Privacy concerns and issues with Scribd and social networks (Facebook in particular)
Screen shot of my now-deleted Scribd account showing my friend names and images pulled from Facebook
Today, to my dismay I found a portion of my private Facebook social graph in the public search pages on Google under the social profile page of my now-deleted Scribd account (see picture above).
I can tell that the data was pulled from Facebook because of the particular profile image which is only on my Facebook profile (not LinkedIn, not Twitter, and not Google Buzz).
I can understand that Scribd may want to build their own social network for its users (haven’t thought about why they would and don’t care). And I certainly have no issue with Scribd publishing the particular social graph about willing users. But my numerous issues are mostly related to the way they obtained this information and that they did not ask for my permission before proceeding to share this data with the whole world.
Here are the particulars of my issues with what I saw today:
- I use (or used to use as of now!) Facebook for social fun and keeping in touch with friends online, not as a professional tool, and certainly not as a public publishing platform. My Facebook profile picture, my friends’ profile pictures, etc are not ones I want the CEO of the next company I work for to see in the first or second page of Google Search results for my name! (the attached picture is exactly what you will see if you Google me and dig around for a bit) So the fact that Scribd did not respect my choice to keep that information private is a serious problem.
- I have no idea how Scribd got this info. I have not signed in using my Facebook account. Actually, before this morning I used to have a Scribd account and am sure I would not have given Scribd my Facebook login. This concerns me.
- The data that Scribd published is public (without my choice) and very sticky. So even when I noticed that the whole world can see many private data about me, I cannot remove the pages immediately and am at the mercy of Scribd to pull the data down and then Google to remove the data from their caches. This is exactly why my profile is private on Facebook. Mark Zuckerberg might ask: “what do you have to hide?”. To this I would answer: “nothing, but I don’t choose to publish every detail of my online life on a public forum”.
I didn’t wake up today thinking I would go on a rant about Consumer privacy online, but the surprise of seeing my private data out in the open made me take the time to write about this. I am surprised that a company with a great service, impressive investors and team (http://www.crunchbase.com/company/scribd), and $12.8m in funding would make such a mistake.
I know we live in an age where privacy is considered a relic in the online world. So be it, I have asked Scribd to pull my personal data down and will pursue this issue until the data is all removed. In the mean time, to prevent future instances of this and to counter the intrusive nature of Facebook Like button, etc I recommend the following:
- Sign out of Facebook and Twitter after use every time. Or better, have a separate browser for using Facebook and Twitter and use another browser when you’re just searching the web and doing work.
- Clear your browser’s cookies after each visit to Facebook. This will ensure no 3rd parties take your private data without your permission (you can still sign in or choose to give your Facebook information to 3rd parties if desired)
- Search yourself on Google, Bing, etc every once in a while to see if you’re involuntarily sharing more than you intend to. Then work with the offending website to pull your data down.
- Disconnect yourself by closing down your Facebook, etc account. I haven’t done this yet as I find Facebook a valuable service. But everyone has his own way of doing cost-benefit analysis and his own limit. I’m just getting closer and closer to the last straw on this. If my privacy cannot be managed effectively, I will reluctantly but surely remove my Facebook account.
In the end, I’m thinking some soul-searching is in order to see whether or not it makes sense to have a Facebook account.
It is impossible to put this genie back in the bottle. Nothing in my view will ever change until we strengthen privacy laws and laws that force businesses to clearly show line by line what information they collect and share and most importantly why they collect and share it and how they do this. An 8pt font EULA and a line that says to “enhance” the services we provide to you is not enough.
Comment by bcp — January 20, 2011 @ 1:04 am
@bcp, thanks for the comment I agree.
Along with more stringent laws and standards, I believe we should also do a better job at educating the public about what information is being sent back and forth on the wire very publicly. I came across a very well written, but somewhat technical description of the problem: http://33bits.org/2010/09/28/instant-personalization-privacy-flaws/
Comment by Sahand — January 21, 2011 @ 9:23 am
Came across this on ZDNet today: http://www.zdnet.com/blog/igeneration/facebook-instant-personalization-launches-how-to-disable-it-and-why/8006
Comment by Sahand — February 2, 2011 @ 6:28 pm
Dude. If you haven’t figured it out by now…. Everything you put on Facebook is public for the WHOLE WORLD TO SEE (and use at they wish) Get over it.
Comment by Mark — February 3, 2011 @ 12:59 pm
@Mark, I respectfully disagree (most of my info on Facebook is not visible unless you are my friend). But I guess my point is that some people (including me) think that Facebook can be a private area. We set it up to be private, but every now and again, Facebook decides to introduce a “new feature” which will expose our data to anyone who’s smart enough to write a Cookie sniffing piece of Javascript.
Comment by Sahand — February 3, 2011 @ 4:27 pm
Thanks for the info-case study. Sorry things like this happen the world isn’t lollypops+licorish!
Comment by sean — February 9, 2011 @ 10:01 pm