Facebook’s a monopoly that abuses its users: you and me. But we’re left without a way to retaliate. I propose a way to contaminate their database with false information, limiting the usefulness and resale value of our own information, while maintaining as much Facebook usefulness for the rest of us. It’s called Unsell Yourself, and I’d be honored if you’d give it a read.
[Edit: Reposted from my own blog in full, but formatting/CSS is better on my blog]
This is the story of how Facebook uses the information you put into it against you, and how you can unsell yourself. I believe Facebook is an exciting product and I hope that the company succeeds. But I also think Facebook’s monopoly has permitted them a business model which is bad for its users.
Not all stories of businesses harming their consumers begin with a man in a top hat, but it sure makes it easier to. Is Facebook a monopoly? Here’s a graph of Facebook’s web market share compared to hi5, friendster, orkut, linkedin, plaxo, & ning as assembled by Bill Tancer in 2007.
Since 2007, network effects have pushed Facebook into an even more dominant position. Facebook now claims that they have
More than 500 million active users
50% of our active users log on to Facebook in any given day
Average user has 130 friends
People spend over 700 billion minutes per month on Facebook
Alexa.com names Facebook the #2 top site in the world, with 42% of the world’s entire Internet population having visited Facebook. The next social network doesn’t come up until #17: LinkedIn, with a meager 4% of the world’s Internet population.
Here at Yale, in a recent poll of people connected with the class Control, Privacy and Technology (tech savvy 18–22 yr olds, generally), 98.9% of the respondents had a Facebook.
Obvious truth number one: Facebook is the most dominant social network. Facebook alone is in exclusive possession of 500 million people’s communications, demographic data, location, and social habits. Since I’m not even close to being familiar with the nuance of antitrust law, I’ll leave that speculation to other people, noting only that Wikipedia says that the Sherman Antitrust Act doesn’t forbid innocent monopolies, but only those who achieve their monopoly through misconduct.
How Facebook’s Monopoly Harms Users
You might be asking (reasonably), “So what, who cares?” that Facebook is a monopoly. But Facebook’s definitely not been perfect, and their monopoly has permitted them some egregious abuses of their users that a competitive environment would not have permitted. As many Internet-based businesses know, it’s very very dangerous to abuse your users: they’re fickle, and can change services easily by merely navigating to their browser bar. Just look at Digg versus Reddit. So why hasn’t Facebook suffered user base drops when they rolled-out despised changes, like a redesign (the irony of linking Gawker isn’t missed), less default privacy, or ever more tailored behavioral ads. (Full disclosure: I recently got a Facebook behavioral ad for “bedwetting”. Not really sure what I’m doing to signal that one.)
Recently, even spookier things have surfaced. Julian Assange noted that Facebook is an FBI agent’s wet dream:
Facebook in particular is the most appalling spying machine that has ever been invented. Here we have the worlds most comprehensive database about people, their relationships, their names, their addresses, their locations, their communications with each other, their relatives… all accessible to US Intelligence… [Yahoo, Google and Facebook] have built in interfaces for US Intelligence. It’s not a matter of serving a subpoena.
Facebook users should get a Miranda warning:
And Mark Zuckerberg likes looking at more than merely the data you post. By reading between the lines, he’s worked out an algorithm with 33% success rate for predicting who you’ll date next.
Why Users Don’t Quit
I don’t quit Facebook because Facebook is a valuable network, one that can’t be easily replaced. That’s the natural strength of a monopoly combined with Metcalfe’s network benefits, the nature of walled garden web platforms, and their inability to control and remove their own data from Facebook. Walled garden web platforms like Facebook with embedded APIs and developers, along with Facebook-specific applications mean that users can’t easily replace or extract what could be valuable data to them. In other words, quitting Facebook means quitting Farmville and all the other applications you use. As more and more websites use Facebook as the only login system (for the best example, see Canv.as), the web platform expands its power. These kinds of platforms also lead to a new, special kind of hurt of users: the AOL effect. Users’ lack of control over their Facebook data also makes it impossible to quit the platform. Not only is it truly impossible to delete messages (the delete button merely obscures them from user view, but enables them to be re-discovered via Facebook’s “Download Profile” tool and of course they remain on Facebook’s servers for subpoena or hackers and Facebook themselves, but it’s also impossible to pull Facebook contact information out of the roach motel. Even Google has lashed out against Facebook, criticizing Facebook’s design choice that makes users’ unable to export their data back out.
How Users Can Strike Back
Not a single user pays to use Facebook, and yet the company is valued at $50 billion dollars. Not bad: that means that of their users is worth $100, by my math! Which is to say that investors believe that your information, your time on the site, and your clicking is worth $100 to Facebook. To encourage a more competitive marketplace and discourage Facebook from abusing its users, there’s an easy way to reduce your value to Facebook while simultaneously reducing your legal vulnerability and privacy problems, without quitting Facebook, or even losing a valuable component of Facebook’s services!.
You keep all of your Facebook contacts, the ability to message or chat or use your wall and apps— but behavioral advertising, Facebook’s bread and butter dollar revenues and the short term thing that keeps them Wall Street’s darling— you can kill all of that just by adding a “Teen Vogue” to your interests. Or Teletubbies. Or Tiffany’s.
Here’s my current profile:
The trick is to populate your Facebook with just enough lies as to destroy the value and compromise Facebook’s ability to sell you. Collectively, users could use misinformation with “features” that they don’t like being used against them in order to guide Facebook’s future. (This is already done by FB’s user base with new some new features: Facebook places seems to effectively have been a flop. Among my 1000+ Facebook friends, only one person uses it.)
How Google is Different from Facebook
I’m wary of Google, but for now will say it’s not worth populating their data with false information yet, and not just because it’s harder. This stems from three major differences between Facebook and Google:
1. Long term monetization strategy
2. Competitors
3. Data Freedom
I don’t see Google’s long term monetization strategy being pimping your data out to the highest advertising bidder. That might be how you build a $50 billion dollar company, but it’s not a way to build a lasting $200 billion dollar company. Instead, I think they’re collecting data to get into a product development business via big data and simple algorithms.
Nor is Google’s monopoly even close to as complete as Facebook’s dominance. Bing apparently now has 29% of the search market, and Baidu won’t let up the Chinese market easily. There are innumerable competitors to Gmail, and they all have heavy user bases. Online documents is an area Microsoft won’t cede easily, since it’s one of their core products and one of their two sources of profit (Office). Mobile phones are obviously an extremely competitive arena, with RIM, Apple, Microsoft, and HP all fighting for OS market share in smartphones. And even in Google’s stronghold of display ads, Apple’s attacking (though the success of iAds remains to be seen).
Perhaps most important is that Google’s exportability of your data remains high. You aren’t locked in or integrated in the same way that Facebook joins all of your data to a persistent single identity, users can download calendars and quit Google Calendar or extract contacts onto a new framework. The integration also doesn’t lock users into Google: you can continue to use Google Docs even if you discontinue Gmail use.
Conclusion
Ultimately, I see inputting false data into Facebook’s “likes” pages a form of sit-in, a kind of CAPTCHA to prevent a Facebook data mining bot to freely pillage and extrapolate results from the data you put in to Facebook. It’s a good response in a scenario like today, where Facebook has a monopoly that almost everyone has to jump in on anyway, no matter how much they might be reluctant to. Hopefully though, the longer term solution is for a real competitor to emerge, offering users the things that they want, and the ability to migrate effortlessly from Facebook without paying Metcalfe’s prices. In the meantime, protect yourself and express a bit of discontent: unsell yourself from Facebook.
Facebook. The social network. The site that we all (well, most of us) use and love (or tolerate, at least). The site that some of us even name our babies after. Since its inception in 2005, Facebook has gone through an evolution that has moved it from being a networking site shared amongst students at Harvard to a global phenomenon used by 1 out of every 13 people in the world. For me, it’s more difficult than it should be to remember past versions of the site. I’ve been on Facebook since May 2007 (a few months before I started college), but when I think of the way Facebook looks, I can only recall the current design.
I think this is how it looked before the recent changes…I honestly can’t really remember.
Anyway, every time that Facebook performed a revamp of its site, they also made a less apparent change—they adjusted the default privacy settings. This is important as many people on Facebook have probably never checked their privacy settings and just accept the default settings, whatever they may be. In that sense, it’s very interesting to think about how Facebook has changed the default privacy settings over time. Just like the old site interfaces, it’s difficult for me to recall old Facebook privacy options and defaults. Luckily, there are a number of informative sites that do just that.
About a year ago, Kurt Opsahl of the EFF wrote an informative article entitled “Facebook’s Eroding Privacy Policy: A Timeline” which gives us an idea of how Facebook’s privacy policy has changed over time. The differences become pretty apparent when you compare the 2005 privacy policy:
“No personal information that you submit to Thefacebook will be available to any user of the Web Site who does not belong to at least one of the groups specified by you in your privacy settings.”
to the privacy policy from April 2010:
“When you connect with an application or website it will have access to General Information about you. The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting. … The default privacy setting for certain types of information you post on Facebook is set to “everyone.” … Because it takes two to connect, your privacy settings only control who can see the connection on your profile page. If you are uncomfortable with the connection being publicly available, you should consider removing (or not making) the connection.”
If the change isn’t apparent enough from the text, Matt McKeon created a handy infographic that illustrates how Facebook’s default privacy settings have changed over time. You should go to his site to see the full interactive infographic, but take a look at the difference between 2005 and April 2010:
Woah.
The changes are clear, and to be honest, somewhat alarming. Currently, the majority of the information found in one’s profile—one’s wall posts, photos, likes, etc.—is visible to the entire internet by default. Only friends can see one’s contact information, but Facebook would have no privacy whatsoever if contact information was available to everyone. However, with so much other information out there in the public, it is entirely possible that someone could still glean one’s contact info from the site. As Facebook has expanded, becoming not just a site for Harvard students to interact on but a site for literally everyone to interact on, it seems logical that Facebook might increase the default privacy settings, as there are many more people with access to the site that one would want to keep their information private from. Back when the only people on Facebook were your classmates, having conservative privacy defaults probably was not as big of an issue as it is now, when anyone in the world can use Facebook.
Of course, not all of these changes are Facebook being evil; rather, it seems that some of them are the result of Facebook simply being ambivalent about one’s privacy. A lot of the expansion in the infographic comes from the fact that Facebook’s audience has greatly expanded since 2005. Back in 2005, there was no such thing as a “public profile” that everyone on the internet could see—you were either on Facebook (and you could only get access if you were in a select group of people) or you weren’t. As Facebook has opened up to more and more people, rather than “pulling back” on privacy settings to maintain the privacy that Facebook had when it was much more exclusive, Facebook has simply let privacy slide along with the site’s access. Perhaps this is due to Mark Zuckerberg’s lack of understanding about people’s desire for privacy. Even in Time’s “Person of the Year” article about Zuckerberg, it said “Zuckerberg has a talent for understanding how people work, but one urge, the urge to conceal, seems to be foreign to him….Sometimes Zuckerberg can sound like a wheedling spokesman for the secret police of some future totalitarian state. Why wouldn’t you want to share? Why wouldn’t you want to be open — unless you’ve got something to hide? ‘Having two identities for yourself is an example of a lack of integrity,’ Zuckerberg said in a 2009 interview with David Kirkpatrick, author of The Facebook Effect.”
Zuckerberg’s comments stand in stark contrast with the themes of our class. This week, we read Warren and Brandeis’s The Right to Privacy, which states “The intensity and complexity of life, attendant upon advancing civilization, have rendered necessary some retreat from the world, and man, under the refining influence of culture, has become more sensitive to publicity, so that solitude and privacy have become more essential to the individual; but modern enterprise and invention have, through invasions upon his privacy, subjected him to mental pain and distress, far greater than could be inflicted by mere bodily injury.” The real question is, can we use Facebook and cell phones and all the other facets of the modern age and still maintain our privacy? Naturally, we must be willing to give up some privacy simply by virtue of using a “social networking” site. Yet, at the same time, we shouldn’t have to give up more privacy than necessary. Perhaps Facebook shouldn’t be allowed to use an opt-out system of privacy, where most of a user’s profile is shared with the entire internet by default and the burden of selecting more restrictive privacy settings is placed on users. Perhaps, through legislation, we can put the burden on corporations like Facebook, so that the default behavior of the site is in users’ best interests, not Facebook’s. After all, Facebook is a social networking site, existing for the people who use it to communicate and connect; it has no one but its millions of users to thank for its success.
Peter Wasylyk, on behalf of his client Derrick Rose, has filed suit against Facebook in relation to the Instant Personalization service.
The complaint is here.
This post may be updated.
In recent history, we have seen a plethora of companies arise based on the aggregation and selling of personal information. Spokeo, ChoicePoint, Intellius, ZabaSearch, Acxiom are just a few. Spokeo, the most recent one however, provides the most information for free, and the cheapest price if you do decide to pay. The concern is that since all of these sites use essentially the same underlying information, there is no way for the user to prevent dissemination. This has led to a number of cries for congressional restriction. A good start might be to extend the Fair Credit Reporting Act to other kinds of data collection and sale.
In the meantime, what does this mean for society? Are we going to undergo a privacy based cultural revolution? I do not think this will happen anytime soon. Currently, the information available on the websites is horribly inaccurate. Generally, you only know if the person you’ve found is correct based on name and address, and many people are not searchable. Once you have found the correct person, further information is generally not helpful. Spokeo says my father, the only family member who shows up, as having several interests and lifestyle facts, “has children” and “enjoys entertainment.” Now I wonder who doesn’t enjoy entertainment. The rest, while inaccurate, do reveal the potential for extensive information: the only reason I can think of for them to suspect my Dad enjoys home decorating and home improvement is the time we spent remodeling, which was thoroughly not enjoyed by anyone at all. Does that mean that Spokeo has some way of knowing what we are buying? It is not getting Dad’s interesting from linked facebook pages, though I don’t doubt website will soon be mining that, so where is it coming from? Spokeo hasn’t disclosed its sources, so it will be interesting to find out. Spokeo also claims my Dad is not intersted in Politics, when in actuality he votes in and follows every election. He does not run a home business as advertised. There are also personality descriptions like “self-driven,” which, without knowing the sources, and given the general inaccuracy, seem dubious.
I haven’t found any sites or testimonials claiming these aggregators are particularly useful or accurate. Given that, it seems hard to believe they represent a real disruption. Even if they are somewhat right, what good is that to a stranger, who cannot tell whether a particular fact goes in the wrong category or the right one? It seems to me that if privacy deteriorates for the majority, it will have nothing to do with people invading it, but rather information being freely disclosed, or allowed to be easily accessed. The current generation is growing more accustomed to sharing everything with everyone. This class in general knows more about facebook and internet privacy than a few handfuls of people. Yet how many of us keep facebook? More than that, how many people keep “likeing,” things, and forming public “connections,” which describe ourselves and our tastes? If everyone is going to keep doing this, then one of two things will happen: people will either get used to presenting their “public face,” on the internet, or we will learn not to care so much whether another’s interests (supposed, self disclosed, reported, whatever) disagree with our own. The inaccuracy of current databases will contribute to a distrust and dismissal of information found online. When it does get more accurate, we will be so used to not caring that we won’t start.
There have been a number of criminal investigation based on wrong information, where it is especially dangerous in law enforcement. Governments should not be trusting these sites to do their investigation for them, and rather than pass laws mandating higher accountability the solution is for criminal investigations to be investigatory rather than a matter of buying the information. It is and should be the responsibility of the police to find and apprehend the correct person. If we do pass laws mandating that information databases be more transparent and correct, this will hasten the future in which we are more tolerant. but there is no sign of this happening amongst the current crises.
Lastly, I leave you with an illustrative graphic of the progression in disclosure. How long before other websites share information like facebook does, or are all connected, or these stop being the default settings and become the only one? Will we really give up our social networks?
It’s a longstanding cliche in the world of tech start-ups. “I’d love to chat about my company, but we’re in stealth mode.” The concern is that sharing the idea is more dangerous than not sharing it. In my experience I have found the exact opposite to be true. Stealth mode is stupid for at least three reasons: 1) ideas are overrated, 2) execution is infinitely more important, and 3) freely sharing ideas can aid in their execution. This is an essential lesson for tech start-ups, but its implications reach far beyond Silicon Valley.
Ideas are Overrated
To start with, ideas are painfully overvalued, both anecdotally — by aspiring entrepreneurs, and formally — by our legal system. Right now thousands of people are contemplating the same, next big idea. But what separates these faceless masses from the one that will emerge as the next Google? In a word, execution. Ideas are everywhere, but great implementation is rare. New entrepreneurs, who have not yet gone through the most critical stage of a young company — its execution — are prone to undervaluing its importance.
The US patent system, meanwhile, similarly overvalues ideas. It protects the expression of ideas that are both “novel” and “non-obvious,” but realistically, in the digital age, for how long do new ideas remain “non-obvious”? In the Twitter age ideas spread nearly instantly. And because of our abundant access to information, in general, the process of trends converging to form new ideas is in plain view for almost anyone to see. Furthermore, the ideas that underly the most successful tech companies of the past decade — Google, YouTube, and Facebook — were neither novel nor non-obvious when they made their marks.
The Story of Facebook
Facebook, in particular, provides an excellent case study. The idea of social networking first emerged in the late 90’s. Live Journal started in 1999; Friendster in 2002; and Tribe.net in 2003. Mark Zuckerberg didn’t launch Facebook until the spring of 2004. At that point it would be unthinkable to label social networking as a new idea. But it was. In fact, two separate groups claimed that Zuckerberg had stolen the idea from them. Facebook had to settle one of the cases out of court (due to pressures stemming from contract law and public relations, not any valid IP concerns), but the very occurrence of the lawsuit, that someone could even think that the idea of social networking was somehow novel or non-obvious in 2003, underscores our societal misunderstanding of ideas.
Why did Facebook garner 400 million users, then, even though it wasn’t a new idea? Because of its execution. It was part luck, part skill, but regardless, it was the actualization of Facebook, not the idea of a social network (or even the idea of a college-centric social network), which created so much value. The same goes for every success story. Search was old news by the time Google entered onto the scene in 1997. But they implemented it much, much better than the competition. Hundreds of streaming video sites were sprouting up in 2004. But YouTube executed the idea better than anyone else.
And why were so many people working on these ideas in the first place? Because there were highly visible trends that were converging to create obvious new opportunities: the growth of the internet made search a necessity; increasing broadband penetration made internet video feasible; and in the wake of the success of the blogosphere, social media was emerging as the next major frontier on the web.
“Ideas are Just a Multiplier of Execution”
As the founder of CD Baby, Derek Sivers, put it, “ideas are just a multiplier of execution.” He explains that varying degrees of execution are worth roughly between $1 and $10,000,000, but ideas are only worth between negative 1 and 20. Therefore, a weak idea with flawless execution can be worth $10,000,000, but the best idea in the world with poor execution is worth just $20. These numbers are obviously metaphorical proxies, but the concept is spot-on. And Sivers of all people would know: he took a relatively boring idea (selling independently-produced CD’s on the Internet), and turned it into a $20 million company.
If stealth mode was merely unhelpful it would be one thing, but it is actively harmful to new ventures. The people who appear most threatening in the stealth mode worldview — industry peers, talented coders, angel investors, etc. — are actually the people who could provide the most help. By closing themselves off to these potential resources, stealth mode companies are their own worst enemies.
What about Apple?
One common retort to this critique of stealth mode is, “what about Apple?” This of course refers to the fact that Apple, Inc., the fifth largest company in the US, uses intense secrecy as part of their unquestionably successful product development and marketing efforts. The short answer is: you’re not Apple. They are a thirty-five year-old company with hundreds of retail locations, tens of thousands of employees, and tens of billions of dollars in the bank. Their sophisticated use of secrecy has no bearing whatsoever on a small start-up. [Note: this isn’t to suggest that Apple has a healthy attitude towards intellectual property, because I don’t think they do, but that is for a different blog post.]
Fear of Sharing: Broader Implications
The concept that overprotecting ideas can actively hurt companies is something that applies to all firms, not just start-ups. Media conglomerates, for instance, closely guard their content, because, like rookie entrepreneurs, they think not sharing it is less dangerous than sharing it. But they’re wrong.
This mistake is perhaps best illustrated by the band Ok Go, whose lead singer wrote a scathing op-ed in the NY Times this past weekend, which chronicled his band’s tumultuous experience with a major record label. Ok Go was signed by EMI in 2000. They floundered for years, until in 2005 the band used their own funds to make a low-budget music video — without the aid nor the permission of their label — that went on to become a YouTube sensation. The label, though, viewed the video as illegal, despite the fact that it singlehandedly propelled the band to international stardom, resulted in millions of legally sold records (most of the profits of which went to the label), and even earned the band a Grammy. Recently EMI disabled embedding on this video so that it can no longer be shared across the Internet, even in light of how it being shared in the first place is precisely what proved to be such a boon for the band and the label. Consequently, EMI is preventing the next Ok Go from ever emerging. Consumers lose, bands lose, and EMI loses. Why are they doing it? It’s really unclear.
Conclusion
Whether you’re a lone hacker or a Fortune 500 media company: your ideas don’t really matter. So stop trying to protect them, and start trying to implement them better.
Not actually about fighting bad EULA's, but c'mon, xckd is always a good thing.
After doing this week’s reading, it’s easy to get the feeling that there’s little we can do to fight bad EULAs. And let’s be honest, there isn’t much–at least for the individual user. That said, recently there have been cases where popular services have changed their terms of service because of the public’s distaste for a few egregious terms within them. Remember earlier this year when Facebook changed it’s TOS to say that they kept the rights to your content even if you got rid of your account? People got mad, they complained, and Facebook caved and went back to it’s old TOS. Similarly, there was a situation last summer in which it appeared Google’s Chrome browser’s terms of service gave Google the rights to anything you sent through the browser–again, after people complained, it was changed. While these situations were hardly the same (it seems Google’s TOS problems were the result of a mistake, whereas Facebook’s seemed more deliberate), they share in common the fact that the problem was fixed after enough people complained about it. This of course isn’t an entirely satisfying solution, but it is good to know that if people get angry enough, companies do respond.
The other important step one should take as a consumer is to actually make some attempt to read agreements before clicking through them–even if it’s just a quick skim. While there’s not much you can do if you don’t like the terms (except perhaps give your business to someone else), at least you’ll be aware of them. And sometime’s you’ll be pleasantly surprised (I’m a big fan of Google’s affirmation of my intellectual property rights, something about which I never would have known if I didn’t read the terms). If you want to be extra vigilant, you could even check the EFF’s “TOSBack” site from time to time: it’s a site that tracks changes to various terms of service agreements (there’s even an RSS feed if you’re uber-nerdy). After all, someone’s got to notice harmful changes to these agreements in order for people can get angry about them.
Lastly, I’d be up for creating some sort of EULA hall of shame, much like the EFF’s DMCA takedown hall of shame. While there already seems to be a site that attempts to do this, it’s far from well done or thorough (check it out at http://www.eulahallofshame.com/). Such a site, if done well, would be useful in that it would draw attention to particularly bad abuses of licensing agreements. And, after all, ridiculing sketchy practices by companies is fun. Let me know in the comments if you’re interested.
In honor of Cory Doctorow, I’d like to end this blog post in the same way he has ended several of his about blog posts EULAs (and I can because Boing Boing uses a CC-BY-NC license, I’m giving him credit [Thanks Cory!], and I’m gonna go ahead and say this blog post is CC-BY-NC-SA, since I can’t seem to find a licence for the site as a whole):
READ CAREFULLY. By reading this blog, you agree, on behalf of your employer, to release me from all obligations and waivers arising from any and all NON-NEGOTIATED agreements, licenses, terms-of-service, shrinkwrap, clickwrap, browsewrap, confidentiality, non-disclosure, non-compete and acceptable use policies (“BOGUS AGREEMENTS”) that I have entered into with your employer, its partners, licensors, agents and assigns, in perpetuity, without prejudice to my ongoing rights and privileges. You further represent that you have the authority to release me from any BOGUS AGREEMENTS on behalf of your employer.
This work is licensed under a Creative Commons Attribution-Noncommercial-Share Alike 3.0 United States License.
Recent Comments