Facebook’s Orwell Moment

If you’re in the tech world, you are agog at the changes Facebook announced yesterday.  If you’re not a techie, you probably have absolutely no idea why your geeky friends are so stunned.  So let’s walk through an example of what Facebook did so that you can see what’s going on.

First, if you go to Yelp today and are not signed in to Facebook, here’s what you’d see:

Nothing special; just a typical homepage, set to New York, NY in my case.

However, now go to Facebook and login.  Now go back to Yelp and take a look at what you see:

Whoa tiger, what just happened? First, a bar at the top of the page tells you that it’s being personalized based on Facebook.  You can opt out o whatever’s going on, but it’s not really clear yet what’s happening.

Secondly, the activity is updated to show what your Facebook friends on Yelp have recently done (I’ve put a red box around this).

A couple of things you should realize here:

  • The moment you loaded Yelp.com, they went to Facebook and pulled down your data.  You never got a chance to say “no”
  • They’ve almost certainly pulled down more than your name.  They can get a lot of info about you: your birthday, email address, etc.  All of that may have been pulled from Facebook the moment you loaded the page.  You don’t know this and you never had a chance to say “no”
  • Only after the page loads – and all your data has potentially been pulled down – can you opt out.  And at that point you have no idea if they’ve actually deleted your info.  You just have to trust ’em

So, what does Yelp do with all your Facebook info?  Well, they “personalize” the site for you.  If you go to a restaurant that your friends have reviewed, here’s what you see:

In this case, I’ve been told that a Facebook friend of mine has reviewed this place and their review appears first.  All that cost me what my email address, full name and date of birth.

BTW, this completely blows anonymity out of the water.  Yelp shows me my friend’s Facebook photo and puts it next to their Yelp username.  If any of your friends were trying to maintain different identities they just lost it.  This is potentially harmless on a restaurant review site, but can you imagine this on a political blog?

This should really, really scare you.  Facebook has just opened up all of your private data to 3rd parties.  You can’t opt out of doing this at all.  If you’re logged in to Facebook, the moment you visit a site that’s part of their “Open Graph” project, you’ve passed your data on.  And you have to trust the site to delete your info if you ask them to.

Here’s the nightmare scenario.  Somebody creates a website that offers Free iPads (or insert your tchotchke of choice) in return for signing up for marketing offers or signing up for daily health tips or something else.  They put an ad on Facebook to generate traffic (and ensure that you’re signed in to Facebook when you click the ad).  They take part in the Facebook Open Graph so the moment you visit they’ve downloaded all your data.  Six months later the site goes down and it turns out that instead it was actually run by the Russian mob and they’re using guessing social security numbers.  This is identity theft paradise.

So, what can you do?  Logout out ever time you leave Facebook.  Never click on a Facebook ad.  And finally, maybe leave Facebook.  Head over to Twitter or go back to email.  I’m seriously thinking about it.