Facebook privacy revisited: Privacy Mirror version 2

Facebook’s recent changes to its privacy system has been garnering a lot of attention and not a lot of it is good. Both the EFF and Kaliya Hamlin (via ReadWriteWeb) have written up their takes on the matter and, all in all, I think they are decent assessments.

With all the supposed changes in Facebook’s privacy system, I decided to revisit my work with Privacy Mirror (you can catch the backstory: here and then here). Having retested PM with both friends and strangers, here’s what I’ve learned: Plus ça change, plus c’est la même chose.

The more things change, the more they stay the same.

Facebook’s inconsistent treatment of privacy still remains. In a nutshell, what a 3rd party developer can see in your profile, having been granted access to you via your friends, directly depends on whether you have the same application they do. If you and your friends use the same Facebook app, then the 3rd party developer will see your profile (and photos and posts, etc.) as if that developer was your friend. If you do not use the same Facebook app that your friend does, then the 3rd party application is subject to a different set of constraints.

I question whether the recent changes Facebook has instituted have even remotely satisfied Commissioner Stoddart’s concerns with Facebook, specifically 3rd party access to user information. Although users can control the scope of disclosure of their posts a bit better, defaulting settings to “Everyone” access as well as potentially making user’s social graphs public undermines any attempt to cast Facebook in a pro-user control light.

There’s also a nit I’d like to pick with the privacy settings system in Facebook – inconsistent save behavior. In some cases, Facebook automatically saves changed to privacy settings. In some cases, you have to press Save. This is a small point but it points to a larger issue. If service providers do not provide their users with meaningful, usable choices when it comes to controlling privacy and disclosure controls, but instead heap more controls in hard to find places, then these service providers have not aided their customers in the least. More user choices only equals more user control if those choices are clear, consumable, and centralized.

If you want to conduct some of your own testing of Facebook’s privacy system, feel free to play with Privacy Mirror. The following are new features I’ve added:

  • PM tests to see if the person your are pointing the Mirror at is a Privacy Mirror user. If they are you’ll get results based on their privacy settings with respect to you as a person. If they aren’t you’ll get results based on their privacy settings with respect to Privacy Mirror being a 3rd party application. This behavior is core Facebook Platform behavior which I feel is inconsistent and puts people at a disadvantage.
  • PM tries to find some photo albums that the person may have added
  • PM tried to find some photos that are tagged with the person in question
  • Added the ability to point the Mirror at a specific person better using their username
(Cross-posted from Burton Group’s Identity Blog)

On Capitals and Eating: A short trip report from Ottawa

There are great cities that happen to be national capitals. Cities like London and Paris are such places. Great food, great culture, great sites – a good time is had by all. Then there are national capitals that want to be great cities. Washington and Ottawa happen to fall into this category. Neither has the vibe/density/scene that London and Paris have, but they are trying. (And this is where my mother-in-law would add the phrase, “bless their hearts.”)

I happen to be in Ottawa a few weeks back and had some kick ass meals. First up, Murray Street – a charcuterie and wine bar. They bring much respect to meats – all of them. Anywhere that has an offal of the day as well as a whole pig head on the menu gets my vote any day of the week. It is a small place with a great feel. Highly recommend.

Next up – The Whalesbone Oyster House. Go. There. Now. Imagine a tiny restaurant embedded into an old bike shop. Forget open kitchen, the hot stations are actually in the seating area and the night we were there the a/c wasn’t working – forcing the staff into tank tops and shorts. Whalesbone is, as the name implies, an oyster and fish joint and it takes its ingredients seriously. If the amazing fish, oysters, and drinks doesn’t do it for you, then try this – when was the last time you went to a bar or restaurant where the music was provided by records? Two huge stacks of records behind the bar, from which Ray Charles, Abba, and Sam & Dave were pulled when we were there. The staff has been friends since high school and you can feel their love for the place in everything they do. Again – go there now!

Ottawa may be a somewhat sleepy capital but there are definitely some pockets of serious yum and fun to be had – I’ll be waiting until the spring to head back for oysters and offal.