The more and more I’ve started to think about it, Facebook’s applications are an exercise in personal information anarchy.

One evening at a bar, we were joking with my friends that it would be quite trivial to make an application to Facebook called “How sexy is your social security number?”, which would compare your SSN, bank account and other personal information in a “fun” way with those entered in to the application by your friends. The strangest thing about this is that this would most likely be in accordance of all Facebook’s privacy terms.

Couple of days ago I was quite surprised to see when my friend showed me how hot, geeky and so on I was ranked by, I suppose, my friends. The problem is that I’ve never used or ever given any permission for this application to use my profile picture or my name.

I’m pretty sure that in any European country, this would be illegal. Conveniently Facebook is located in USA, where privacy is somewhat looser.

I’ve not given my permission to these people or these corporation and their applications to use my picture or my name. Yet, because they discard any business ethics in their pursue of Google Adwords income, they cannot respect any privacy conventions. If people cannot compare all their friends (users or not of that comparison app) they will not use that application. There has to be enough information in the application for people to be interested in using it.

Because I do not use these apps, I cannot set any privacy settings in my profile. In their Privacy Policy, Facebook states that “If you, your friends, or members of your network use any third-party applications developed using the Facebook Platform (“Platform Applications”), those Platform Applications may access and share certain information about you with others in accordance with your privacy settings”. Yet, because I don’t have those applications added, I cannot control that use of my information. Facebook washes its hands by saying that “while we have undertaken contractual and technical steps to restrict possible misuse of such information by such Platform Developers, we of course cannot and do not guarantee that all Platform Developers will abide by such agreements”. This is quite similar to the defence YouTube uses when defending all the material on their site. Thanks to DMCA’s safe harbour sections, they can easily claim that they can’t be held responsible for their users actions. I don’t believe Facebook has the same defense against their third-party application developers pimping out people’s private data without their consent – their friend’s consent doesn’t count. They can use DMCA in their defense when people upload photos of featuring other people (identifiable) without the latters’ permission (which happens, well, all the time) – but even in this case Facebook goes so far as encouraging identifying people with their photo-person-tagging function.

As a citizen of a country with quite strict privacy laws, I find it rather strange that there’s an application on Facebook where people can rank certain aspects of me without me knowing about it. Even though I’m a blogger on Tech IT Easy, the premier tech blog, I have quite a broad rights to privacy (ie. I’m not a public person). In Facebook, I’ve understood that this means that applications that I’ve not given direct permission to use my personal information (like name and profile picture) cannot use them. I think it’s not enough that Facebook tells that they’re not abusing my data, when they can’t make any assurance of their third-party applications.

I’ve not given (or to my knowledge, neither has my profile picture’s photographer) rights for these applications to use my picture, which clearly identifies me. Yes, Some Comparison Application, Inc. might pull that image from Facebook’s database, but they do not have the right to use it in their context, without my explicit permission. The point that this information is only shown to people I’ve flagged as my friends who could anyway see my picture on my profile page does not count. You can take a look at the information any Facebook Platform application can get about you if your friend happens to use that application. As Facebook tells in their privacy terms, they make no guarantees what their thrid-party developers do with your information they got through your friend. (Your friend may have waived his rights to privacy by agreeing to some stupid EULA to get his/her hands on new smileys, but his/her agreement does not extend to you, or me in this case.)

I can clearly understand why any developer would like to code his Facebook application in this way. It’s far easier to gain the needed critical mass when most of your users are part of your application without knowing it. I find this morally at least questionable. I don’t know about the culture in USA, but at least in Finnish context, I find many of the uses of my personal information outside my control in Facebook quite offensive.

As I see it, a third-party application could only call users.getInfo on me if I had the application added myself (e.g. friends.getAppUsers, users.isAppAdded or users.hasAppPermission). This of course would be a major restriction on the Facebook ecosystem as it is today for the reasons I’ve mentioned above. Right now, this restriction is left on the shoulders of the developer. And, right now, the developers seem to use those functions only to find the users’ friends who dot not have this developer’s application added and to bombard them with invites.

When I last visited my school’s library, I noticed that in the textbook section, the shelves were full of international marketing books, but there were only couple of books titled business ethics. Is it really okay to pimp other people’s private data without their consent?

Like

Unlike