What Facebook Knows That You Don't
So you've sworn off Scrabulous. You've given up on poking and SuperPoking. Never again shall you be newsfed, attacked by Zombies or be one of 1 million strong. You're done with seeing your friends' exhibitionism, and you're done with exhibiting yourself.
In other words, you've given up Facebook.
But as recent articles have pointed out, even if you "deactivate" your account, Facebook holds on to your profile data. This disclosure has gotten privacy groups and consumers up in arms. All the commotion about how Facebook hoards outgoing users' data got me wondering whether we're missing the more important privacy question: What happens to all the data we active members choose to delete, for privacy reasons or otherwise?
Sure, Facebook archives must construct fascinating personal narratives. Anyone privy to my Facebook history, for example, would discover that my banjo lessons were embarrassingly short-lived and that my three most recent boyfriends are all named David. They would find the "Law and Order" episodes I've cycled through, the friends I've fallen out with and the music I've now gotten too cool for. And, my future biographers, take note: If you hacked into this treasure trove of information, you'd find a full dossier of my "status updates," the information Facebook users provide about what they're "doing right now." You might learn my diet, my sleep habits (or lack thereof, during college) and my emotional, or at least emoticonic, moods.
Of course, my imminent fame notwithstanding, those interested in the trajectory of my tastes and tempers are more likely to be advertisers than biographers. Facebook already uses profile information to target ads within its site -- and possibly outside of Facebook, through partner and minority-stakeholder Microsoft, which declined to directly answer questions about how it uses the data. Third-party advertisers also can see information about oblivious Facebookers; Facebook specifies only that such advertisers have "no access to your contact information," presumably leaving the rest of users' "private" information accessible.
At my own risk, then, I choose not to use any applications, preferring more limited social interaction over greater exposure to snooping. (But even so, the default setting on Facebook allows my private data to be accessed by applications my friends have installed. In other words, a deceitful "Which Disney Princess Are You?" quiz my editor adds could pilfer my prom photos.) Facebook seems to be betting that none of these applications will go rogue -- or at least go rogue and get caught -- and thereby discredit the entire social network.
So what, you say. Idiots like me and Facebook's 65 million other users are publicizing our personal lives voluntarily. Corporations aren't exactly sneaking into our bedrooms; we're inviting them in. The problem is that most people who perfunctorily fill out social networking forms don't understand the privacy risks. It's not just the publicizing of data that endangers privacy, after all; as other analysts have articulated, it's also the ability to search, aggregate and find uses for that data. Unlike newsfeeds and Beacon -- controversial features that broadcast users' activities to their friends -- data mining by Facebook, third-party advertisers and applications is hidden.
Consumers, plain and simple, are too unsophisticated to realize what can be done with their data. Besides, users may have offered up information before even Facebook realized what it could do with the data, since the company only recently developed a coherent plan for making money through advertising. If advertisers (and biographers) were to research my profile archives, they would notice that it's not just my more sophisticated tastes in movies and men that transformed my profile over the years. It's also my more sophisticated understanding of how Facebook could sell me out. Unfortunately, for at least a "reasonable period of time," my wily revisions may prove worthless.
The writer is a member of the editorial page staff. Her e-mail address email@example.com.