NSA ♥ Facebook

A while back, the Washington Post reported on a set of leaked NSA slides that most people seem to have ignored.

There was one interesting piece of data in the report that I think deserves more attention. On the slide titled “Address Books” is a table setting out how many people’s address books have been collected, and how many are “Attributed” — that is, how many allow the NSA to tie an online ID to a real named person.

Address Books

Here’s the data as a table, to make it easier to read:

Provider Collected Attributed Attributed%
Yahoo 444743 11009 2.48%
Hotmail 105068 1115 1.06%
Gmail 33697 2350 6.97%
Facebook 82857 79437 95.87%
Other 22881 1175 5.14%
Total 689246 95086 13.80%

Notice that Facebook is far and away the NSA’s best source of information about you and your friends. Doing the math, 79437/95086 = 84% of the NSA’s information linking named individuals to their friends online is sourced from Facebook.

Why Facebook sucks

Now that people are starting to migrate from Facebook to Google Plus, I see a lot of people asking, apparently seriously, what’s wrong with Facebook. Given that Facebook is hated as much as airlines, it seems likely that the site has few dedicated fans willing to stick around when everyone else leaves. I’m certainly not one of them, and here’s why.

Facebook insists that you get a new e-mail inbox, which you can only access from Facebook. You can get e-mail notifications in your existing e-mail, but to reply you still have to go to Facebook. I don’t want another inbox, especially not a proprietary one. In Google Plus, the button to send a private message can be disabled, allowed only for certain people, and can forward to any e-mail inbox you want.

Facebook insists that you get a new instant messaging ID, which you can only use to talk to other Facebook users. I don’t want another proprietary IM ID. Google Plus uses Google Talk, which is based on the Internet standard XMPP and is federated with Jabber and AIM so you can talk to people on those networks too.

Facebook won’t let you export your friends’ contact information or sync it with your phone. Google, in contrast, offers Google Takeout to export everything, and also offers full contact sync via an open API.

Facebook is signing up with Microsoft and Skype to implement their voice and video chat. Skype is a closed proprietary protocol, deliberately obfuscated and encrypted to make it impossible for anyone else to interoperate with it. In contrast, Google document their additions to the standard XMPP video and audio protocols, and state their belief that people should have a free choice of competing clients.

Facebook have slowly and deliberately eroded users’ privacy. While Google has had a few privacy failings (principally with Buzz, which I didn’t use), they are far better than Facebook in this area.

Facebook is buggy. I routinely see a different news feed depending on whether I use the app on my phone or the main web site.

Google Plus’s “circles” are simple to set up and simple to use. The equivalent functionality in Facebook is hard to find and a pain to set up. (At the time of writing, you create a list as follows: Click “Friends” in left menu, “Edit Friends” top right, click “Create a List” top right, find a person by typing their name into the search box, click the drop down to the right of the search result, and click the name of the list you created. To use a list, you must then click the lock under a posting you’re writing, click Customize, under “Make this visible to” select “Specific People…”, in the text box type the name of the list you created, and click “Save Setting”.) Whether this is just bad UI design or a deliberate attempt to make the process painful so people don’t do it, I don’t know.

Want more reasons to dislike Facebook? Check out Wikipedia’s criticism of Facebook article, particularly the section on censorship. The latest victim is Roger Ebert.

And then there’s Mark Zuckerberg himself, and his attitude to privacy issues in the early days. Businesses’ cultural attitudes tend to flow from the top down.

As a final note, I’m not an absolutist. I recognize that there are things Google has done wrong, and things they continue to do wrong. However, moving from Facebook to Google Plus seems to me to be overall greatly positive, from the point of view of privacy, openness, access to data, and general levels of evil. When something even better comes along, I’ll consider moving to it. Until then, I’m done posting on Facebook, though I’ll keep reading it for the time being.

I’m also sure there are people who will keep using Facebook, and not use Google Plus. There are probably people still using MySpace and refusing to use Facebook too. That’s their decision, and they’re welcome to it, but it’s not going to affect my decision.


I really want someone to provide a viable alternative to Facebook.

This week Google launched Google Plus. Before long I got an e-mail from someone inviting me to a “Hangout”. Clicking the link took me to a page that told me I wasn’t allowed in. Clicking the link to unsubscribe from such e-mails took me to a 404 page. That’s not social networking, that’s spam. I flagged it as such.

Also, a few weeks ago someone flagged my Google Profile as violating community standards. All the information in it was accurate, there was no swearing, no nudity, and no indication of what specifically they were objecting to… So I clicked the link to have it reviewed again. Back it came, rejected again, no explanation, with my photo removed. I tried a different photo, clicked to have it reviewed again. Rejected again. So I deleted the whole thing.

At that point, Latitude started failing on my Android phone. It turns out that there’s an undocumented dependency between having a Profile and using Latitude. So I created a blank private profile and submitted that. It was approved.

So this month Google told me I wasn’t allowed to post a useful public profile, invited me to a social networking service and then immediately told me to go away, and spammed me. This suggests to me that Google as an organization still doesn’t understand social networking.

I also tried to set up Friendika. After hitting three successive technical roadblocks and wading around in PHP internals for hours to try and debug them, I decided it just wasn’t very robust, and gave up. I mean, I’m not an idiot, I can deploy WordPress in minutes.

Earlier in the year I tried Diaspora. That seems to work, but so far nobody much seems to be using it. I’m giving it another try. Development progress seems to be relatively slow.

Update 2011-07-01

Well, I’m now in Google Plus. First impressions: It’s basically Diaspora, with an interface that’s more like Facebook. I still don’t see any value in wasting my time entering profile information until they fix their transparency issues, but it’s as good as Facebook for the things I use Facebook for–sharing links, posting occasional casual photos, and not much else.

Facebook privacy drama

On TechCrunch, Paul Carr pretty much nails the Facebook situation.

Yes, Facebook’s privacy “promise” has been steadily eroding. However, the problem isn’t that Facebook has given up on offering privacy. Rather, the problem is that Facebook initially sold people on the myth that they could fill the Internet with personal information and magically expect that it would stay personal. I don’t know whether that was a deliberate bait and switch, or simply naïvety on the part of its founder.

I use Facebook as a dumping ground for interesting links, and for random chatter with friends. I also re-post content there that’s posted publically on other sites: postings like this from my own web sites, photos from Flickr, videos from YouTube, and status updates from Twitter. I have my phone number and address on Facebook, because those are public information; I don’t go out of my way to show them to people I don’t know, but it wouldn’t be a disaster if Facebook did so.

That’s the way I’ve used the site from the start. It’s a handy aggregator of content and place to chat with friends. I’ve never seen it as a secure, trusted place to put sensitive information. Free web sites are never places to trust with confidential personal information. If you don’t own the web site, you don’t own the data and you don’t decide the policy. That’s a simple fact, and a principle so old that it has an ancient saying associated with it: He who pays the piper, calls the tune. Or in today’s terms, he who pays the bandwidth bills sets the terms of service.

I’ve seen people say that it’s time to abandon Facebook for some kind of alternative. What, exactly, would that look like? One person mentioned an old-fashioned unarchived mailing list, but everyone has so much storage these days, who bothers to delete mailing list traffic to prevent it being archived? Chances are, one or more people on the list will use Gmail, and all the content will be available to Google, indexed and ready for leakage.

I know I plug this book way too often, but everyone who lives a lot of their life online should read The Transparent Society by David Brin. Facebook may be the most visible agent of transparency this week, but what we’re really seeing is a fundamental shift driven by technological change in general, not by any specific organization. Participating fully in society is pushing people to be more and more transparent, whether they like it or not. Putting on a tinfoil hat and refusing to put any information on the Internet is no solution either–all it means is that the only picture of you that searchers will get is the picture everyone else projects–like your enemies, for example.

If you don’t like Facebook’s market dominance, that’s a fine reason to move your content elsewhere. I don’t particularly like that Facebook has such a horrible API and offers no useful Atom feeds; it’s basically a giant box you can put stuff in to but can’t get it out of. I’d move to an open alternative, and I wish Google had done a better job with theirs. In their ham-fisted way, Google were more honest with Buzz: they gave you no privacy to start with. The problem was, users weren’t ready for that, and Google shoved Buzz into a place where people expected privacy and had some reason to do so–their e-mail accounts.

So I don’t think privacy concerns are a good reason to ditch Facebook; rather, they’re an indication that you’re probably viewing free social web services inappropriately to start with. But if someone puts together an open alternative with a sensible UI, I’m ready to move. How about it, Google?