Using Facebook responsibly

Several months ago, I decided that the most responsible relationship to have with Facebook was none at all. I deactivated my account.  After a rocky five years of ups and downs, I just couldn’t take their arcane and irresponsible positions on privacy.

But now, as so often happens after a sudden break-up like ours, “it’s complicated.”

My hasty de-activation underestimated the benefits of using Facebook, and moving to a new city after college has brought these into the foreground for me. There are many people I consider friends for whom I don’t really have contact information. Birthdays are much harder to remember and acknowledge. I miss invitations or details for other events. Most important, though, not having a Facebook account has affected my ability to do my job. Separation from the cruel mistress with 500 million lovers wasn’t working out, and that means I had to go back to the drawing board on the service.

So: is there a most responsible way to use Facebook? I think that the answer to that question is an uneasy “yes.” I hope for, expect, and support solutions that natively handle all of Facebook’s problems in a manner respectful to the users, but until then, cautiously using the service is the most straightforward solution for conscientious users.

I never thought I’d say this but–to paraphrase Sir Elton John–Facebook is back. This time around, though, I’m sticking to six resolutions for responsible Facebook usage. These are my daily affirmations as a Facebook user, and should serve as a regular reminder as I’m only in this as long as it’s good for me.

Remember that Facebook is not your friend

In order to understand why my relationship with Facebook is so uneasy, it’s worthwhile to consider what the dynamic of our relationship is. I refer to people who make profiles on the site as users, and that’s accurate. But consider, too, Facebook’s balance sheet: they pay for their operating costs by packaging and selling user information to (at least) advertisers. In a very real way, the “users” of Facebook are also the product, and advertisers are the customer.

This relationship isn’t an essential element of running a social network, but it’s easy to see how such a configuration might appeal to a service. From Facebook’s perspective, the benefits are a straightforward revenue stream that scales approximately with infrastructure costs, central control of the “social graph,” and a serious lock-in for users to the service. The drawbacks are the perverse incentives such a system creates, which are only an issue inasmuch as users are capable of and willing to recognize and act on the results. Facebook is faced with divergent options of their best interests and their users best interests, and have chosen the former, with few negative consequences. As a result, the user has to assume an adversarial relationship with the service.

This may seem obvious from the preceding spiel, but it’s important to recognize that your relationship with Facebook is a business one. You can’t expect them to act according to your interests, so a lot of decisions have to be defensive ones. The other ideas derive from this one.

Keep on top of Facebook’s changes

One of the most difficult aspects in managing Facebook privacy is that it is a moving target. The default options have changed dramatically over time, and new policies are often applied to existing accounts automatically or with deceptively vague opt-out updates. As a result, setting up sane privacy preferences isn’t sufficient; users have to plan to stay abreast of changes in Facebook policies and be willing to invest time in understanding and accommodating changes. This is the worst kind of anti-feature, and one that seems baked into the fabric of Facebook.

Monitoring for changes to Facebook’s privacy practices doesn’t have to be entirely manual. There are many sources for news about Facebook, and the EFF regularly publishes and updates guides with suggested privacy settings. Sites like ReclaimPrivacy.org provide tools for managing privacy updates more automatically. Finding a source you can trust to process new Facebook policies helps assuage the problem of maintenance, but doesn’t mitigate the fact that the Facebook business relationship with user information provides them consistent perverse incentives to violate your privacy.

Manage all your data

Importantly, there are different kinds of data provided to Facebook, and not all of these kinds are intuitive. It’s extremely helpful to consider Bruce Schneier’s taxonomy of social networking data. Many people I’ve spoken with about protecting privacy on Facebook seem to have a common strategy: reduce disclosed data. That’s a good start, but it’s important to realize that it’s only a start.

Ideally you reduce the data you provide to Facebook or any other single service in all of the categories. Before adding photos, updates, interests, or other information, consider whether it will improve your experience using the site, or whether it’s just for Facebook’s benefit. Facebook’s decision to semantically link you to your profile interests, for example, did not benefit users at all, and shouldn’t be undertaken without consideration.

Keep in mind that Facebook doesn’t stop collecting data when you switch to another browser tab. Log out of Facebook when you’re not using it, and clear your cookies regularly.

Diversify your services

The problems with privacy and security multiply with the introduction of Facebook products that aren’t contained to their own website. Beginning with the ill-fated Beacon advertising program, each of their attempts to engage the social graph outside of the pages of Facebook have had major problems. In the case of Beacon, those problems prevented the program from being successful, but the success of later projects shouldn’t be taken as an indicator that they’re built on more sound foundations–the “Like Button” that has been adopted by hundreds of thousands of websites has problems that have been well documented.

The introduction of Places revealed some very troubling development and deployment decisions, including the default behavior of allowing your friends to check you into locations until you opt out. Even Facebook Apps, now an integral part of the website and an industry of its own, can “leak” data of users friends. Ultimately, with each of these services, the best strategy is just to opt out as thoroughly as you can.

Consider when you would be adding apps or linking other services to Facebook, whether it makes sense in that case. Diversifying the services where your online data is stored, or consolidating to a source you control, reduces your vulnerability and lock-in to the service. After all, if their interests are not aligned with yours, why should you align yourself with them?

Fight for changes

YourOpenBook.org has put together a simple proposal for changes Facebook could easily implement to make their privacy policies less opaque and problematic. The EFF has published an open letter calling for Facebook to make specific improvements. Epic (and a bunch of other organizations) called for the FTC to examine Facebook’s privacy policies, and Congress has gotten involved. These kinds of actions need public attention, and Facebook needs to know these are issues people care about. Tell your friends about these issues, and make sure to voice your opinion.

Support alternatives

There are ways to set up a social network that don’t compromise your privacy or freedom. Diaspora became the most prominent alternative to Facebook in development, and its code is slated to be released in a few days, but it is not the only possibility. A group of hackers have worked on putting together the “Freedom Box” described in the same Eben Moglen talk that inspired the Diaspora team. Status.Net and Identi.ca are valuable free alternatives for some of the features Facebook provides.

These projects sometimes need developers, but they also need users, and they need support and promotion. Seeking out and helping in the early stages of a developing free network is certainly more work than simply tolerating bad policies from Facebook, it’s also the most powerful way to effect change and protect your freedom as a social network user.

I’ve given Facebook one last chance, but I’ve let her know I’m still looking. I know that somebody’s going to come along soon that takes care of all my needs but lets me call my own shots.  I jumped the gun a little earlier this year, but after 5 years of following Facebook’s lead, I’m ready to make sure that next time I won’t have any hesitation making a clean break.