
Scribd Facebook Instant Personalization Is a Privacy Nightmare - bcl
http://www.wired.com/epicenter/2010/09/scribd-facebook-instant-personalization/
======
randomwalker
Given Scribd's dodgy reputation (for example,
[http://blog.ericgoldman.org/personal/archives/2010/09/scribd...](http://blog.ericgoldman.org/personal/archives/2010/09/scribd_puts_my.html))
I was curious to see what they'd do with Instant Personalization which has a
high creepiness factor even on a good day. True to form, they didn't
disappoint.

I've been tracking the security/privacy problems with Instant Personalization
for a while; my recent post might be relevant:
[http://33bits.org/2010/09/28/instant-personalization-
privacy...](http://33bits.org/2010/09/28/instant-personalization-privacy-
flaws/)

I'm also curious to see how things will turn out when a whole bunch of YC
startups get Instant Personalization access, as YCRFS7 promises.

~~~
bkrausz
I think a lot of us realize the privacy concerns and are very carefully
weighing the cost/benefit tradeoff, especially from a user perspective.
Instant Personalization has a distinct air of "evil" about it, but it can be
very beneficial to users and a great experience in the right hands.

------
chime
Why do sites insist on default opt-out? Everyone here seems to be blaming
Facebook. Certainly, Instant Personalization is a Facebook tool that Scribd
used but the core of the matter is Scribd created yet another feature that is
opt-out.

I consider opt-out a special case of bait-and-switch. You offered X and I
signed up for X. Two months later you added Y and change my settings so now I
am signed up for X + Y. Since X != X + Y, I consider X + Y to be a new product
Z. I signed up for X, you switched me to Z. Bait-and-switch as far as I'm
concerned. Doesn't matter to me if Z = 99% of X. Z != X and the switch
happened without my prior consent.

I'm sure in the short-term numbers game, opt-out wins opt-in by far. Grab as
many eyeballs as you can in the cheapest way possible. In the long term,
people stop using your services. There's a reason I'll never use RealPlayer
even though the company has completely changed since the early 2000s. I just
don't trust them anymore. Same with Facebook. I just don't trust them with my
data. Same with Google Buzz. Even though I'm comfortable with Google managing
emails, I can no longer trust the Buzz team. Privacy loss doesn't have to
directly happen to me in order for me to feel violated.

~~~
patio11
_Since X != X + Y, I consider X + Y to be a new product Z. I signed up for X,
you switched me to Z._

This is absolutely unreasonable to apply _in general_ , because it would
devastate the pace of change for web applications, and it is actively harmful
to the users as well. You're going to be routinely asking them to make
decisions which a) they do not want to make b) they have no information to
make and c) they are incapable of making. It will merely confuse and annoy
them, and the best possible resolution is that they do what they do any time
people put up meaningless repetitive dialogs and click Next Next Next until
you stop asking such stupid questions as whether to format C:\ or not.

("Attention, non-technical elementary school teacher in central Kansas. You
signed up for Bingo Card Creator revision 1,550. Since you last logged in
yesterday, we have made 5 changes to the service. These are summarized as:
$INCOMPREHENSIBLE_COMMIT_NOTES. Do you want to consent to these changes, or
should we keep a Rails application stuck to r1550 spinning for you until the
end of time? Pretend this does not sound scary and that you understand that
sentence. It is not scary and you don't understand that sentence, but you have
no good way of knowing that.")

~~~
chime
I should have clarified what X and Y mean in this instance. They do not
correspond to individual software features but rather the set of expectations
that both parties have agreed to beforehand with regards to privacy, access,
security, and overall functionality. Every site has terms of use that
basically say "you agree to the condition that we can change anything anytime
and you cannot do anything about it." So as far as I am concerned as a user, X
stands for the entire site experience regardless of the terms or privacy
policy. I don't care that your 45 page document said you can add Y anytime. If
Y was not there when I signed up and it affects my security, privacy, or
accessibilty in a way that I value, you should tell me about it before you opt
me in.

Personally, you would be the last person I would think of as pulling such
shenanigans. Your work and words have shown that you care about your users
more than making some extra cents in the short-term. I can't say I feel the
same about others.

------
yoasif_
This is a huge reason that I do not use Facebook to login to any site --
pretty much every site that offers that functionality asks to be able to post
items for you (in your feed), to send emails, etc.

It seems like some site owners' dreams are to turn you into a bot for their
own promotional purposes, or to just use your voice as their personal
bullhorn.

I'll stick with registering to sites using a "plain" login (or OpenID, where
available) -- at least that way, I have a bit more control over the way my
online identity is used.

~~~
bonaldi
This is about instant personalisation, where you don't have to log in for any
of this stuff to happen.

It should be a huge reason to log out of Facebook after every visit (or not
use it at all), but 99% of users are never going to do that.

~~~
mikeknoop
It's actually easier than that. Just turn off Instant Personalization in your
Privacy Settings.

~~~
yoasif_
I guess it is good that I had done that too -- I assumed you actually had to
"connect" to Facebook because I visited the Scribd page as described in the
article, and I didn't see any fancy Facebook stuff happening (although I did
see my browser hit Facebook).

I had forgotten that I had turned off instant personalization (likely due to
some TC article or something). So this works without even logging into the
site? Jesus, it is worse than I thought!

------
pilif
This is the reason why I stopped using Facebook once instant personalization
and the embeddable like buttons were added.

The risk of unknowingly spamming people was too big for me and I just quit. I
don't even care as much about the privacy issues as I care about these
services doing things and post stuff in my name without any way to stop it or
even just indication that they are doing it

~~~
jacquesm
Same here. First I thought I was just going to have a bit of a time-out, but I
haven't been back and don't miss it one bit. The previous privacy flaps were
stuff to deal with, annoying but manageable, the 'like' buttons (incidentally
it was a fellow HN'ers name popping up on a third party website) did it for
me, end of FB.

------
steveklabnik
Sometimes I feel like I'm the only person in the world who actually likes
features like this.

As long as I'm given more relevant content, feel free to use my publicly
posted information.

~~~
pigbucket
> _As long as I'm given more relevant content, feel free to use my publicly
> posted information._

Doesn't that way of putting it, though, make it sound a bit like you are
actually making the decision to opt in?

~~~
steveklabnik
I'm opting in by posting anything on Facebook, yes. I assume that using the
service opts me in.

------
uptown
I suggest installing the FacebookBlocker extension:

<http://webgraph.com/resources/facebookblocker/>

------
aak
Whether we like it or not, Facebook is as much a part of the web ecosystem as
Google. Instead of trying to fight it, just embrace it.

~~~
jrockway
_Instead of trying to fight it, just embrace it._

Why? Facebook provides no value to me; if Facebook disappeared from the face
of the earth tomorrow, my life would change in absolutely no way.

No need to embrace it.

