Posted August 3rd, 2010 My series of posts related to Facebook and The Washington Post has become very interesting today. Luke provided some insightful feedback on WaPo’s use of an iframe served up to provide a socially-connected experience, and in doing so he raised an interesting point. He said:
The opt-in question is interesting. Since no information is being transferred, it’s not clear that there’s anything to opt into. I think the social plugins work the same as myriad other plugins and ad networks around the internet, with the exception that it’s more obvious to the user what’s happening. If users needed to click a button in order to see personalized stories, then the vast majority wouldn’t get to experience the value that’s created.
For a little clarity here, the opt-in refers to The Washington Post’s Network News feature. If you opt-in (which was the default) you get the Facebook iframe which shows you friend activity with respect to the Post. If you opt-out, your version of www.washingtonpost.com doesn’t include the iframe.
Two points. First, the Washington Post’s decision to opt all of their users in by default is an awful one because it presents an asymmetry of relationship to people not prepared to deal with it. I have a relationship with WaPo. I have a relationship with Facebook. By opting me in, I suddenly see that WaPo and Facebook have a relationship and it seems to center around me. (Now in reality, it isn’t all about me, but from a user’s perspective it is.) This sudden presentation of relationship, even though no data is being passed, lacks a context and explanation that would make it more palatable, if not more desirous, to users. Continue reading "Opting-in to a relationship"...
Posted August 3rd, 2010 I’ve been getting a lot of comments on my post about Facebook and The Washington Post. I wanted to just write a brief follow-up on it. I had Luke Shepard of Facebook present at the Gartner Catalyst conference last week and through a bit of serendipity he found Tuesdaynight and my recent post. He kindly provided this clarification on what was going on:
The Washington Post still has no idea what your Facebook account is – the blue box is an iframe onto facebook.com, and it’s served entirely by Facebook. No information is transferred to the Wapo, and none of the rest of your activity on Wapo is linked back to Facebook, unless you explicitly choose to (by clicking the “Like” plugin, for example).
As I mentioned in my comment back to him, there were two things that threw me off. First, I didn’t realize how Facebook’s session management worked. FB sessions live on after you close the browser unless you explicitly log-off. This is no different than any other website. However, what is a bit different is that sites with Facebook’s embedded iframe can take advantage of you departed-but-not-logged-out session and this is exactly what was happening on WaPo. Second, I have a problem with WaPo giving me a choice about Network News but not informing me about it. Furthermore, the default opt-in on the part of WaPo I think disrespects people’s desire for meaningful choice and control. Continue reading "Follow-up on Facebook and The Washington Post"...
Posted May 7th, 2010 I was looking at some local news on Washington Post’s website. I happen to notice that there in the right gutter along with miscellaneous ads which my brain filters out of my awareness, was a blue box. In the blue box was a list of things my Facebook friends have “liked” on WaPo recently.
And this took me by surprise.
I opened a different browser and headed to Facebook. First, I checked my Application Settings to see if a Washington Post application had slipped into my profile. I had this happen – Gizmodo and some other sites appeared in my authorized application list without getting my authorization. See this article for more. There was no Washington Post application. Next up, I checked my Privacy Settings to verify once more that I disabled Instant Personalization. And yes, that was still the case.
So, wtf?
I clicked on the big red X that WaPo had so kindly put in the blue box with my friends activities. Instead of removing the widget, it brought me to my Washington Post account. (At some point, I registered an account with the Post so I could actually read what they wrote – I know, crazy eh?) And there was a setting called Network News. Sure enough I was opt’ed in to that. This Network News setting enabled the Facebook social activity widget to appear on the pages I saw. Continue reading "Facebook & Washington Post behavior I cannot explain"...
Posted April 23rd, 2010 With a case of the volcano blues, I found myself at the International Association of Privacy Professionals Privacy Summit 2010. As I sat in sessions and caught up with customers at this, the largest gathering of its kind, I noticed an undercurrent to the overall conversation. This undercurrent sounded, in some sense, very similar to conversations I have with my identity management customers regarding maturity and metrics.
Privacy has moved beyond the compliance officer and is receiving better representation in business operations. Example of this include an increased presence of privacy practices in
- project and software development lifecycles
- procurement and contracting processes especially with respect to procurement 3rd party services
In some sense this has given privacy, and its closely aligned peer – data protection, more of an outward appearance of risk management than compliance. This is evidence of privacy’s maturation.
But as privacy matures, as privacy is seen for its risk management capabilities, as privacy gets more engrained in business operations, better metrics relating to privacy are needed.
I sat in one session in which privacy professionals talked about the challenges of building dashboards to display privacy metrics. Few could point to meaningful dashboards that they had built. Fewer still felt they had a clear handle on what kinds of questions they should be answering and how they should measure to do so. This challenge relating to measuring privacy lines up with recent research I published on policy governance. Continue reading "Maturity and Metrics: A few thoughts from the IAPP’s Privacy Summit 2010"...
Posted December 18th, 2009 Facebook’s recent changes to its privacy system has been garnering a lot of attention and not a lot of it is good. Both the EFF and Kaliya Hamlin (via ReadWriteWeb) have written up their takes on the matter and, all in all, I think they are decent assessments.
With all the supposed changes in Facebook’s privacy system, I decided to revisit my work with Privacy Mirror (you can catch the backstory: here and then here). Having retested PM with both friends and strangers, here’s what I’ve learned: Plus ça change, plus c’est la même chose.
The more things change, the more they stay the same.
Facebook’s inconsistent treatment of privacy still remains. In a nutshell, what a 3rd party developer can see in your profile, having been granted access to you via your friends, directly depends on whether you have the same application they do. If you and your friends use the same Facebook app, then the 3rd party developer will see your profile (and photos and posts, etc.) as if that developer was your friend. If you do not use the same Facebook app that your friend does, then the 3rd party application is subject to a different set of constraints.
I question whether the recent changes Facebook has instituted have even remotely satisfied Commissioner Stoddart’s concerns with Facebook, specifically 3rd party access to user information. Although users can control the scope of disclosure of their posts a bit better, defaulting settings to “Everyone” access as well as potentially making user’s social graphs public undermines any attempt to cast Facebook in a pro-user control light. Continue reading "Facebook privacy revisited: Privacy Mirror version 2"...
|
|
what others say