Reading Facebook’s Privacy Policy

Facebook says it is trying to make its privacy policy easier to understand: “We’re working on communicating about privacy in a simpler, more interactive way. Let us know what you think by commenting here. This isn’t our official privacy policy, which can be found here.”

If you’re like me, you interpret that statement to mean: “Here is our intentionally misleading, propagandized version of our privacy policy to encourage you not to worry about it; if you really want a better sense of what we are up to, read the actual privacy policy.”

I then when ahead and did that. Here are a few of the things that jumped out at me:


Content. One of the primary reasons people use Facebook is to share content with others. Examples include when you update your status, upload or take a photo, upload or record a video, share a link, create an event or a group, make a comment, write something on someone’s Wall, write a note, or send someone a message. If you do not want us to store metadata associated with content you share on Facebook (such as photos), please remove the metadata before uploading the content.

Facebook hopes to make content tools of us all; it assumes that by signing up, you intend to volunteer to create the material for its multitude of personalized quasi-newspapers it delivers and whose ad space it is eager to sell. Notice that the company doesn’t offer to strip your content of its often hidden metadata through its uploading tools. It prefers to leave the burden of protecting your privacy entirely with you. That is the overriding ideology of the company: default the users into unexpected levels of exposure and require them to claw back privacy incrementally on an ever-shifting set of data fronts. Facebook behaves as though you are volunteering the metadata to share it with friends, though if I understand rightly how metadata in images works, friends will that metadata will not be shared with your friends in Facebook.


Transactional Information. We may retain the details of transactions or payments you make on Facebook. If you do not want us to store your payment source account number, you can remove it using your payments page.

Facebook functions as a broker, facilitating an exchange between two other parties, and like all brokers seeks to maximize its cut. Retaining the data is part of that, so it can do more brokering down the line. What’s disingenuous here is not only that Facebook tends to masquerade as a neutral medium for exchange rather than a broker, but that it offers language that seems to promise users a chance to opt-out but is actually only a notice that it can’t keep your account numbers without permission (which is granted by default).


Access Device and Browser Information. When you access Facebook from a computer, mobile phone, or other device, we may collect information from that device about your browser type, location, and IP address, as well as the pages you visit.

Does this mean that when you are logged on to Facebook, they collect data on what other websites you go to, or just what Facebook pages you visit? Not sure why I am astonished by the possibility that they track everything; I suppose Google does the same thing when one is logged in to Gmail unless you take action to prevent it. I just don’t think many people think that when they log in to some service on some particular page, their consent to is not limited to that page. If Do Not Track features were standard and on by default in browsers, it would probably better match people’s assumptions about what is happening to them and their data online.


Facebook Platform. We do not own or operate the applications or websites that you use through Facebook Platform (such as games and utilities). Whenever you connect with a Platform application or website, we will receive information from them, including information about actions you take. In some cases, in order to personalize the process of connecting, we may receive a limited amount of information even before you connect with the application or website.

Just a reminder that whatever you do through Facebook ultimately belongs to Facebook, and anything that you do will be used to further “personalize” (i.e. attempt to monetize) your experience on the site.


Information from other websites. We may institute programs with advertising partners and other websites in which they share information with us:

* We may receive information about whether or not you’ve seen or interacted with certain ads on other sites in order to measure the effectiveness of those ads.

Again, your Facebook experience is not delimited to the Facebook tab in your browser. Once you log in, what you do in your browser all can be reported to Facebook. If you click on any ads while logged on, what Facebook generates for you will be changed according to what they think will lead to more adverting interaction.


Name and Profile Picture. Facebook is designed to make it easy for you to find and connect with others. For this reason, your name and profile picture do not have privacy settings.

This makes some sense. Don’t sign up for Facebook if you don’t intend to be accessible. But it seems strange that there are no intermediate settings between “on Facebook” and “not on Facebook at all.” And not having a profile page at all is apt to seem more and more suspicious in an era when employers routinely investigate Facebook profiles in making hiring decisions. Facebook probably does this to encourage people to see their Facebook log-in as their one true online identity repository.


Other. Here are some other things to remember:

* Some of the content you share and the actions you take will show up on your friends’ home pages and other pages they visit.

* If another user tags you in a photo or video or at a place, you can remove the tag. You can also limit who can see that you have been tagged on your profile from your privacy settings.

* Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users.

* You understand that information might be reshared or copied by other users.

* Certain types of communications that you send to other users cannot be removed, such as messages.

* When you post information on another user’s profile or comment on another user’s post, that information will be subject to the other user’s privacy settings.

* If you use an external source to publish information to Facebook (such as a mobile application or a Connect site), you should check the privacy setting for that post, as it is set by that external source.

This is a pretty good list of things to “remember,” but I’m not sure why, then, they are buried in small type on the privacy-policy statement on a page that most Facebook users will never look at.


“Everyone” Information. Information set to “everyone” is publicly available information, just like your name, profile picture, and connections. Such information may, for example, be accessed by everyone on the Internet (including people not logged into Facebook), be indexed by third party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations.

I didn’t know this. I thought “Everyone” meant everyone who was logged in to Facebook. Not surprised to see that Facebook will make free use of this information; somewhat surprised that it is willing to let anyone else do so. Anything posted as “Everyone information” even for a moment is fair game permanently for redistribution online, as Facebook takes no responsibility and has “no control over its use outside of Facebook.”


5. How We Use Your Information

To serve social ads. We occasionally pair advertisements we serve with relevant information we have about you and your friends to make advertisements more interesting and more tailored to you and your friends. For example, if you connect with your favorite band’s page, we may display your name and profile photo next to an advertisement for that page that is displayed to your friends. We only share the personally identifiable information visible in the social ad with the friend who can see the ad. You can opt out of having your information used in social ads on this help page.

I think this is really messed up, that you can be turned into a shill for a product without necessarily knowing it. Facebook seems to assume that if you merely mention some product, you are equally willing to associate yourself with that brand and stake your reputation on it. That’s nuts.

10. Lastly, the privacy policy, despite an elaborate system of ersatz democracy, can be changed at any time for “administrative reasons” as this explanation (to be found on yet another page full of boilerplate, the Statement of Rights and Responsibilities:


1. We can change this Statement if we provide you notice (by posting the change on the Facebook Site Governance Page) and an opportunity to comment. To get notice of any future changes to this Statement, visit our Facebook Site Governance Page and become a fan.

2. For changes to sections 7, 8, 9, and 11 (sections relating to payments, application developers, website operators, and advertisers), we will give you a minimum of three days notice. For all other changes we will give you a minimum of seven days notice. All such comments must be made on the Facebook Site Governance Page.

3. If more than 7,000 users comment on the proposed change, we will also give you the opportunity to participate in a vote in which you will be provided alternatives. The vote shall be binding on us if more than 30% of all active registered users as of the date of the notice vote.

4. We can make changes for legal or administrative reasons, or to correct an inaccurate statement, upon notice without opportunity to comment.