It’s Not All Facebook’s Fault

You’re as much to blame for the site’s privacy woes as Mark Zuckerberg.

Facebook CEO Mark Zuckerberg
Facebook CEO Mark Zuckerberg

Photograph Kimihiro Hoshino/AFP/Getty Images.

Mark Zuckerberg wants you to know that Facebook has reformed. In the latest installment of his recurring series of apologetic blog entries, Facebook’s founder says that while the social network has always tried to protect its users’ privacy, it has “made a bunch of mistakes” along the way.

Over the last year and a half, he explains, the company has instituted several useful privacy features. Now, for instance, you can control who gets to see each individual item you post at the moment you post it. Facebook has also improved its methods for sharing items with subsets of friends—confusingly, the two methods are called Groups and Lists—and it has made its privacy settings panel slightly less confusing than it’s been in the past. As of this week, Facebook is going even further: As part of a settlement with the Federal Trade Commission—the FTC charged the social network with “deceiv[ing] consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public”—the company has agreed to institute a series of new internal controls. The settlement also requires Facebook to obtain a clean privacy bill of health from independent third-party auditors every two years, a requirement that will stay in place for the next two decades.

Facebook’s settlement with the FTC—which is similar to agreements that both Twitter and Google signed with the agency after their own privacy flare-ups—seems like a promising step for the company. The most obvious benefit for users is that Facebook will now have a rigorous process by which to examine the privacy implications of every new product or feature it rolls out. Zuckerberg says that he’s appointed two senior privacy officers to oversee the company’s commitments to the FTC. This will mark a change from the past, when Facebook’s attitude toward privacy seemed to be to act first and apologize later. There was a logical, if cynical, rationale for that approach: Though we all moaned over the company’s privacy violations, few of us ever made good on our vows to quit the site for good. Now, with the government watching everything it does, Facebook will have to be more careful.

But don’t expect Facebook’s deal with the government to turn the site into a safe haven for your private thoughts and photos. Facebook will never be “private”—indeed, the very idea of making Facebook a more private place borders on the oxymoronic, a bit like expecting modesty at a strip club. I’m all for Facebook giving us more ways to retain control over what we post on the site. At the same time, I suspect that we expect more from the site vis-à-vis privacy than it can ever hope to deliver. Yes, Facebook has made some boneheaded privacy transgressions over the years. But the problem isn’t only Facebook—it’s also our misguided idea that we can control the audience for anything we post online. The entire point of Facebook is to allow us to connect and share stuff. It is thus, by its very nature, one of the most intrusive technologies ever built—and, for better or worse, we’re stuck with it.

This might seem obvious: Facebook is on the Internet, and the Internet’s main function is to distribute information—of course Facebook can’t be private. That photo you just shared with “friends only”? Not only is it now stored on dozens of Facebook servers across the planet, but it has also lodged itself into each of your friends’ browser caches. What’s more, any of your “friends” is free to grab a screenshot of your image and spread it to the wider world. At best, then, the “privacy controls” on Facebook (or Google+, for that matter) should be regarded as aspirational, the most optimistic scenario for your data. Friends only, hopefully.

I don’t think most Facebook users have internalized how leaky the site can be. At “Manners for the Digital Age,” the podcast that I co-host with my Slate colleague Emily Yoffe, we get Facebook privacy questions every day. A lot of listeners seem to be looking for a kind of privacy silver bullet—a foolproof way to keep their co-workers out of their Facebook profile, say. These people fundamentally misunderstand Facebook. The only sure way to keep something private on Facebook is not to post it to Facebook.

Mark Zuckerberg would never acknowledge this, but I think it will ultimately benefit both his site and its users if we adjusted our expectations about “privacy” there. You should approach Facebook as cautiously as you would approach your open bedroom window. However restrictive your privacy controls, you should imagine that everything that you post on Facebook will be available for public consumption forever. If you follow this simple rule, you’ll never be blindsided.

Yes, anticipating the worst-case scenario of everything is kind of paranoid and more than a little frustrating. All you wanted to do was share pictures of your birthday dinner with a few friends—should you really have to think three times about the long-term implications of something so small?

Yes, you should. Facebook is a powerful tool, and the reason that so many people slip up on the site is that we fail to appreciate its power. It’s time we all started taking it a bit more seriously. Sharing is fun. But if you don’t plan on sharing with everyone, don’t bother.