Tap Tap. Is anyone awake out there?

In previous posts, I have talked about some of the various ways companies are allowed to leverage the identities of Facebook users including attaching a user’s name to an ad without their express consent. What I haven’t discussed, however, is why it’s so easy to do this on Facebook. Let’s face it: Facebook’s platform is built to facilitate excavation and sale of same information to advertisers to line ol’ Zuck’s pockets. First, let’s take a look at some key pieces of Facebook’s privacy policy. Some key pieces in the “Information You Share with Third Parties” section:

When your friends use Platform. [...] If the application or website wants to access any of your other content or information (including your friend list), it will have to obtain specific permission from your friend.  If your friend grants specific permission to the application or website, it will generally only be able to access content and information about you that your friend can access. [That's generally all of it.]

Pre-Approved Third-Party Websites and Applications. In order to provide you with useful social experiences off of Facebook, we occasionally need to provide General Information about you to pre-approved third party websites and applications [Approved by whom and why? Well, by Facebook and because they feel like it... or because there was a fat check involved...] that use Platform at the time you visit them (if you are still logged in to Facebook).   Similarly, when one of your friends visits a pre-approved website or application, it will receive General Information about you so you and your friend can be connected on that website as well (if you also have an account with that website).   In these cases we require these websites and applications to go through an approval process, and to enter into separate agreements designed to protect your privacy. [This includes allowing the user to opt out of these services (good luck finding that option, by the way).]

This section of the Policy is actually for explaining some of the implications of participation with both the Facebook platform, applications on the Facebook Platform, and various websites not previously related to Facebook that have made deals (of which we know nothing about the terms) with Facebook. This brings up the “Open Graph” Facebook launched about this time last year, but we’ll cover that beast in detail in a later post. Look above at some of this text – the key is to look for short, all-inclusive words that give others large scale access to information. Your friend can grant applications on Facebook access to every bit of information they can see about you, whether they know they’re doing so or not. The agreements Facebook has with application developers requires they respect the limits imposed on them… they don’t really have to. When your friend visits pre-approved sites, the site gets information about you. Wait… WHAT?? Why? Well, because they can.

Key information in the “How Facebook uses your information” section:

To serve personalized advertising to you. We don’t share your information with advertisers without your consent. (An example of consent would be if you asked us to provide your shipping address to an advertiser to receive a free sample.) We allow advertisers to choose the characteristics of users who will see their advertisements and we may use any of the non-personally identifiable attributes we have collected (including information you may have decided not to show to other users, such as your birth year or other sensitive personal information or preferences) to select the appropriate audience for those advertisements.

If you’re not nervously looking over your shoulder by now, go get some caffeine and come back. You’re obviously asleep. Let’s start with the one above about using information you’ve gone through measures to keep private being used to sell targeted ads. Oh, that must be why I only see information about engagement rings and family planning services – even though no one on Facebook can see my birth year.

To serve social ads. We occasionally pair advertisements we serve with relevant information we have about you and your friends to make advertisements more interesting and more tailored to you and your friends. For example, if you connect with your favorite band’s page, we may display your name and profile photo next to an advertisement for that page that is displayed to your friends. We only share the personally identifiable information visible in the social ad with the friend who can see the ad.

You can apparently opt out of this feature, though you wouldn’t know it without reading the entire privacy policy. You can change settings for all social and third party ads at http://www.facebook.com/editaccount.php?ads. I’ve covered this before in a previous post, but the gist is this: if you “like” something, that entity (should they choose to have ads placed on Facebook) then has your consent to use your identity in their ads. You become a billboard for whatever entity that may be. Let’s say you “like” Target’s Facebook page so you can write your thoughts about their support of clearly anti-gay organizations. You may very well show up in an ad to all your friends supporting Target. Well, you asked for it, according to this Policy.

To make suggestions. We use your information, including the addresses you import through our contact importers, to make suggestions to you and other users on Facebook. For example, if another user imports the same email address as you do, we may suggest that you add each other as friends.  Similarly, if one of your friends uploads a picture of you, we may suggest that your friend tag you in the picture. We do this by comparing your friend’s pictures to information we’ve put together from the photos you’ve been tagged in.

If you think you’re safe in the masses on Facebook, think again. Complex algorithms are in place to leave no corner un-crawled and no data set un-analyzed. Any information you connect with Facebook is actively used to add density to the Facebook network (and yes, dollars to Zuck’s pockets).

But wait! There’s more:

Downloadable Software. Certain downloadable software applications and applets that we offer, such as our browser toolbars and photo uploaders, transmit data to us. We may not make a formal disclosure if we believe our collection of and use of the information is the obvious purpose of the application, such as the fact that we receive photos when you use our photo uploader. If we believe it is not obvious that we are collecting or using such information, we will make a disclosure to you the first time you provide the information to us so that you can decide whether you want to use that feature.

So whether or not Facebook discloses that information is being transmitted is solely at their discretion? Well, they obviously wouldn’t want to bug you about all that tedious stuff. You’re obviously much more important than that. It’s 2011, people. It probably obvious that all those toolbars track your every move and report back to the mother ship, right? Right. Wouldn’t want to bug you with any of that nonsense…

The Privacy Policy is designed ot look simple and straighforward, just like the platform is designed to make money. I’m not blaming anyone here. Facebook is a company designed to pull a profit, and that’s fine. The problem is that it is often talked about like some sort of public service. If it is viewed as a company, the game changes, and hopefully people snap out of the sense of security they’ve been lulled into. Until then… try not to get used.

Note: The above quotes are from Facebook’s Privacy Policy, located at http://www.facebook.com/policy.php accessed on April 20, 2011 at 11:15 a.m.