Facebook's byzantine privacy controls produce more confusion

Since last week’s chat exploit, I’ve received further tips of Facebook ‘security bugs’. Only each time they’ve turned out not to be bugs at all, but, well, features. With regard to the site’s privacy controls, users are clearly confused. This confusion, I suspect, is leading to over sharing, which Facebook’s critics say is intentional.

More sharing equals greater monetization opportunities.

As an example, a privacy quirk on Facebook appears to produce the following scenario: User A sends a friend-request to user B but they choose not to accept, at least not yet (it’s a pending request, so they haven’t declined either).

However, just by issuing that request, some of user B’s activity begins showing up in user A’s Facebook News Feed under ‘Most Recent’. This could be complete status updates if user B has chosen or inadvertently made those public (again, remember, this is a feature not a bug, a bit like following somebody on Twitter).

That’s probably OK, assuming user B knows what they are doing. But, more bizarrely, the feed could also show who user B has recently befriended.

In other words, while user A is being shunned, they get to see that other friend-requests are being accepted.

Ouch.

And, of course, user A also gets to see who those friends are. As far as I can tell, this is by design and, presumably, depends on user B’s privacy settings.

Confusing, eh?

The larger point is that Facebook’s privacy settings remain mind bogglingly complex.

Not necessarily in themselves, the UI has improved over time, but because of the nature of Facebook’s rapid innovation: privacy remains a moving target. The site’s features, intended use, and terms of service today, won’t be the same tomorrow — see this excellent diagram by Matt McKeon, which illustrates the problem perfectly.

The end result is user confusion, and people sharing a lot more information than they ever intended. It also produces socially awkward situations like the one above.

“But you shouldn’t put anything on Facebook or the Internet, (Facebook is the Internet, remember) that you don’t want made public”, I hear you cry.

And our very own Paul Carr makes a similar point.

This is also the defense made by Facebook apologists over and over. And I call BS. It completely misses the point and lets the social network and its shifting terms of service off the hook.

Yes I broadly agree, don’t put anything on the Internet that if it was made public it would ruin your life. But that’s no excuse for Facebook effectively duping users into joining the site in huge numbers on the pretext that they were only sharing stuff with their “friends”, therefore locking them in via network effects on the basis that it was a closed/private social network – the anti-MySpace if you will – only to now be told it’s all about sharing publicly after all.

(Hat tip: @tweefer).