Business

No Facebook, You May Not Share My Address and Phone Number With Developers

Around Silicon Valley, it’s well-known that if users aren’t paying for a service, they are the product. No company demonstrates that better than Facebook, which doesn’t charge any of its 650 million users, but is still worth north of $50 billion. That’s because you and all of your data are the product, access to which […]

Around Silicon Valley, it's well-known that if users aren't paying for a service, they are the product.

No company demonstrates that better than Facebook, which doesn't charge any of its 650 million users, but is still worth north of $50 billion. That's because you and all of your data are the product, access to which Facebook grants to software developers. (For those who don't want to do the math, each Facebook user is worth a bit more than $80 to the company).

This dynamic was further reinforced over the weekend as Facebook was forced to walk back efforts to share the home addresses and phone numbers of its users with developers, as part of its drive to be the dominant login system for the internet.

Nicholas Jackson of The Atlantic reported Facebook's attempt to share at exactly 9 p.m. on Friday night before a three-day weekend. In a classic Friday night news dump, a Facebook employee named Jeff Bowen posted an item on Facebook's blog: "We are now making a user’s address and mobile phone number accessible as part of the User Graph object."

But don't worry, Bowen wrote, because "these permissions only provide access to a user’s address and mobile phone number, not their friend's [sic] addresses or mobile phone numbers."

That's a relief.

Facebook's goal, presumably, was to provide such granular data to developers working on location-based apps, which generally don't work unless the software knows where you are. The data on phone numbers would also allow developers to use SMS to send notifications to users' mobile phones. Hence the need for your address and phone number.

The proposed system is part of Facebook's very successful login system that lets users sign in to a third-party website or mobile app using their Facebook ID and password. When you first do that, the app "asks" you for permission to see information in your profile, the ability to post to your Wall and the ability to watch your profile.

But unfortunately, as Elias Bizannes, a board member of the Data Portability Project, pointed out to ReadWriteWeb, users cannot pick and choose which permissions to grant to developers. You either approve the application, lock, stock and barrel, or you don't get to use it.

"Users should have the ability to decide upfront what data they permit, not after the handshake has been made where both Facebook and the app developer take advantage of the fact most users don't know how to manage application privacy or revoke individual permissions," Bizannes told the website. "Data Portability is about privacy-respecting interoperability and Facebook has failed in this regard."

Facebook's Friday night move would have added home addresses and phone numbers to the possible choices developers could ask for.

The backlash came quickly, over the holiday weekend, after the company said it received some "useful feedback."

In response, the company has now walked back the policy shift. Facebook employee Douglas Purdy:

On Friday, we expanded the information you are able to share with external websites and applications to include your address and mobile number. With this change, you could, for example, easily share your address and mobile phone with a shopping site to streamline the checkout process, or sign up for up-to-the-minute alerts on special deals directly to your mobile phone.

As with the other information you share through our permissions process, you need to explicitly choose to share this data before any application or website can access it, and you can not share your friends’ address or mobile number with applications. Also, like other data you make available to third party apps and websites, you can always clearly see and control the ways your information is being used in the Application Dashboard.

Over the weekend, we got some useful feedback that we could make people more clearly aware of when they are granting access to this data. We agree, and we are making changes to help ensure you only share this information when you intend to do so. We’ll be working to launch these updates as soon as possible, and will be temporarily disabling this feature until those changes are ready. We look forward to re-enabling this improved feature in the next few weeks.

But that small stutter step doesn't resolve Facebook's crucial tension. As it becomes the hub for the online identity of hundreds of millions of people, its power comes from being able to control those identities, and its business interests don't necessarily dovetail with what users want, let alone what they should expect when it comes to personal privacy.

"Facebook has to address an ongoing series of conflicting goals as it seeks to expand ad revenues and eventually go public," Jeffrey Chester, a privacy advocate and the executive director of the Center for Digital Democracy, said in an e-mail message. "As the company continually develops new ways to monetize its user data, new threats to member privacy appear. So, the company has to operate with a two steps forward, one step back approach."

"Facebook understands that if its plans for global expansion are to succeed, it has to avoid regulatory action and public scrutiny with its data collection and interactive ad practices," Chester added.

It's worth noting that this is the classic Facebook modus operandi. Keep pushing the boundaries on privacy until an uproar is provoked. Walk the offending policy back a little bit. Then reintroduce it down the road with some minor tweaks.

After the backlash last spring, Facebook seemed to have learned that it can't pull this trick, and has been working more closely with privacy groups before introducing new policies and features.

But as Friday's sneaky announcement shows, Facebook remains willing to push the boundaries on privacy in an attempt to refashion the world in its own image and on its own terms, not yours.

Follow us for disruptive tech news: Sam Gustin and Epicenter on Twitter.

See Also: