founder says your privacy is a relic of the past, everything should be public!”
March 2010: “So, not paying attention to the FB Privacy issue? Well last night the dumb ass’s made a change which made everyone’s email address public for about 30-mins even if you said not to or your settings… “
May 2010: “So yesterday Facebook blew their privacy yet again revealing private friend to friend conversations, allowing one friend to see outstanding friend requests of other friends…”
May 2011: When discussing the Symantec revelation that Facebook was leaking information to Third parties, I ended the post with – friends don’t give their friends personal information to strangers, don’t do the same on facebook!
By 2011, music streaming startup, Spotify, was known to be aggressively using and promoting their business through facebook by exploiting the weak/lax Facebook privacy. If anything, the US Government Federal Trade Commision hearings lead to facebook changes that were in marketing speak “more transparent” but reality, more opaque. They made it easier to stop sharing, but harder to know what was being shared.
In 2015, the scraping of user data was still rampant, I found a number of examples of warnings, mostly in so called “Big company” giveaways.
March 2015: Friends don’t invite friends invite to the SW Airlines ticket give away. It’s scam, they are harvesting Facebook id’s, friends lists and email addresses and who knows what else!
It was followed by a long bullet list of ways you could tell if the giveaway was a scam. My post ended in
If don’t doesn’t have at least two of those it’s a scam… It’s not harmless, it’s like showing up at an orgy and not using a condom.
When Zuckerberg and Facebook try to rewrite history claiming these were a breach of trust, or they didn’t sell data, or they acted as soon as they were notified, I don’t know what the hell they are talking about. They knew, they just didn’t care until the politicians got hurt, and now the optics look really bad.
Next. What should be done.