Pages

Thursday, June 16, 2011

Criticism of Facebook

Facebook's growth as an Internet social networking site has met criticism on a range of issues, including online privacy, child safety, and the inability to terminate accounts without first manually deleting the content. In 2008, many companies removed their advertising from the site because it was being displayed on the pages of controversial individuals and groups. The content of user pages, groups, and forums has been criticized for promoting controversial topics. There have been several issues with censorship, both on and off the site.
The changes made by Facebook have been criticized, in particular the new format launched in 2008 and the changes in Facebook's Terms of Use, which removed the clause detailing automatic expiry of deleted content. Facebook has also been sued several times.


Privacy concerns
Issues during 2007
In August 2007, the code used to dynamically generate Facebook's home and search page as visitors browse the site was accidentally made public, according to leading internet news sites. A configuration problem on a Facebook server caused the PHP code to be displayed instead of the web page the code should have created, raising concerns about how secure private data on the site was. A visitor to the site copied, published and later removed the code from his web forum, claiming he had been served legal notice by Facebook. Facebook's response was quoted by the site that broke the story:
“ A small fraction of the code that displays Facebook web pages was exposed to a small number of users due to a single misconfigured web server that was fixed immediately. It was not a security breach and did not compromise user data in any way. Because the code that was released powers only Facebook user interface, it offers no useful insight into the inner workings of Facebook. The reprinting of this code violates several laws and we ask that people not distribute it further. ”
In November, Facebook launched Beacon, a system (discontinued in September 2009[5]) where third-party websites could include a script by Facebook on their sites, and use it to send information about the actions of Facebook users on their site to Facebook, prompting serious privacy concerns. Information such as purchases made and games played were published in the user's news feed. An informative notice about this action appeared on the third party site and gave the user the opportunity to cancel it, and the user could also cancel it on Facebook. Originally if no action was taken, the information was automatically published. On November 29 this was changed to require confirmation from the user before publishing each story gathered by Beacon.
On December 1, Facebook's credibility in regard to the Beacon program was further tested when it was reported that the New York Times "essentially accuses" Mark Zuckerberg of lying to the paper and leaving Coca-Cola, which is reversing course on the program, a similar impression. A security engineer at CA, Inc. also claimed in a November 29, 2007 blog post that Facebook collected data from affiliate sites even when the consumer opted out and even when not logged into the Facebook site. On November 30, 2007, the CA security blog posted a Facebook clarification statement addressing the use of data collected in the Beacon program:
“ When a Facebook user takes a Beacon-enabled action on a participating site, information is sent to Facebook in order for Facebook to operate Beacon technologically. If a Facebook user clicks ‘No, thanks’ on the partner site notification, Facebook does not use the data and deletes it from its servers. Separately, before Facebook can determine whether the user is logged in, some data may be transferred from the participating site to Facebook. In those cases, Facebook does not associate the information with any individual user account, and deletes the data as well. ”
The Beacon service ended in September 2009 along with the settlement of a class-action lawsuit resulting from the service.

News Feed and Mini-Feed
On September 5, 2006, Facebook introduced two new features called "News Feed" and "Mini-Feed". The first of the new features, News Feed, appears on every Facebook member's home page, displaying recent Facebook activities of the member's friends. The second feature, Mini-Feed, keeps a log of similar events on each member's profile page. Members can manually delete items from their Mini-Feeds if they wish to do so, and through privacy settings can control what is actually published in their respective Mini-Feeds.
Some Facebook members still feel that the ability to opt out of the entire News Feed and Mini-Feed system is necessary, as evidenced by a statement from the Students Against Facebook News Feed group, which peaked at over 740,000 members in 2006. Reacting to users' concerns, Facebook developed new privacy features to give users some control over information about them that was broadcast by the News Feed. According to subsequent news articles, members have widely regarded the additional privacy options as an acceptable compromise.
In December 2009, Facebook removed the privacy controls for the News Feed and Mini Feed. This change made it impossible for users to control what activities are published on their walls (and consequently the public news feed). Since users can post anything they want, this allowed people to post things that could target certain groups of people or abuse other users through other means.
In May 2010, Facebook added privacy controls and streamlined its privacy settings, giving users more ways to manage status updates and other information that is broadcast to the public News Feed.Among the new privacy settings is the ability to control who sees each new status update a user posts: Everyone, Friends of Friends, or Friends Only. Users can now hide each status update from specific people as well.

Cooperation with Government Search Requests
Government authorities rely on Facebook to investigate crimes and obtain evidence to help establish a crime, provide location information, establish motives, prove and disprove alibis, and reveal communications. Federal, state, and local investigations have not been restricted to profiles that are publicly available or willingly provided to the government; Facebook has willingly provided information in response to government subpoenas or requests, except with regard to private, unopened inbox messages less than 181 days old, which require a warrant and a finding of probable cause under federal law.  An article by Junichi Semitsu published in the Pace Law Review, reports that "even when the government lacks reasonable suspicion of criminal activity and the user opts for the strictest privacy controls, Facebook users still cannot expect federal law to stop their 'private' content and communications from being used against them.  Facebook's privacy policy states that "We may also share information when we have a good faith belief it is necessary to prevent fraud or other illegal activity, to prevent imminent bodily harm, or to protect ourselves and you from people violating our Statement of Rights and Responsibilities. This may include sharing information with other companies, lawyers, courts or other government entities. Since Congress has failed to meaningfully amend the Electronic Communications Privacy Act to protect most communications on social networking sites such as Facebook and since the Supreme Court has largely refused to recognize a Fourth Amendment privacy right to information shared with a third party, there is no federal statutory or constitutional right that prevents the government from issuing requests that amount to fishing expeditions and there is no Facebook privacy policy that forbids the company from handing over private user information that suggests any illegal activity.

Complaint from CIPPIC
The Canadian Internet Policy and Public Interest Clinic (CIPPIC), per Director Phillipa Lawson, filed a 35-page complaint with the Office of the Privacy Commissioner against Facebook on May 31, 2008, based on 22 breaches of the Canadian Personal Information Protection and Electronic Documents Act (PIPEDA). University of Ottawa law students Lisa Feinberg, Harley Finkelstein, and Jordan Eric Plener, initiated the "minefield of privacy invasion" suit. Facebook's Chris Kelly contradicted the claims, saying that: "We've reviewed the complaint and found it has serious factual errors — most notably its neglect of the fact that almost all Facebook data is willingly shared by users. Assistant Privacy Commissioner Elizabeth Denham released a report of her findings on July 16, 2009. In it, she found that several of CIPPIC's complaints were well-founded. Facebook agreed to comply with some, but not all, of her recommendations. The Assistant Commissioner found that Facebook did not do enough to ensure users granted meaningful consent for the disclosure of personal information to third parties and did not place adequate safeguards to ensure unauthorized access by third party developers to personal information.

Data mining
There have been some concerns expressed regarding the use of Facebook as a means of surveillance and data mining. The Facebook privacy policy once stated, "We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services and other users of Facebook, to supplement your profile. However, the policy was later updated and now states: "We may use information about you that we collect from other Facebook users to supplement your profile (such as when you are tagged in a photo or mentioned in a status update). In such cases we generally give you the ability to remove the content (such as allowing you to remove a photo tag of you) or limit its visibility on your profile. The terminology regarding the use of collecting information from other sources, such as newspapers, blogs, and instant messaging services, has been removed.
The possibility of data mining by private individuals unaffiliated with Facebook has been a concern, as evidenced by the fact that two MIT students were able to download, using an automated script, over 70,000 Facebook profiles from four schools (MIT, NYU, the University of Oklahoma, and Harvard) as part of a research project on Facebook privacy published on December 14, 2005. Since then, Facebook has bolstered security protection for users, responding: "We’ve built numerous defenses to combat phishing and malware, including complex automated systems that work behind the scenes to detect and flag Facebook accounts that are likely to be compromised (based on anomalous activity like lots of messages sent in a short period of time, or messages with links that are known to be bad).
A second clause that brought criticism from some users allowed Facebook the right to sell users' data to private companies, stating "We may share your information with third parties, including responsible companies with which we have a relationship." This concern was addressed by spokesman Chris Hughes, who said "Simply put, we have never provided our users' information to third party companies, nor do we intend to. Facebook eventually removed this clause from its privacy policy.
Previously, third party applications had access to almost all user information. Facebook's privacy policy previously stated: "Facebook does not screen or approve Platform Developers and cannot control how such Platform Developers use any personal information. However, that language has since been removed. Regarding use of user data by third party applications, the ‘Pre-Approved Third-Party Websites and Applications’ section of the Facebook privacy policy now states:
“ In order to provide you with useful social experiences off of Facebook, we occasionally need to provide General Information about you to pre-approved third party websites and applications that use Platform at the time you visit them (if you are still logged in to Facebook). Similarly, when one of your friends visits a pre-approved website or application, it will receive General Information about you so you and your friend can be connected on that website as well (if you also have an account with that website). In these cases we require these websites and applications to go through an approval process, and to enter into separate agreements designed to protect your privacy…You can disable instant personalization on all pre-approved websites and applications using your Applications and Websites privacy setting. You can also block a particular pre-approved website or application by clicking "No Thanks" in the blue bar when you visit that application or website. In addition, if you log out of Facebook before visiting a pre-approved application or website, it will not be able to access your information. 
In the United Kingdom, the Trades Union Congress (TUC) has encouraged employers to allow their staff to access Facebook and other social networking sites from work, provided they proceed with caution.
In September 2007, Facebook drew a fresh round of criticism after it began allowing non-members to search for users, with the intent of opening limited "public profiles" up to search engines such as Google in the following months. Facebook's privacy settings, however, allow users to block their profiles from search engines.
Concerns were also raised on the BBC's Watchdog programme in October 2007 when Facebook was shown to be an easy way in which to collect an individual's personal information in order to facilitate identity theft. However, there is barely any personal information presented to non-friends - if users leave the privacy controls on their default settings, the only personal information visible to a non-friend is the user's name, gender, profile picture, networks, and user name.
In addition, a New York Times article in February 2008 pointed out that Facebook does not actually provide a mechanism for users to close their accounts, and thus raised the concern that private user data would remain indefinitely on Facebook's servers. However, Facebook now gives users the options to deactivate or delete their accounts, according to the Facebook Privacy Policy. “When you deactivate an account, no user will be able to see it, but it will not be deleted. We save your profile information (connections, photos, etc.) in case you later decide to reactivate your account.” The policy further states: “When you delete an account, it is permanently deleted from Facebook.
A third party site, USocial, was involved in a controversy surrounding the sale of fans and friends. USocial received a cease-and-desist letter from Facebook and has stopped selling friends.

Inability to voluntarily terminate accounts
Facebook had allowed users to deactivate their accounts but not actually remove account content from its servers. A Facebook representative explained to a student from the University of British Columbia that users had to clear their own accounts by manually deleting all of the content including wall posts, friends, and groups. A New York Times article noted the issue, and also raised a concern that emails and other private user data remain indefinitely on Facebook's servers. Facebook subsequently began allowing users to permanently delete their accounts. Facebook's Privacy Policy now states: "When you delete an account, it is permanently deleted from Facebook.

Memorials
A notable ancillary effect of social networking websites, particularly Facebook, is the ability for participants to mourn publicly for a deceased individual. On Facebook, students often leave messages of sadness, grief, or hope on the individual's page, transforming it into a sort of public book of condolences. This particular phenomenon has been documented at a number of schools.  Previously, Facebook had stated that its official policy on the matter was to remove the profile of the deceased one month after he or she has died, preventing the profile from being used for communal mourning, citing privacy concerns. Due to user response, Facebook amended its policy. Its new policy is to place deceased members' profiles in a "memorialization state". Facebook's Privacy Policy regarding memorialization says, "If we are notified that a user is deceased, we may memorialize the user’s account. In such cases we restrict profile access to confirmed friends, and allow friends and family to write on the user’s Wall in remembrance. We may close an account if we receive a formal request from the user's next of kin or other proper legal request to do so.
Such memorial groups have also raised legal issues. Notably, on January 1, 2008, one such memorial group posted the identity of murdered Toronto teenager Stefanie Rengel, whose family had not yet given the Toronto Police Service their consent to release her name to the media, and the identities of her accused killers, in defiance of Canada's Youth Criminal Justice Act which prohibits publishing the names of under-age criminals. While police and Facebook staff attempted to comply with the privacy regulations by deleting such posts, they noted that it was difficult to effectively police the individual users who repeatedly republished the deleted information.

Customization and security
Facebook is often compared to MySpace but one significant difference between the two sites is the level of customization. MySpace allows users to decorate their profiles using HTML and CSS while Facebook allows only plain text. However, a number of users have tweaked their profiles by using "hacks." On February 24, 2006, a pair of users exploited a cross-site scripting (XSS) hole on the profile page and created a fast-spreading worm, loading a custom CSS file on infected profiles that made them look like MySpace profiles.
On April 19, 2006, a user was able to embed an iframe into his profile and load a custom off-site page featuring a streaming video and a flash game from Drawball. He has since been banned from Facebook.
On March 26, 2006, a user was able to embed JavaScript in the "Hometown" field of his profile which imported his custom CSS.
In each case, Facebook quickly patched the holes, typically within hours of their discovery. However, in July 2007, Adrienne Felt, an undergraduate student at the University of Virginia, discovered a cross-site scripting (XSS) hole in the Facebook Platform that could inject JavaScript into profiles. She used the hole to import custom CSS and demonstrate how the platform could be used to violate privacy rules or create a worm. This hole took Facebook two and a half weeks to fix.

Terms of Use controversy
While Facebook originally made changes to its terms of use  or, terms of service, on February 4, 2009, the changes went unnoticed until Chris Walters, a blogger for the consumer-oriented blog, The Consumerist, noticed the change on February 15, 2009. Walters complained the change gave Facebook the right to "Do anything they want with your content. Forever. The section under the most controversy is the "User Content Posted on the Site" clause. Before the changes, the clause read:
"You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.
The "license granted" refers to the license that Facebook has to your "name, likeness, and image" to use in promotions and external advertising. The new terms of use deleted the phrase that states the license would "automatically expire" if a user chose to remove content. By omitting this line, Facebook license extends to adopt users' content perpetually and irrevocably years after the content has been deleted.
Many users of Facebook voiced opinions against the changes to the Facebook Terms of Use, leading to an Internet-wide debate over the ownership of content. The Electronic Privacy Information Center (EPIC) prepared a formal complaint with the Federal Trade Commission. Many individuals were frustrated with the removal of the controversial clause. Facebook users, numbering more than 38,000, joined a user group against the changes, and a number of blogs and news sites have written about this issue.
After the change was brought to light in Walters's blog entry, in his blog on February 16, 2009, Zuckerberg addressed the issues concerning the recently made changes to Facebook's terms of use. Zuckerberg wrote “Our philosophy is that people own their information and control who they share it with. In addition to this statement Zuckerberg explained the paradox created when people want to share their information (phone number, pictures, email address, etc.) with the public, but at the same time desire to remain in complete control of who has access to this info.
In order to calm criticism, Facebook returned to its original terms of use. However, on February 17, 2009, Zuckerberg wrote in his blog, that although Facebook reverted to its original terms of use, it is in the process of developing new terms in order to address the paradox. Zuckerberg stated that these new terms will allow Facebook users to “share and control their information, and it will be written clearly in language everyone can understand.” Zuckerberg invited users to join a group entitled “Facebook Bill of Rights and Responsibilities” to give their input and help shape the new terms.
On February 26, 2009, Zuckerberg posted a blog, updating users on the progress of the new Terms of Use. He wrote, “We decided we needed to do things differently and so we're going to develop new policies that will govern our system from the ground up in an open and transparent way.” Zuckerberg introduces the two new additions to Facebook: the Facebook Principles and the Statement of Rights and Responsibilities Both additions allow users to vote on changes to the terms of use before they are officially released. Because “Facebook is still in the business of introducing new and therefore potentially disruptive technologies”, Zuckerberg explains, users need to adjust and familiarize themselves with the products before they can adequately show their support.
This new voting system was initially applauded as Facebook’s step to a more democratized social network system. However, the new terms were harshly criticized in a report by computer scientists from the University of Cambridge, who stated that the democratic process surrounding the new terms is disingenuous and significant problems remain in the new terms. The report was endorsed by the Open Rights Group.
In December 2009, EPIC and a number of other US privacy organizations filed another complaint with the Federal Trade Commission regarding Facebook's Terms of Service. In January 2011 EPIC filed a subsequent complaint claiming that Facebook's new policy of sharing users' home address and mobile phone information with third-party developers were "misleading and failed to provide users clear and privacy protections", particularly for children under age 18.  Facebook temporarily suspended implementation of its policy in February 2011, but the following month announced it was "actively considering" reinstating the 3rd party policy.

Interoperability and data portability
Facebook has been criticized for failing to offer users a feature to export their friends' information, such as contact information, for use with other services or software.The inability of users to export their social graph in an open standard format contributes to vendor lock-in and contravenes the principles of data portability. Automated collection of user information without Facebook's consent violates its Statement of Rights and Responsibilities, and third-party attempts to do so (e.g., Web scraping) have resulted in suspension of accounts, cease and desist letters, and litigation with one of the third parties, Power.com.
Facebook Connect has been criticized for its lack of interoperability with OpenID.

Better Business Bureau review
As of December 2010, the 36-month running count of complaints about Facebook logged with the Better Business Bureau is 1136, including 101 ("Making a full refund, as the consumer requested"), 868 ("Agreeing to perform according to their contract"), 1 ("Refuse sic to adjust, relying on terms of agreement"), 20 ("Unassigned"), 0 ("Unanswered") and 136 ("Refusing to make an adjustment").Facebook reportedly claimed to the BBB that some customers had received warnings for violations when none were actually sent.

Security
Facebook's software has proven vulnerable to likejacking. On July 28, 2010 the BBC reported that security consultant Ron Bowes used a piece of code to scan Facebook profiles to collect data of 100 million profiles. The data collected was not hidden by the user's privacy settings. Bowes then published the list online. This list, which has been shared as a downloadable file, contains the URL of every searchable Facebook user's profile, their name and unique ID. Bowes said he published the data to highlight privacy issues, but Facebook claimed it was already public information.
On July 28, 2010 a group of Turkish pranksters decided to abuse Facebook's translate application and posted a plan on how to do it online. Their actions changed the translation of such messages as “Your message could not be sent because the user is offline” to “Your message could not be sent because of your tiny penis”, however these misguided translations were reverted back and the translate application went offline for many languages, however it is unknown if this was due to the Turkish attack.
Some users who access Facebook with temporary security code, which is send to mobile phone, are unable to receive the security code. There are reports that Facebook didn't send the security code for several days to some users and thus those users were unable to access to their account for days.

Environment
In 2010, Prineville, Oregon was chosen as the site for a new Facebook data center. However the center has been met with criticism from environmental groups such as Greenpeace because the power utility company contracted for the center, PacifiCorp, generates 70% of its electricity from coal. In September 2010, Facebook received a letter from Greenpeace containing half a million signatures asking the company to cut its ties to coal based electricity.

No comments:

Post a Comment