Actually the bug 'breach' in the article is not the breach I was thinking about. It's a bad breach but it's a separate issue to me.
For me the issue lies in how Facebook communicates. (Fair disclosure, it's been a long time since I signed up and what they say to get you to share your e-mail contacts may have changed). The relevant section of the article for me is this one:
"When someone “connects” to Facebook using their Gmail, Yahoo, Twitter, Outlook or whatever account, Facebook will ask for permission to access your contacts to “find your friends on Facebook”. While Facebook may actually be trying to find their friend’s profiles on Facebook, Facebook is also harvesting all of that contact data and using it to create “shadow profiles” based on name and email address information. Ouch… And before you ask if Facebook notifies anyone about this process, apparently this page which is ambiguous at best is an attempt." [the "this page" referenced in the quote is the one you linked]
Fair disclosure: my reference for what Facebook should be doing comes from my own subjective personal expectations. These are probably different from yours. Fair enough :-)
I'm happy to agree that FB doesn't violate your privacy expectations :-)
"I guess I don't understand what you think Facebook should be doing, instead? Do you think they have to specifically disclose every internal use of the information they collect prior to collecting it?"
This is a great question, because it's genuinely complicated, and there's no one word answer that will suffice. That's the messiness of relationship...
Every use? No. Every significant use? Yes. For me, secret accounts are significant. What is happening here is an uncomplicated bait and switch. They promise one thing (friend population) and deliver another (friend population + creepy secret dossiers). Facebook has every ability to set the tone of the conversation and yet they oh-so-conveniently forget to ask to use the data for something that is really a big deal. Hiding something major in a help page is a scummy deceptive trick, and if any of my flesh and blood friends conveniently neglected to mention something major in this way I would be mad at them, too.
What Facebook should be doing is this:
FB: Can I import your contacts to populate your friend list?
Me: Sure, that'd be great! Thanks FB!
FB: Cool! Have a nice day!
FIN.
Or even this:
FB: Can I import your contacts to populate your friend list?
Me: Sure, that'd be great! Thanks FB!
FB: Great! Now that that's finished, can I use the same contacts to create shadow accounts for your friends in case they ever want to join?
Me: Umm... where's the link to delete my account?
What I want FB to do is either to not make secret profiles, or at the very least to ask me before they do. Here's the kicker: if they were honest and up front (honestly, who reads the help file?) about what they were doing, I would have said "NO", and they know it. And they went ahead and did it anyway, without asking.
Now, I can abandon my expectations as naive and just expect FB to do every single dastardly Jerk Thing they can possibly get away with, but I don't want to live in a world that cynical. I think this is why we were all so joyous when Google came out with "Don't be evil" and all so devastated when they broke that promise. I'd rather fight a little (even if it's just griping on HN) to recover a world where Jerk Things get called out as Jerk Things rather than give up entirely.
For me the issue lies in how Facebook communicates. (Fair disclosure, it's been a long time since I signed up and what they say to get you to share your e-mail contacts may have changed). The relevant section of the article for me is this one:
"When someone “connects” to Facebook using their Gmail, Yahoo, Twitter, Outlook or whatever account, Facebook will ask for permission to access your contacts to “find your friends on Facebook”. While Facebook may actually be trying to find their friend’s profiles on Facebook, Facebook is also harvesting all of that contact data and using it to create “shadow profiles” based on name and email address information. Ouch… And before you ask if Facebook notifies anyone about this process, apparently this page which is ambiguous at best is an attempt." [the "this page" referenced in the quote is the one you linked]
Fair disclosure: my reference for what Facebook should be doing comes from my own subjective personal expectations. These are probably different from yours. Fair enough :-)
I'm happy to agree that FB doesn't violate your privacy expectations :-)
"I guess I don't understand what you think Facebook should be doing, instead? Do you think they have to specifically disclose every internal use of the information they collect prior to collecting it?"
This is a great question, because it's genuinely complicated, and there's no one word answer that will suffice. That's the messiness of relationship...
Every use? No. Every significant use? Yes. For me, secret accounts are significant. What is happening here is an uncomplicated bait and switch. They promise one thing (friend population) and deliver another (friend population + creepy secret dossiers). Facebook has every ability to set the tone of the conversation and yet they oh-so-conveniently forget to ask to use the data for something that is really a big deal. Hiding something major in a help page is a scummy deceptive trick, and if any of my flesh and blood friends conveniently neglected to mention something major in this way I would be mad at them, too.
What Facebook should be doing is this:
FB: Can I import your contacts to populate your friend list?
Me: Sure, that'd be great! Thanks FB!
FB: Cool! Have a nice day!
FIN.
Or even this:
FB: Can I import your contacts to populate your friend list?
Me: Sure, that'd be great! Thanks FB!
FB: Great! Now that that's finished, can I use the same contacts to create shadow accounts for your friends in case they ever want to join?
Me: Umm... where's the link to delete my account?
What I want FB to do is either to not make secret profiles, or at the very least to ask me before they do. Here's the kicker: if they were honest and up front (honestly, who reads the help file?) about what they were doing, I would have said "NO", and they know it. And they went ahead and did it anyway, without asking.
Now, I can abandon my expectations as naive and just expect FB to do every single dastardly Jerk Thing they can possibly get away with, but I don't want to live in a world that cynical. I think this is why we were all so joyous when Google came out with "Don't be evil" and all so devastated when they broke that promise. I'd rather fight a little (even if it's just griping on HN) to recover a world where Jerk Things get called out as Jerk Things rather than give up entirely.
(edit) spacing on dialogue