I'm not being a smartass here: both of these issues concern me - to the point that I don't have a facebook account - but I'm not sure how to reconcile them in an internally consistent overarching critique.
The situation as it stands now:
* Facebook tries as hard as it can to make it impossible for a user to liberate their information from the system (either to ditch Facebook for a new system, or to run both in parallel).
* Facebook constantly has bugs/oversights/intentional misrepresentations that allow 3rd parties to get access to user information that the user though they had ultimate control over. This information obvious isn't a click-button interface to access, but the people trying to harvest that type of information are more technical (or will just hire more technical people) than the majority Facebook's user-base.
The ultimate goal is give the user control and meet user expectations:
* When a user says, "Hide my email from everyone but my friends," they don't want there to be some way for a 3rd party or a friend of a friend to url-hack their way to that information (even if they don't know what url-hacking even means; don't prey on user ignorance, and claim that you're ethical).
* The user does want the ability to export the information that they have in the system. Don't hide behind some excuse like, "You can't export all of your friends' contact information because that information belongs to your friends." As long as your friends have given you access to see it, then you have access to that information. It's not a privacy violation if you allow a user to export data that they have read-access to. If your friend revokes access to their (e.g.) email address down the road, that doesn't mean that you still don't know what it is. You could have manually entered it into Gmail, or your physical address book. An export feature is just an automation of this process, not a privacy violation.
That applies more to email addresses than photos.
Of course, you can persuasively argue that users want their friends to have the right to save their contact information but not necessarily their photos (after all, contact information is worthless if you can't save it).
For what it's worth, my vote would be a simple system, like oAuth, that would send access and identity data in the HTTP header along with a request. This wouldn't break existing web patterns, or require vast amounts of new development, but would add a little extra identity-centric context. It could be sent from the browser itself, I suppose, but I see it being added as a layer from feed reader style apps.
I wrote a summary of the idea down a while back: http://benwerd.com/2010/03/activity-streams-and-oauth-a-soci... There are lots of possible solutions, but this is one.
People controlling their own profile and how it's used, but keeping it openly and universally accessible.
It already works in all browsers too... though it's a little ugly and the user experience should be improved a hell of a lot.
(Is FOAF actually still used anywhere?)
"FOAF+SSL is a secure authentication protocol that enables the building of distributed, open and secure social networks: the Social Web. We are just in the process of starting the formal standardisation process."
Good point - criticism of Facebook is confused and needs to become more focused. The "closed silo of content" point is key and the "lack of privacy" point is ultimately a canard. It's not one shouldn't have privacy but that Facebook promises an impossible kind of "privacy" akin to personal DRM, impossible like personal DRM, and serving merely as a excuse for Facebook's enhanced control and increasing it's "silo". See Facebook's ridiculous reply to Google on email addresses - as if someone giving you their email address via Facebook could reasonably expect to revoke that gift at a later point("DRM-like"/impossible).
The short story of Facebook privacy is that you shouldn't post anything that could get fired etc, using your real name, whether it's on your Facebook page or elsewhere.
Technically they have some resemblance, but in human usage they are practically opposites.
I somehow don't think that, "this information requires a login," is the death of the web.
There is a deep structural opposition between the internet and the corporate/commercial model of the last 200 years since the industrial revolution. With the internet, the essence is connection: in all shapes and directions. With the corporation, the essence is centralisation: broadcast product one way, concentrate money the other way.
The 'conical' structure of the corporation can exist in the network structure of the internet, but the more cone-like it is, the less network-like it is.
From what I've seen, todays corporations should act more like a network and less like a monolithic entity. I've been inside one Fortune 500 company that tried to set top-down standards for software development. (All ye shall use this messaging, that database, this webserver, that programming language.) Everyone knew it was a joke and ignored it until it went away. I've been inside another corporation where the corporation merely mandated standards for sharing data between systems. As a result, the dynamic changed from everyone protecting their turf, to everyone trying to be as useful to as many others as possible.
"The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site."
"You can access a Web page about a list of people you have created in one site, but you cannot send that list, or items from it, to another site."
"The isolation occurs because each piece of information does not have a URI"
Except for email addresses of friends, a third-party site can access as much of a user's Facebook data as the user wants to make available. Statements to the contrary are common, but false.
There's that completely disingenuous argument that my contacts' privacy would somehow be violated if I could export my address book. But it was me who they entrusted with their contact info. If someone shares a phone number with me, it's for me to decide what to do with it, not for the phone company or the handset maker, so why is Facebook keeping my address book hostage?
In fact, a great time to start new companies shooting for the social graph. Facebook executes fantastically, but they'll stumble.
The headline reads like "Horse-carriage threatening the future of transportation".
Facebook is merely the latest evolutionary milestone, and it's crackling already.
There was once a time when AOL and compuserve defined what Joe Sixpack would have called "the internet" when asked.
It shattered and we entered the era of portals (yahoo, lycos), whose dominance, again, faded when the first worthwhile search engines came around.
Today we're just seeing the latest cycle in this pattern, the new concept now being the social graph. And just like before it's at first being beta-tested and refined in a small number of closed silos (facebook, twitter), simply because implementation, experimentation and monetization are so much easier in a closed ecosystem.
Now that the concepts have matured it's a matter of time before the good parts break out into distributed protocols and services, which will incrementally erode the monoliths.
Internet evolution at work, nothing to see here, please move along.
I wonder this will apply to Facebook too. Perhaps when they're secure enough to not worry if Google simply sucks out all their data, the benefits of being the central but open resource will outweigh the benefits of being a one way valve.
This has been pretty much every ecommerce site since the 90s. I didn't hear anyone clamoring that pets.com, drugstore.com or 1800flowers.com was going to threaten the future of the web. There's more to it than just that "data is siloed" issue. Most ecommerce sites don't have a network effect built-in - they deliver value to me regardless of how many other people use them.
There's the threat of inertia - people won't re-enter their information in to new systems as those systems are introduced. That's certainly a concern, but I really don't see it as a threat. AOL was king for years, and people were scared of them. Then MySpace. Now Facebook. I suspect as people grow up, the focus may move to something that's not yet developed. Certainly the game is Facebook's to lose right now, but I don't think they'll hold on forever.
Granted, I think Tim's point is not specifically facebook but the walled/siloed data sites in general. I also don't think those will ever go away.
This is the big one for me and should also include mobile providers. For the web to promote real innovation and be truly "democratic", this mafia must be dismantled.
I can see a provider provide, say, special content only to users of their network - but that's a completely different story.
If the value of the web is increasing faster than the value of Facebook, I think the web will survive... unless FB is deliberately trying to destroy the web, of course.
You CAN have privacy and distributed.