Hacker News new | ask | show | jobs
by raganwald 5739 days ago
Nothing you do on the site you signed in with is published to your Facebook profile, without your explicit consent on a dialog box

The trouble with this statement is that some users (myself included) don't believe (a) this is true even when they say it's true, or (b) that if it's true today it will still be true tomorrow.

Such paranoid users are worried that FB will make a privacy policy change that turns the privacy off "as a benefit to users," and the opt-out checkbox will be buried seven links deep. I try to use FB's controls to make my FB stuff fairly private, but I still operate on the assumption that one day FB will break my assumptions about what is or isn't shared.

The recent "Places" launch confirmed it for me. If I hadn't read someone else's blog post, I wouldn't have known that simply refusing to opt into places wasn't enough, I also had to explicitly block friends from checking me into locations.
1 comments
dzlobin 5739 days ago
I don't mean to personally call you out but this mindset is entirely flawed for this argument. If you're so worried about keeping your private things private, don't put anything you're not completely fine with being public on facebook. According to your logic they don't owe you any real promise of privacy, right?
link
raganwald 5738 days ago
I don't know what they owe me, but I do know what I do and do not trust them to do. And on that basis I decide what I will and will not share with them.

Which brings us full-circle back tot the point of the post:

When a third-party application uses FB as its authentication mechanism, it gives the appearance of asking its users to trust FB with everything they do on that application.

So yeah, I don't put anything on FB that I can't handle becoming public some day. That doesn't mean I want it to be public, but I wouldn't knowingly put something private on there.

And that extends to third-party apps using FB for anything at all. I can't ever imagine using a linked-in kind of application that uses FB authentication. I'm not going to put certain business contacts and my business relationship with them where FB might be able to scrape the data.

I'm not dating, but if I did I wouldn't use a service that used FB for authentication. Or a personal money management application.

And my message to third party apps using FB for authentication is to take this into account. I won't say "don't," you know your market, maybe they don't care. But at least have your eyes open to people who might think twice if whatever you're managing for them might be sensitive.

link