Just when it seemed that Facebook's privacy tumult was quieting down, more fuel was added to the fire this week.
Ten privacy advocate groups penned an open letter to Facebook CEO Mark Zuckerberg on Wednesday, asking him to make changes to the highly popular social networking site that will give users more control over their own data. The groups behind the letter include the Center for Democracy and Technology, the Electronic Frontier Foundation and the Center for Digital Democracy.
"'Privacy' and 'social' go hand in hand: Users are much more social with people they know and choose, and much less social when their actions and beliefs and connections are disclosed without their control or consent," wrote the advocates. "We are committed to continuing this dialogue with you and ensuring that users can continue to be both social and private on Facebook. We hope you continue to engage with us and your users to make Facebook a trusted place for both public and private sharing."
Andrew Noyes, a Facebook spokesman, said the company is listening to privacy concerns and taking them seriously.
"We plan to continue to make control easy and effective for all the people who use our service and will continue to engage these groups and others in a constructive dialogue about these important issues," Noyes wrote in an e-mail to Computerworld. "Users rely on us to protect their data and enforce the privacy decisions they make on Facebook. We take this trust seriously and work aggressively to protect it."
The distribution of the letter comes after a bit of calm that followed months of user outrage that the social networking site was playing fast and loose with user information.
This spring, Facebook was hit with increasing criticism from privacy advocates and users after the website unveiled a bevy of tools that allowed user data to be easily shared with other websites. That move caused an uprising among users and even prompted a handful of US senators to call on Facebook to amend its privacy policies.
To quell the uproar, Facebook last month unveiled new, simplified privacy controls. The new tools were aimed at making it faster and less complicated for users to tighten their privacy settings.
However, the advocacy groups that signed the open letter don't say that's not enough.
- Fix the so called app-gap, which means that users should be able to decide which applications can access their personal information. Noyes said Facebook had already announced that it's working to build a new data permission model, which should be unveiled in "the coming week." He also noted that as part of the site's new simplified tools, a simple way was added for people to turn off Platform applications and access for other websites.
- Make "instant personalisation", which exports user information to third-party websites, opt-in by default. According to Noyes, Facebook's instant personalisation program is "misunderstood." Third-party partner sites can only access public data, and Facebook has made it easier to turn off the instant personalisation program all together.
- Don't keep data about user visits to third-party sites that use social plug-ins, such as the "like" button. Facebook stores the data for no more than 30 days and does not use it for ad targeting or to sell to third parties, according to Noyes.
- Give users control over every piece of their data, including name and profile picture. According to Noyes, as part of the changes the site announced last month, Facebook reduced the amount of user information that must be available to everyone. It also allowed users to restrict visibility of their friend lists and to pages they "like." "It has been our experience that people have a more meaningful experience on Facebook when they share some information about themselves," wrote Noyes. "That way, they can find friends and friends can find them, which is the reason most people come to Facebook."
- Protect Facebook users from other threats by using an HTTPS connection for all interactions by default. Noyes said Facebook is testing SSL access and plans to provide it as an option in the coming months.
- Provide users with simple exporting tools so unhappy users can easily move their information to another social network. "Facebook imposes no restrictions on users that prevent them from exporting the content that they have posted themselves on Facebook," Noyes wrote.
"We have open APIs that permit applications to export this information, he said. "However, we don't allow exporting of content that is created by others because it doesn't respect the decisions users make on Facebook about how to share their data."
Ezra Gottheil, an analyst with Technology Business Research, said he's not surprised that the privacy issue has raised its head again.
"The advocacy groups will not give up," he noted. "I think Facebook could make a more effective response by working harder to educate users and change recommended settings, which would defuse the advocacy groups. I don't think the company will do much more, however."
Rounding out the list of groups signing the open letter are the ACLU of Northern California, Consumer Action, Consumer Watchdog, Electronic Privacy Information Center, PrivacyActivism, Privacy Lives and Privacy Rights Clearinghouse.