Freely subscribe to our NEWSLETTER

Let’s start with the obvious: If you want to keep your information private, don’t use a social network to store it. The essence of social networks is to provoke solicited, and unsolicited, interactions between individuals. If I want to share photos with my friends over Facebook, why do I need to have my religion, birthday, marital status, or political affiliation stored in Facebook?

Further, privacy does not coincide with the interests of Facebook creators or with the attitude of many Facebook users. If social networks were about keeping private information, and controlling it, then the default would have been not to share any new piece of information and have a “share” or “publish” button that you need to explicitly click in order to make the information available to others.

From a security perspective, digital social networks are inherently susceptible to data dispersion and inference attacks. That is, you may block the direct access to your (explicit) religious information but your profile photos, which you chose to be public, show a Star of David or your race. Additionally, a lot of private information can be deduced or analyzed via friend’s network (religion, sexual orientation, or age). Someone may also post a sensitive message to the wall of a friend who at some point in time decides to make his wall, and hence your post, public. Unsurprisingly, cybercriminals and freaks build dossiers from social networking sites. (And this is just security problems with simply surfing Facebook and doesn’t even begin to describe the laundry list of technical vulnerabilities.)

But Facebook has its virtues. Staying in touch with family and friends is undeniably engaging. Or as comedian joked, “I’m on Facebook to ensure my ex-girlfriends aren’t doing better than I am.”

Today, Facebook is at a serious crossroads. If it continues giving the impression that consumer privacy is a football, it risks further alienating users. However, if it sets the right example and makes privacy sacred, Facebook can set the right tone for social networking for years to come. Better yet, there is a big opportunity for FaceBook to educate people—especially younger users—about the issues of privacy. With 500 million users, gaining consumer trust will, in turn, bolster advertising and other revenue. And there are big reasons for Facebook to worry: recent evidence shows social networks are losing luster when it comes to trust. Edelman’s Trust Barometer found that peers and friends are no longer creditable sources for third party endorsements, dropping 45% to 25%, since 2008. This will have a huge impact on marketers’ ability to effectively convert social networks into revenue.

Consumers must believe that Facebook’s intentions are in line with their best interests. In this case, Facebook—with overwhelming zeal—must show it’s doing everything it can to maintain user privacy.

What should Facebook do?

Although Facebook has announced that it will offer a one stop shop for privacy settings where users will be able to see one privacy page with a list of all their applications and a choice of three settings for each. The redesigned privacy page allows users to see all their information in one grid and apply privacy settings to each. Facebook will suggest defaults
However there is a lot more that could be done.

First, Facebook should universally provide audit trails to help the consumer adjust security settings. An audit trail might look something like:
– Friend “Mom” has viewed “Wild party” pictures (Oh no! Should block her from that.)
– Application vendor “Yelp” has viewed your friend list (I didn’t want that—block them.)
– Friend “Larry” looked at your wall (That’s fine.)
– Stranger has viewed “Wild party” pictures (Oh no… I forgot to share it only with my friends.)

Second, Facebook should universally, and automatically, default all privacy controls to the most conservative option, meaning:
– Make the default for all items “private”.
– Automatically reset all default settings to ensure only selected contacts can see user profiles.
– Automatically make information inaccessible to search engines until an end user allows it to be public.
– Automatically block applications having full access to private data.
– Provide two level administration for children’s accounts.

Third, Facebook should offer a some de facto levels of privacy. Consumers, better informed with audit trail results, will have a better vantage point edit their security settings. Facebook should provide three privacy options:
– Super-secret: With a click, consumers will be guaranteed ultimate privacy with no pictures or information posted anywhere, except to a designated circle of friends. Also, personal information could not be shared with application makers. As Facebook changes, they should assure users that all default settings will be set to the most conservative option.
– Fully public: For those who thrive on voyeurism.
– Customized: Power users can set their options.
During the 1950s, Deming defined how quality in manufacturing became vital for profit and competitiveness, coining the concept of “total quality management.” Facebook, at an analogous point in its history, should implement “total privacy management” to show consumers and government regulators that consumer privacy is a sacrosanct holy grail. Consumers will react with dollars, governments will placate regulators.