Patrick “P. J.” McDermott

Software and hardware hacker and advocate for software and cultural freedom.

On Facebook, Google+, and Ethical Social Networking

TO COME: An introduction and a section on Google+.

The Ethics of Facebook

Facebook shares their users' personal information with third parties. They use mere Web site design changes as an excuse to revert users' privacy settings to unsafe defaults. Their social platform has huge security holes that allow personal information to be leaked. One such hole made some users' private chats accessible to all of their contacts. Facebook also exposes users to malware and identity theft. [1] They make it easy for application developers to collect personal information. [2] The Wall Street Journal found that these application developers collect this personal information, link it with other information, and sell it to others. [3]

In general, Facebook has always operated on an opt-out basis. In some cases, you can actually disable third-party access to your information. But you must always be on the lookout for new "features" or changes to privacy settings. Facebook always changes the way it collects information, and it catches many people unaware. But it's impossible to opt out of things you don't even know about. Recently, Facebook added a feature they call "tag suggestions". If you have photos on your profile, Facebook can pick out people's faces and suggest names for them. This may sound useful, but it's the tip of an almost nightmarish ethics iceberg in information systems. Facebook uses facial recognition software to make this work; they scan already-tagged photos and record distinguishing facial features and then find photos with similar faces and give them names. They maintain a database of people's facial features. They never notified anyone about this database. They never asked users if they could record this information. Instead, of course, they made it an opt-out feature; you have to explicitly disable this hidden feature to keep your facial information out of the database. This new feature has even sparked an investigation by the European Union. [4][5] But just imagine what Facebook could do with this information (and consider their track record with personal information). I suspect they may soon start selling facial data to other companies, law enforcement agencies, and oppressive governments (I've heard that the U.K. once used video camera footage to locate and arrest protesters, so imagine what they could do with facial data).

Basically, Facebook is a business. And you are not their customer. You are their product. They are, in fact, selling their products to advertisers. That is, they use a person's face (without getting permission and without paying anything) to advertise things to that person's friends. Claim to like something, and you've given a product endorsement at a price advertising agencies would love. [6]

And they also seem to like selling out their users to governments and limiting what their users can read and say. After their recent collaboration with Chinese partners, the Facebook platform was allowed into China under political censorship. At the time, Facebook lobbyist Adam Conner remarked, "we're allowing too much, maybe, free speech". [7][8] The Associated Press reported last month that Facebook sold out hundreds of peaceful pro-Palestinian activists who had been organizing events through the social platform. Facebook allowed governments to track its users' activities. As a result, more than 300 peaceful activists were added to airline terrorism watch lists and denied the right to leave their countries. International air travel was disrupted as planes from Geneva and Italy were diverted for security inspections. 310 people were detained after landing in Israel on their way to stand with Palestinians in a peaceful mission of solidarity and fact-finding. [9][10] Imagine what might have happened if Facebook (and widespread publicly-accessible computer networks for that matter) existed during the civil rights movement. Would there be racial equality in the United States today? Or would peaceful protesters organizing events have been sold out and arrested before they could even meet?

But it seems you don't even have to use Facebook to get tracked by Facebook. Everyone who sees a "Like" button somewhere on the Web (as I'm sure you have) can be tracked. Facebook has the ability to map out the browsing behavior of a massive number (a number that grows by tens of millions each month) of Web users, even those who don't use Facebook. [11] Again, imagine what they could do with such vast amounts of information.

Things like these gaping holes in privacy, devious information collection practices, abuse of users, censorship, and tracking inspired Matt Lee, campaigns manager, and John Sullivan, executive director, of the Free Software Foundation to write about Facebook's poor track record with privacy and create rather amusing "Dislike" and "not f'd" buttons. [12]

Ethical Social Networking

TODO: Move characteristic four into a note somewhere, as it is rare for a service provider to attempt to claim copyright on user-submitted works. Also, refer to the Franklin Street Statement.

But social networking is not inherently evil. You can connect with old friends and discover new ones without sacrificing privacy, security, autonomy, and freedom. You just have to be careful about the platforms you use. I've identified four basic characteristics that a social networking platform must have for it to be an ethical one that doesn't abuse its users. The first two characteristics are universal; all viable platforms, whether running on your own computer or hosted by a service provider, must have these. The last two apply only if you choose to use a platform that is run by someone else as a service.

  1. Software freedom. You must be free to use the software that powers the social networking platform on your own computer without restrictions. You must be free to inspect the software and modify it. You must be free to share the software with others, with or without modifications. With these freedoms, you have full control over your social networking and you can decide who has access to which personal information. Without these freedoms, only the developer can decide what the software does, and you may not even be allowed to know what it does to you.
  2. Federation. You must be able to run the software on your own computer and still be able to communicate with other people using other copies of the software. If the software has protocols for communication between users across multiple installations, then the software is federated. For example, e-mail is federated; you can run your own mail server and still send mail to other people who use other servers. This is because all standards-compliant mail servers speak the same protocol.
  3. Privacy. If you choose to use a social networking service run by someone else, the service must offer a clear and agreeable privacy policy to which the service provider must strictly adhere. The service provider must not be allowed to give your personal information to third parties without your consent (unless required by law) or use your information in ways that threaten your privacy and autonomy.
  4. No claims of copyright. The service provider must agree that your personal information is yours, not theirs. There must not be any claims of copyright on the information you provide. The provider may, however, require you to license such information to them and/or to others for it to be published on the service; in this case, you should make sure you agree with the license terms before using the service.

Let's look at some social networking platforms and see how they adhere to these criteria. We'll start with Facebook. Facebook fails criterion one; you cannot run, inspect, modify, or share the software that powers Facebook. This means it also fails criterion two; it is inherently not federated because you cannot run it on your own computer. Since Facebook is not federated and you're stuck with the hosted service, criteria three and four apply. Facebook has a terrible track record with privacy and therefore fails criterion three. According to their terms of service, you retain copyright on your information and give Facebook "a non-exclusive, transferable, sub-licensable, royalty-free, worldwide license to use" your information. [13] This is standard licensing language that allows Facebook to publish information you submit, and with these terms Facebook seems to pass criterion four. (I've heard that Facebook claims or used to claim copyright on your information, but seeing these terms of service I'll give Facebook the benefit of the doubt here.) Facebook fails three out of the four criteria, and we can conclude that Facebook is an unethical social networking platform.

Next we'll evaluate Twitter. Again, it fails criterion one since you cannot run, inspect, modify, or share the software. And again it fails criterion two since you cannot run the software on your own computer. Twitter has a clear privacy policy that describes what information is made public, what information you may optionally provide, what information is collected in logs, and what information is to be kept private except under certain circumstances. [14] I don't know of any occasion on which Twitter has failed to adhere to this policy, so if you agree with this policy then Twitter passes criterion three. Twitter's terms of service explicitly leave you with the rights to your information, but you must agree to grant Twitter "a worldwide, non-exclusive, royalty-free license (with the right to sublicense) to use, copy, reproduce, process, adapt, modify, publish, transmit, display and distribute [your information] in any and all media or distribution methods (now known or later developed)". [15] Again this is standard licensing language that allows Twitter to publish the information you post, and I conclude that with these terms Twitter passes the fourth criterion. In summary, Twitter passes two out of the four criteria; it's not completely ethical since it leaves you without important freedoms and at the mercy of a single centralized provider, but it seems it's not as bad as Facebook is in terms of privacy.

Next up is Identi.ca. Identi.ca is an instance of StatusNet, a free software microblogging platform that is similar in function to Twitter. StatusNet is licensed under the GNU Affero General Public License, which requires that all users, including those who use the software over a network, have all of the necessary freedoms with the software. With this license, StatusNet, and therefore Identi.ca, pass criterion one beautifully. StatusNet implements the OStatus protocol, which allows users of other installations of StatusNet (or even other software such as GNU Social) to communicate seamlessly. With this, StatusNet and GNU Social (and instances of the software such as Identi.ca) are federated and pass criterion two. If you choose to use Identi.ca instead of running StatusNet or GNU Social on your own computer, then criteria three and four apply. Identi.ca has a very clear privacy policy that describes what information is made public, what information remains private, and how information may be used by Identi.ca, by users, and by other instances of StatusNet and GNU Social. [16] With this, Identi.ca passes criterion three. Identi.ca's terms of service make no claims to copyright on your information. The terms require that you grant Identi.ca "a world-wide, royalty-free, and non-exclusive license to reproduce, modify, adapt and publish the Content solely for the purpose of displaying, distributing and promoting your notice stream". They also require that you "grant all readers the right to use, re-use, modify and/or re-distribute the Content under the terms of the Creative Commons Attribution 3.0 [Public License]". [17] This license allows readers to share your notices, to modify your notices, and to incorporate your notices in larger works, as long as they give you credit for your words and do not misrepresent you. These are agreeable terms that leave you in control of your information and allow the world to share and build upon your work, so we can conclude that denti.ca passes criterion four. Identi.ca, which runs the free social networking platform StatusNet, passes all four criteria. It is an ethical platform and service that protects your privacy, autonomy, and freedom. Because of this, I myself use Identi.ca. [18] Since the software is free, before registering I checked the source code to make sure that my password would be stored securely. And since the software is federated, I reserve the right, especially if Identi.ca in the future ever fails criteria three and four or ceases to exist, to move to my own self-hosted instance of the software without losing contact with other users.

These three cases are just examples of popular platforms. There are of course many others. Google recently opened up their new platform, Google+, which so far is neither free nor federated. The Diaspora project began in response to outrage over privacy on Facebook; Diaspora itself is free and federated, and there are hosted Diaspora services with decent privacy policies. Finally, I don't claim that these criteria are perfect; they are merely the result of observations I've made. A similar set of criteria for "freedom in the 'cloud'" has recently been offered by Georg Greve, founder of the Free Software Foundation Europe. [19]

References:

  1. "Five Hidden Dangers of Facebook". CBS News. CBS Interactive Inc. May 11, 2010. <http://www.cbsnews.com/stories/2010/0/08/earlyshow/saturday/main6469373.shtml>.
  2. Barnett, Emma. "Your data is Facebook's most valuable asset". The Telegraph. Telegraph Media Group Limited. January 17, 2011. <http://www.telegraph.co.uk/technology/facebook/8264210/Your-data-is-Facebooks-most-valuable-asset.html>.
  3. Steel, Emily and Fowler, Geoffery A. "Facebook in Online Privacy Breach; Applications Transmitting Identifying Information". The Wall Street Journal. Dow Jones & Company, Inc. October 18, 2010. <http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html>.
  4. Gannes, Liz. "Facebook facial recognition prompts EU privacy probe". CNET News. CBS Interactive Inc. June 8, 2011. <http://news.cnet.com/8301-1023_3-20070148-93/facebook-facial-recognition-prompts-eu-privacy-probe/>.
  5. Snyder, Bill. "Facebook Facial Recognition: Why It's a Threat to Privacy". PCWorld. PCWorld Communications, Inc. June 21, 2011. <http://www.pcworld.com/article/230790/facebook_facial_recognition_why_its_a_threat_to_privacy.html>.
  6. Tynan, Dan. "Facebook ads use your face for free". ITworld. ITworld. January 25, 2011. <http://www.itworld.com/internet/134677/facebook-ads-use-your-face-free>.
  7. Williamson, Elizabeth; Schatz, Amy; and Fowler, Geoffery A. "Facebook Seeking Friends in Beltway". The Wall Street Journal. Dow Jones & Company, Inc. April 20, 2011. <http://online.wsj.com/article/SB10001424052748703789104576273242590724876.html>.
  8. Crovitz, L. Gordon. "Facebook's Dubious New Friends". The Wall Street Journal. Dow Jones & Company, Inc. May 2, 2011. <http://online.wsj.com/article/SB10001424052748703567404576293233665299792.html>.
  9. Higgins, Alexander. "Facebook Now Helping Governments Spy On And Arrest Peaceful Activists". The Intel Hub. The Intel Hub. July 9, 2011. <http://theintelhub.com/2011/07/09/facebook-now-helping-governments-spy-on-and-arrest-peaceful-activists/>.
  10. Last, Jeremy. "Israel uses Facebook to blacklist, detain or deport Tel Aviv-bound travellers". thestar.com. Toronto Star. July 8, 2011. <http://www.thestar.com/news/world/article/1022008--israel-uses-facebook-to-blacklist-detain-or-deport-tel-aviv-bound-travellers>.
  11. Roosendaal, Arnold. "Facebook Tracks and Traces Everyone: Like This!". Social Science Research Network. Social Science Electronic Publishing, Inc. November 30, 2010. <http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1717563>.
  12. Lee, Matt and Sullivan, John. "Mark Zuckerberg is TIME Magazine's Person of the Year? Where's the "dislike" button?". Free Software Foundation. Free Software Foundation, Inc. February 3, 2011. <http://www.fsf.org/facebook>.
  13. "Statement of Rights and Responsibilities". Facebook. Facebook, Inc. April 26, 2011. <http://www.facebook.com/terms.php>.
  14. "Twitter Privacy Policy". Twitter. Twitter Inc. June 23, 2011. <http://twitter.com/privacy>.
  15. "Twitter Terms of Service". Twitter. Twitter Inc. June 1, 2011. <http://twitter.com/tos>.
  16. "Privacy". Identi.ca. StatusNet Inc. <http://identi.ca/doc/privacy>.
  17. "Tos". Identi.ca. StatusNet Inc. <http://identi.ca/doc/tos>.
  18. McDermott, P. J. "P. J. McDermott (pehjota)". Identi.ca. StatusNet Inc. <http://identi.ca/pehjota>.
  19. Greve, Georg C. F. "Freedom in the 'Cloud'?". freedom bits. Free Software Foundation Europe e.V. July 30, 2011. <http://blogs.fsfe.org/greve/?p=452>.