path: root/essays/social-networking.mdwn

<!--#set var="title" value="On Facebook, Google+, and Ethical Social Networking"
-->
<!--#include virtual="/includes/header.html" -->

TO COME: An introduction and a section on Google+.

The Ethics of Facebook
======================

Facebook shares their users' personal information with third parties.  They use
mere Web site design changes as an excuse to revert users' privacy settings to
unsafe defaults.  Their social platform has huge security holes that allow
personal information to be leaked.  One such hole made some users' private chats
accessible to all of their contacts.  Facebook also exposes users to malware and
identity theft. [1]  They make it easy for application developers to collect
personal information. [2]  The Wall Street Journal found that these application
developers collect this personal information, link it with other information,
and sell it to others. [3]

In general, Facebook has always operated on an opt-out basis.  In some cases,
you can actually disable third-party access to your information.  But you must
always be on the lookout for new "features" or changes to privacy settings.
Facebook always changes the way it collects information, and it catches many
people unaware.  But it's impossible to opt out of things you don't even know
about.  Recently, Facebook added a feature they call "tag suggestions".  If you
have photos on your profile, Facebook can pick out people's faces and suggest
names for them.  This may sound useful, but it's the tip of an almost
nightmarish ethics iceberg in information systems.  Facebook uses facial
recognition software to make this work; they scan already-tagged photos and
record distinguishing facial features and then find photos with similar faces
and give them names.  They maintain a database of people's facial features.
They never notified anyone about this database.  They never asked users if they
could record this information.  Instead, of course, they made it an opt-out
feature; you have to explicitly disable this hidden feature to keep your facial
information out of the database.  This new feature has even sparked an
investigation by the European Union. [4][5]  But just imagine what Facebook
could do with this information (and consider their track record with personal
information).  I suspect they may soon start selling facial data to other
companies, law enforcement agencies, and oppressive governments (I've heard that
the U.K. once used video camera footage to locate and arrest protesters, so
imagine what they could do with facial data).

Basically, Facebook is a business.  And you are not their customer.  You are
their product.  They are, in fact, selling their products to advertisers.  That
is, they use a person's face (without getting permission and without paying
anything) to advertise things to that person's friends.  Claim to like
something, and you've given a product endorsement at a price advertising
agencies would love. [6]

And they also seem to like selling out their users to governments and limiting
what their users can read and say.  After their recent collaboration with
Chinese partners, the Facebook platform was allowed into China under political
censorship.  At the time, Facebook lobbyist Adam Conner remarked, "we're
allowing too much, maybe, free speech". [7][8]  The Associated Press reported
last month that Facebook sold out hundreds of peaceful pro-Palestinian activists
who had been organizing events through the social platform.  Facebook allowed
governments to track its users' activities.  As a result, more than 300 peaceful
activists were added to airline terrorism watch lists and denied the right to
leave their countries.  International air travel was disrupted as planes from
Geneva and Italy were diverted for security inspections.  310 people were
detained after landing in Israel on their way to stand with Palestinians in a
peaceful mission of solidarity and fact-finding. [9][10]  Imagine what might
have happened if Facebook (and widespread publicly-accessible computer networks
for that matter) existed during the civil rights movement.  Would there be
racial equality in the United States today?  Or would peaceful protesters
organizing events have been sold out and arrested before they could even meet?

But it seems you don't even have to use Facebook to get tracked by Facebook.
Everyone who sees a "Like" button somewhere on the Web (as I'm sure you have)
can be tracked.  Facebook has the ability to map out the browsing behavior of a
massive number (a number that grows by tens of millions each month) of Web
users, even those who don't use Facebook. [11]  Again, imagine what they could
do with such vast amounts of information.

Things like these gaping holes in privacy, devious information collection
practices, abuse of users, censorship, and tracking inspired Matt Lee, campaigns
manager, and John Sullivan, executive director, of the Free Software Foundation
to write about Facebook's poor track record with privacy and create rather
amusing "Dislike" and "not f'd" buttons. [12]

Ethical Social Networking
=========================

TODO: Move characteristic four into a note somewhere, as it is rare for a
service provider to attempt to claim copyright on user-submitted works.  Also,
refer to the Franklin Street Statement.

But social networking is not inherently evil.  You can connect with old friends
and discover new ones without sacrificing privacy, security, autonomy, and
freedom.  You just have to be careful about the platforms you use.  I've
identified four basic characteristics that a social networking platform must
have for it to be an ethical one that doesn't abuse its users.  The first two
characteristics are universal; all viable platforms, whether running on your own
computer or hosted by a service provider, must have these.  The last two apply
only if you choose to use a platform that is run by someone else as a service.

1.  Software freedom.  You must be free to use the software that powers
    the social networking platform on your own computer without
    restrictions.  You must be free to inspect the software and modify
    it.  You must be free to share the software with others, with or
    without modifications.  With these freedoms, you have full control
    over your social networking and you can decide who has access to
    which personal information.  Without these freedoms, only the
    developer can decide what the software does, and you may not even
    be allowed to know what it does to you.
2.  Federation.  You must be able to run the software on your own
    computer and still be able to communicate with other people using
    other copies of the software.  If the software has protocols for
    communication between users across multiple installations, then the
    software is federated.  For example, e-mail is federated; you can
    run your own mail server and still send mail to other people who
    use other servers.  This is because all standards-compliant mail
    servers speak the same protocol.
3.  Privacy.  If you choose to use a social networking service run by
    someone else, the service must offer a clear and agreeable privacy
    policy to which the service provider must strictly adhere.  The
    service provider must not be allowed to give your personal
    information to third parties without your consent (unless required
    by law) or use your information in ways that threaten your privacy
    and autonomy.
4.  No claims of copyright.  The service provider must agree that your
    personal information is yours, not theirs.  There must not be any
    claims of copyright on the information you provide.  The provider
    may, however, require you to license such information to them
    and/or to others for it to be published on the service; in this
    case, you should make sure you agree with the license terms before
    using the service.

Let's look at some social networking platforms and see how they adhere to these
criteria.  We'll start with Facebook.  Facebook fails criterion one; you cannot
run, inspect, modify, or share the software that powers Facebook.  This means it
also fails criterion two; it is inherently not federated because you cannot run
it on your own computer.  Since Facebook is not federated and you're stuck with
the hosted service, criteria three and four apply.  Facebook has a terrible
track record with privacy and therefore fails criterion three.  According to
their terms of service, you retain copyright on your information and give
Facebook "a non-exclusive, transferable, sub-licensable, royalty-free, worldwide
license to use" your information. [13]  This is standard licensing language that
allows Facebook to publish information you submit, and with these terms Facebook
seems to pass criterion four.  (I've heard that Facebook claims or used to claim
copyright on your information, but seeing these terms of service I'll give
Facebook the benefit of the doubt here.)  Facebook fails three out of the four
criteria, and we can conclude that Facebook is an unethical social networking
platform.

Next we'll evaluate Twitter.  Again, it fails criterion one since you cannot
run, inspect, modify, or share the software.  And again it fails criterion two
since you cannot run the software on your own computer.  Twitter has a clear
privacy policy that describes what information is made public, what information
you may optionally provide, what information is collected in logs, and what
information is to be kept private except under certain circumstances. [14]  I
don't know of any occasion on which Twitter has failed to adhere to this policy,
so if you agree with this policy then Twitter passes criterion three.  Twitter's
terms of service explicitly leave you with the rights to your information, but
you must agree to grant Twitter "a worldwide, non-exclusive, royalty-free
license (with the right to sublicense) to use, copy, reproduce, process, adapt,
modify, publish, transmit, display and distribute [your information] in any and
all media or distribution methods (now known or later developed)". [15]  Again
this is standard licensing language that allows Twitter to publish the
information you post, and I conclude that with these terms Twitter passes the
fourth criterion.  In summary, Twitter passes two out of the four criteria; it's
not completely ethical since it leaves you without important freedoms and at the
mercy of a single centralized provider, but it seems it's not as bad as Facebook
is in terms of privacy.

Next up is Identi.ca.  Identi.ca is an instance of StatusNet, a free software
microblogging platform that is similar in function to Twitter.  StatusNet is
licensed under the GNU Affero General Public License, which requires that all
users, including those who use the software over a network, have all of the
necessary freedoms with the software.  With this license, StatusNet, and
therefore Identi.ca, pass criterion one beautifully.  StatusNet implements the
OStatus protocol, which allows users of other installations of StatusNet (or
even other software such as GNU Social) to communicate seamlessly.  With this,
StatusNet and GNU Social (and instances of the software such as Identi.ca) are
federated and pass criterion two.  If you choose to use Identi.ca instead of
running StatusNet or GNU Social on your own computer, then criteria three and
four apply.  Identi.ca has a very clear privacy policy that describes what
information is made public, what information remains private, and how
information may be used by Identi.ca, by users, and by other instances of
StatusNet and GNU Social. [16]  With this, Identi.ca passes criterion three.
Identi.ca's terms of service make no claims to copyright on your information.
The terms require that you grant Identi.ca "a world-wide, royalty-free, and
non-exclusive license to reproduce, modify, adapt and publish the Content solely
for the purpose of displaying, distributing and promoting your notice stream".
They also require that you "grant all readers the right to use, re-use, modify
and/or re-distribute the Content under the terms of the Creative Commons
Attribution 3.0 [Public License]". [17]  This license allows readers to share
your notices, to modify your notices, and to incorporate your notices in larger
works, as long as they give you credit for your words and do not misrepresent
you.  These are agreeable terms that leave you in control of your information
and allow the world to share and build upon your work, so we can conclude that 
denti.ca passes criterion four.  Identi.ca, which runs the free social
networking platform StatusNet, passes all four criteria.  It is an ethical
platform and service that protects your privacy, autonomy, and freedom.
Because of this, I myself use Identi.ca. [18]  Since the software is free,
before registering I checked the source code to make sure that my password would
be stored securely.  And since the software is federated, I reserve the right,
especially if Identi.ca in the future ever fails criteria three and four or
ceases to exist, to move to my own self-hosted instance of the software without
losing contact with other users.

These three cases are just examples of popular platforms.  There are of course
many others.  Google recently opened up their new platform, Google+, which so
far is neither free nor federated.  The Diaspora project began in response to
outrage over privacy on Facebook; Diaspora itself is free and federated, and
there are hosted Diaspora services with decent privacy policies.  Finally, I
don't claim that these criteria are perfect; they are merely the result of
observations I've made.  A similar set of criteria for "freedom in the 'cloud'"
has recently been offered by Georg Greve, founder of the Free Software
Foundation Europe. [19]

References:
===========

1.  "Five Hidden Dangers of Facebook".  <span class="cite-title">CBS
    News</span>.  CBS Interactive Inc.  May 11, 2010.
    &lt;<http://www.cbsnews.com/stories/2010/0/08/earlyshow/saturday/main6469373.shtml>&gt;.
2.  Barnett, Emma.  "Your data is Facebook's most valuable asset".
    <span class="cite-title">The Telegraph</span>.  Telegraph Media Group
    Limited.  January 17, 2011.
    &lt;<http://www.telegraph.co.uk/technology/facebook/8264210/Your-data-is-Facebooks-most-valuable-asset.html>&gt;.
3.  Steel, Emily and Fowler, Geoffery A.  "Facebook in Online Privacy Breach;
    Applications Transmitting Identifying Information".
    <span class="cite-title">The Wall Street Journal</span>.  Dow Jones &amp;
    Company, Inc.  October 18, 2010.
    &lt;<http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html>&gt;.
4.  Gannes, Liz.  "Facebook facial recognition prompts EU privacy probe".
    <span class="cite-title">CNET News</span>.  CBS Interactive Inc.  June 8,
    2011.
    &lt;<http://news.cnet.com/8301-1023_3-20070148-93/facebook-facial-recognition-prompts-eu-privacy-probe/>&gt;.
5.  Snyder, Bill.  "Facebook Facial Recognition: Why It's a Threat to Privacy".
    <span class="cite-title">PCWorld</span>.  PCWorld Communications, Inc.  June
    21, 2011.
    &lt;<http://www.pcworld.com/article/230790/facebook_facial_recognition_why_its_a_threat_to_privacy.html>&gt;.
6.  Tynan, Dan.  "Facebook ads use your face for free".
    <span class="cite-title">ITworld</span>.  ITworld.  January 25, 2011.
    &lt;<http://www.itworld.com/internet/134677/facebook-ads-use-your-face-free>&gt;.
7.  Williamson, Elizabeth; Schatz, Amy; and Fowler, Geoffery A.  "Facebook
    Seeking Friends in Beltway".  <span class="cite-title">The Wall Street
    Journal</span>.  Dow Jones &amp; Company, Inc.  April 20, 2011.
    &lt;<http://online.wsj.com/article/SB10001424052748703789104576273242590724876.html>&gt;.
8.  Crovitz, L. Gordon.  "Facebook's Dubious New Friends".
    <span class="cite-title">The Wall Street Journal</span>.  Dow Jones &amp;
    Company, Inc.  May 2, 2011.
    &lt;<http://online.wsj.com/article/SB10001424052748703567404576293233665299792.html>&gt;.
9.  Higgins, Alexander.  "Facebook Now Helping Governments Spy On And Arrest
    Peaceful Activists".  <span class="cite-title">The Intel Hub</span>.  The
    Intel Hub.  July 9, 2011.
    &lt;<http://theintelhub.com/2011/07/09/facebook-now-helping-governments-spy-on-and-arrest-peaceful-activists/>&gt;.
10. Last, Jeremy.  "Israel uses Facebook to blacklist, detain or deport Tel
    Aviv-bound travellers".  <span class="cite-title">thestar.com</span>.
    Toronto Star.  July 8, 2011.
    &lt;<http://www.thestar.com/news/world/article/1022008--israel-uses-facebook-to-blacklist-detain-or-deport-tel-aviv-bound-travellers>&gt;.
11. Roosendaal, Arnold.  "Facebook Tracks and Traces Everyone: Like This!".
    <span class="cite-title">Social Science Research Network</span>.  Social
    Science Electronic Publishing, Inc.  November 30, 2010.
    &lt;<http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1717563>&gt;.
12. Lee, Matt and Sullivan, John.  "Mark Zuckerberg is TIME Magazine's Person of
    the Year? Where's the "dislike" button?".  <span class="cite-title">Free
    Software Foundation</span>.  Free Software Foundation, Inc.  February
    3, 2011.  &lt;<http://www.fsf.org/facebook>&gt;.
13. "Statement of Rights and Responsibilities".
    <span class="cite-title">Facebook</span>.  Facebook, Inc.  April 26, 2011.
    &lt;<http://www.facebook.com/terms.php>&gt;.
14. "Twitter Privacy Policy".  <span class="cite-title">Twitter</span>.  Twitter
    Inc.  June 23, 2011.  &lt;<http://twitter.com/privacy>&gt;.
15. "Twitter Terms of Service".  <span class="cite-title">Twitter</span>.
    Twitter Inc.  June 1, 2011.  &lt;<http://twitter.com/tos>&gt;.
16. "Privacy".  <span class="cite-title">Identi.ca</span>.  StatusNet Inc.
    &lt;<http://identi.ca/doc/privacy>&gt;.
17. "Tos".  <span class="cite-title">Identi.ca</span>.  StatusNet Inc.
    &lt;<http://identi.ca/doc/tos>&gt;.
18. McDermott, P. J.  "P. J. McDermott (pehjota)".
    <span class="cite-title">Identi.ca</span>.  StatusNet Inc.
    &lt;<http://identi.ca/pehjota>&gt;.
19. Greve, Georg C. F.  "Freedom in the 'Cloud'?".
    <span class="cite-title">freedom bits</span>.  Free Software Foundation
    Europe e.V.  July 30, 2011.  &lt;<http://blogs.fsfe.org/greve/?p=452>&gt;.

<!--#include virtual="/includes/footer.html" -->