Facebook’s Disconnect: Open Doors, Closed Exits

This guest post was written by Rohit Khare, an expert in internet standards, he is the co-founder of Ångströ and KnowNow.

Several of my friends recently quit using Facebook, drawing a line at the latest in a long line of changes to their privacy policy. That doesn’t mean they quit using the social Web: they are still using a slew of different services that specialize in sharing photos, links, events, resumes, and updates. What it meant for me is merely that Facebook quit connecting me to their life online — but I can always re-connect to those friends myself, thanks to the Open Web.

Why would I think that the Web is more “Open” than any of the “Closed” social networks within it? As a developer, my loyalty to the Web as a whole rests upon the legitimacy of the institutions that govern it: there are ways to voice my concerns effectively, and there are ways to “agree to disagree” by exiting a debate and building my own Web site with my own policies in place.

My reasons are hardly original: that insight is due to Exit, Voice and Loyalty: Responses to Decline in Firms, Organizations and States,” an influential treatise by the arguably Nobel-worthy economist Albert Hirschmann. In it, he explained how consumers ‘teach’ producers what to sell and how, by choosing to complain or switch. Competition — the existence of a viable exit — can actually amplify the impact of “voice” and increase loyalty. Or, as Tyler Cowen put it: “HBO is more responsive than was East Germany.”

According to this model, my friends who chose to cope with their dissatisfaction by deciding to exit by opting-out were also implicitly deciding that Facebook’s official channels for voice were insufficient, such as the conversation on site governance or voting on the new Terms of Service (and, with a turnout of only 0.32%, they might even be right).

External voices can also be effective. Almost immediately after the Open Graph API was announced, Ka-Ping Yee wrote a browser app to view information it made publicly available. It attracted mainstream news media attention to an unpleasant surprise: that public events have public invitation lists. That triggered changes to a policy implication that was latent in the Facebook data model for quite some time, demonstrating how a program can sometimes be as persuasive as petitions, press, or politicians.

Instead, the most powerful constraint on my friends’ loyalty was the data they had contributed to Facebook over the years. Hearing them make plans to quit but wanting their data back inspired us to write a new app for that over the weekend, but even so, it begs the question: Where can folks restore that backup of their posts, photos, statuses, and comments elsewhere onto the Web?

Green Safe transfers your personally identifying information (PII) from Facebook’s profile into its own app (running on top of Facebook’s platform). In practice, that’s an effective form of protest against targeted advertising; but in theory, switching to a different trusted-third-party makes no difference at all.

SocialSafe’s marketing message highlights a related trust and reputation risk: Facebook’s policies for suspending or canceling accounts for abuse or victims of identity theft (far more likely than catastrophic data loss). As far as being an option for “exit,” however, the primary recovery mechanism one can envision appears to be… creating a brand-new Facebook account by hand. The Facebook API makes it easy to download some bits of history, but not to replay it.

Give Me My Data has a more open-ended design that supports exploration and experimentation, in part because it sports an impressive array of formats to download your friend lists and other information for use in other projects such as visualization and charting. Owen Mundy at Florida State originally developed it for his own use, but “this week it kind of exploded because of the interface changes.” That could either be a sign of broader awareness of how much data users share with Facebook; or it could be the acute interest users have in putting profile data that Facebook “lost” right back onto Facebook (a feature that may be coming soon).

Our tool, Disco Explorer, is designed to explore everything you’ve ever posted to Facebook with instant, private search (well, some of it, so far; voice your opinion on what’s next!). The technology is unique in that we never keep any of your data on our servers at any point. It’s free (as in $0) because it’s 100% browser-based and downloads your data to your computer using HTML5’s localStorage. You can see how it works by using ‘View Source…,’ and because we’re releasing it freely under the GPLv3 Open Source License today, you can even get your own Facebook API key to use it

I admire Facebook for their innovative Platform, and I respect them for making as much information available to their users as they do through that API. I can see why they choose some of the policies they have to try balancing the interests of the small numbers of people quitting Facebook against the larger risks of automated abuse and harvesting.

It’s also fair to say that for a company growing as rapidly as they are — with aspirations as audacious as supporting over a million users per engineer — an ‘Open Door’ policy for hearing out every last complaint is quite impractical. But their latest (and debatable) definition of “Open,” rolled out at the f8 developer conference last month, affects larger organizations even more than individuals: Facebook now offers an Open Door for importing data collected about their users from any partner site on the Web.

Entrusting Facebook to faithfully store all of my personal Likes and download them later on is one thing. Outsourcing the same responsibility on behalf of a corporation is another. Sites that drop in the social plugin for Likes should ask some subtle fiduciary questions before subrogating their rights to Facebook for the social gestures within their site.. This isn’t about the ordinary quality-of-service risks of cloud computing such as downtime; these are user experience risks of relying on external policies and practices that could be considered censorship or inappropriate aggregation with data from sites you haven’t even heard of. The legal questions around entangling terms of service are unsettled enough that Facebook itself is trying to criminalize ToS violations for getting your own data out.

With social plugins, Facebook can now track user behavior just like many other ad networks or analytics tool. They are no more or less powerful than any other 3rd-party widget. Unlike those predecessors, though, Facebook has real users on their own site who are entitled to believe that Facebook only watches every move they make while they stay on Facebook.com — and who could be justifiably upset when they find out the full extent of it.

Here’s the crux of the matter: if “exit” is an only-barely-sorta-possible option for superstar developers, advocates of open culture, or early adopters, is that really an option at all? Or has Facebook checked in a mile down the road from its HQ at the Hotel California? “You can check out any time you like / but you can never leave…”