Hacker News new | past | comments | ask | show | jobs | submit login
Searching Facebook drives home the privacy degradation problem (willmoffat.github.com)
47 points by rictic on May 13, 2010 | hide | past | favorite | 35 comments

Unless we assume that these people are completely ignorant of the public nature of their status updates, then this isn't a privacy violation. Is the argument that Facebook defaults to public and makes it confusing to change settings?

Unless we assume that these people are completely ignorant of the public nature of their status updates, then this isn't a privacy violation.

But that's exactly the point. Normal's don't get it.

Behavioral Economics studies show that when something is made a default, about 90-95% of people will keep that default. So, when something is made "Opt out" by default vs "Opt in", the vast majority of people won't bother to change things.

So, when Facebook changes this behavior, you can assume that going forward 90-95% of their content is going to go public.

Most normals that use Facebook aren't going to care until it starts biting them in the ass. While, many geeks instinctively understand the huge implications of everyone's status updates being made public.

Granted, you may not care, and I certainly respect that. But, at the same time, I have a hunch that many Normals, if they truly understood the full ramifications of what may happen might substantially change their behavior, or choose not to use Facebook at all.

Another issue, is this: Does making users Facebook posts public by default benefit the users? I think it benefits Facebook tremendously, but I'm doubtful how many users it's going to benefit to have their "rectal surgery" posts made public.

The opt-in/opt-out example I've seen the most is 401k contributions. If people have to opt-out of automatically putting part of their paycheck into their 401k, more people make contributions. The idea isn't that people are being tricked into it, although some people probably didn't read carefully enough and don't notice the part of their paycheck missing. The idea is that people are less likely to change from defaults in general. Most people know they should save, so actively saying "No, I don't want to save" by checking an opt-out box feels worse then leaving an opt-in box blank.

I don't think most people are mistakenly sharing things with more people than they intended on Facebook. When they made the privacy changes and presented everyone with the dialog that let you set all of your privacy settings, 35% of users picked something other than the defaults[1]. It was pretty clear what was going on. For a refresher, here's a video that walks through what the transition actually looked like: http://www.allfacebook.com/2009/12/how-to-use-facebooks-new-...

The only thing Facebook handled poorly in terms of privacy was Instant Personalization. It was... instant. Yelp/Pandora/Docs have my Facebook data linked with my account from the moment I visit the site, which may not be what I want. (I actually like it on Pandora and Yelp. I don't use Docs.) To make matters worse, it's annoyingly difficult to opt out of Instant Personalization altogether. I think this is what offended people the most, then the firestorm made people bring up peripheral non-issues that piled on and made the PR disaster worse. Beacon redux.

[1] http://www.readwriteweb.com/archives/facebook_brags_35_adjus...

So how do you find out whether they're ignorant of that? A good way is to search for things that people probably didn't mean to reveal publicly.

If a large number of people don't know what they're doing, that's a UI design fail. It doesn't matter whether they should have known.

(I suspect Twitter has the same problem. People should know it's completely public, but I suspect many don't.)

When I talk to people about it, there seems to be a general apathy around the privacy aspects. Most are of the opinion "why would someone other than my friends be interested in me and what I did on Saturday night?". I think the first wake-up call comes when their parents join facebook. Otherwise it's being turned down for a job without knowing why, getting fired for bragging about throwing a sickie, being harassed/stalked etc...

Im about to move out with my girlfriend, and my realtor checked my background with Facebook. I only knew about this because that guy turned out to have gone to high school with my boss, and my boss told me.

Even though im a programmer, the only thing i do in facebook is add friends, it already affected me to just have an account there. The effect was neutral to good..this time.

I'm fiddling with a FB privacy thing. Would you mind if I used this example as an anti-testimonial?

Edited as follows: " [M]y realtor checked my background with Facebook. I only knew about this because [he] turned out to have gone to high school with my boss, and my boss told me.

[T]he only thing i do in [F]acebook is add friends[.] [I]t already affected me to just have an account there. "

OK to attribute, or no?

Initially Facebook was private by default. It's only recently that it's changed to 'default public'. Lots of people are using a public thing, when it used to be private. It's the change that's the most important thing.

edit: double post

I doubt people would say things like they want to beat up their "stupid" "c*nt" boss (to quote one update I saw on the site) if they knew these statuses were public....

I cobbled this together last night. It's very ugly but shows what get's leaked: http://www.rabidgremlin.com/fbprivacy/

Hey, I was thinking of doing something like this. If you're interested in collaborating, let me know.

Inspired by http://news.ycombinator.com/item?id=1341236 (Why in the world does Facebook let me do this?)

Interestingly, most of the results of "playing hooky" are females. If I were a psychologist, I'd be thrilled about Facebook's idiotic privacy breeches.

I noticed that too. I don't think it's necessarily a sign that females are more likely to shirk responsibility. Maybe just that guys are less likely to call it "playing hooky".

Twitter has it too: http://search.twitter.com/search?q=%22playing+hooky%22

I wrote a paper in grad school about people leaking info on twitter unwittingly, and finding it using queries like these. http://varenhor.st/papers/tweetshow.pdf

It's important to note that no one can 'stalk' you using this feature if they aren't your friend - you can't search by name, only content. Unless there is personally identifiable information about the person in the post itself (e.g. "I'm John Doe and I hate my boss Bob Smith") the odds are you'll never be able to find information about the person you are looking for. If you search for "rectal exam" (http://willmoffat.github.com/FacebookSearch/?q=rectal%20exam) and you happen to know Groten Nils, well, that's pretty embarrassing.


I know it's trendy to hate FB right now but don't underestimate the ignorance factor in all of this.

True, but also consider how those two sites evolved. When I post a tweet, I know that it is essentially the same as me taking out an ad in the paper or shouting it at people in the pub. I'm fairly careful with regards to what I post. When I started using Facebook, it was very much about communicating with the group of people you have approved as friends. Over time it has transformed into something much more public, I believe without the bulk of the userbase realising.

A big difference is that from the start Twitter was public whereas Facebook was private. Then Facebook changed it to my public by default. Since most people don't change from the default, people are using service (Facebook) that they thought was private, but is now actually public. It's the change from 'default private' to 'default public' that's the biggest thing.

Good point...it's not clear that any of those posts were really meant to be private

The same tool is available on Facebook itself. Type a query in the bar at the top of the page, click on More Results, choose Posts by Everyone from the filter on the left.

Exactly! I was going to say these folks better expect a buyout offer for their amazing real-time search tool until I realized that what it offers has been available on Facebook itself for a while, and nobody cares. I don't mean nobody cares that people's posts are public. I mean, nobody cares to search people's posts because doing so is NOT USEFUL.

Ironic how it appears that the catalyst for what people are calling Facebook's privacy violation was the tech media's echo chamber screaming "real-time search." Yes, take the current over-hyped BS (Twitter), combine it with yesterday's insanely successful business (Google), and that is the direction things must go in. And Facebook would be wise to get on board with the inevitable or risk loosing everything. But if they overdo it and sneakily encourage their users to act like attention hungry Twitter users (aka journalists), then they risk loosing everything via a backlash from violated users. Oh, and we're still waiting for either them or Twitter or Google to make bazillions with real-time search because won't that just be so amazing.

...right. I suppose that dismissing this concept now could be a bit premature, but, come on. It's been around for a while and has gone nowhere. Maybe when Facebook realizes that there's no money in this real-time search nonsense, they'll default everyone back to private. Of course, then the story will be that they rudely interrupted their attention hungry users' abilities to act like exhibitionists. And that is why Twitter will always have an edge.

Point taken, but what's with the collateral damage? Search for something that's not going to ruin people's lives. FB has a problem. You outing these people on the web isn't helping anything.

If you wanted to be classy, you'd leave out the names and/or put rectangles over their eyes. As it is now, you're at least as much an asshole as Zuckerberg.

That seems rather over the top. I can't really see this ruining anybody's life. It isn't letting me search for specific peoples comments. I don't know any of these people, nor am I likely to meet them.

This website reminds me of being outside, with people, and hearing little snippets of conversations from strangers. Nobody goes to a park and then complains the council that strangers where able to hear their conversations.

Hmmm, I hope this doesn't sound facetious. I feel like I'm missing the point with the facebook privacy hype. There are so many reactions that seem totally strange from my perspective that I feel like I've got something wrong.

The way it sits in my mind is: Facebook is a service provided for free. I've given facebook some information about myself so that it can be displayed to people who are interested. My friends do the same and so we can communicate and share things such as photos. Some people start to get angry at the fact facebook doesn't do what they want, namely provide this service in a private manner.

I have yet to see anyone personally upset by this. Mostly people seem to disagree with the principle, and go and get angry on behalf of others.

I think that Facebook has failed in two clear ways.

They do not do a good job of indicating how public an action will be. This is true across the internet, but it's a real problem on Facebook due to the strong ties to your real identity there.

They change the rules far too often. If you had a very strong grasp of Facebook's privacy policy two years ago (or even six months ago) that information would be worse than useless today.

Edit: The brunt of the matter however is this: if a few people are using your system wrong, it's their problem. If a large percentage of your users are getting it wrong, it's your problem.

Thanks, that makes sense. When you add to that the internet's characteristic does of indignant shouting about anything and everything, than I can start to see why these reactions are coming up. My grasp of facebook privacy has always been pretty simple: anyone can see anything I do, except one on one messages. I know this is /way/ over simplistic, but it would explain why I don't feel scandalized that other people can see my wall.

We briefly added these measures, but after thinking it over we've decided to disable them.

From a technical standpoint they're a fig leaf. This isn't a complex server-side app, it's a minimal UI on top of the JSON results Facebook returns for these searches: http://graph.facebook.com/search?q=control+urges&type=po... . This is frankly the least scary use of this data. For example, it would be trivial to start crawling this data and building your own indices to enable far more invasive searches.

Our goal is to draw attention to this so that people become outraged and Facebook changes their privacy settings. The security community has been having this conversation for a while (more info: http://en.wikipedia.org/wiki/Full_disclosure ) and the only reason not to disclose a security or privacy problem is to give the company involved time and resources to fix the system.

This is not the case here. Facebook made this privacy-affecting change quite deliberately, and I think it's clear that they did so with full knowledge of the implications. If there is not an outcry, this will not be fixed. Right now, from Facebook's perspective, the system is working as intended. The longer it stays this way the worse the privacy breach becomes.

Our goal is to draw attention to this so that people become outraged and Facebook changes their privacy settings.

Your link to your project is the most fascinating thread I have seen on HN since the thread about how HN was hacked, one of the all-time top karma submissions. But, amazingly, after playing around with your tool for about half the three hours that have elapsed since you posted it, I'm LESS worried about Facebook than I was before. Pretty much since I joined Facebook I have been posting links (including yours today) to my profile about Facebook privacy. Among my circle of Facebook friends, it is cool to have carefully considered privacy settings, and to be circumspect in what to post online. I have good conversations about interesting links on my profile and on my feed (much like HN), and didn't turn up ANYTHING by searching on my own name, my son's name, keywords strongly associated with my friends' interests, or anything else likely to turn up something we wrote out of turn. Now I'm actually beginning to trust Facebook privacy settings again--at least for smart users--after using your tool and the new Give Me My Data app


to see what can be seen about me on Facebook.

Great work to make such an interesting tool. And, yes, putting the "rectal surgery" example on your webpage is funny and gets the point across very well.

Here's an example of the fig leaf in action: http://willmoffat.github.com/FacebookSearch/?q=HIV%20test...

We decided the redactions reduce the impact without actually offering any privacy at all. (That's up to Facebook and the users).

"Full disclosure" is a discussion about the ethics of publishing an exploit. Publishing exploits is customarily done in a descriptive manner -- I've never seen it done by publicly sharing the spoils of using that exploit.

Did you try publicizing it without the full identifying data available and measuring the response? Did you consider a strategy of escalating outrageousness, instead of going straight for this course of action?

What about automatically contacting the affected users first, and attempt to rouse them to action?

I'm sorry to be so harsh in a public forum, but when someone takes it upon himself to say that the affected lives are going to suffer for a good cause, then he'd better accompany the resulting campaign with a very thorough -- and thoroughly-vetted -- piece of argument explaining exactly why the ethical balance is in his favor. Two guys deciding they'd get more pageviews by going with plan A, and leaving the moral debate for blog commenters after the fact is not a thorough vetting.

There were already numerous forces at play which could potentially result in FB getting things straight. Your app won't have accomplished anything that wouldn't otherwise have been accomplished, except perhaps to cause a few more people to suffer.

> What about automatically contacting the affected users first, and attempt to rouse them to action?

You mean contacting 98% of facebook's users?!?

Let me put it another way: we all have a problem right now that we're trying to solve, which is that FB is screwing people. Your clever idea is screwing them worse, with no foreseeable gain for ethics either now or long-term that another demonstration couldn't provide.

If you really care about the problem, deactivate your project and come up with something more clever that also takes the moral high ground.

This argument just doesn't make sense. Its trivial to make this search, the OP just put a nice wrapper around it. There are two possible choices he could have made:

Something shocking, like "playing hooky", that could get people in trouble. In this case, people will get in trouble, because someone will find out they were playing hooky and report them. However, because people are directly being effected, a shit-storm will be caused, and people will accept that this is a problem faster.

On the other hand, the examples could have been something trivial, such as "Weight". It may get people annoyed about it, but no one is going to lose their job. And since they won't lose their job, they won't be pissed, and Facebook can drag their feet.

The best part is, anyone with malicious intent could make these searches on their own. Exposing it to the public just forces someone to take action.

To someone with the proper technical skills, it's trivial as you say. But until you do something like what these guys have done, it's dishonest (or geek-myopic) to say that it was trivially available before. When you package it up like this to inject into a receptive media channel, you make it "available" to an audience that would not have had access to this information before.

The rhetorical impact of choosing "playing hooky" over "weight" is obvious, and not the problem here. The problem is that someone whose main motivation was obviously geek cred and not solving a problem went straight for a collateral-damage campaign instead of one of the many other options available. Fixing the Facebook privacy policy is not worth endangering the livelihood of even one of these people.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact