In the flurry about smears, dirty PR and who is worst at dealing with sensitive user data, an interesting story about Facebook passed under the radar yesterday.
The story was also about privacy. And surprise surprise – it wasn’t good news for Facebook. Or Facebook users for that matter. Facebook admitted yesterday that they just hadn’t noticed a major data loophole, that up until yesterday had let advertisers access user details including your name, sex, chatlogs and photos.
It was all down to a url quirk that research company Symantec pointed out.
As PCWorld describe it:
“Symantec claims Facebook has not only leaked private data such as your sex and your age, but for the past four years third-parties have had access to such goldmines as your profile, photos, and chats. Symantec also blats Facebook for giving third parties the ability to post things to your wall.”
It’s likely the advertisers didn’t even notice that this information was available to them, which is good.
But the problem is that FACEBOOK DIDN’T EITHER. They just didn’t realise. And that’s bad.
Facebook didn’t “notice” leak
The whole purpose of Facebook as a site is that it manages user information – stores, shares it and puts it in the right place. Accidentally giving private stuff to advertisers was definitely putting it in the wrong place. But it’s not some evil plan – it was just a mistake.
And I think that could be telling. Facebook have been callous with privacy before – but then they usually meant to be. This was just an accident.
Is the site just getting so big that they didn’t notice for a while? The problem came with 3rd party apps – stuff like Farmville – and the access tokens they use to get into the profiles of their users. The spare access tokens were kicking around and got passed onto advertisers and analytics sites as well as the apps. The access tokens will be disabled when you change your password, but otherwise can access your profile at any time.
Confusion at the heart of the social network
But if Facebook doesn’t know, WHO DOES?
For us, it’s reminiscent of when we asked Facebook how they arrange the top friends box and the spokesperson just told us that they couldn’t really tell us. Well, they told us a bit – it was interesting. But it was vague and the PR told me that she couldn’t really explain what exactly the algorithms did.
A lot of this could be corporation talk – trying to make sure pesky questions run into the sand. But it could also be that genuinely they are losing control about what goes on around the edges of the organisation…
Let’s compare Facebook to the Roman Empire (why not). An smart, efficient organisation spreads quickly because it’s tightly-run and simple. As it overruns surrounding areas, its success leads to more success as it wins more resources, which lets it go further.
Now, after growing absolutely huge, it hits a tipping point and becomes a victim of its own success and the need to manage and finds that maintaining vast amounts of land (in the Roman case) or data (in the Facebook case) is a different task to winning it over in the first place.
It starts to bend under its own weight and gets bogged down by management. Its size becomes a disadvantage instead of an advantage.
Byzantine Data Hoard
Enough Romans, but I think you get gist – Facebook is now huge and a massive data repository: more a Byzantine data hoard than a slim-line start-up.
Take the simple idea of uploading a photo to your Facebook profile. For starters, Facebook makes and saves 6 versions of it – in different sizes to put it in different places (albums, thumbnails and 4 other ones, don’t actually know what they are), they add it to your profile news feed, to an album. You can add to a specific album… but if you don’t, they’ll automatically set it to either ‘Mobile Uploads’ or ‘Wall pictures’ depending on how you uploaded it.
You can set individual privacy settings for that picture as a single upload. You can also set general privacy settings for a general album. If your friend John is able to see your photos he’ll see it on his news feed, and can click through to see
If you tag Abby in the photo, it will get copied to her wall, and added to the album Pictures of Abby, where the original privacy constraints you put on it will also apply, but also ones specific to Abby and her wall.
Comments and likes from all over the place then accrue to that photo and become associated with it and they’ll get posted about too – Abby’s comment will appear on John’s news-feed, and so on.
So one piece of data – a photo – gets copied multiple times and spread in different places to create its own network of connected packages linked to itself.
Just an example of how a very simple thing can have so many consequences in such a complex structure.
Now multiply that by 100 million – the number of photos uploaded to Facebook everyday.
It’s no wonder they’re losing some of that information…[Symantec via Mediapost]