Facebook’s Growing Design Problem (and a proposed solution)

According to Businessweek, Facebook may soon be changing its new Beacon feature, which shares personal information (if not identifying you personally) with 3rd party sites outside of Facebook. I wrote about the feature in Facebook’s Brilliant but Evil Design

Interestingly, most people, including the group MoveOn.org, seem worried about a different symptom of the problem than I was. Most people are worried about what happens when the shared information gets back to Facebook, and their Facebook friends see their outside activity. For example, if someone rents Footloose on Blockbuster.com, all their friends on Facebook will see it. I personally think that Footloose is a brilliant movie, but some people might be embarrassed by their friends seeing they rented it.

My main concern was that Facebook and Blockbuster were talking at all.

According to Businessweek, Facebook may soon be changing its new Beacon feature, which shares personal information (if not identifying you personally) with 3rd party sites outside of Facebook. I wrote about the feature in Facebook’s Brilliant but Evil Design

Interestingly, most people, including the group MoveOn.org, seem worried about a different symptom of the problem than I was. Most people are worried about what happens when the shared information gets back to Facebook, and their Facebook friends see their outside activity. For example, if someone rents Footloose on Blockbuster.com, all their friends on Facebook will see it. I personally think that Footloose is a brilliant movie, but some people might be embarrassed by their friends seeing they rented it.

My main concern was that Facebook and Blockbuster were talking at all.

Imagine this offline scenario. You walk into your local cafe and buy a Maxim (or whatever the woman’s equivalent is). You’re then out with your wife/husband later that day and walk into the nearby Starbucks. The barista says “Hey, I noticed you bought Maxim, how about a nice double-peppermint mocha doohicky as well?”. You then have to explain to your wife that Maxim is completely harmless, no nudity, real beauty, respect women…etc…painful…etc. You also then have to have words with both the cafe and Starbucks because they were sharing information. This is exactly what Facebook and its partners are doing. We wouldn’t accept this in our downtown, so why should we accept it online?

(another thing, this might be what advertisers do all the time with 3rd party cookies. I have them turned off in my browser, but it doesn’t mean I’m 100% protected.)

What Facebook is doing is wrong: It’s not acceptable for Facebook to share information with 3rd parties without explicit consent. For long enough they’ve toed the line…sharing information with 3rd party apps. But you have to explicitly click “yes” to those relationships, and since apps are within the Facebook world we have more of a feeling of transparency (whether or not we should is another question).

When I do business with someone, even if its as simple as renting a movie or buying a magazine, I expect a certain level of privacy. I expect businesses to keep my personal activity to themselves. It’s a common social norm, is it not?

Here’s a simple solution that Facebook might try:

  • When sharing information outside of Facebook: opt-in only. The default must be that a person has to give explicit consent. If they do nothing, their information is not shared.
  • When sharing information within Facebook, it’s OK to opt-out. The default can be inclusion and sharing, as long as Facebook doesn’t share beyond its walls.

Oh, and of course we need a global “No Thanks!” button that turns everything off completely. Click that once and you’ll never be asked about sharing information again.

For the record, this is the policy that I’ll be recommending when consulting on social design projects in the future.

Now, I realize that Facebook can do whatever the heck their privacy policy and terms of service say they can do. But absolutely nobody reads those documents…its not explicit consent by any means. And, more to the point, it’s just shady business. Doesn’t Facebook want a strong, trusting relationship with the people who use its site? Or is selling information to 3rd parties more important?

If Mark Zuckerberg truly wants to build a system of “trusted referrals”, he needs to make some changes.

In a more general sense, this is the tip of the iceberg. This is one of the most important design issues of the next decade. Facebook isn’t even the first to run up close to the fence. But they are way ahead of most integrated social systems technologically. When others catch up they’ll be tempted by the same fruits.

As Doc Searls says, it’s time we set some clear ground rules now, so at the very least we don’t have anybody accidentally notified that we like Footloose.

Published: November 29th, 2007