If you haven’t figured out by now, Facebook pretty much knows what you ate for breakfast, where you bought it, and how you paid for it.
Facebook’s terms of use have been the issue of heated debate. My viewpoint has always been that nothing you post on the Internet is ever safe and secure and that at some point, it may become more public than you wanted to. But now Facebook has risen to a whole new level…or should I say scooped down?
If I am to believe Irish tech consultant Príomh Ó hÚigínn (which I do), Facebook also collects data from unposted updates. You know, the updates that you write and then decided not to post, because they were a little too angry, too aggressive, too political or too whatever.
This is what he writes on his blog:
I was inspecting Facebook’s network traffic today in Firefox Devtools, when I realized that any text I put into the status update box was sent to Facebook’s servers, even if I did not click the post button.
He did a little digging around and discovered it was true. To collect the text you type, Facebook sends code to your browser. That code automatically analyses what you type into any text box and reports this metadata back to Facebook.
Now Príomh Ó hÚigínn is not an alarmist. He’s also not one of those anti-Facebook people. As he admits himself, he uses Facebook despite its horrible privacy policy because of the convenience it offers. Still, he’s adamant that Facebook is going too far in this instance and has no right to collect unposted updates, even if it falls under their description of ‘metadata’.
I agree with him.
Collecting data from unposted updates is creepy and flat out wrong. There’s a reason for not posting these and if I have to self-censure before even typing, we’ve truly sunk to an Orwellian ‘Big Brother is watching you’ level. I love Facebook, and so far, I’ve accepted the complete loss of privacy as a trade off, but this is a step too far. I’m hoping Facebook will realize that as well and back down.
Andrew Fallows says
For me, this depends entirely on what Facebook is doing with my information, not on the basic binary of whether or not they’re collecting it.
Sending data to the server in real time might make the server that much more able to spy on me as a person, but it also (potentially) has the ability to provide suggestions like people I could tag in my post, links I could add, or a host of other non-creepy, helpful functions that are all the more helpful because I’m getting them in real time, instead of waiting until I click post.
Now, given Facebook’s spotty track record with privacy, I’m not 100% willing to give them the benefit of the doubt that everything they’re doing is innocuous and helpful to me. After all, Facebook is free, which means Facebook isn’t the product – I am.
Nonetheless, I’m reserving judgment on this one because I know how much pressure website are under to do fascinating things as quickly as possible, and not all of those fascinating things can be done completely client-side. To flagrantly misuse a famous maxim, “Never attribute to malice that which is adequately explained by AJAX.”
Andrew Fallows says
(P.S. that was an abuse of Hanlon’s Razor)
Rachel Blom says
Ha! Hanlon’s Razor…that’s one I gotta remember, love it 🙂
I like your perspective. It’s true that some technological advancements are done with the user in mind and I can see the helpfulness in your suggestions, but…with all that techno power, surely there’s also a ‘delete’ option?
Andrew Fallows says
Now that part is the trickiest part when it comes to how these systems are actually implemented.
There are basically 3 states:
Permanent: Some data is stored in a database which is replicated, backed up, and secured so that. barring an explosion in the data center, it will never be lost.
Cached: Some server stores a temporary backup of the data somewhere so that duplicate requests for the same information can happen faster. Caching isn’t intended to record or analyze information, it’s only a performance optimization.
Ephemeral: Some data is in a request, and then as soon as the request is complete, that data is completely lost; nothing is storing it anywhere.
Obviously, when it comes to data we want to keep private, ephemeral is our friend. The trouble is, there’s rarely any way to know (unless the company chooses to disclose it) which mechanism any given interaction falls under. I doubt that privacy laws prevent caching (except in certain cases, like credit card transactions).
It’s tricky territory, and as a guy in the industry I struggle because I see both sides all the time.
To answer your question about a delete button: everything that’s stored in a database can be deleted, and fairly easily. The tricky part is getting the database admin to agree to delete it. 🙂
Eric Dye says
But alas, we keep eating from the tech trough.
Rachel Blom says
Yup. Makes me wonder how much we’re willing to put up with before we say enough…