Private Lives, Public viewings....

So.....Facebook is shortly going to make itself searchable from outside. From tonight. No early warning has been emailed so you can reset your profile unless you read the blogs (odd that given F/B propensity to email with a linkback for everything else). The business logic is inescapable - more visibility means more traffic, once the search engines register their pages it means maybe more members, and of course the temptation to expose more data and add services to their knowledge of you will be ever present. It's a business, not a charity after all.

Except...whats in it for the users? Did the students who originally signed up and have plastered the boards with their own plastered pix think this was the deal? Facebook when it started was a collegiate service, but it is now a business and that means answerable to a different set of priorities. Did all the Linked In refugees realise this would occur? You may insist on privacy, but if you have a socially promiscuous facebook friend, stuff will still get out....Caveat Friendstor !

Marc Canter makes an interesting plea for a "Bill of Rights" for users of Social Networks:

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

Ownership of their own personal information, including:
o their own profile data
o the list of people they are connected to
o the activity stream of content they create;
Control of whether and how such personal information is shared with others; and
Freedom to grant persistent access to their personal information to trusted external sites.

Sites supporting these rights shall:

Allow their users to syndicate their own profile data, their friends list, and the data that’s shared with them via the service, using a persistent URL or API token and open data formats;
Allow their users to syndicate their own stream of activity outside the site;
Allow their users to link from their profile pages to external identifiers in a public way; and
Allow their users to discover who else they know is also on their site, using the same external identifiers made available for lookup within the service.

We'd support that - and add that there should also be something in there about the Right to Privacy, One Level Removed - ie that:

- sites that host a user's social directories should not expose them - profiles or links - to outside search unless they have explicit consent.
- sites may not aggregate your data and on-sell to others unless they have explicit consent.

This may seem like nitpicking, but it always pays to be explicit - "ownership" is an easy thing to wriggle out of
(What, you didn't know F/B tracks emails you send to non F/B ers? - tsk). The reason for this is not just what Facebook is doing now, but the obvious endgame here, as this post on ZDNet explains:

Specialized search engine Rapleaf changed its privacy policy and removed a Web site on Friday in an effort to disclose the part of its business that sells data to marketers about people's online social ties.

Following inquiries for an article published Friday by CNET News.com, Rapleaf added nearly 700 words to its privacy policy to show its relationship with TrustFuse, a formerly separate part of its business that sells personally identifiable data about Internet users, which it obtains through various social networks and sites. The company also removed the Web site for TrustFuse.com, which now redirects visitors to a page at Rapleaf.com. The updated Rapleaf privacy policy lets people opt out of its system by sending an e-mail to the company.

Rapleaf CEO Auren Hoffman acknowledged that the changes were prompted by inquiries from News.com and that operating two different brands "was confusing." "When you're a small company you have to move quickly. We make small mistakes and you move to correct those mistakes," Hoffman said.

Despite the swift changes, privacy experts still say Rapleaf may be breaching the privacy of people using social networks like MySpace.com and Facebook, among the other social networks to which it links. Rapleaf lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address. But what the company does not disclose are the details on how it obtains people's ties to social networks through their e-mail addresses--a nifty feat considering social networks typically don't publish members' e-mail addresses.

Because of this, some people believe Rapleaf's practices may be violating the terms of service of MySpace and Facebook by linking to people's profile pages and scraping data from the sites for commercial purposes.

"It seems to undermine the whole social-network model, where small communities are formed within the larger online world. Users typically decide who to 'friend' and who not to friend. But if companies have found a way to scarf up e-mail addresses and affiliations, then that's serious and the Federal Trade Commission should investigate," said Marc Rotenberg, executive director at the Electronic Privacy Information Center, a nonprofit privacy advocacy group.

When it started out, Rapleaf was suppose to be an open reputation garnering system to compete with eBay. As you can see, both it and Facebook are moving in one direction, and we suspect that they will not be unique. The financial temptation is just too great.

Postscript - Om Malik has also written a piece on this, quoting Stephanie Olsen at ZDNet as well on the Rapleaf issue - quoted below:

In the cozy Facebook social network, it's easy to have a sense of privacy among friends and business acquaintances.

But sites like Rapleaf will quickly jar you awake: Everything you say or do on a social network could be fair game to sell to marketers.

Rapleaf, based in San Francisco, is building a business on that premise. The privately held start-up, whose investors include Facebook-backer and PayPal co-founder Peter Thiel, runs two consumer Web sites: Rapleaf.com, a people search engine that lets you retrieve the name, age and social-network affiliations of anyone, as long as you have his or her e-mail address; and Upscoop.com, a similar site to discover, en masse, which social networks to which the people in your contact list belong. To use Upscoop, you must first give the site the username and password of your e-mail account at Gmail, Hotmail, Yahoo or AOL.

By collecting these e-mail addresses, Rapleaf has already amassed a database of 50 million profiles, which might include a person's age, birth date, physical address, alma mater, friends, favorite books and music, political affiliations, as well as how long that person has been online, which social networks he frequents, and what applications he's downloaded.

All of this information could come in handy for Rapleaf's third business, TrustFuse, which sells data (but not e-mail addresses) to marketers so they can better target customers, according to TrustFuse's Web site. As of Friday afternoon, the sites of Rapleaf and Upscoop had no visible link to TrustFuse, but TrustFuse's privacy policy mentions that the two companies are wholly owned subsidiaries of TrustFuse.

According to TrustFuse's Web site, "TrustFuse has pioneered a unique e-mail address based approach to Internet data measurement. (It) provides a framework to learn about new customers, better market to these customers and...to better predict buying behavior." It continues: "We perform deep searches on people to enrich data on your users. And then we put the pieces of the puzzle together to give you the full picture."

Om sums up with:

We are slowly leaving digital litter all over the web, and some day it is going to cause problems.

What are your thoughts?

Apart from saying "we predicted all this would hit in 2007" (see here), our thoughts are that people should stop thinking that Social Networks are a la-la land of happy smiling people. The same venal people you meet on streets are in Social Nets as well, the same precautions you take in Real Life should be taken online - more in fact, since:

(i) Your data, once exposed, is permanently there
(ii) Online social nets do not have the subtlety, the social tricks, to nuance relationships as we do in real life (see our post on this here)

So the Old Rules apply - don't take virtual sweets from strange men, don't give out personal data that allows contact in any public forum, don't write anything you wouldn't want read in court - a SocNet is now a public forum. Personally we wouldn't advise using "own ID" either, but we have been accused before of being dinosaurs about that and not "getting it". But note this well - its no longer a Garbage In, Garbage Out world - in Socnets if you Let It All Hang Out, it will most certainly all come back to hang you.