Facebook's all-or-nothing default privacy model
written on Sunday, July 3, 2011
A couple days ago I threw together a quick script to download all my Facebook photos and store them on my local machine. (I wrote about it here) Today I realized that the same script would probably allow me to download all the photos from any random friend, as long as I changed the username I was searching from mine to whomever's. I tested it out on a few folks, and it worked.
No big surprise, of course. And honestly, it's not a big deal once you think about it, right? I mean, I can see all the photos when I log in via the web, and click on that person's photos. I can right-click and "Save As..." the same photos. So from a technical perspective, it's not really some huge leap that if I have API access to my photos, I'd also have API access to my friends' photos.
However, from the perspective of someone who doesn't understand APIs or how the web works in general, this is really creepy. Think about it: Facebook has an all-or-nothing default privacy model. When you add a new person to your "Friends" list, by default they can see everything in your profile. It doesn't matter whether this person is a new co-worker, your best friend or a person you haven't seen since high school graduation 15 years ago. By default, they have access to all your information, and that's how Facebook wants it.
Really, for most people this isn't an issue, until you tell a new female co-worker or high school chum you've not seen since the mid-90s you just downloaded all their pictures and are storing them on your machine. Eyebrows go up. That's creepy as hell. Not only that, it is simply counterintuitive that people you wouldn't invite to a birthday party can download an arbitrary amount of your Facebook user data by default. It's also a crappy way to run a social network.
This is something I feel like Google+ has really knocked out of the park. Users are required to deal with privacy from the get go, cleverly disguised as cute "+1" animations and Circles. People want privacy, contrary to Zuckerberg's "privacy isn't a social norm anymore" doctrine. When you've got a practical monopoly on the social networking space, it's easy to say that what users do with your service is the "social norm." It seems that Google is setting out to challenge that quasi-monopoly on the privacy front. G+'s greatest challenge will be convincing people they want more privacy.
Edit: Arvind Narayanan actually spelt out much more eloquently than I did the point I was getting at. Do yourself a favor and read his much more in-depth analysis.