Online Privacy, Google and Facebook

Google’s court case in Italy is a big deal. As everyone is saying, if Google can be held accountable for the content it syndicates on its site, that would change the way that information flows through the internet forever. It could close the whole thing down.
I thought I’d take this opportunity to throw out some loosely connected ideas on the subject of Google, privacy rights, etc. Maybe some of them will stick:
First, this case seems to be less about principled differences between Continental and American conceptions of privacy, and more about Berlusconi’s media holdings. Italy has a pretty screwed up media environment; and its internet usage is among the lowest in Europe.
Second, more generally, I’m not really bullish on privacy rights mostly because I don’t know exactly what that term means. As a lay person (not a lawyer), it’s always struck me that most “privacy violations” are actually just other legal violations in disguise — that posting a video of an autistic teenager being bulllied is actually an issue of harassment, libel and property theft, not “privacy” itself. Is it possible to understand privacy without these other constituent ideas? And if not, then how can we even try to create a coherent online privacy regime?
And further, as someone who thinks that American community is worth caring about, I’m struck that the problem of our country is not that we have too little privacy but that we demand too much. It’s clear that in America at least our lives are more private than they ever were before — our music is listened to privately, we commute in private vehicles, and the notion of a neighborhood, where people know each others’ names and keep up on their lives, has all but vanished. Our private lives are very big — filled with cell phones, iPods, laptops, etc — and our public lives are increasingly small.
Third, the problem with data sharing on the internet to me is not that anyone can see the information I post (I can clearly, if imperfectly, decide these days what information I release and to whom); the problem is that the information never goes away. This is an under-discussed problem with Facebook: you cannot grow. My real-life “personality profile” changes and evolves with time, whereas on Facebook everything sticks, nothing vanishes, my past is there forever. It’s been said that the greatest feature of the human brain is the ability to forget. Otherwise, how could we deal with all the of data points we encounter each day? How could we create meaning or priorities? The problem with the internet is not privacy, but total, unforgiving memory.
Fourth, given all of the above, it is true that Google/Facebook does do a lot of creep shit with our data. Every college student should check out this interview with an anonymous (oh the irony!) Facebook employee. “Q: When you say “click on somebody’s profile,” you mean you save our viewing history?/ A: That’s right. How do you think we know who your best friends are?”
Good question. (Excerpts from the interview beneath the fold.)

The Rumpus: On your servers, do you save everything ever entered into Facebook at any time, whether or not it’s been deleted, untagged, and so forth?
Facebook Employee: That is essentially correct at this moment. The only reason we’re changing that is for performance reasons. When you make any sort of interaction on Facebook — upload a photo, click on somebody’s profile, update your status, change your profile information —
Rumpus: When you say “click on somebody’s profile,” you mean you save our viewing history?
Employee: That’s right. How do you think we know who your best friends are? But that’s public knowledge; we’ve explicitly stated that we record that. If you look in your type-ahead search, and you press “A,” or just one letter, a list of your best friends shows up. It’s no longer organized alphabetically, but by the person you interact with most, your “best friends,” or at least those whom we have concluded you are best friends with.
Rumpus: In other words, the person you stalk the most.
Employee: No, it’s more than just that. It’s also messages, file posts, photos you’re tagged in with them, as well as your viewing of their profile and all of that. Essentially, we judge how good of a friend they are to you.
Rumpus: When did Facebook make this change?
Employee: That was actually fairly recently, sometime in the last three months. But other than that, we definitely store snapshots, which is basically a picture of all the data on all of our servers. I want to say we do that every hour, of every day of every week of every month.
Rumpus: So this is every viewable screen?
Employee: It’s way more than that: it’s every viewable screen, with all the data behind every screen. So when we store your photos, we have six versions of your photos. We don’t store the original: we make six different versions on the photo uploader and upload those six versions.

Rumpus: You’ve previously mentioned a master password, which you no longer use.
Employee: I’m not sure when exactly it was deprecated, but we did have a master password at one point where you could type in any user’s user ID, and then the password. I’m not going to give you the exact password, but with upper and lower case, symbols, numbers, all of the above, it spelled out ‘Chuck Norris,’ more or less. It was pretty fantastic.
Rumpus: This was accessible by any Facebook employee?
Employee: Technically, yes. But it was pretty much limited to the original engineers, who were basically the only people who knew about it. It wasn’t as if random people in Human Resources were using this password to log into profiles. It was made and designed for engineering reasons. But it was there, and any employee could find it if they knew where to look.
I should also say that it was only available internally. If I were to log in from a high school or library, I couldn’t use it. You had to be in the Facebook office, using the Facebook ISP.
Rumpus: Do you think Facebook employees ever abused the privilege of having universal access?
Employee: I know it has happened in the past, because at least two people have been fired for it that I know of.
Rumpus: What did they do?
Employee: I know one of them went in and manipulated some other person’s data, changed their religious views or something like that. I don’t remember exactly what it was, but he got reported, got found out, got fired.
Rumpus: Have you ever logged in to anyone’s account?
Employee: I have. For engineering reasons.
Rumpus: Have you ever done it outside of professional reasons?
Employee: I will say, when I first started working there, yes. I used it to view other people’s profiles which I didn’t have permission to visit. I never manipulated their data in any way; however, I did abuse the profile viewing permission at several initial points when I started at Facebook.
Rumpus: How about reading their messages?
Employee: Never individually like that. I would mostly just look at profiles.
Rumpus: Would you suppose that Facebook employees might read people’s messages?
Employee: See, the thing is — and I don’t know how much you know about it — it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand.
Rumpus: So the master password is basically irrelevant.
Employee: Yeah.
Photo attribution: Flickr stream of Aboca

Leave a Comment

Solve : *
12 + 20 =