Business

Fixing Poor Privacy Notification, Pandora Forces Users to Choose Public or Private

Reacting to privacy criticism over its Facebook integration and little-known public profiles, the popular online radio service Pandora is now prompting all users of its website to decide whether to keep their profile public or make it private. Anyone who knew a Pandora user’s e-mail address could see their profile and playlists, and Pandora’s participation […]

Reacting to privacy criticism over its Facebook integration and little-known public profiles, the popular online radio service Pandora is now prompting all users of its website to decide whether to keep their profile public or make it private.

Anyone who knew a Pandora user's e-mail address could see their profile and playlists, and Pandora's participation in Facebook's auto-connect service also pulled in Facebook data that then was made public.

Pandora's move comes several months after a Wired.com article pointing out the undocumented default public pages, and other sites criticized how Pandora automatically populated profiles with friend data through Facebook's so-called "Instant Personalization" system, which automatically hands over your Facebook data -- and your friends' -- to participating companies such as Pandora and Yelp.

After the outcry, the company worked with the D.C.-based Center for Democracy and Technology to come up with the notification service.

The notification screen is titled, "Did you know about your Pandora profile page?," and explains what it is there. The hover box forces users to make a choice to make the profile public or private, and includes a link that lets you see what's publicly available.

Many Pandora users, comfortable in the age of Facebook with publicly exposing data, found the lack of notification and the exposure fine.

But not all did.

In a comment on Pandora's blog post Tuesday announcing the confirmation, one user, Tony, expressed a sense of betrayal and said he was quitting the service.

Before this pop-up window, I had no idea that there was a profile page that was public by default. I had no idea that my musical choices were being broadcast to the world. And, only now do I learn that if I had used the same email address for Pandora as for Facebook, some Facebook information might appear on my profile, automatically, without asking for my permission???

Haven't you learned anything from the recent debacles with Facebook?

I am now going to stop using Pandora, as I feel that there has been a serious violation of trust.

The CDT applauded the move in its own blog post, saying it hopes "Pandora has set a standard for moving informed consent forward."

For users who aren't happy with the idea of Facebook automatically sharing data with third parties without your consent, you'll need to use Facebook's privacy settings to change the behavior, as the default settings allow Facebook to do so.

Those who use Pandora via apps on iOS4 or Android-powered devices also have public profiles, but will not see a pop-up unless those users visit the website directly. And as CDT points out, former Pandora users who no longer use the site will still have their data public by default.

Follow us for disruptive tech news: Ryan Singel and Epicenter on Twitter.

See Also: