Facebook's Information Tracking Policies Have Ramifications for Individuals and Organizations

Post to Twitter

With the rise of Web sites like Facebook, Twitter, and MySpace, we constantly hear concerns about privacy.  From worries over college students posting career-impeding photos to concerns over unfettered access to addresses or phone numbers, users of social networks have to be careful what information they make available about themselves and their organizations.

Now, an interview with an anonymous Facebook employee written up for online magazine the Rumpus gives us new insights into just how much information Facebook has about you – and it is a lot.  These revelations allow us to provide some recommendations for organizations using Facebook for outreach efforts.   Select quotes from the interview:

Employee: See, the thing is — and I don’t know how much you know about it — it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand.

This statement can be summed up pretty easily: everything you do on Facebook is stored on a server, and can be pulled up through some simple keystrokes.  Further clarification from the interview:

The Rumpus: On your servers, do you save everything ever entered into Facebook at any time, whether or not it’s been deleted, untagged, and so forth?

Facebook Employee: That is essentially correct at this moment. The only reason we’re changing that is for performance reasons. When you make any sort of interaction on Facebook — upload a photo, click on somebody’s profile, update your status, change your profile information —

Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?

Employee: That’s right…[cont.]


Rumpus: So this is every viewable screen?

Employee: It’s way more than that: it’s every viewable screen, with all the data behind every screen…[cont.]

As the employee says – literally everything.  Indeed, it is right there in the Facebook privacy policy:

Information we collect when you interact with Facebook:

Site activity information. We keep track of the actions you take on Facebook, such as adding a friend, becoming a fan of a Facebook Page, joining a group or an event, creating a photo album, sending a gift, poking another user, indicating you “like” a post, attending an event, or authorizing an application. In some cases you are also taking an action when you provide information or content to us. For example, if you share a video, in addition to storing the actual content you uploaded, we might log the fact you shared it.

What’s more, the privacy policy also outlines the content that Facebook views as “information you provide to us,” which includes private messages, and seems in line with the other content the company admittedly stores about its users:

Content. One of the primary reasons people use Facebook is to share content with others. Examples include when you update your status, upload or take a photo, upload or record a video, share a link, create an event or a group, make a comment, write something on someone’s Wall, write a note, or send someone a message. If you do not want us to store metadata associated with content you share on Facebook (such as photos), please remove the metadata before uploading the content.

The interview goes on to reveal some other interesting facts about Facebook.  For example: did you know Facebook performs psychological analysis on users?  It is well worth reading in its entirety (P.S.: go here for instructions on how to remove metadata from photos).

To some, this is will be somewhat alarming news.  After all, if Facebook can view everything you or your organization does, what prevents them from sharing that information with outside parties, or even your competitors?  For those organizations that may share sensitive information on Facebook to what they believe is a closed network, how can you be sure that information won’t get out to larger audiences?  Is this information truly private, or only private until the right price point is reached?  While these scenarios may be unlikely for a given individual or organization, the reality is that we simply do not know how Facebook uses their database.

Indeed, these are serious questions.  So what should you do?  Close up your Facebook shop and run for the hills?  Well, no – this isn’t necessarily a reason to panic.  After all, you’ve likely been using Facebook for quite awhile and haven’t seen any confidential information leak out from your account.  But the revelations in this interview do give cause to provide some basic reminders about Facebook usage:

  1. Recognize that everything you say and do on Facebook can be accessed by somebody else. While there is no explicit reason to believe that anybody will be accessing your account, the possibility always exists.  As such, be cautious in your emails, uploads, wall postings and so forth – you have no way of knowing who else has access to them.
  2. Deleting something from Facebook does not erase it entirely. As mentioned in this interview, Facebook keeps backups of everything by the hour.  If you put it up, it stays in their server until they decide they don’t want it anymore.
  3. Don’t put anything on Facebook that you’re not comfortable with everyone seeing. Going beyond the information storage that Facebook has admitted to in this interview, this is just good, basic social networking advice.  You can’t control what people do with the information you put on Facebook – so if you don’t want something republished or re-purposed, Facebook may not be the best place for it.
  4. Understand that Facebook is running a business, where the information you provide them is their number one commodity. While Facebook is a great service that allows you to stay connected to friends, family, and fans of your organization, like any other company, Facebook is ultimately about its own bottom line.  The Facebook privacy policy would seem to support this.  It is summed up in this line: “We share your information with third parties when we believe the sharing is permitted by you, reasonably necessary to offer our services, or when legally required to do so.”  In essence: if you don’t tell us otherwise, we can share your information with anybody that we want, for whatever purpose we want.  While updating your privacy settings can eliminate some of this potential, it seems as though it can’t control if Facebook is accessing your messages, pages you view, and so forth.  If you don’t want Facebook to be able to use certain information for their own purposes, don’t put it on Facebook.

This revelation is no reason to run away from Facebook.  The platform can still be used to great effect to build networks, reach supporters, and expand your message.  This knowledge simply reminds us to exercise care in working with the service.

It remains to be seen how the privacy ramifications for Facebook and other internet giants – like Google, for example – shake out in the end.  These companies do have a stake in protecting our privacy; after all, if none of us trust them, they lose their user base.  But should there be a greater obligation for providers to inform their customers exactly what information is being collected?  Or does the responsibility lie with us, the consumers, to be informed as to just how our information is shared and sold?  Is there ultimately a government interest in protecting privacy by regulating the way our information can be stored and shared online?  These are just some of the new questions of the digital age that are still being answered.  In the meantime, we as consumers must demand greater transparency to understand exactly how our information is being used.

2 comments to Facebook’s Information Tracking Policies Have Ramifications for Individuals and Organizations

Leave a Reply




You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>