4th February, 2010
There was an interesting post on TechCrunch recently on how the default privacy settings on the web seem to have migrated from “private” (like Facebook’s old privacy rules, which were very strict) to “public” (a la Twitter, where your content is open by default).
Working in a position like mine, where I get to see a lot of the ins and outs of how people use and expect social networks to behave, it is astounding to see some of the complete misunderstandings that happen regarding where user’s data can go.
I’d like to take a quick look at how these privacy rules have changed, and why I’m certain most people don’t understand what their data can actually be used for.
Believe it or not, Facebook’s original security policies were extremely strict. Even when I joined “only” 3 and a half years ago, you could only see extremely limited information on people unless you were a direct friend of them.
Before that, it was even more draconian, with people only being able to sign up and join the network for a particular set of colleges if they could prove that they were from that college in the US (i.e. with their e-mail address).
Since then, however, Facebook’s privacy rules have become a mangled mess of confusing, often over-complicated, and frequently baffling policies which seem to let you have access to pretty much anyone, one way or another.
Since the day it was conceived, Twitter was always going to be open by default - what’s the point in broadcasting to the world if only a few people can see it, right?
And the limitation of profiles to “Protected”, where only your followers can see your tweets, has been low on the uptake across the general user base.
But it is clear that some people don’t understand that everything they post is public content. It even says so in the Twitter Terms of Service, which you agree to upon signing up: “What you say on Twitter may be viewed all around the world instantly. You are what you Tweet!”. And that’s not the half of it.
I surprised one of my friends who was new to Twitter by showing just how they data that you provide to Twitter is used. For example, Twitter provides your user profile data through the API (so long as your tweets are public), so services that you have never even heard of can generate profile pages for you when they find something you tweet through the API.
Of course there is always the off switch for these, but I don’t think most people realise just how this can be used.
The major thing that I always take away from stories like these is simple: always read the fine print to know what you are getting yourself in to.
As that probably isn’t going to happen, at least try and get a firm grip of what the service you are using is doing with your data. Ignorance is bliss, as they say, but one day it will come round and sting you.
But lastly, don’t forget to have a bit of fun. That’s what it’s all about, right?