Can We Get Some Privacy?

Users hate Facebook’s approach to personal information. They’ll get over it.

Any minute now, expect a letter from Mark Zuckerberg. “We really messed this one up,” the Facebook CEO might declare on the company blog. He’ll go on to explain that while the company remains proud of its new tools that allow users to share information more freely, Facebook “missed the right balance” this time. Then he’ll promise to make a couple of immediate changes to mollify aggrieved members. He’ll also concede that Facebook needs to come up with a better way for people to manage their privacy setting, and he’ll ask us all to be patient while the site works through the problems. “We’re going to continue to improve Facebook, and we want you to be part of that process,” he’ll say. He’ll close by offering his sincerest apologies, and he’ll commit to doing better next time: “I’m looking forward to reading your input.”

How can I be so sure? Because this has happened before. Not just once, either. Facebook’s history mirrors that of other imperialist states—frequent periods of radical expansion, followed by intense conflict, grudging acceptance, and then full-throated proletarian enthusiasm. In moments like this one—when tech luminaries are slamming Facebook for flagrantly disregarding users’ privacy—it’s that last point that tends to be purged from our memories. It’s undeniable, though, that every previous imbroglio has ended the same way: We all shrug our shoulders, consider the problem fixed, and go back to goofing off on Facebook.

The latest mess started last month, when the social network unveiled a program to let developers and third-party sites connect with user profiles. One part of the plan, called “instant personalization,” will let three sites—Pandora, Yelp, and Microsoft Docs—look at your profile information so that you can have a “personalized” experience the first time you visit those pages (for example, Pandora will play music you like based on your Facebook profile). Every Facebook user automatically has instant personalization turned on—if you don’t actively turn it off, your profile will get shared. (Facebook describes the project as an experiment; a spokeswoman told me that the company will inform users as new sites are added to the instant personalization program.)

Facebook also pushed users to publicly declare their affiliations: employer, hometown, interests, and other biographical information. These changes followed December’s “improvement” to Facebook’s privacy settings page that encouraged people to make many parts of their pages public—the site’s new settings page preselected loose controls over many categories of information. If you didn’t want your posts made public by default, you had to check to keep your “old settings”; if you missed that part, you could have inadvertently made all your posts available to everyone online. Sure, Facebook offers lots and lots of ways for people to control these settings, but you’d need months of study to be able to understand all of the fine-grained tweaks.

Zuckerberg launched Facebook in 2004 as a social network for students at Harvard. The site’s ambitions have steadily increased: In short order, it expanded to Stanford, Columbia, and Yale; then to the full Ivy League; then to colleges everywhere; then to everyone online; and finally, over the last few years, it’s grown beyond, with Like and Connect buttons flooding sites across the Web. Over the same time, Facebook has added tools to let people share more stuff on the site, and it has loosened its policies governing the privacy of that information, making more of your information available to more people by default.

Each of these expansions was met with fierce grumbling, occasionally prompting a mea culpa letter from Zuckerberg. But never, in that time, did Zuckerberg backtrack from his general aim of pushing users to share more stuff more often, and Facebook never paid a price for it. Indeed, the numbers tell the opposite story—Facebook’s gradual erosion of privacy correlates precisely with growing activity on the site. Facebook now has more than 400 million members, and it is the most-visited Web site in the country. The looser the rules, the more we use it. Facebook’s executives naturally take this as confirmation that their changes were a good idea. And then, once we’ve become comfortable with the social network’s latest settings, they decide to change their policies once again—and the same drama unfolds once more.

Some tech observers insist that Facebook has really done it this time. “You can only screw people for so long before it catches up to you,” Web entrepreneur Jason Calacanis warned Zuckerberg in a recent blog post. “Facebook’s Gone Rogue; It’s Time for an Open Alternative,” Wired declared over the weekend. Both posts call for techies to come together to devise a new social network that will give people more control over their own information. Many have high hopes for a project called Diaspora*, which describes itself as “the privacy aware, personally controlled, do-it-all distributed open source social network.” Diaspora* aims to tack against the centralized control of Facebook by letting people set up their own “nodes” to store their private information.

Facebook CEO Mark Zuckerberg

It’s tempting to see Diaspora* as an evolutionary step in social networking—the BitTorrent to Facebook’s Napster—but I doubt it will ever take off. First, it’s too complicated. If people are flummoxed by Facebook’s privacy controls—if, indeed, lots of Facebook members don’t even understand the address bar on a Web browser and get to the site mainly by searching for “Facebook” in Google —how can we expect them to maintain their own private repository of information? Sure, some people will do that, but the most valuable social network will always be the one with the most people. How valuable will Diaspora* be if it attracts only sysadmins?

The larger difficulty in building a privacy-respecting social network is that such a thing is close to an oxymoron. People want to share stuff. Not only that, they want to share stuff without any hassles. Facebook has been far from perfect on privacy, and I’m sure that dollar signs have a lot to do with its woeful record. But Facebook is looking at other numbers, too. Its own growth rate proves that people care much less about privacy than the anti-Facebook crowd seems to believe.

“People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people,” Zuckerberg said earlier this year. “That social norm is just something that has evolved over time.” He’s absolutely right. Last week, gadget blogger Peter Rojas announced that he’s quitting Facebook because he was “tired of not having real control over what I’m sharing.” Where did he announce this? On Twitter, a social network that is growing meteorically—and whose privacy controls amount to a single opt-in checkbox. Also consider the rise of sites like Foursquare, where people publish a history of their physical location to everyone they know.

While Zuckerberg is spot-on when it comes to the Web’s macro, share-more trends, he’s gotten all of the little things wrong. Facebook could and should do a lot better on privacy. In particular, I’d urge it to introduce preset privacy levels. You should be able to go to your privacy settings and see one big dial that lets you choose one of five levels between “private” and “public.” This setting would govern your entire profile; the more public you set the dial, the more you’ll share with more people. By default, the dial would be somewhere in the middle, but you’d be able to shift it up or down at any time. You’d still be able to adjust more specific controls—you could set your profile to “public” but allow only close friends to see pictures of your kid—but few of us would ever need to.

But Facebook shouldn’t stop there—besides adding one big control, it should also promise to honor those controls in the future. The most frustrating thing about Facebook’s privacy policy is that it’s always changing. You used to be able to keep your profile picture private; that’s no longer an option. You also used to be able to declare your interests without being “connected” to a Facebook page about that interest—now you can’t. Things like this should never happen. Instead, if you’ve set your profile to remain “semi-private,” all of the site’s changes going forward should respect that choice. If Facebook introduces some brand new option like instant personalization, it should notify you of that change on your home page—but it shouldn’t connect you automatically, because that wouldn’t be in keeping with your stated intention of remaining “semi-private.” If, on the other hand, you selected “public” for your profile, Facebook would be free to connect you to Yelp.

I hope Facebook makes these changes and recognizes the importance of giving its users permanent control over their profiles. Still, I don’t think any privacy tweaks will stem the trend of people wanting to share their personal information on the Web. We’re all pushing the dial toward “public” whether Facebook pushes us there or not.

Become a fan of Slate  and  Farhad Manjoo  on Facebook. Follow us on Twitter.