[Infowarrior] - Facebook v. Gmail: What they know about you and whom they’re telling

Richard Forno rforno at infowarrior.org
Sun Nov 7 21:54:46 CST 2010


Facebook v. Gmail: What they know about you and whom they’re telling

On November 7, 2010, in Privacy: Who Can You Trust?, by Nicki C

http://www.yalelawtech.org/privacy-who-can-you-trust/facebook-v-gmail-what-they-know-about-you-and-whom-they%E2%80%99re-telling/

It’s now common knowledge that Facebook has been less than perfect in terms of protecting its users’ privacy. But do people really know how unprotected they are? Do you? A comparison with Gmail’s privacy policy reveals stark differences and illustrates how a site with similar functionality can respect users’ privacy.

While Gmail and Facebook obviously don’t share exactly the same purpose (as Facebook is primarily a social networking tool and Gmail is primarily an email provider), there is, in fact, much overlap. Facebook has private message exchanges, Gmail has contact lists and Google Buzz, and both have an online chat function and current status update capabilities. Thus it is both useful and meaningful to compare the privacy policies of the two sites.

First, Facebook and Gmail differ in what extraneous information they collect. Facebook collects information “about your browser type, location, and IP address, as well as the pages you visit (emphasis added).” Gmail does not collect information on what pages you visit, but instead, limits its collection to relevant information such as IP address, browser type and language. At the risk of sounding biased, I ask you to consider what nefarious reason Facebook has for collecting information on what other sites you visit and what they are doing with this seemingly irrelevant information. They can get quite enough information for targeted advertisements from your listed interests and activities, as well as from your general information (age, location, gender, etc). (As a side note, although Google took some heat for supposed privacy violations in Google Buzz, this application had to be opted-in, and has since been updated to a better policy, and thus stands apart from the default and continuing privacy issues of Facebook.)

Second, the sites’ policies differ in scope. Both sites involve third party applications or affiliated sites. Whereas information provided to affiliated Google Services on other sites falls under Gmail’s privacy policy, information provided to popular third party applications on Facebook (even those pre-approved by Facebook) is subject to those applications’ privacy policies, which, as you can imagine, may not be all that respectful of your privacy.

Third, a friend’s settings on Facebook can affect the leakage of your private information:  “If your friend connects with an application or website, it will be able to access your name, profile picture, gender, user ID, and information you have shared with ‘everyone.’”  In Gmail, a contact’s privacy settings have no effect on your information.

Finally, there are various reasons why privacy on Facebook is worse than on Gmail in terms of Facebook-specific activities. If a friend on Facebooktags you in a photo or video or at a place, you can remove the tag, or you can limit who can see that you have been tagged on your profile, but you cannot prevent the person from tagging you in the first place. If they publish the tagged media to their news feed (which is often the default option), many people will likely see the offending picture/video/location before you get the chance to remove the tag yourself.

Another issue deals with Facebook’s default privacy settings. These settings allow “social ads” to use your picture in advertisements that your friends see, unless you opt-out. Gmail has no such egregious misuse of your information. Similarly, Facebook may store information about a payment source account that you use for transactions on Facebook (such as buying a virtual gift for a friend’s birthday). Again, Gmail does not store your bank account information. (While no analog features to social ads and virtual gifts currently exist in Gmail, they easily could be implemented, but tellingly, haven’t been).

There have also been issues with breaches in Facebook’s already lenient policy. Such leaks may allow apps to sell your information to ad companies and to track your online behavior. As many people still consider the Web a place that makes anonymity possible, this online footprint may leave you feeling unsettled and a little creeped out. The fact that a company such as Rapleaf may have been tracking you through Facebook, compiling information on you and selling your information should make you reconsider how anonymous you think your online activity, especially on Facebook, really is. For example, some political campaigns may buy information from Rapleaf (including voter-registration files, shopping history, social-networking activity, real estate records, and your name and email) to better target their demographic.

Remember when people were really upset by the lack of privacy of the then-new Facebook mini-feed? It seems we’ve been desensitized to this particular invasion of privacy. Let’s not continue this apathetic trend to the point where Big Brother can convict us of google search crimes (thoughtcrimes of the digital age).


More information about the Infowarrior mailing list