'Firestorm of anger' hits Facebook after EU condemns privacy policy

Accounts closed because of failure to explain fully who shares access to users' personal details. Rhodri Marsden reports

A friend of Facebook founder Mark Zuckerberg asked him, back in 2004, after the 19-year-old had casually mentioned in an online conversation that 4,000 people had uploaded their personal information to his fledgling website: "How did you manage that?" He typed back: "They just submitted it. I don't know why. They 'trust me'," then indiscreetly described them as "dumbfucks".

This week's reporting of that conversation, brushed off by Facebook but not denied, comes at an awkward time for the social networking site, whose 400 million members have made it the second most popular online destination behind Google.

Its privacy policies, inextricably coupled with it urging that we share our information with the world, have regularly hit the headlines, but in the past fortnight the privacy debate has developed into what some excitable commentators are calling a "firestorm of anger".

Prominent technology bloggers have publicly deleted their accounts, and an EU data protection body has issued a strongly worded statement criticising the website. Anyone busy using Facebook probably will not have noticed, and that is essentially the problem.

The biggest charge levelled against it is that users simply are not fully aware of changes that are regularly made about who can see our information, which search engines can catalogue that information, and which companies can advertise products to us based upon it. At the end of last year, certain categories of data belonging to over-18s were made visible to "everyone" (Facebook and non-Facebook users) by default.

This was presented in a benign, socially inclusive way, but it did not take long for concerned users to urgently forward instructions to their friends explaining how to revert these changes. In addition, more widespread use of Facebook Connect (a system where we can permit external websites to link to our Facebook account to improve the "user experience") has furrowed many brows, particularly when we see pictures of friends unexpectedly popping up next to gossip columns or cricket scores.

But the recently introduced "Instant Personalisation" service has pushed things too near the edge. Facebook describes it as "magical", but the wider consensus is "creepy": three websites (namely docs.com, pandora.com and yelp.com) now know that you are a Facebook user and welcome you as such on your first visit, unless you have specifically turned the option off within Facebook.

But making decisions and taking action over these privacy issues isn't easy. Facebook's commitment to providing "granular" privacy settings for each type of information results in a fiendishly complex system. About 50 settings are spread across several pages, with important and alarming-sounding sections such as "what your friends can share about you" buried within a submenu of a submenu.

Each external website you approve with Facebook Connect provides another potential information leak and yet another screen of privacy options, and the privacy policy governing all this runs to some 5,830 words.

People are choosing to close their accounts (another seven-step process that, ironically, does not actually delete your information from Facebook's servers.) Signups to the site have also reportedly slowed, albeit to a colossal 20 million per month.

But for many, Facebook has become indispensable. It is a one-stop address book; it is a diary of upcoming events, from gigs to birthdays to political rallies; it is a place to chat with friends when you are having an evening in, and it strengthens bonds between people who might have become estranged through laziness or forgetfulness.

Facebook could certainly be accused of tapping into a narcissistic streak that compels us to publicly share information to make us seem more important than we actually are, it is also a powerful friendship tool. Without it, many of us would feel bereft, not technologically, but socially. That's why we are there, and why we stay there.

What most users say about privacy is, "Well, who cares?" Social networking is such a fast-developing medium that the consequences of our information being disseminated are not really understood. In fact, other than the appearance of adverts for barbecue sets appearing on the same page as our stated love of picnics, it is barely noticed. News stories of people losing their jobs because of drunken photos appearing online are seen as rare exceptions that happen to others, and if you asked people if they really wanted to lose control of their online persona, you would not blame them if they said, "I don't know. What does that even mean?" And few of us would be able to give them an answer that did not sound unneccesarily paranoid.

But even prominent Facebook supporters are voicing concern, not least because Facebook's response to the outcry has been muted. They are used to complaints about cosmetic changes to the website, but the impossibility of keeping nearly half a billion people happy means that, understandably, they ignore these. They are used to the retroactive whining of those whose voluntary uploads to Facebook find their way into the public domain via indiscreet friends; understandably, they ignore that, too.

Elliot Schrage, Facebook's vice-president for public policy, has apologised, but only for the confusion surrounding the changes, and not the changes themselves, which have been described in that statement from the EU as a possible breach of data protection law.

This could give Zuckerberg a far bigger headache than a clutch of critical blogs, but he cannot say that he did not see it coming. After all, he was the one who apparently expressed such surprise six years ago at our willingness to give him all our information free.

The story of Facebook

*October 2003: Harvard student Mark Zuckerberg created "Facemash" by hacking into Harvard's computer network and placing random official ID pictures of students next to one another and asking users to pick the "hottest".

*Feb 2004: Zuckerberg launches thefacebook.com, inviting students to post a picture and some personal details. Within 24 hours 1,500 people had registered. Six days later three other students accused him of stealing their idea. He later settled with them for $65m.

*March 2004: Facebook spreads to other US and Canadian universities, and later to Oxford and Cambridge.

*September 2005: High schools are invited to join, as are employees of companies including Apple and Microsoft.

*September 2006: Facebook opens up to anyone over the age of 13 with a valid email address.

*October 2007: Microsoft buys a 1.6 per cent share in Facebook for $240m.

*August 2008: Businessweek values Facebook at between $3.75bn and $5bn.

*May 2010: Users worldwide estimated at 400 million.

The Not-so-secret world of social networking

*Social networking sites, of which Facebook is by far the most popular, make it easy for us to share our personal information, photos and videos with families and friends, with powerful privacy settings to keep them hidden from bosses, ex-girlfriends and boyfriends. But as the world of social networking expands in size and complexity, so does the task of protecting privacy.

*Facebook has "limited profile" settings, meaning different parts of your profile can be visible to different users. So you can share your photos or statuses with some "friends" but not others.

*Twitter, too, has a "direct message" function allowing users to send messages direct to each other rather than share them. Both websites have suffered from bugs in the past year, exposing confidential information.

*The most effective way to protect your identity is simply not to disclose it. And use pseudonyms to register on websites or make blog or forum comments.

Comments