There is the undeniable fact that Facebook has an incentive to publicize as much as they possibly can about your life: the more I can learn about you through Facebook, the more I'm going to use Facebook, since that's kind of the whole point of it. And furthermore, the more they share with their app developers, Instant Personalization partners, and advertisers, the more that those partners are going to get out of the deal. This is why, not only are the directions that information can travel being multiplied, but the default settings for those channels are made more and more permissive. I don't know for sure, but I suspect that if you create a new Facebook account today, your photos, friends, email address, phone number, and wall would all be visible to the world by default. Instant Personalization was enabled without asking you beforehand, which meant that if you visited Facebook even once after I.P. was rolled out without paying too much attention, and then went to Yelp, Yelp now knows everything there is to know about you. Remember, The Cloud never forgets.
This increasing permissiveness comes as a nasty surprise for those of us who have been members since the service was closed to the public. Back in 2004, only people at your school could see some of your information by default, though you'd show up in other schools' search results. People are so riled up that even Congress has started getting up in arms about it. So what can humble you and me do?
Now, I've been thinking about this problem for a little while. At the same time, I've recently become convinced that, as an environmentalist, I shouldn't buy conventional food. This swing comes after watching Food, Inc., along with incessant pestering by Annie, who's recently read The Omnivore's Dilemma. But I'm not here to proselytize – this has something to do with privacy.
Ever since the USDA decided on a formal definition of "organic," a whole industry has popped up to certify organic foods. I can look at the label of an organic food box and see that such-and-such a company applied their standards to such-and-such a producer. But it's not just organic foods: if a particular group of people decides that it's important that coffee be "fair trade," or "shade grown," or whatever, they can start a certification agency to verify that certain coffee holds up to their standards. Though there are shortcomings, this system has worked in the food industry fairly well.
A similar certification system could be applied to sites that have a user account infrastructure. If I navigate to Orkut, and I see "Privacy Protected by Alex Certification" in the bottom right corner, I can be sure that whatever "Alex Certified" means applies to this site. They could lift the image from another site, but there are ways to deal with that as well, such as a verifier on the real Alex Certification site.
Therefore I propose a certification agency for privacy on the internet. It would guarantee several things:
- Whenever a new feature shares information about you, by default it can't share that information with people you aren't connected to already,
- No information is shared with other entities (websites, corporations, advertisers, etc.) without your explicit consent,
- No information is collected about your behavior on unrelated sites without your explicit consent (see this terrifying bit about the Facebook "Like" button you see everywhere, and which sees you too),
- Any changes in the privacy policy would be publicized,
- You always have the option to delete your account, and all information about you will be deleted from any servers they control within 90 days.
Meanwhile, I think I'll be transitioning over to Flickr, this blog, and my personal website over the next few weeks, and off of Facebook. Google has had their own set of issues, but unlike Facebook I feel that the people working at Google are truly well-intentioned about most of the important aspects of privacy. And if things get too hairy here, I can just move to a Wordpress install I control.