The Evolution of Facebook Privacy – by “Michael C”

Facebook. The social network. The site that we all (well, most of us) use and love (or tolerate, at least). The site that some of us even name our babies after. Since its inception in 2005, Facebook has gone through an evolution that has moved it from being a networking site shared amongst students at Harvard to a global phenomenon used by 1 out of every 13 people in the world. For me, it’s more difficult than it should be to remember past versions of the site. I’ve been on Facebook since May 2007 (a few months before I started college), but when I think of the way Facebook looks, I can only recall the current design.

Anyway, every time that Facebook performed a revamp of its site, they also made a less apparent change—they adjusted the default privacy settings. This is important as many people on Facebook have probably never checked their privacy settings and just accept the default settings, whatever they may be. In that sense, it’s very interesting to think about how Facebook has changed the default privacy settings over time. Just like the old site interfaces, it’s difficult for me to recall old Facebook privacy options and defaults. Luckily, there are a number of informative sites that do just that.

About a year ago, Kurt Opsahl of the EFF wrote an informative article entitled “Facebook’s Eroding Privacy Policy: A Timeline” which gives us an idea of how Facebook’s privacy policy has changed over time. The differences become pretty apparent when you compare the 2005 privacy policy:

“No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.”

to the privacy policy from April 2010:

“When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. … The default privacy setting for certain types of information you post on Facebook is set to “everyone.” … Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.”

If the change isn’t apparent enough from the text, Matt McKeon created a handy infographic that illustrates how Facebook’s default privacy settings have changed over time. You should go to his site to see the full interactive infographic, but take a look at the difference between 2005 and April 2010:

The changes are clear, and to be honest, somewhat alarming. Currently, the majority of the information found in one’s profile—one’s wall posts, photos, likes, etc.—is visible to the entire internet by default. Only friends can see one’s contact information, but Facebook would have no privacy whatsoever if contact information was available to everyone. However, with so much other information out there in the public, it is entirely possible that someone could still glean one’s contact info from the site. As Facebook has expanded, becoming not just a site for Harvard students to interact on but a site for literally everyone to interact on, it seems logical that Facebook might increase the default privacy settings, as there are many more people with access to the site that one would want to keep their information private from. Back when the only people on Facebook were your classmates, having conservative privacy defaults probably was not as big of an issue as it is now, when anyone in the world can use Facebook.

Of course, not all of these changes are Facebook being evil; rather, it seems that some of them are the result of Facebook simply being ambivalent about one’s privacy. A lot of the expansion in the infographic comes from the fact that Facebook’s audience has greatly expanded since 2005. Back in 2005, there was no such thing as a “public profile” that everyone on the internet could see—you were either on Facebook (and you could only get access if you were in a select group of people) or you weren’t. As Facebook has opened up to more and more people, rather than “pulling back” on privacy settings to maintain the privacy that Facebook had when it was much more exclusive, Facebook has simply let privacy slide along with the site’s access. Perhaps this is due to Mark Zuckerberg’s lack of understanding about people’s desire for privacy. Even in Time’s “Person of the Year” article about Zuckerberg, it said “Zuckerberg has a talent for understanding how people work, but one urge, the urge to conceal, seems to be foreign to him….Sometimes Zuckerberg can sound like a wheedling spokesman for the secret police of some future totalitarian state. Why wouldn’t you want to share? Why wouldn’t you want to be open — unless you’ve got something to hide? ‘Having two identities for yourself is an example of a lack of integrity,’ Zuckerberg said in a 2009 interview with David Kirkpatrick, author of The Facebook Effect.”

Zuckerberg’s comments stand in stark contrast with the themes of our class. This week, we read Warren and Brandeis’s The Right to Privacy, which states “The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.” The real question is, can we use Facebook and cell phones and all the other facets of the modern age and still maintain our privacy? Naturally, we must be willing to give up some privacy simply by virtue of using a “social networking” site. Yet, at the same time, we shouldn’t have to give up more privacy than necessary. Perhaps Facebook shouldn’t be allowed to use an opt-out system of privacy, where most of a user’s profile is shared with the entire internet by default and the burden of selecting more restrictive privacy settings is placed on users. Perhaps, through legislation, we can put the burden on corporations like Facebook, so that the default behavior of the site is in users’ best interests, not Facebook’s. After all, Facebook is a social networking site, existing for the people who use it to communicate and connect; it has no one but its millions of users to thank for its success.