Facebook and the Social Dynamics of Privacy

Ed. Note: Boing Boing's current guestblogger Clay Shirky is the author of Here Comes Everybody: The Power of Organizing Without Organizations. He teaches at the Interactive Telecommunications Program at NYU, where he works on the overlap of social and technological networks.

James Grimmelmann of New York Law School has written a terrific essay on privacy issues and social networks services entitled Facebook and the Social Dynamics of Privacy.

Grimmelmann is trying to do nothing less than re-shape our attitude towards privacy on social networks, building an erudite and extensively documented argument that our framing of privacy problems, and most of the solutions we have in mind, are bad fits for social networking services.

There are no ideal technical controls for the use of information in social software. The very idea is an oxymoron; “social” and “technical” are incompatible adjectives here. Adding “friendYouDontLike” to a controlled vocabulary will not make it socially complete; there’s still “friendYouDidntUsedToLike.” As long as there are social nuances that aren’t captured in the rules of the network (i.e., always), the network will be unable to prevent them from sparking privacy blowups. [...]

Another reason that comprehensive technical controls are ineffective can be found in Facebook’s other "core principle": that its users should "have access to the information others want to share." If you’re already sharing your information with Alice, checking the box that says “Don’t show to Bob” will stop Facebook from showing it Bob, but it won’t stop Alice from showing it to him. [...]

There’s also another way of looking at "information others want to share": If I want to share information about myself -- and since I’m using a social network site, it’s a moral certainty that I do -- anything that makes it harder for me to share is a bug, not a feature. Users will disable any feature that protects their privacy too much.

For me, the essential pair of insights in this paper are that a) our attitudes towards privacy are shaped by industrial norms -- the individual vs. the corporation or the state -- while on social networks, the most important class of privacy violations are in fact peer-to-peer and b) that these violations, when they happen, are a side-effect of the system doing what it is designed to do, which is to facilitate the spread of personal information.

The first challenge is re-shaping our sense of what a privacy violation means in the context of social network services, and the second is to accept that, since a full stemming of these violations is prima facie impossible, we need a new set of practices around minimizing them where possible and improving recovery from them where possible.

Because of the enormity of the head-shift required to think through peer-to-peer privacy risks, and because Grimmelmann has worked through the issues so carefully and thoroughly, I think this should be required reading for anyone thinking about privacy as it is actually lived.

Facebook and the Social Dynamics of Privacy


  1. I just can’t get excited about Myspacebook anymore.

    The digital preening just gets on my nerves.

  2. The end-all statement on privacy was made by Benjamin Franklin– “Three can keep a secret if two of them are dead”.

    If you want something to be kept private, don’t tell anyone. If you do insist on telling someone, tell them verbally in person, and make sure they’ve got a good reason to keep quiet about it, too.

  3. Personally, I loathe Facebook is that the unchangeable default action is “hide almost everything from people you have not friended”. I don’t have the time to respond to a zillion “friend” requests from total strangers who just want to read my furshlugginer profile.

    So I do my social networky stuff on Livejournal, which defaults to pretty total openness, but lets you lock things down quite easily if you want to. So yeah, I definitely agree with the quoted sentiment that “anything that makes it harder to share is a bug”.

    And yeah, if you bitch about [ex-friend] behind a software privacy lock, the probability of someone who can see it deciding to cut-n-paste it to your ex-friend is pretty high. That’s social networking in action!

  4. we create value in our friends by revealing secrets to them. The “greater” the secret, the greater the friendship value. Facebook is an economy.

    This why I am always poor. I have a realistic sense of my own value.

  5. Don’t put anything onto a social networking system that you don’t want socially networked.

    Problem solved.

  6. This article and discussion ignore the main fact about Facebook “privacy”. The default is to CALL everything private, but make it public, and particularly to make it public to hackers and authority figures. Facebook is the only website of this scale that makes a policy of giving out users so called private information without a warrant, or even a compelling argument. They are the only website of this scale which makes such extraordinarily crappy security that anyone can find anything posted on Facebook with moderate to minimal effort. I find it sort of shocking the way people get up in arms about Google as a potential privacy risk and give Facebook a pass despite their stunningly egregious handling of privacy. The entire section about Facebook getting students suspended and employees fired has been removed from the Wikipedia article. And now Boing Boing is saying we have to re-evaluate the idea of privacy SPECIFICALLY FOR FACEBOOK. Why?

    1. Stephen,

      Boing Boing doesn’t say anything. Boing Boing is a loose collective of individual bloggers, and this post is from a guest blogger. Please stop making it sound like Boing Boing enacted legislation to force people to do something. These posts are an invitation to think about things. Nothing more than that.

  7. The best part of Facebook is your friends being emo(tional) and posting inane things for statuses such as… is tired of life… Doesn’t understand why everything is going wrong… is nothing and noone… etc.

    That and the countless bulletins using poor reverse psychology- “You won’t read this but…” etc.

  8. Grimmelmann writes “Unhelpful interventions—such as mandatory data portability and bans on underage use—fail because they also fail to engage with key aspects of how and why people use social network sites.” This ignores the purpose of the age restrictions. The age restrictions are because Facebook would face serious criminal charges if they applied their non-privacy policy to information posted by children.

  9. It’s a simple concept called shared ethics. Or lack of ethics being the new default. The very phrase of “Kiss and Tell” has gone from an admonishment against gossip to a book genre’s descriptor. Thus it replicates in social networks. Don Henley’s “Dirty Laundry” would be good mood music for the Essay’s background soundtrack. Played on repeat. Alternating perhaps with Marillion’s ” A Collection” or whatever favorite creepy stalker/voyeur song fits your fancy. As the Stalker/Voyeur Fuel vibe is what often infests social networking’s soft white underbelly.

    Which makes this essay on privacy even more compellingly needful to read if you use social sites!

    And David Brin being duly credited in footnotes is nicely evocative. Of how an essay and it’s soul siblings can spot on nail future social fact. Facebook and the Social Dynamics of Privacy
    would make a good virtual cross recommend with Brin’s “Transparent Society” work. Which I just did of course..

  10. Personally, I’m glad for things like facebook…eventually, maybe people will get over the fact that we all do wierd things behind closed doors and not care what others do.

    I use to be a privacy freak…railed against gov’t intrusion…worked behind the scenes to make certain laws made it so that people could keep their privacy…now, I realize I lead a much more moral life when it is open. Not because of what others might think, but because I see it from a perspective that involves others.

    Still, because of my job and the realistic aspects of society, I still have to keep aliases and otherwise (my careers shall not and cannot meet…even though I make certain employment contracts are specifically edited to throw out anything that I do off the clock that is not illegal so long as I don’t bring it into the office). Hopefully, things like Facebook will speed this up and maybe we all won’t need to worry so much in the near future.

  11. @#14- That transparency leads to morality really only works in certain circumstances. Considering that there are plenty of activities which, though moral to the participant, might bring down various sorts of wrath from observers (drugs, sexual preferences, unusual political or religious views, etc), privacy is frequently a matter of self-defense more than defense of shenanigans.

    Imagine saying to everyone in a small and very conservative town “Hi, I’m a pot-smoking gay Muslim communist…”
    Perhaps best to have the option to keep quiet.

  12. What the heck. “Privacy” has only been around a couple hundred years anyway. Time to start re-making the beds that sleep 15!

  13. Most of my Facebook friends don’t fall into the “too much information” category. I think anyone with a sane sense of boundaries can navigate their way to be transparent yet private online.

    Then again, this is the age of the “Inter-web” and some people don’t get it. Oh well!

  14. @ Cicada

    “Imagine saying to everyone in a small and very conservative town “Hi, I’m a pot-smoking gay Muslim communist…”

    I grew up in one of these small towns…I was the purple haired kid everyone thought was gay or was causing trouble. All the while, I was a boy scout and went to church. But I did those activities in another community and people didn’t realize that what they were accusing me of was further from the truth.

    I took the bent that if I was going to be accused of something, I wasn’t going to deny that they were wrong. Funny thing was, several of the guys that seemed the manliest redneckiest came to me and outted themselves thinking I was the most public example of what they wished they could be.

    It was one of the most seemingly closed community, but the vast majority opened up and accepted when they thought someone was different. It taught me a lot about life…most of what we hide is something we are ashamed of…if we accept ourselves for who we are, most others will accept us as well…

  15. Thanks, Clay. MORE stuff to read…sheesh!

    Think about this:
    Suppose that you, Angus Podgorny, have your identity stolen.
    How can you prove you’re the real Angus Podgorny if all of your personal information is available to anyone online? If you’re not able to provide any bit of verifiable unknown information, well, you don’t exist, do you?

    I may come back after reading this. But for now, can I suggest Nissenbaum’s Privacy as Contextual Integrity?
    From the text:
    “…Charles Fried has said that controlling who has access to personal information about ourselves is a necessary condition for friendship, intimacy, and trust. James Rachels, as mentioned earlier, has made a related point that distinctive relationships, for example individual to spouse, boss, friend, colleague, priest, teacher, therapist, hairdresser, and so on, are partially defined by distinctive patterns of information. However, I believe this conception is deeply flawed for reasons offered by Ruth Gavison and Jeffrey Reiman. Insofar as these relationships are valued, so would we value adequate and appropriate restrictions on information flows that bolster them. …”

    Alternately, D/L and listen to the talk given by Steven Rambam at the Last HOPE conference.
    Just about all of the talks are great fun and informative.

  16. the only issue I have with fb is that my friends cover too wide an area… relatives, friends, coworkers…. most things I have to say I dont want to say to the entire universe.

  17. “If you’re already sharing your information with Alice, checking the box that says “Don’t show to Bob” will stop Facebook from showing it Bob, but it won’t stop Alice from showing it to him.”

    IMHO, this is how gossip works in the real world, and people should be used to that. Telling a secret to someone who can’t be trusted risks that secret getting out. Fixing this would be a step to far in the control of our ‘own’ information.

  18. At this point security issues on Facebook concern me much less than the fact that hundreds of millions of people are enjoying rich and rewarding social lives in an arena I have absolutely no desire to enter. What does that say about me? Please, don’t answer that… I’ll be waiting for the detailed academic explanation of what social need boingboing itches.

  19. I don’t consider Facebook’s privacy options a bug; I only use Facebook to keep up with my current friends, not to make new friends, hence I made it so people I’m not friends with can’t see my name if they search for me, view my profile, etc. My sig other has done the same, and I know we aren’t the only two. Still, I don’t put any information on there that I would be embarrassed about the outside world learning.

    I agree with Felix @ 25: the Bob/Alice scenario is how gossip away from the Internet works. If it’s so personal that you only want certain people to know about it, then make sure those people are trustworthy.

    Facebook all about how you choose to use it. If you make your profile easily accessible, or put something personal on there, you have to live with the consequences.

    1. senorglory,

      You’ve made two comments so far on BB and they both boil down to “DO NOT WANT!” One might wonder why you’re here if we don’t meet your exacting standards for free entertainment.

  20. Antinous,
    I was just about to make a point here about how BoingBoing is an important social network and you go and call it cheap entertainment. Worse than cheap, you say! Free!

    So the point I want to make here is that if FaceBook is the high school yearbook of the web, then BoingBoing is the college class. Both formats let you get to know your fellow classmates- but one goes beyond name and statsuses to reveal the true self… Am I on to something here folks? Wait, don’t answer that.

  21. Wolfie’s ma – I have a presence on facebook, under a false name (quite against the rules), simply so that I could keep up with my kid sister while she was travelling before university. She has 400+ ‘friends’…
    Some of us find social satisfaction in casting our nets widely, some of us are more interested in depth…

  22. oh look, we have an oath:

    The Oath Of The Canting Crew
    The Oath Of The Canting Crew
    From The Life of Bampfylde Moore Carew, by ROBERT GOADBY.

    I, Crank Cuffin, swear to be 1 Notes
    True to this fraternity;
    That I will in all obey
    Rule and order of the lay.
    Never blow the gab or squeak; 2 reveal secrets
    Never snitch to bum or beak; 3 betray to bailif or magistrate
    But religiously maintain
    Authority of those who reign
    Over Stop Hole Abbey green, 4 Notes
    Be their tawny king, or queen.
    In their cause alone will fight;
    Think what they think, wrong or right;
    Serve them truly, and no other,
    And be faithful to my brother;
    Suffer none, from far or near,
    With their rights to interfere;
    No strange Abram, ruffler crack, 5 Notes
    Hooker of another pack,
    Rogue or rascal, frater, maunderer, 6 Notes; beggar
    Irish toyle, or other wanderer; 7 Notes
    No dimber, dambler, angler, dancer,
    Prig of cackler, prig of prancer;
    No swigman, swaddler, clapper-dudgeon;
    Cadge-gloak, curtal, or curmudgeon;
    No whip-jack, palliard, patrico;
    No jarkman, be he high or low;
    No dummerar, or romany;
    No member of the family;
    No ballad-basket, bouncing buffer,
    Nor any other, will I suffer;
    But stall-off now and for ever
    All outtiers whatsoever;
    And as I keep to the foregone,
    So may help me Salamon! [By the mass!]

  23. I have a separate yet somewhat related problem- what about these craptastical sites that scrape my identity from Xenu knows where and then invite people to make sweeeeeeet social network with the doppleganger-me they’ve created?

    I’m thinking specifically of spoke dotcom or pipl dotcom (no i won’t intentionally link them). Can I de-spoke myself?

  24. i hate to be the librarian here, but “enormity” means “wickedness,” not “enormousness.”

    yes, obama used it wrong.

    1. eâ‹…norâ‹…miâ‹…ty

      1. outrageous or heinous character; atrociousness: the enormity of war crimes.
      2. something outrageous or heinous, as an offense: The bombing of the defenseless population was an enormity beyond belief.
      3. greatness of size, scope, extent, or influence; immensity: The enormity of such an act of generosity is staggering.

  25. we actually had a similar feeling to grimmelman (here: http://aisel.aisnet.org/icis2008/90/), namely, that the privacy issues with respect to social network service providers were in some ways comparable to those of webmail providers. but the publicity/semi-publicity of social networks produced disgruntlement with respect to sharing of data with peers (which lead to so called articulations of privacy violations) and at the same time to new privacy practices/nettiquette to be established among social network members.

    at the end of the day the social network designs are not neutral, they are the way they are for a purpose, and they leave little space for the users to negotiate their privacy (if they care to at all). but at the same time, social networks, by virtue of letting many own and share given information (i.e. commented photographs, or even relationships themselves are shared by many) go beyond information as individual property. the proposals for practicing sharing through collaborative access control models (friends decide with you who can see your information) actually make an interesting example that sits somewhere between open content and copy right. so, it is definitely worth looking at closely. critically or not.

    anyways, grimmelman is printed out and on top of the to read stack. our paper on the topic is here:

  26. What if someone that you are dating found out they know one of your Facebook friends and decides to call that person on the phone to find out what’s on your page. Now of course all this is a joke to tease me because I didn’t believe this person knew a FB friend. Should I not get mad that the person is telling someone I’m dating what I write on my page? Should I not get mad that the person I’m dating is calling this person to find out what I write? And the person who is telling isn’t letting me know they are letting him know and the person who I’m dating refuses to tell me who the person is. Am I wrong for getting mad/annoyed about this?

Comments are closed.