Recently there has been a lot of criticism of Facebook for changing its
muddling through a policy/terms of service change without talking to its
users, I do have an issue with people giving them all the blame for
revealing private information.
I'm in the middle of listening to This Week in Tech episode
250 and the show's host, Leo Laporte, said the following:
"Facebook made a promise to me we will keep it private unless you
say otherwise. You tell us who you want to share with. That was the promise
and I feel it's like a friend that I went and I told something secret to and
then he blabbed it and they said, oh my bad. So I go back and said, okay, I
understand you made a mistake. He blabs it again."
"To be honest, I feel like this is a bad girlfriend who three
times now has revealed stuff that I said this is secret and I am not going to
give her a fourth chance. I just don't think it's right."
Since when was Facebook your friend, girlfriend or confidant? Why are you
telling it information you want to keep private? Sure, it promised to not
reveal any of it, but why did you expect it to keep its promises? If you
stopped a stranger on the street and showed them a picture of you drunk or
told them that you hated your boss, would you expect them to keep it private?
What if they promised you? Would that make any difference?
This is not something solely related to Facebook. Every site on the net is the
same to a greater or lesser extent. If you put private information on the
internet then it's not private any more, no matter how many "guarantees"
you're given. For your information to remain private you have to assume that
at least all the following are true:
- The company that owns the website/social network/mail server/whatever is
honest and wants to keep your information private.
- The company will never be taken over by another company who will be less
- All of the employees of the company who have (now or in the future) access
to your information will be honest (even if bribed or blackmailed).
- The employees are so technically competent that they will never accidentally
leak your information to anybody.
- The technology used is so sophisticated that no-one can gain unauthorized
access to your stuff.
- The people running your ISP (or your employer) and the ISP of the company
you're giving the information to all fulfill the same criteria as the
That's an awful lot of things to assume, and I don't think there's any person
or company on the internet who could honestly make those guarantees, even if
they really want to. No matter how small and trivial the online service,
there are so many people involved in making it happen that some of them will
be dishonest. Some of them will be incompetent. Some of them will be bribed
or tricked into giving away your information. Some part of the system will
have a security flaw that gets exploited. One way or another, the information
you give to an online service will end up under the control of someone you
don't trust sooner or later.
So how do we solve this problem? As far as I'm concerned, the only approach is
to treat every internet service like you would a stranger. Sure, you might
strike up a conversation with someone in a bar or at a conference or on a
train, and sure, you might tell them personal information, but you're never
going to tell them something you wouldn't tell absolutely any other person on
the planet, right? Just don't put anything on the net that you're not willing
to write on a piece of paper, sign and hand to a stranger. Yes, this restricts
the usefulness of the web and, in particular social networks, but remember:
The internet is not your friend, so don't tell it anything you want to keep