Tools at Work: Facebook’s March on Privacy
It’s too useful to quit, despite concerns, so how can librarians make the best of a bad situation? Jun 14, 2010
May 31, 2010, was Quit Facebook Day. But although only around 35,000 of the 500 million Facebook users pledged to quit Facebook on Memorial Day, there’s clearly a sense of unease stirring with the social network’s strategy. Congress has called for Facebook to explain its stance on the collection and sharing of user information (see epic.org/privacy/facebook), and a spate of high-profile tech experts have given up their accounts following the recent changes to the company’s policies. Regular people have also started seriously to weigh the benefits of Facebook against the potentially high cost of loss of privacy.
Luckily for Facebook, its platform is so interwoven into many users’ lives that even though its recently changed functionality and features give us pause, we brave that dark Facebook basement with flashlight in hand. This is perhaps even more true for those who use Facebook for professional reasons. Facebook is an important component of many organizations’ outreach and marketing strategies, and it is a forum for professionals to share information and collaborate. Studies have shown that more links are shared via Facebook than any other social tool, including email. For many, tools like Twitter and Facebook have replaced RSS readers completely—instead, we rely on friends and colleagues to pass on good reads through social media channels. But in the past three months, all of those wonderful shared links and likes haven’t eased our fears about Facebook’s aggressive march toward a worrisome pro-sharing, antiprivacy default state of affairs. As librarians, traditionally staunch guardians of privacy, how can we reconcile our professional ethics with such a new world of openness?
The new privacy controls introduced in late May 2010 after some missteps make it easier to see what is being shared and with whom (see below for Facebook’s full privacy tweak time line), but “easier” is relative: the process of setting controls may be more streamlined, but it is still anything but easy. A new set of default settings offers three options: 1) sharing with everyone, 2) friends only, and 3) a recommended blend of the two. It will make it simpler for the average user to understand and update, particularly in terms of instant personalization and data shared with applications (in fact, all applications can now be blocked entirely with one click). Despite this overhaul, even savvy social networking fiends may still have trouble deciphering what exactly is shared, or how to customize their settings.
We all know that Facebook is a free service, and, as with other free online tools, we expect to pay a price, usually in the form of targeted advertising. Facebook’s price, however, may be too high for some, even with some of the changes of April 2010 rolled back and the simplified privacy controls available.
There are four major arenas in which libraries and librarians may be involved in Facebook: personal profiles, official library pages, library community pages, and educating patrons.
Personal profiles
As Facebook developed and revised its privacy policies, personal profiles were the focus, because, of course, personal interactions are at the heart of what makes Facebook work. These personal profiles are how we connect with friends, express ourselves, and interact with businesses, organizations, games, and applications.
For many librarians, Facebook is also a primary way of interacting with colleagues. It’s great for developing contacts, asking questions, soliciting help on those tough reference questions, and networking in general. The conflation of personal and professional on Facebook may be disconcerting for some, but knowing some personal information about one’s colleagues may actually foster stronger relationships.
Severing the connection between personal and professional lives on Facebook requires significant effort, either through the creation and judicious use of custom friends lists (e.g., granting your actual friends or family the ability to see more of your profile than colleagues) or by creating a Facebook page for oneself (see below). Both methods have flaws; using custom friends lists may still not prevent overlap of content, particularly when commenting on pages or friends’ posts, and creating a page means maintaining two online personas while losing the benefits of connecting more closely to colleagues. For the truly privacy conscious, avoiding Facebook altogether is likely the best option.
To see what you are sharing publicly on Facebook, use a search engine that queries the Facebook Graph API, like the one at zesty.ca/facebook, or check your settings with a tool like the bookmarklet from ReclaimPrivacy.org. Search tools like Openbook and OpenFacebookSearch query the public time line, showing status updates that match any sordid query. Even the Bing search engine queries Facebook status updates in real time.
Community pages
Facebook rolled out community pages when it revamped (some would say hijacked) members’ interests, education, and work information to create new pages complete with lists of people who liked or were associated with a page, Wikipedia entries and photos (if available), and relevant posts mentioning those topics. This is mostly important for personal privacy but also has one important ramification for libraries: if Facebook members listed a library as an interest or a work location previously, a new community page was spawned for that listing. If lots of people list a library but list it slightly differently, then a single library may have many associated community pages, none of which is official or controllable. Libraries may wish to locate and track these community pages in order to see what people are saying about them.
For librarians who wish to keep their profile’s associated community pages private (or more private), Facebook now allows this—a very welcome change. If your status updates are public, however, any mentions of places or things with community pages (e.g., a movie that you just saw or a book you just read) will be shown on that community page.
Official pages
Facebook Pages was launched in November 2007 to enable Facebook profiles that represent businesses and organizations. Previously, libraries that wanted a Facebook presence had to create a group or go through the time- and labor-intensive process of creating an application. Pages allow much more control and customization than groups did previously. They quickly became the de facto standard for libraries on Facebook, particularly after Facebook allowed Pages to start pushing notifications to fans via newsfeeds.
Pages are extremely popular with Facebook members, with some libraries garnering dozens of likes, comments, and other interactions a day. Libraries share events and news and field questions and comments from users through their pages. Libraries like the New York Public Library (NYPL) even used their pages to educate patrons about the effects of potential budget cuts and to build community support to stop these cuts. Though some may still question the major efforts poured into Facebook advocacy (NYPL, for instance, only has 17,000 fans from a user base of millions), Pages are a relatively easy way to share information and receive feedback and, more important, are now less frivolous asides than expected tools. Presuming that a library wants to create or keep its Facebook page, what are the privacy concerns?
There are two major issues. First, Pages are tied to personal profiles (though this connection is invisible to anyone but page administrators) or business accounts. Business accounts are essentially personal accounts without the personal profile attached—they are tied to one person and cannot be shared, per Facebook’s terms of service. In addition, someone with a personal profile cannot create a business account without risking having both accounts permanently deleted. The business account is, however, a great option for librarians who wish to maintain a library Facebook presence but don’t wish to have their personal information available on the web. To create a Facebook Page with a business account, simply follow the create a page link on the Facebook homepage, remembering you can’t have both a personal and a business account.
The ultimate concern with Pages, however, is that their contents are public by default. They are searchable through normal search engines, which includes any fans’ and patrons’ comments or posts. Official posts by Page owners are also included in Google’s and Bing’s real-time search features. It’s not always clear to people who post on these pages that this information is indeed public and cannot be hidden, no matter how stringent your privacy restrictions are. Most people, just through the experience of seeing others’ comments and posts show up on pages’ walls, likely realize their posts are visible, but they may not realize the extent to which this information is available. When patrons have the expectation of privacy in their dealings with the library, libraries need to be cautious about extending services into other spheres.
Education
Teaching library staff and patrons about how their information is shared and how to use Facebook privacy settings is a potential solution to this problem. Should libraries’ Facebook presence come with dire warnings about the public nature of posts? Certainly not, but neither would it hurt to develop tutorials, link to screencasts or help guides, or teach classes that could help educate staff and patrons. The complexity of Facebook’s privacy settings and the variety of ways that information can be shared mean that there is no way to simplify them into a few sentences, but the more people know, the smarter they can be about how they share.
SIDEBAR: The History of Facebook's Privacy Settings
When Facebook was first created back in 2004, one of its greatest selling points was that it was a private oasis, away from parents, teachers, and, well, adults. The first major backlash against Facebook came when it opened its doors to everyone in September 2006.
Then came the controversy over Beacon, an advertising program introduced in November 2007 that tracked users' behaviors on non-Facebook sites and communicated that information back to Facebook and to Facebook friends. The uproar over Beacon was so loud—and the class-action lawsuit filed against the company and the Beacon affiliates presumably so threatening—that it was given opt-in status that same month, followed quickly by an option to turn off Beacon entirely in December, and finally shuttered within 22 months of release.
But even though Facebook admitted error with Beacon, the pursuit of its end goals—maximum page views and revenue—required more openness and more sharing, and so in intervening months, Facebook has continued to push new privacy standards for the web. At every turn, it has pushed for more openness while at the same time often obscuring what's being shared behind ever more complex controls. After Beacon, came Facebook Connect, a more innocuous way for web sites to integrate in Facebook log-ins, sharing, and social activity.
Facebook didn't stop there; it couldn't. Facebook soon turned its eye to public status updates, mimicking the increasingly popular Twitter by giving members the option to make all or some status updates publicly viewable.
Interestingly, Facebook hailed this change as an improvement to its privacy settings because the new publisher controls were so much more granular—each update could have its own custom sharing settings, whether to share with friends or customized friends lists, a certain friend, or even only with oneself. But while Facebook was touting its more granular privacy controls, it was also facing criticism over the change ushered in at the same time—the new default status update privacy setting for new members was public.
The next major changes to Facebook happened in December 2009. No longer were certain pieces of content able to be controlled—they were now by default publicly viewable. This included one's name, gender, profile photo, networks, liked pages (previously pages one was a fan of), and list of friends. Though it was still possible to restrict access to this information somewhat through the search privacy options (limitations for Facebook searching and other search engine indexing still exist), the information was still public, available to applications, third-party search engines, and more. The outcry over sharing friends lists was enough to cause Facebook to almost immediately roll out a work-around for members to hide their friends lists from their profiles; the information could not actually be made private.
In addition, the ability to easily control what stories posted to a user's activity stream or news feed was removed from the privacy controls. Now, whenever you "like" a page or post a photo or RSVP to an event, it's posted to your news feed and wall, where it's visible to all your friends, unless you spend a great amount of time adjusting the settings on each and every application, including Photos, Events, Links, Ads and Pages, and all other authorized applications. Want to hide your comments and likes on your friends' posts? The only answer is deleting each item individually from your wall once your activity posts there.
This change is surprising for many reasons, not the least of which is the controversy surrounding sharing relationship status updates and the stories of domestic violence that are said to have ensued from the jealousy those updates have caused. If you want to block your relationship status updates from appearing on your news feed, you can, but the best bet is to select the "remove relationship status" option in the privacy settings.
Then, in April 2010, Facebook forced another change. In order to keep one's lists of interests, favorites movies and books, or educational and work affiliations, members had to agree to link their accounts to individual community pages for each interest, community pages that Facebook automatically mapped from existing interests with mixed results. If someone didn't want to join any community pages, Facebook gave them two options: recreating the text in the bio section of the profile, or losing all of their interest lists completely. For most people, keeping their profile unique to them was more important than their privacy; for others, this was too much of an intrusion, inspring a proliferation of nearly blank profiles.
Facebook's Open Graph and instant personalization features, also introduced in April 2010, brought forth even more privacy concerns. Instant personalization customizes user experience at web sites (currently Pandora, Yelp, and Microsoft Docs) to highlight friends' tacit recommendations and to better collaborate, in the case of Microsoft Docs. Open Graph establishes another degree of personalization for Facebook members across the web, enabling like buttons, recommendations, activity streams, logins, and more, the power of which is most clearly seen at sites like CNN.com, where visitors can see what stories their friends liked without even going to Facebook (though it's necessary to be logged into Facebook). Sites using this functionality do not gather visitors' Facebook information; it connects only to Facebook. Nevertheless, this may not be clear to typical users.
The New York Times published a chart showing the layers of the convoluted and obfuscated Facebook privacy settings in May 2010, one of many major news outlets to express concerns over Facebook's direction. In tandem with the Congressional calls for investigation of Facebook's privacy policies and subsequent proposed legislation, Facebook had no choice but to rethink its privacy controls and options, reestablishing members' rights to keep their friends lists private, newly granting the capability to make liked pages private, and reigning in a new privacy control area design.
Melissa L. Rethlefsen ( mlrethlefsen@gmail.com ) is an Education Technology Librarian at the Mayo Clinic College of Medicine, Rochester, MN, and a 2009 LJ Mover & Shaker
