Attention to privacy on Facebook has been intense in recent months after the company made more profile information public by default, added options to its already-complicated privacy settings and introduced features to personalise external websites using people's profile information.
The company responded last week by launching a simplified privacy dashboard, restoring the ability to hide some public profile data and giving users an "off" switch to block all third-party Web sites and applications from accessing their accounts.
Now that the dust has largely settled, IDG News Service had a chance to chat with Facebook chief technology officer Bret Taylor about the latest privacy controversies and Facebook's reaction. An edited transcript of the conversation follows.
IDG News Service: There has been an intense focus on Facebook privacy recently, but protecting one's privacy online must be a broader endeavour. What's a holistic view of the online privacy problem, in your opinion?
Bret Taylor: One thing that was lost in the dialogue prior to some of our changes last week is that Facebook is a service primarily about sharing. People join our site to share with their friends. The reason you publish a photo to Facebook as opposed to saving it on your hard drive is because you want your friends to see it and comment on it and like it. Facebook isn't a service primarily about securing your information but about sharing your information, while giving users the confidence to know with whom they're sharing the information.
Privacy on Facebook and privacy on the Internet are very different things because obviously when your bank mentions privacy it means something completely different than when Facebook mentions privacy. When we talk about privacy at Facebook we're really talking about how can you know that when you publish a photo only your friends and extended network can see it. Also when your best friend from elementary school looks you up, that he can figure out if [this is you], which is another very important part of our service. So balancing the privacy aspects of sharing with discovery and this massive directory of everyone in the world, which Facebook is also very useful for, are just some of the problems we're dealing with, which are very different from other Internet services.
IDGNS: Privacy advocates want Facebook to set more conservative default settings for sharing and to leave it up to users to pro-actively opt into and enable broader sharing of their information. How do you strike a balance between those concerns and the risk of hurting Facebook's social-networking nature, which is to help people find other people and interact with them?
Taylor: That balance is something we talk about a lot internally. Obviously, you need a certain amount of sharing because otherwise you wouldn't be able to friend new people because they weren't your friends yet. What we've tried to do with our privacy defaults is reflect the norms of usage on our site. Obviously, the default settings are not perfect for everybody, so we try to make changing those defaults extremely easy, which is what our launch last week was about. Most people have changed their privacy settings at one time or another.
IDGNS: Many privacy concerns centre on Facebook users' confusion about what and how information is being shared. Have you considered providing users with anonymised usage analytics for their profiles, so that they can see, say, that this photo was viewed by five friends, seven friends of friends and three people not connected to them in any way? The idea being that people get a concrete picture of how their content is being viewed and that they can adjust privacy settings based on that concrete knowledge if necessary.
Taylor: It's an interesting idea. I'm not sure if it's something we've considered.
IDGNS: Some people say Facebook search goes too far in making site data discoverable, while others complain that it doesn't go far enough. What's the right balance for the search function on Facebook?
Taylor: The primary use of Facebook search is finding people. The thing a lot of the technology community has been focused on is searching over the Facebook stream. But on Facebook, the primary purpose of the search box is finding people. A distinguishing feature of Facebook search is that it's personalised by default, so you can search through all your friends' updates. It's a very unique and personalised experience over a set of content that is very personal, like status updates and photos.
Searching over the status updates tagged with the [public] "everyone" setting has been very well-received by our users, but we haven't invested tons of efforts into it because we've been focused on other areas of the site to date. We've been eager to hear everyone's feedback as we exposed the APIs [application programming interfaces], but I don't think we have any specific plans to announce at this point.
IDGNS: Regarding your "everyone" privacy setting, which makes content available to everyone on and off Facebook, what happens when someone whose profile is set to "friends only" interacts with a friend whose profile is set to "everyone"? Whose privacy settings govern those interactions, if, say, the "everyone" friend comments on a photo of the other "friends only" person?
Taylor: Comments inherit the privacy of the object on which you comment. So if I comment on a post that's set to "everyone" then my comment is also viewable by everyone.
IDGNS: So if you have an "everyone" setting for your profile and you comment on a photo posted by someone whose content is available to "only friends," the notification that you made that comment wouldn't be viewable by "everyone" on your news feed?
Taylor: Right. In the news feed, we only show links to things that you have permission to see, so that item might show up for people who are friends with that person, but we don't link to things that you can't see.
IDGNS: What has been the reception of Facebook's new features to use your Facebook identity to customise the experience on external sites?
Taylor: The most widely used product of the ones launched at our F8 [developers conference] is Social Plug-ins, which includes the Like button and other plug-ins, which let sites provide instantly personalized experiences with a line of HTML on their sites.
So if you go to the front page of the Washington Post or CNN you'll see an activity stream of the things your friends have recently "liked" on those sites. Those plug-ins have been deployed on over 100,000 sites, and millions of users have interacted with them. We've gotten very positive feedback from our users.
So on news sites like CNN.com and WashingtonPost.com you not only find out the big news of the day, but also what articles your friends have liked. For me, technology stories are disproportionately interesting, so when I go to CNN.com, I'll see that my friends have liked three technology stories deep into the CNN site, so that CNN front page has become more relevant for me. We've gotten similar feedback from many users.
IDGNS: You have more than one million external developers who have built apps for Facebook. How do you make sure all those people are doing the right thing and not trying to misuse data their applications get access to?
Taylor: We addressed this data issue at F8 with the change that when a user uses a Facebook application by default, that app will only be able to access the public parts of a user's profile. To access any private information on your profile or from your friends, the application has to ask the user specifically and granularly for access to that information.
That way you know the parts of the profile the application will access, so that if an application that is about publishing photos asks for access to your events, you might find that unusual and decide you don't trust that application. Users can also revoke applications' access to their account.