Will Facebook Prompt a Privacy/Control Arms Race?
Posted by Bob Warfield on January 4, 2008
Scoblegate is what some have dubbed the recent tiff between Scoble and Facebook over his use of an automated “screen scraping” script to harvest his contacts on behalf of Plaxo. He was blocked for his efforts, and inevitably in the wake of the blogstorm that followed, unblocked. Many have opined over whether Scoble was right or wrong to do so, but that is a pointless argument. He was clearly wrong by the letter of the user agreement and policies Facebook publishes, and he has admitted as much. It’s a pointless argument not because there is a clear answer, but because the question is far bigger than the simple letter of the law. It’s a sensitive topic and a renewed PR storm that Facebook didn’t need.
Everyone has their own knee-jerk / quasi-commonsense way of looking at it. Michael Arrington and others say they want Facebook to protect their privacy by preventing this. What balderdash! Dawn of Girl-Inchoate waxes long on this one:
Facebook has created an environment where we only allow access to certain items that we want people to see. If I have let Scoble see my entire profile, meaning my education, my employment, my DOB, etc., and he takes any of that with him, to where ever he is taking it (and he could take it elsewhere), he is violating my right to privacy.
Not only does this affect the careful identity construction that I’ve done, but it also undermines my ability to only be a part of communities that I wish to take part in. He is porting my identity to sites unknown and using it in a way that I haven’t consented to.
What piffle. What did Dawn think she was granting Scoble the right to do when she not only friended him in Facebook book gave him access to the full profile and then further made sure the profile contained the very information she apparently doesn’t want passed on? What do these people think the Internet is made for and used for? Sharing? Collaboration? Hello?
So now these folks think they can give something away by friending and other means, but they want to keep strings attached and retain control. Folks, you gave up control when you typed all that stuff out and started friending every boy and his dog. Get used to it. It ain’t called a “Social Network” for nothing. Love it or leave it. Share or don’t, but you can’t expect to share and then keep those strings attached. Golly, this strings attached business sounds so much like the RIAA’s position on their bits when people get too happy-go-lucky about sharing.
Nick Carr, ever the clever contrarian to drive readership and reaction, says:
The act of “friending” on a social network site, it’s important to remember, is a fairly cavalier act, often undertaken with little thought.
Now, if you happen to be one of those “friends,” would you think of your name, email address, and birthday as being “Scoble’s data” or as being “my data.”
The implication is because it was easy to friend, we can’t be held accountable for having done so, and should retain ownership of that data. Really? Don’t we ever take personal responsibility in this modern world anymore? Did you really think being one of Scoble’s 5,000, and act you likely undertook more for personal gain that because you really were his friend (who has 5,000 “real” friends anyway) entitles you to take such a high and mighty position? Sorry Nick, I can’t agree. Get a flippin’ blind email and use that for such high public exercises if you really care about your privacy. Certainly don’t friend a blogospheric debutante who has 5,000 Facebook friends already and then hope you get personal treatment.
Where does it end if the web is to keep the strings attached? First Facebook was in a hard place, and I predicted their best way out was to promise open API’s were coming. Now the “Keep the Strings Attached” crowd will cry foul if that happens.
Paul Buchheit has pointed out amusingly than many many of those friends in Facebook got there because people encouraged Facebook to violate the use policies of other sites such as gmail. That’s rich irony. The pot calls the kettle black. And what happens to Facebook if all close ranks against it? Can they demand that any Social Graph information gleaned through such violation be deleted or that Facebook will face a lawsuit ala the heavy booted tactics of an RIAA? Wouldn’t that create a storm. What would you do if all those Social Graphs got deconstructed because they were obtained illicitly?
The means by which the Scoble/Plaxo script worked are not especially helpful to the data freedom fighter’s cause. To discourage this sort of thing, Facebook never shows a mail address as text. They’re bitmaps so you can’t screen scrape. Plaxo got clever and applied OCR to the problem. An elegant solution, but it sure sounds shady. But wait, Google is talking about OCR’ing everything in site and is even taking out patents on it! Is there going to be a great hue and cry over that? Surely there ought to be if only because Google is already too powerful and doesn’t deserve a patent on such an obvious idea.
The trend is clearly to make it ever easier to get this information. There is service after service dedicated to exactly this. In fact, Scott Karp has called it a “War”. I think of it more as an Arms Race. It is straightforward technologically to defeat the measures used by Facebook, as Plaxo has shown. Likely the only reason Scoble even got caught is because he has 5,000 friends and running the script triggered the Denial of Service defense bots at Facebook. Mere mortals with a couple of hundred friends would likely have gotten by with no detection. However, this is just a matter of subtlety. The reality is that Facebook shows the information in a browser, and a script run by the individual at the browser end can grab the info, and they can do so unobtrusively enough that Facebook will never stop them without annoying everyone far too much. What are they gonna do, show those email addresses as Captchas? So Plaxo guys, here are a few tips. Write your scripts so they grab a few names at a time, with random intervals between attempts, and are prepared to take up to a couple of months for someone like Robert Scoble’s 5,000 friends. Why be in a big hurry anyway?
The next leg up in the arms war will be the lawyers marching in. Facebook will sue that Plaxo can’t use the script because its inciting users to break their contract with Facebook or some such. Meanwhile, the PR just keeps getting worse.
The right answer is for Facebook to open up. They can do so with an option so the “strings attached” people prohibit access to their data. That can be built right into the API. Will this sink the good ship Facebook? No. If there isn’t some better network effect or benefit to keep people loyal to Facebook, they aren’t long for this world anyway.