I never joined facebook, myspace, or linkedin and have no intention of ever doing so.
About once a week, a friend of mine tells me I really ought to join facebook, and every time, I ask them why.
Lots of reasons, they tell me. To get reaquainted with long lost friends. To find out what others are up to. To let others know what you're up to. etc. etc. etc.
To which I say:
If we lost touch, there was probably a reason.
If you want to tell me something, email me or call me.
If I'm not important enough for you to single me out outside of a social network, then I don't want to know.
If I want you to know anything about me, I will tell you.
If I want to market myself, I will, in a manner over which I have control.
If I want to find something out, google is my friend.
I do not want anyone to know who I am, what I'm up to, or who I communicate with unless I specifically tell them myself.
I never thought of myself as a privacy prude, but it seems like every week people are bitching about facebook privacy problems. What did you expect?
I realize I'm in the minority here at hn, but I still don't get it. What's the big deal about facebook? And what did we ever do before?
> What's the big deal about facebook? And what did we ever do before?
Facebook has solved two standing problems for my social groups. Your friends and acquaintances may be using it similarly, without you knowing it. Or maybe not.
1. Easy and effective photo sharing. It's easy to upload pictures and tag the people in them. If someone uploads a photo with you in it, you will get notified. The end effect of this is that everyone at events, outings, and parties gets copies of the photos taken there.
What did we do before? For many of my social groups, nothing. Those photos were not shared. For two of my social groups, we set up dedicated sites for sharing our photos.
2. Event planning. The events interface works as well as any other I've seen. And if everyone is already on Facebook, it's not as annoying as evite or some third party site where people don't have accounts. I had a friend that refused to get a Facebook account for years and we always had to call or email him separately from the rest of the group. This created more work for the event organizer (which was perceived as somewhat rude) and messed up the attendee counts, because he wasn't in the RSVP numbers from the Facebook event.
What did we do before? Played telephone tag and sent group emails. This works fine for smaller events with just a few people, but it doesn't scale past about 5 or 6 people. It also doesn't work in the tell-your-friends-to-invite-their-friends scenario where you still want RSVPs from everyone.
Many of my friends handle social planning exclusively through Facebook/Twitter/FourSquare/Buzz/etc. Not having accounts on these sites would be akin to not having email/phone w.r.t. social life.
In fact, my use of all these technology is probably equivalent to email or SMS for a group of friends that is email-based. What is your opinion of people who refuse to get an email?
What is your opinion of people who refuse to get an email?
Not the same thing. Having an email address does not require any privacy tradeoffs.
I don't know anyone who "refuses" to get email, but I know a lot of people (believe it or not) who don't have computers. But they have phone numbers. I have to remember to leave them a voicemail when I email everyone else. In those cases, consideration > inconvenience.
I agree with your point of view, and it is the one I hold. I don't like that Facebook et al. ask me to give up my privacy, and I want a better option. In the meantime, if I want to get invited to events with friends, I must have a Facebook account. I don't want to debate privacy implications, I merely wanted to answer your "I still don't get it" remark.
You don't get it because your social circle doesn't live and breathe Facebook. For me, refusing to get a Facebook account would be the same as refusing to have an email account to you. Try talking to some middle schoolers or high schoolers - they are even worse than myself.
Again, I want to stress I do not approve of Facebook's stance on privacy and I do not disapprove of your stance on the platform or its usefulness - it is useful to some people, not all.
"There's nothing sadder to me than associations held together by nothing but the glue of postage stamps. If you can't see or hear or touch a man, it's best to let him go"
~ East of Eden
After reading this, I lost all guilt about losing some old friends due to moving around the country.
thats pretty depressing to me, most of my friends parted ways after finishing university to go travelling or get jobs. since then some have managed to move back to the same place and I see them almost weekly, some I visit or they come visit me reasonably regularly. Some I havent seen in 4 years but know I will see again.
I came on HN just to see what Facebook might have done in these whole 24 hours of my absense from internet. And boy, am I totally freaked out.
Edit: Yep, I can see apps showing up in recently used. One of the sites was vBulletin.org. I seriously do not want anyone to know that I have a forum.. at this point I am seriously considering retirement from facebook.
Dear Facebook, Screw Yourself. Thanks.
Edit 2: I'll be honest here - I was never much concerned about my online privacy, why? because I had faith that no comapny could get away doing something such as this. Lost my faith. Disappointed..
It amazes me that you ever had faith in facebook. Why did you think facebook would be different than other social networks? Did you think facebook would be around forever? Did you think all the work, energy, and time you put into facebook wouldn't simply evaporate?
Imagine if you had invested all the time you put into facebook into your own life. Making your life better. Making the physical world around you better.
That's what saddens me the most about facebook. All the hours that are going to evaporate. All the productivity there could have been.
Facebook is like a battery that stores everyone's labor and we are all about to collectively chuck that battery in the trash. Well, not "we all"... I never signed up because I knew this is how it would turn out.
Not to pour salt in the wound. Quite the contrary. It's more like a caring hug when it all falls apart.
Truly. I'm getting sick of this. In the past I've defended Facebook and been a fan of their developer tools and relations. About had enough at this point.
Why even stay any more? This is becoming frequent enough that it's just ridiculous. Staying on Facebook just means that they'll continue to do this again and again. Show them it's not acceptable and delete your account.
Because this isn't something you posted on Facebook, this is just visiting a site and as a consequence having an application added. As the article points out, though the app doesn't show up on your profile, a friend who looks at the application home page will you see you in a list of "friends who have this application."
I agree it's hypocritical to post something on a Facebook wall and then complain if someone reads it; you post something, it's public to some extent, and you'd better be ready to face consequences of that. But this is an admitted bug that allows friends to see if you've visited a site without you having taken action other than visiting the site. That's just plain wrong.
I just checked my applications list on Facebook this morning, just days after when I last checked it, and I can confirm the behavior reported in this story. I didn't ask for an application to be installed at all, but two were. Yes, that is malware.
After edit: just changed my Facebook status message to remind me my friends that they know other ways to reach me, with better privacy. I think it's time to take a vacation from Facebook. I don't like this contempt for customer.
nah they won't. products are dumb on average. you're probably on the right slope of the bell curve and can't fathom how gullible the other side of the hill is.
Unfortunate, but true. I don't understand why people use services like that so willingly, because companies have to make their money somewhere. For some I guess the amount of personal data provided isn't a big deal.
I've been saying this about Google for years. When a company makes money of off advertisements and gives away services for free, the people taking the services are not customers, and the free services are bait.
Just a logic check to make sure you are being consistent: when HackerNews does something that people complain about, are you one of those people who say the customer comes first? Or one that says that people who visit free sites shouldn't complain?
I'm hoping you're consistent. I know I've long said that if I visit your site, whether I pay you anything or not, a social contract has been created. I have certain expectations. Others, however, take a much different view. If you had a list of articles on HN where folks complained about stuff, you'd find a lot of arguing on the other side. I challenge those folks to either be consistent with their previous position or change their mind. (I don't think this applies to you, but since you were the first to comment I'm using you as a bit of a straw man. Hope that's okay)
> are you one of those people who say the customer comes first?
In this case, the customer is the advertiser, Facebook is the broker, and the users (and their data) are the product. With its recent action, Facebook is clearly saying "the customer comes first."
> Or one that says that people who visit free sites shouldn't complain?
Facebook may be free in the sense that I'm not giving them my credit card number and they are not charging me a monthly monetary fee, but the price of admission onto Facebook is your private information. Even if you don't enter anything in your profile, your friends will start to form the links (by searching for you and sending friend requests (even if you don't accept them) or tagging your face, etc.) that any marketing person pays big money for.
Facebook is not free and the customer is definitely coming first.
Not that simple. You visit FB, then visit some other site. Your visit to that other website causes FB to subscribe you to an app of the site that has access to your data. How much profiling and tracking is reasonable to expect? Are other services doing this?
Well, any sort of javascript that loads in on a page that comes from a central location could track you across sites. Advertisers have long tracked you. Google tracks you on the search, their browser tracks you on each page you visit, and Analytics tracks all site activity. A lot of browsers track you and provide feedback like PageRank.
All of these are free applications.
Perhaps this is the special case of 1) It being a web app, and 2) changing terms without notifying the user
I dunno. But I know lots of free services that you can sign up for (or not) track you in a lot of places you wouldn't expect. The difference is that you don't have this nifty little page to go to where you can see it all happening.
In this case, Google is even worse because you don't even have to use google to be tracked by their systems. You can avoid facebook's privacy violations by not using facebook, but you can't avoid google's privacy violations even if you don't use google. You have to explicitly block their ad servers to do that and they have lots and relatively noone knows how to do it.
There is a bit of distorted thinking and mob mentality going on here. It's beginning to seem like every other week the tech community is out with torches and pitchforks. Kind of a "burn the witch!" thing going on.
I use FB, but I think it's model is about as evil as it can get, and that was before this happened. I'll be happy when we have some options.
I don't mind everybody piling on, but it is interesting to note the vast amount of inconsistencies in people's thinking. For me, I can handle the app stuff -- it's the use of my friends to make me act against my own interests that I find truly diabolic.
I think you picked a poor target, since tokenadult was clearly implying that (s)he is seriously considering abandoning Facebook, implying the acceptance of the "take it or leave it" action set.
(For myself: Take it or leave it, and I've never liked Facebook's options so I never took it. It hasn't gotten any better. But if they want to monetize their user base right out of existence, they have my blessing; I don't see why someone should point guns at them and make them stop.)
I'm not sure I understand where my mistake is. My question is not whether you are "take it or leave it". My question is whether or not there are expectations set up when you upload something, anything, to a free site.
I don't think anybody is advocating some sort of half-measure, like bringing a lawsuit or something. My question is about expectations. HackerNews voting doesn't work as I like. So I complain. I'm told it's a free site so stfu (just making this up and using HN as an example). Is it reasonable for me to expect something from HN since I put stuff on there? If I leave my car keys at the front desk at a hotel, I reasonably expect them to take care of them and put them in the safe. This is a reasonable expectation of people who visit a hotel. If I upload naked pictures of me and a chicken to Facebook and make them private, regardless of TOS, should I have that same type of expectation?
More to the point in this case, for a million years mankind has always thought that the list of who his friends were and his memories of interacting with them were an innate part of his being. Nobody could take this from him. Now Facebook is saying that this is property that they can trade in. Which side makes the most sense? And because it is free, does that change the equation?
Make no mistake, I've long thought Facebook was the devil.
When you go to the Application Settings page make sure to change the drop-down from "Recently Used" to "Authorized." Otherwise you will not see all the apps/websites that are associated with your profile.
"... if you go to an application's profile page, you can see a list of your friends who also have that app installed, essentially getting a unintentional peek at their browsing habits."
This creeps me out more than anything else Facebook has done yet.
The unsettling fact remains: Facebook is tracking users' activity on third party sites without express permission (though perhaps it's in the TOS; I'm not sure). And evidently, they're somewhat incompetent at hiding that information.
Facebook's response (via pokesperson David Swain, FTA):
In this case, there was a bug that was showing applications on a user’s Application Settings page that the user hadn’t authorized. No information was shared with those applications and the user’s list of applications was not shown to anyone but the user. This bug has been fixed.
However, the work required to stay on top of Facebook's never-ending privacy snafu has become far greater than the small aggregation/old friend contact benefit. I'm out.
This is really bad. I administer a site that uses IntenseDebate. That site has not integrated any of the Facebook Graph API at all. However, we do allow Facebook logins through Intense Debate. To my surprise, I see that this site has been added to my Facebook applications.
So, if you use third party sites that in turn use Facebook's API, you effectively add Facebook Graph API to your app.
Facebook's open graph is seriously scary. Since I joined Facebook (circa Sept '07) I have defended their privacy standards, I thought were doing a great job, considering the shear size of the problem.
Not so anymore. In the last two months, I've read more articles about their antics than in the last 3 years. Here are the significant problems I have with them now:
1) Defaulting to public for user posts
2) Open graph - any web developer or rogue person has much more power and access to my "personal" data, where's the opt-in instead of opt-out?
3) Random and chaotic code glitches, e.g., live chats being visible, private messages getting delivered to the wrong person. As a web developer, I know it's hard. We're humans, we make mistakes, but these are inexcusable. Even remotely decent testing would have uncovered them.
To sum it all up, Facebook has a great thing going, 400m users, $1b valuation, large app database. But if they want to keep their dominance and users like me, they need to seriously review their stance toward privacy and user's rights. It isn't up to par.
Facebook's usage is starting to decline, so they have to do everything they can -- while they still have users -- to maximize the value of their graph for the investors who are going to do whatever they have to with that graph to salvage what is left of a crumbling social network.
People on facebook right now are going to be getting spammed for years and years and years, in the mail, on their birthdays, to their cell phones...
You have no idea the lengths to which people will go to salvage hundreds of millions of dollars...
Just a gut feeling. I've... we've known something like this was coming for a long time. Remember, MarkZ is a bit of an egomaniac. Have you seen what happens to egomaniacs when their world starts to crumble around them? Not to get overly dramatic, but you know the Russians gave him hundreds of millions of dollars. That's a lot of money.
You know, in startup land, we tend to think the world works differently than the world works. Mark's investors are probably putting a huge amount of pressure on him right now and the activity on the web over the past few weeks has sent FB users leaving in droves.
HN used to be full of FB fans, API fans, technical fans look how that has turned in just a couple weeks...
If you were facebook and you saw your subscriber base growing and growing, then plateau, then start to decline rapidly -- uncontrollably, what would you do? What would you do if you knew that your worth was dropping just like that.
Imagine having millions of dollars in the stock market today when this mess happened. You'd be sick right now. That money won't come back. Facebook's users won't come back and Mark's chances of keeping his paper billions is evaporating right before his eyes...
I can see it. I can feel it. The writing is on the proverbial facebook wall.
According to pretty much every site that ranks websites according to traffic / visitors facebook is currently #2 and rising, some hard proof that that is more than a gut feeling would go a long way towards substantiating that this is not just a tech sector issue.
Perhaps, but I've always been a little ahead of the curve. ;)
Seriously though, it'd be impossible for anyone outside facebook to provide any hard proof of their utilization. From the outside, it's all speculation.
What is your estimate on FB's future? Here's my prediction: Facebook users revolt. Another social network evolves, or an existing one becomes the dominant, perhaps orkut or ning, or foursquare. I'm not sure I'm just an observer, but I think within the two to three year mark, facebook will be about as popular among the "in crowd" as myspace is right now and we'll be talking about some other network in 10 posts to the front page of HN.
Facebook will try to get someone to buy them for maybe a couple hundred million. Tons of investors will be angry. Mark will be declared the egomaniac who didn't know when to quit and he'll struggle for the rest of his life to find another successful project.
To clarify, there was a bug that was showing applications on a user’s Application Settings page that the user hadn’t authorized. No information was shared with those applications and the bug has since been fixed.
Facebook's Response
After this story was published, Facebook spokesperson David Swain contacted us and
confirmed that the appearance of unauthorized apps was a bug:
"In this case, there was a bug that was showing applications on a user’s
Application Settings page that the user hadn’t authorized.
No information was shared with those applications and the user’s list of
applications was not shown to anyone but the user. This bug has been fixed."
It does appear that unauthorized apps are no longer being added to users' pages,
however any unwanted applications that were previously added will still need to be
removed manually.
This should serve as a good reminder to not surf while logged into websites that may contain important personal information or that could cause personal damage if compromised.
I'd say it's not a reminder for many; it's news. I've always been very careful with my info on Facebook, but I never considered how easily they could invade my privacy when I'm not even on their site.
I don't have any applications added when I visit the sites listed here, and this happens whether I have third party cookies blocked or accepted. There may be something else my system is doing to block this behaviour, or it may be a feature only rolled out to some users.
With all this talk of people leaving Facebook, I can't help but wonder how much of a dent this actually makes. We're the techies, we pay attention to things like this. Our friends, the nontechies don't, and they don't care.
We're out numbered 5:1 by nontechies who aren't going to raise a fuss from this.
According to an article update, the applications weren't actually authorized and were showing up when they shouldn't have been (aka they weren't actually 'installed'). Not that that restore my faith in Facebook whatsoever.
I have a question. Under Privacy Settings -> Applications and Websites, they have this sentence in the text:
When you visit a Facebook-enhanced application or website, it may access any information you have made visible to Everyone (Edit Profile Privacy) as well as your publicly available information.
Now, my question: Does this mean that when I visit some website that's "Facebook-enhanced" and I don't do a damn thing, is the site going to pull the info? What the heck is a "F-E" website? The ones with the little "fb" icon they just introduced?
FYI, the gothamist network of sites (LAist, Bostonist, DCist, Phillyist, Chicagoist, SFist, Austinist, Houstonist, and Seattlest ) is doing this as well.
Like many of you, I have several browsers installed (I'm on a Mac). What I started doing is not log into Facebook on my "main" browser, Firefox, instead logging in with Safari, where I don't do much else. Flipping to Facebook is now a Command-Tab instead of Command-`, other than that I'm not disrupted much. So, good idea, bad idea?
I've been doing the same. I think of them as the "browser of record" and the "accounts not yet tied to my full id browser." I'm thinking that the next steps in the arms race (if needed) are along the lines of putting one or both of them in virtual machines, having one or both use some different proxies.
I like better the idea of a greasemonkey script that would block sites from reading my facebook id.
These guys sure have some nerve...I just saw the below as I tried to edit my privacy settings
"When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card"
On the "Privacy Settings > Applications and Websites" page, there is a "What your friends can share about you" listing.
This is the really fun thing about all this... they seem to know how to put just enough controls here and there in the labyrinth of settings so that few specific complaints really stick. While, at the same time, they never unify the intent of the controls into something that the user can see all the implications of their settings and then set them the way they want.
To me, this just cries out for some visualization. Maybe some nested circles (each circle representing a friend group) around the user in the middle, arrows (representing the types of information that is shared) radiating out to the furthest circle which can see that information.
i'm also glad i deleted the account i had with a national facebook-clone a long long time ago.
all this pseudo-social bullshit is getting on my nerves. go out, meet people, exchange phone numbers and email adresses and maybe even STDs, but for fuck's sake don't delude yourselves into thinking facebook means being social.
Unless I'm wrong, these are sites you have authorized via Facebook connect. They were always there. (Any site using facebook connect is an "app") And they always showed your friends who have also "connected" to that site.
(Edit: Seems to be confusion between "Recently Used" and "Authorized")
An event that trigged it for me: visiting break.com (after previously logging into facebook) resulted in a Break application being added without consent.
I think that is the rub here.. Somehow they are showing as "recently used" which is completely different from "Authorized". The app does not get a session key from you and has no additional permissions or access to your account.
The friends thing mentioned in the article has always been that way. Every connect site is an app, go to an app you can see friends who have installed it, as it always has
I've been pretty anal-retentive about blocking apps, setting app access, etc. for some time now and educating my "friends" on how to do this. I'm very aware of when I authorize an application and have used FB Connect twice a long time ago on sites that did not show up as unsolicited apps. Sites I visited this morning, however, are showing up. I never logged in to those sites (or have any kind of account, made a comment etc). This unauthorized "installation" is very much happening.
timmaah, are you sure you're not doing something "unusual" here? A browser that this doesn't work on, no-script, browser security settings maybe? Just wondering how you avoided it.
Nope.. I think it is just people are hyper sensitive (as they should be) to fb privacy this week and have noticed something that has always been there. There (for whatever reason) is a difference between "Recently used" and "Authorized"
(But still I don't see them under "recently used".. no idea why)
I never joined facebook, myspace, or linkedin and have no intention of ever doing so.
About once a week, a friend of mine tells me I really ought to join facebook, and every time, I ask them why.
Lots of reasons, they tell me. To get reaquainted with long lost friends. To find out what others are up to. To let others know what you're up to. etc. etc. etc.
To which I say:
If we lost touch, there was probably a reason.
If you want to tell me something, email me or call me.
If I'm not important enough for you to single me out outside of a social network, then I don't want to know.
If I want you to know anything about me, I will tell you.
If I want to market myself, I will, in a manner over which I have control.
If I want to find something out, google is my friend.
I do not want anyone to know who I am, what I'm up to, or who I communicate with unless I specifically tell them myself.
I never thought of myself as a privacy prude, but it seems like every week people are bitching about facebook privacy problems. What did you expect?
I realize I'm in the minority here at hn, but I still don't get it. What's the big deal about facebook? And what did we ever do before?
</rant>