Facebook Open Graph: What it Means for Privacy
At Facebook’s F8 Developer Conference today, the company fleshed out its plans to become the social center of the web. With the new Open Graph API and protocol and the ability to integrate websites and web apps within your existing social network, the platform will become more robust than ever before.
The potential for this new technology is great — which is why partners like Yelp (
), Pandora (
) and Microsoft have already jumped on board. But what does all of this interconnected data mean for user privacy?
Now that sites and apps can better integrate directly with Facebook (
) in more than just a tangential way, the potential for privacy issues grows substantially.
What Is Changing?
In the past, apps that accessed data from the Facebook APIs could only store that data for 24 hours. This meant that apps and app developers would have to download user information day after day, just to keep up with the policy. Now the data storage restriction is gone, so if you tell an app it can store your data, it can keep it without worrying about what was basically an arbitrary technical hurdle.
While this might sound scary, it doesn’t actually impact how developers can use user data, just how long they can store it. Again, many developers were just hacking around this policy anyway, so users shouldn’t notice any changes.
Facebook is also getting rid of its Facebook Connect branding. Instead, Facebook login modules will be available to site owners, and users can not only log in or sign up for a service, but can also see how many of their friends have also signed up for the site.
Now, this new feature is cool — as is the universal Likes and customized content additions — but it also makes what you designate as “public” potentially more public.
While the login boxes and activity feeds that appear on websites will be customized for each user (meaning that what I see on a page will differ from what fellow reporter Jenn Van Grove sees), this information is potentially more easily viewable than it was before. It’s not like your Facebook friends couldn’t see this information in the past, it’s just now a lot more contextual and available in more places.
Privacy Will Become the User’s Responsibility
I took a look at the different documentations of the Open Graph API and the different social plugins, and gathered that the data collection and overall privacy settings don’t differ from what has already been available. Again, what changes is how that data can be displayed to different people and how it can be integrated in different ways.
Nevertheless, it is imperative that users who have concerns about privacy make sure they read and understand what information they are making available to applications before using them. Users need to be aware that when they “Like” an article on CNN, that “Like” may show up on a customized view that their friends see.
Public no longer means “public on Facebook,” it means “public in the Facebook ecosystem.” Some companies, like Pandora, are going to go to great lengths to allow users to separate or opt out of linking their Pandora and Facebook accounts together, but users can’t expect all apps and sites to take that approach. My advice to you: Be aware of your privacy settings.
What isn’t yet clear is if there will be any granular permissions for public data. For instance, I might want to share that I “Like” a CNN.com article with a certain group of people, but not make it public to my entire social graph. For now, users need to assume that if you do something that is considered public, that action can potentially end up on a customized stream for everyone in your social graph.
How Facebook Can Avoid Getting Burned
Because there aren’t really any changes in policy with the Open Graph system, Facebook will likely avoid any massive privacy violations; after all, if you agreed to make something public, it’s public. However, as Google learned with Google Buzz, users aren’t always aware of their default privacy settings.
Facebook can offset a lot of confusion and concern by doing a good job of educating users about the meaning of “public” and how the personalized feeds will work on various websites.
Developers can also help by making what information they collect and what information can be shared throughout the social graph more accessible and easier to understand.
Right now, it really doesn’t look like Open Graph will have any technical changes to Facebook user privacy. That said, the nature of how public information can be linked across different sites is now more robust, which makes it that much more important for the privacy-concerned to read the fine print.
What do you think of the privacy implications with Open Graph? Let us know!