[neilk]

So their theory here is that when I add a friend on Facebook, I am really saying this: "I share some of my contact info with you, but only as long as we both use Facebook?"

That's a convenient notion if you happen to work for Big #3b5998. But I think almost anyone would agree that it's really two people making a connection, and Facebook is just the middleman.

[yariv]

The theory is that by accepting someone's friend request you're not automatically granting them the ability to export your email address to any application that asks for it. If it were possible there's a good chance your inbox would quickly be filled with spam from apps your friends use. I know of no social network, including Google's own Orkut, Twitter, and Myspace, which allows this kind of mass exportation of friend emails via its API.

[nostromo]

> If it were possible there's a good chance your inbox would quickly be filled with spam from apps your friends use.

Apps like, um, FaceBook?

[gilted]

More like Zynga apps. Could you imagine if Farmville could easily get a hold of the emails of all of your friends? God help us.

[nostromo]

My only point is that the scenario yariv frets about is exactly what FaceBook did to grow.

Before I joined FaceBook I would get regular emails about all of my friends on FB that had uploaded my contact info via GMail.

[joe_the_user]

Like Nostromo said...

Plus it's pretty clear Facebook itself needs to make a distinction between something like a "export application" (that does generate nothing-like-spam) and something like Farmville (which is only generates something-like-spam).

While this lack of distinction is a serious problem for Facebook ... it hardly qualifies as a good argument for Facebook being able to export from everyone else but not allowing exports to anyone.

[joe_the_user]

So on the other hand, by emailing someone, you are granting them the right to download your contact information to a third party application who will then ... email you that you should join ... Facebook?

[wmf]

A slightly different way to look at it is "I share some of my contact info with you as long as I can control how you use it (e.g. look but don't re-share, I can revoke it later, etc.)." Facebook allows that kind of control by preventing data export.

[thwarted]

Facebook allows that kind of control by preventing data export.

In other words, "If everyone uses Facebook for their data control needs, we'd all have perfect data control."

This sounds suspiciously like an argument for DRM, which all end up failing and being bogus. Remember those email client plugins that would keep people from printing or remailing an email, that would have only worked if just everyone you sent something to had it installed?

[wmf]

Obligatory DRM argument, check. But why even have privacy settings if you're not going to try to enforce them? Just make everything public, resulting in people hardly posting anything, and then the whole social networking thing can just shut down.

[thwarted]

My point is that the DRM-style argument can't work because bits can't be restricted in this manner.

I mean, I'm still trying to figure out what "look but don't re-share" means. There's absolutely no way to enforce that.

Facebook saying that they are honoring user's settings is a false sense of security, because your address is accessible to me via my email program, that's how I was able to give it to facebook. I can still use your email address I already had for any purpose.

The only people their policy protects is people you friended on facebook without using email address book integration, but that's not the topic here.

I suppose if the false sense of security gets people to use your website, you can exploit that, but that doesn't mean you can actually enforce it. And somehow I doubt people's email addresses being exposed via facebook is going to keep the majority of people from using facebook: everyone already gets spam, and most people don't know how to track how an email address ends up in spamming lists. Facebook may already be selling email addresses to spammers and most people would never know.

It's actually in facebook's interest to sell email addresses rather than expose email addresses to third party apps that contact you via facebook, because third party apps that contact you via facebook reflect badly on facebook's other (maybe legit) emails that come from facebook's servers/domains.

[joe_the_user]

But why even have privacy settings if you're not going to try to enforce them?

That's a question for Facebook, not us. Don't you think?

However, the thing about Facebook isn't just that doesn't respect own privacy settings (which it hasn't). The thing is the concept of providing strong privacy while sharing within a set of intersecting friendship is essentially contradictory and impossible.

This (impossible) promise is very convenient for Facebook, however, since serves as an incentive, a pretext, for all-controlling environment. Consider, how do you keep your information safe while sharing it? The answer isn't "something sort-of like DRM". The answer is that is exactly, fully the definition of DRM. What Facebook is promising boils down to personal DRM (ie, impossible and opens the door nefarious third parties, etc).