What the Facebook

This weekend I deactivated my Facebook account after six years of near-daily use. I was surprised that Facebook showed such disregard for their users’ privacy by making their new Instant Personalization features opt-out so soon after the Google Buzz backlash a few months ago and their own adventures with Beacon a couple years ago. My surprise turned to shock when, after I disabled these new features, I went to CNN.com and discovered it knew who I was.

screenshot of CNN.com social pluginIt turns out this is a “social plugin” from Facebook embedded in an iframe. As a (mostly former) web developer, I know that means CNN.com doesn’t actually know who I am; rather, that content is hosted on Facebook but embedded on CNN’s website in a way that CNN can’t access. But it’s ridiculous that I have to look at the source of a website and understand the DOM security model to know that. People see their friends’ activity on CNN.com and think the website knows who they are, and there’s no Facebook preference to turn that off.

Just to reiterate that, Facebook wants websites to embed iframes that can look just like their surroundings on the page and trick the user into thinking that website knows them and their friends, and didn’t bother including a way to turn that off. Maybe this iframe thing will catch on and my bank will start letting me log in from other websites too!

I considered these things and tried to think of any benefit of the Facebook service that came to close to outweighing its clear violation of my privacy. And then I deactivated my account. The answer was a definitive “no, I don’t even use the site that much anymore and don’t want to be involved if this is the direction they’re going”.

The first two days were rough; I had formed such a Facebook habit that I would go to click where my bookmark used to be and briefly hunt for it before remembering why it’s gone. But after that it got a lot easier, and today I didn’t really miss it or even think about it at all.

I’m not writing this post to try to convince anyone else to deactivate their accounts, though I know others who have for the same reasons. I understand that everyone values privacy differently (especially Facebook, apparently) and for some people the value provided really is worth the cost. I’m mainly writing it so that it’s public and I’ll be more likely to stick to my deactivation in case it gets more difficult to stay away. (ex-Facebook group therapy meetup, anyone?) Although, now that I’ve disabled third-party cookies in my browser, effectively turning off the “social plugins”, I might even consider reactivating my account down the road if they abandon this scary, scary direction they’re headed. But that seems pretty unlikely.

As the product manager of a website full of user-generated content, I try to keep up with what others solving some of the same problems are doing, and Facebook is certainly a leader in this space. That’s partly why I’m so disappointed that someone in a similar position made a conscious decision to make these new features opt-out and some parts not have an “off” switch at all. This is where I am reminded how awesome it is to work for a company that puts the user above everything else.

I guess Facebook and I will just have to agree to disagree on my privacy.