Facebook recently got into trouble when it was revealed that they were behind a Google smear campaign. Essentially, Facebook hired a PR firm to get journalists and bloggers to write negative press about Google’s privacy policies and practices. The tactic backfired when some enterprising journalists did some research and found out that Facebook was behind the campaign
Although we can all speculate about the PR damage that such a revelation might have on Facebook, the interesting psychological aspect behind all this is the that Facebook is constantly being slammed for breaching user privacy but rarely are any of those accusations true. Facebook wanted to level the playing field a bit by bringing Google’s privacy policies to light and attempt to and get some heat off their own backs. That’s understandable. If you feel like you’ve being dealt with unfairly, it’s normal to want to point fingers elsewhere.
The secret smear campaign was not Facebook’s finest hour. And although I don’t condone their actions, I can understand their frustration. Facebook has had some privacy issues in the past, but that’s what you get when a couple of college kids start a social network out of their dorm room. The reality is that Facebook has fixed most, if not all, of those issues. The tricky part is that Facebook started out as a “secure” place to interact with friends, and it has slowly encouraged users to by more public. So any change to help users have a more social experience inside or outside of the Facebook space is usually met with extreme confusion, frustration, and anger by users—fueled by misinformation about Facebook security.
But the reality is that, although Facebook appears to be “sharing” personal information across the web—involuntarily, in some cases—every user has complete control over their personal information and how it is shared across the internet. But the appearance of Facebook making your information public is enough to scare people away and create some powerful myths about how Facebook information is shared across the internet. Let’s take a few of the myths surrounding the Facebook Connnect feature and discuss why they are not threats to your privacy.
Myth #1: Facebook Gives (or Sells) Your Personal Information to 3rd Party Sites Through Facebook Connect
First of all, Facebook has never and will never sell user information to 3rd party sites. Second, Facebook Connect doesn’t give any user information away to any other website without user permission. This last phrase is key to understanding pretty much all Facebook privacy issues. Whenever users use Facebook Connect to log in to a 3rd party website, users have to give their permission for that site to access their Facebook information. And the type of information that the 3rdparty site wants to access is presented to users (in a popup) upon using Facebook Connect for the first time on that site. In addition, users always have the option of denying access to their Facebook information by clicking “Deny.”
If users use Facebook Connect, see the popup, and click “Allow.” The information requested by the 3rdparty site is shared, and the 3rd party site can store that information in their own database, separate from Facebook. That’s why it is common for users to encounter a pre-populated registration form after they’ve clicked to use Facebook Connect. In addition, even if users encounter a pre-populated signup form, that information won’t be saved in the 3rd party website until the user clicks “Register.” So there are many opportunities for users to deny the sharing of information or edit the information before it is saved to a 3rd party website.
In all simplicity, Facebook does not give user information to 3rd party sites. The users do.
Myth #2 Facebook Connect Will Make Your Information “Public” on the 3rd Party Site
As pointed out previously, users are the ones that decide to share information with 3rd party sites through Facebook Connect. But there is a fear that somehow Facebook is making users go public with the information they have chosen to share with 3rd party sites in ways that will expose them to strangers and—more importantly—individuals whom they don’t want seeing this information.
That is a valid concern. If you’ve ever had a cyberbully or a creepy guy who won’t leave you alone on Facebook, you understand the importance of wanting to keep your personal information safe. The great thing about Facebook Connect is that anyone you’ve blocked on Facebook will be blocked from seeing your information on the 3rd party site through Facebook plugins. For example, if that creepy guy won’t leave you alone, and you’ve blocked him from seeing your personal information, if you both join the same 3rd party site through Facebook Connect, he still will not be able to see your picture or access your profile through social plugins like Facepile or Like buttons.
Myth #3: Facebook Tracks Users’ Activity Across the Web
It’s easy to think that Facebook is big brother. With features like Facebook Connect and the bevy of other social plugins, it can feel like Facebook is watching you surf the web and sharing your web history with all your Facebook friends without your permission. But that’s simply not true.
There are users who fear that if they visit a site with a social plugin on it, and see their friends’ faces next to Like buttons or in a Recommended Stories plugin, the fact that the user visited the site will also be shared with the world. The reality is that Facebook only tracks actions users take on other sites with the user’s express permission. Facebook will never publish the fact that a user read a story on CNN.com, unless that user has decided to click the Like or Share button on that story. Once a user has taken an action to publish a piece of the web back to their profile, they have implicitly given Facebook permission to share the information with the user’s friends—both on Facebook itself and through the social plugins on the 3rd party site. If any user does not wish for their friends to see that they “liked” a story through a social plugin, the user should not take any action that publishes their activity back to Facebook.
In a similar vein, it’s important for users to know that Facebook Connect does not work two ways. In other words, “extra” personal information you share on a 3rd party site after using Facebook Connect to register will not be shared back to Facebook without your express permission. For example, after using Facebook Connect, the 3rd party site asks for your social security number. If you share your SSN with the 3rd party site, your SSN will not be shared back to Facebook without your permission. Facebook Connect is a one-way street. Any activity you complete on 3rd party sites will only be shared back to Facebook with your express permission to do so.
We’re All Responsible for Our Own Privacy
Facebook, with its ever-widening push to share more information, is placing the impetus for your online privacy on you. Any time your personal Facebook information may be shared with a 3rd party site through tools like Facebook Connect, you will be asked to allow or deny the transfer of information. But Facebook is not responsible for the way that 3rd party sites use that information once they have it. That’s why each user has to be responsible for their own online privacy by reading and understanding the privacy policies and practices of any website with which they wish to share personal information.
Plugins like Facebook Connect, Like buttons, and others, were created to help users have an easier, more pleasant, and more social web experience. But if these tools make you uncomfortable, take the time to visit your personal privacy settings and adjust them to your comfort level. And if plugins make you nervous, know that if you log out of Facebook when browsing the web, those plugins will not work. So, take your online privacy into your own hands, and when in doubt, log out.