The second, and frankly the more interesting, was extended permissions. The newish extended permissions govern how apps can access data and how users are informed of this use.  It is these extended permissions at the bottom of the recent kerfuffle over Facebook allowing app developers access to phone numbers and addresses. (Ars Technica did a good job over covering this, and here is Facebook’s current response.)

Extended permissions work like this. First, an app developer encodes a request for access to various pieces of your profile data, as well as pieces of your friends’ profile data. Second, when you add the app to your profile, the app asks you for your permission. The following is a picture of what it looks like when Privacy Mirror asks for access to your and your friends’ information.

An example of extended permissions

It is crucial important to notice that you as an app user can only agree to the use of all the requested information (as opposed to individual pieces.) Also, the app user cannot say that the app can have permission to her own data but not that of her friends. (See my series “I ‘like’ you, but I hate you apps” for the implications of this coarse-grained control.) Third, once the app has your permission, it goes off and does what it doe

I have to say, I like the spirit of the extended permissions. I like the fact that developers must ask for permission and I like that users must grant that permission. But I am very troubled by the lack of granular control afforded to the user.

Also, Facebook has not addressed what I feel to be a much bigger privacy issue: the mistreatment of relationship between people and their apps. If I have an app and you don’t use the same app, then that app can only see the elements of your profile that you have allowed applications to see. (This is controlled via the Account > Privacy Settings > Apps, Games and Websites > Info accessible through your friends settings.) But if you and I both have the same app on our profile, then the app can see the elements of your profile that you can granted me access to see. In this sense, the app executes with my permissions based on our relationship. But you have a relationship with me, not my apps. This is subtle and remains an critical unsolved problem.

The Washington Post still has no idea what your Facebook account is – the blue box is an iframe onto facebook.com, and it’s served entirely by Facebook. No information is transferred to the Wapo, and none of the rest of your activity on Wapo is linked back to Facebook, unless you explicitly choose to (by clicking the “Like” plugin, for example).

As I mentioned in my comment back to him, there were two things that threw me off. First, I didn’t realize how Facebook’s session management worked. FB sessions live on after you close the browser unless you explicitly log-off. This is no different than any other website. However, what is a bit different is that  sites with Facebook’s embedded iframe can take advantage of you departed-but-not-logged-out session and this is exactly what was happening on WaPo. Second, I have a problem with WaPo giving me a choice about Network News but not informing me about it. Furthermore, the default opt-in on the part of WaPo I think disrespects people’s desire for meaningful choice and control.

Thanks to Luke for providing a bit of insight and thanks to all of you how have commented on the previous post.

Privacy has moved beyond the compliance officer and is receiving better representation in business operations. Example of this include an increased presence of privacy practices in

• project and software development lifecycles
• procurement and contracting processes especially with respect to procurement 3^rd party services

In some sense this has given privacy, and its closely aligned peer – data protection, more of an outward appearance of risk management than compliance. This is evidence of privacy’s maturation.

But as privacy matures, as privacy is seen for its risk management capabilities, as privacy gets more engrained in business operations, better metrics relating to privacy are needed.

I sat in one session in which privacy professionals talked about the challenges of building dashboards to display privacy metrics. Few could point to meaningful dashboards that they had built. Fewer still felt they had a clear handle on what kinds of questions they should be answering and how they should measure to do so. This challenge relating to measuring privacy lines up with recent research I published on policy governance.

As demonstrated by the size of this year’s Privacy Summit, it is clear to see the privacy profession is growing. The questions and nuanced challenges privacy professionals raised during the week are further evidence of privacy’s maturation. Privacy professionals are searching for more metric-driven ways to represent their efforts and programs especially as they work with their business partners. The results of this search for more tangible things to measure is part of the growing pains of privacy that the industry must endure.

With all the supposed changes in Facebook’s privacy system, I decided to revisit my work with Privacy Mirror (you can catch the backstory: here and then here). Having retested PM with both friends and strangers, here’s what I’ve learned: Plus ça change, plus c’est la même chose.

The more things change, the more they stay the same.

Facebook’s inconsistent treatment of privacy still remains. In a nutshell, what a 3rd party developer can see in your profile, having been granted access to you via your friends, directly depends on whether you have the same application they do. If you and your friends use the same Facebook app, then the 3rd party developer will see your profile (and photos and posts, etc.) as if that developer was your friend. If you do not use the same Facebook app that your friend does, then the 3rd party application is subject to a different set of constraints.

I question whether the recent changes Facebook has instituted have even remotely satisfied Commissioner Stoddart’s concerns with Facebook, specifically 3rd party access to user information. Although users can control the scope of disclosure of their posts a bit better, defaulting settings to “Everyone” access as well as potentially making user’s social graphs public undermines any attempt to cast Facebook in a pro-user control light.

There’s also a nit I’d like to pick with the privacy settings system in Facebook – inconsistent save behavior. In some cases, Facebook automatically saves changed to privacy settings. In some cases, you have to press Save. This is a small point but it points to a larger issue. If service providers do not provide their users with meaningful, usable choices when it comes to controlling privacy and disclosure controls, but instead heap more controls in hard to find places, then these service providers have not aided their customers in the least. More user choices only equals more user control if those choices are clear, consumable, and centralized.

If you want to conduct some of your own testing of Facebook’s privacy system, feel free to play with Privacy Mirror. The following are new features I’ve added:

• PM tests to see if the person your are pointing the Mirror at is a Privacy Mirror user. If they are you’ll get results based on their privacy settings with respect to you as a person. If they aren’t you’ll get results based on their privacy settings with respect to Privacy Mirror being a 3rd party application. This behavior is core Facebook Platform behavior which I feel is inconsistent and puts people at a disadvantage.
• PM tries to find some photo albums that the person may have added
• PM tried to find some photos that are tagged with the person in question
• Added the ability to point the Mirror at a specific person better using their username