Your social graph: do you own the data?
3 January 2008
Filed under Blogging, Internet
A big stupid brou-ha-ha erupted last night when blogged Robert Scoble ran a script written by Plaxo against his 5,000 Facebook friends’ information and got banned in short order. Scoble initially posted that Facebook banned his account and only later admitted he’d been screen scraping, or brute-force removing information from Facebook using an unnamed tool by a 3rd party (he was under NDA).
Scoble was miffed that Facebook would ban him for trying to help “free” his “own social data” that “he owns.” This isn’t a new movement, people have been pressuring Facebook for a while now to let them openly move their “social graph” freely between competing services. In a perfect world, Plaxo could seamless import all your contacts from Facebook into their own Pulse system.
But is it really that cut and dry?
Kara Swisher and others have said that this data belongs to Robert Scoble. Really? The private information of all of Robert’s friends belongs to Scoble? Did those users know that Scoble might pipe their private email addresses, birth dates, et cetera all over the web? Did they agree to that? Nick Carr gets to the crux of the matter on his blog:
Now, if you happen to be one of those “friends,” would you think of your name, email address, and birthday as being “Scoble’s data” or as being “my data.” If you’re smart, you’ll think of it as being “my data,” and you’ll be very nervous about the ability of someone to easily suck it out of Facebook’s database and move it into another database without your knowledge or permission. After all, if someone has your name, email address, and birthday, they pretty much have your identity - not just your online identity, but your real-world identity.
So 99% of the data that Scoble is claiming as his own is mine, and yours, and Kara’s, and Nick’s. I may have signed away my privacy to Facebook but I sure as heck didn’t think Scoble would be piping that data all over the Internet. Sure it’s a “benign” service like Plaxo Pulse today, but what if Scoble dumps my phone numbers, birthdate, employment history, and email addresses into some service that gets hacked, or isn’t as responsible as Plaxo and uses that information in ways he didn’t fully understand or agree to? My contract on that data is with Facebook, not with Scoble and certainly not with Plaxo.
14 Comments
#1. David Chartier posted this 9 months, 2 weeks ago.
I haven’t read all of Scoble’s musings on this topic yet, but Facebook profiles can store a lot more than details of friends. I think the larger things at stake here are the photos, blog posts, videos, and other things users can create in or upload to a Facebook profile.
In that light, I definitely think Scoble’s complains and similar “free mah data!” movements have some credibility. Though you’re right, the revoking of rights to stuff like this is nothing new. I hear YouTube’s TOS also demand all rights over content published to the service, and MTV’s social networking site reportedly claims the same amount of control.
I don’t think anyone in their right mind would sanely claim that they own their friend’s personal details. While I’d like to bring up the debate over whether Scoble has ever been in his “right mind,” I’ll give him the benefit of the doubt for now. I think this data issue is about ownership over genuinely personal data.
#2. Clint Ecker posted this 9 months, 2 weeks ago.
Sure, I think it should be possible to export the content you’ve created, but as you say the line becomes blurry when someone else’s information is at stake.
In Scoble’s case, he was specifically interested in exporting all of his friends’ birth dates and email addresses.
I think that Facebook will ultimately set up a privacy system like they have for displaying information now, but for which data and which friends you allow to export your information.
Already Facebook has a concept of friend grouping. I’ve made groups for my close personal friends, work friends, professional contacts, et cetera. This isn’t being used in any official capacity yet, but I can see allowing GPC (granular privacy controls) to whole groups.
Say for example I could set it so that people in my Professional Contacts group are allowed to export only my email and birth date, but those in my Personal Contacts group could have access to a little more information of my choosing. On another level, I personally could have access to all information that I’ve created for export to another social network. Sending my employment history back and forth between LinkedIn jumps to mind.
Those are the kind of things I expect Facebook are already working on and will announce during 2008. At TC40, Tantek Celik asked Mark Zuckerberg directly when they’d allow exporting of data, or begin using Microformats (another way of exporting data) and his response, while mostly a non-answer, seemed to indicate that there are forces working internally at Facebook to make it happen.
The Beacon thing probably hasn’t helped things, and they’re undoubtedly taking a second and third look at how they expose this information and how to let individuals control how other people use their personal information,