Saving Face: The Privacy Architecture of Facebook

In his very interesting thesis draft Saving Face: The Privacy Architecture of Facebook, Chris Peterson, describes through a number of real life stories some very subtle and interesting issues concerning privacy and context that arose during the rapid evolution of the now 250 million member social network.

Perhaps the most revealing of these stories is that of Junior High School student Rachel who broadcast the following distress status message my grandmother just friend requested me. no Facebook, you have gone too far! Chris Peterson develops: Rachel and her grandmother are close. She trusts her grandmother. She confides in her grandmother. She tells her grandmother "private" things. She is certainly closer to her grandmother than many of her Facebook Friends. So what's the big deal? Rachel explains:

Facebook started off as basically an online directory of COLLEGE STUDENTS. I couldn't wait until I had my college email so that I could set up an account of my own, since no other emails would give you access to the site. Now, that was great. One could [meet] classmates online or stay in touch with high school mates [but it] has become a place, no longer for college students, but for anyone. [About] five days ago, the worst possible Facebook scenario occurred, so bizarre that it hadn't even crossed my mind as possible. MY GRANDMOTHER!? How did she get onto facebook?...As my mouse hovered between the accept and decline button, images flashed through my mind of sweet Grandma [seeing] me drinking from an ice luge, tossing ping pong balls into solo cups full of beer, and countless pictures of drunken laughter, eyes half closed. Disgraceful, I know, but these are good memories to me. To her, the picture of my perfectly angelic self, studying hard away at school, would be shattered forever.

The paper is full of legally much more serious stories, but this one is especially revealing as it makes apparent how the flat friendship relation on Facebook does not take into account the context of the relationship. Not all frienships are equal. Most people have only very few friends they can tell everything to. And most often one tells very different stories to different groups of friends. In the physical world we intuitively understand how to behave in different contexts. One behaves one way in church, another in the bar, and yet another way in front of one's teachers, or parents. The context in real life is set by the architecture of the space we are in (something Peter Sloterdijk develops at length in his philosophical trilogy Spheres). The space in which we are speaking and the distance others have to us guides us in what we should say, and how loud we can say it. On Facebook all your friends get to see everything you say.

It turns out that it is possible to create an equivalent contextual space on Facebook using a little know and recently added feature, which allows one to build groups of friends and specify access control policies on posts per group. Chris shows clearly that this by itself is not enough: it requires a much more thorough embedding in the User Interface so that the intuitive feel one has in real life for who hears what and to whom one is speaking is available with the same clarity in the digital space. In the later part of the thesis Chris explores what such a User Interface would need to do to enable a similarly intuitive notion of space to be available.

Applications to the Social Web

One serious element of the privacy architecture of Facebook (and other similar social networks) not covered by this thesis, yet that has a very serious impact in a very large number of domains, is the constant presence of a third party in the room: Facebook itself. Whatever you say on these Social Networks, is visible not only to your group of friends, but also to Facebook itself, and indirectly to its advertisers. Communicating in Facebook puts one then in a similar frame of mind to what people in the middle ages would have been in, when mankind was under the constant, omnipotent and omniscient presence of God who could read every thought, even the most personal. Except that this God is incorporated and has a stock market value fluctuating daily.

For those who wish to escape such an omni-presence yet reap the benefits of online electronic communication, the only solution lies in the development of distributed secure social networks, of a Social Web where every body could own what they say and control who sees it. It turns out that this is possible with semantic web technologies such as foaf and access control mechanisms based on ssl.

One very positive element I take from this thesis is that the minimal technical building blocks for reconstituting a sense of context is the notion of a group and access control of resources. In a the Social Web we should be able to reconstitute this using the foaf:Group class and foaf+ssl for access control. On this basis Chris Peterson's user interface suggestions should be applicable in a distributed social network.

All in all then I found this thesis to be very rewarding and a very interesting read. I recommend it to all people interested in the Social Web.


FYI, God is still omnipresent, and ideally those of us who are aware of that should choose to behave consistently in all our contexts. Not doing so (hypocrisy) is probably the chief accusation leveled against us, although that's a bit hypocritical coming from people who don't demand consistency in their own actions :-)

But valid, interesting thoughts on Facebook-as-god. I know that bothers me a lot more than crossing friend contexts does.

Posted by Doug on July 25, 2009 at 04:04 PM CEST #

This whole situation is amazing in that Sony/Betamax way. Livejournal faced this issue years ago, and has a simple, intuitive solution to it (I have never figured out the facebook one; I am surprised that there exists one). I have known people to leave facebook over exactly this issue.

A very recent (just this week) facebook meme has been going around about how facebook can use your photos in its own publicity material. I am afraid that with the lax privacy structure of facebook, I have become that curmudgeon who says, "if you value your privacy, you have no business on facebook!" I personally don't mind - I like my facebook photos and would be happy to see one of them in an ad. I knew what I was giving up when I signed up.

This sort of thing really does show how prescient things like FOAF really were; nearly a decade ago, the FOAF folks knew that the social network must not be owned by a single service provider. So far, all the networks have followed the simpler, corporate owner model. Stories like this are making it clear why this isn't sufficient.

Posted by Dean Allemang on July 25, 2009 at 04:41 PM CEST #

Doug: you believe in God yet you are worried that one entity, named Facebook, can see everything you do? Would you rather they don't? Are you being hypocritical when desiring that? :-)

Chris has a very good story to show how sometimes it is important to speak in different ways to different audiences (even if what is said is in the long term the same), and the problem of no longer being able to do so. On page 35 Chris writes:

...consider the story of Stokely Carmichael. As one of the nation’s preeminent black activists in the Civil Rights era, he regularly spoke before black and white audiences about racial equality. His importance and influence were partially predicated on his ability to agreeably address different groups. Carmichael had what writers call a keen “sense of audience.” He tailored his voice to the situation, adapting his style, content, anecdotes, and rhetoric depending on whether he was addressing primarily white or black audiences.

In the late 1960s Carmichael was invited to appear upon television and radio broadcasts. In the physical world Carmichael targeted his audience by differentiating his disclosure, but on television his audience was invisible behind the lens. Whereas he had once
changed styles as he changed spaces (speaking very differently at the Whitewater Hotel than at a gathering in Detroit), on television he was speaking to one massive and diverse and invisible congregation. Carmichael couldn’t modify his style, but he also couldn’t speak
“neutrally,” since that would alienate all of his audiences. Carmichael adopted a comparatively radical style, inadvertently alienated white audiences, and became marginalized in the public eye, all because the broad reach of broadcast media caused him to lose his voice.

Posted by Henry Story on July 26, 2009 at 03:36 AM CEST #

I'm always amused with this site, which nicely illustrates what happens when social contexts collide --

Facebook privacy controls are painful to use, but theoretically they give you a lot of control. I don't know if that's by design or not, but it results in fine-grained control over privacy that is so unusable that most people just use the default settings.

Similarly, I think Facebook users technically own the information they publish, but it's highly not obvious how to extract that information once published. And while you may be able to export your own data, I doubt you can get your best friend from third grade's information, so you lose your graph when you leave Facebook. I would love to see a FOAF-based alternative.

I look forward to reading Chris' thesis. Thanks for the link.

Posted by Sharon Stern on August 19, 2009 at 02:30 AM CEST #

Thanks for the
link, very funny :-)

Check out foaf+ssl for how to get distributed social networks to work. We need as much help as we can get to get this off the ground: documentation, coding, evangelism, modelling, ...

Hope to see you on the mailing list.

Posted by Henry Story on August 19, 2009 at 03:13 AM CEST #

Post a Comment:
Comments are closed for this entry.



« June 2016