July 7th, 2008
Facebook’s Walled Garden Faux Pas
by Joshua Porter | 
3 Comments
Via Kottke comes this embarrassing faux pas for Facebook over on Dave McClure’s blog:
“my former PayPal colleague Yishan Wong, now an ass-kicking, name-taking engineer at Facebook, lays the “Walled Garden” rebuttal smackdown on Kottke, Arrington, et al. you go, Yishan… you just go.”
Problem is, the rebuttal is only visible to certain Facebook users! Here’s what I got when I tried to read the post (and I have a Facebook account and was logged in at the time)
Now, the irony of this is almost too much to bear. Getting a permissions wall when attempting to read a rebuttal about not being a walled garden is just, well, something you can’t make up.
But this is a very real problem in identity ownership and it raises a larger question: Do you know who can see what you’re publishing?
It’s doubtful that Wong doesn’t know what walled-garden means. My guess is that Wong is so steeped in the Facebook culture that he’s starting to think that if it doesn’t happen on Facebook, it doesn’t happen. (of course, I cannot read his rebuttal to hear his side of the story) Facebook has millions of people on its service, and a lot does happen there. But it’s still a drop in the bucket of what happens on the Web. The fact is that billions of people outside of Facebook cannot read his writing.
A worse scenario would be if Wong thought he was publishing to the rest of the world but didn’t anticipate the wall that Facebook was erecting. So not only is he playing in a walled-garden, but its possible that he doesn’t have the ownership over his identity that he assumed he did. I wonder what Wong expected would happen when he published?
This faux pas, while humorous, isn’t really that funny in the big picture. Publishing rights are certainly an important part of identity…who can see what you’re doing and writing is a major issue, not just in social networks but in the Web at large. There are system-level policies and tool options that dictate who can see what, and in this case there was an obvious mismatch between what the owner thought and what the system thought. Too bad.
Facebook often claims that they don’t want to open up because they want their users to know exactly what sort of control (and privacy rights) they have over their data, but in this case even their own engineer doesn’t seem to know the details of the system he’s publishing on. If this sort of thing can happen to a Facebook engineer, imagine how inaccurate the views of us regular folks are.
i agree, pretty effing ironic… and while i wasn’t the originator of the post, paint me a bit red-faced as the vehicle for this comedy.
on the other hand, i take Yishan at his word that he *thought* his note was public, and that [according to him] it’s just a bug, not a feature. still no less ironic, however.
still, i think you’re conflating “ownership” with “privacy” here.
Facebook probably has the finest-grained control i’ve ever seen over privacy settings.
whether or not you have the ability to import/export all of your facebook data / contacts / etc outside the FB empire is a completely separate (and oft-discussed) issue. i’d argue that it’s entirely within reason for a free service to retain ownership rights over content, but others may disagree.
in any case, i’m enjoying the food-fight & inherent ‘oops’ in the whole situation… so thanks for the link & comment joshua
- dmc
@Dave
You make a good point about conflating ownership and privacy, but I think that ownership is more than import/export and that granular privacy is a key component.
The point here is that no matter how fine grained the controls on privacy, the only person applying those controls should be the user. It’s your content and you should be able to show it to whomever you wish, whether Facebook likes it or not. My ability to invite who I want into my house (be it pets or even English people) is just as important as my ability to take everything in or out.
I appreciate that a free service has greater latitude to claim ownership over content, but in the long run if your business model means that your interests are diverging from your users over points like this, you leave yourself open to competitors whose business models converge with user requirements.
Hi, this is Yishan.
I was the one applying the controls, not Facebook. As it happens, the note was addressed primarily to my friends and Facebook co-workers, since it begins “You know, I really think we need a formal PR statement to the rest of the technology industry addressing head-on some of the ridiculous misconceptions about our platform/openness…”
We released the text of the note to a reporter who has yet to publish on it and told him he could be the one to get the scoop, so I shouldn’t just copy-paste it all here (and subsequently after fixing the bug, I kept the note network/friends-only). The irony of the situation, however, was not lost on me.
The content of the note rebuts four popular myths I’ve observed in the tech blogosphere:
1) Facebook applications can only live inside Facebook.
2) You have to learn a proprietary markup (FBML) to make Facebook apps
3) Facebook hoards user data and doesn’t let Google publicly index it
4) Facebook forces you to enter your real name, and doesn’t allow alter egos
The summary is the #1 and #2 are both false due to ignorance or technical misunderstanding. #3 is done because we consider users the real owners of the data and they haven’t given us permission to blast it out into the real world (if we really were a greedy company, that would obviously be the thing to do), and #4 is because without real identity, enforcing privacy rules becomes meaningless.
The central conundrum here is that privacy is sometimes at odds with openness. Typically on an individual level, it is very manageable (you decide what and when you want to share something), but when you become an aggregator of personal information which people want to share to varying degrees, you can’t be too open. Facebook is not a bunch of greedy bean-counters; we’re a bunch of nerds who care a lot about openness (see the open-sourcing of many of our core infrastructure components like Thrift).
The problem is that being too open with the information causes people to get mad at you,* while at the same time, being too closed with it causes other (different) people to get mad at you. We walk a very fine line trying to build a product that lets people share stuff that they want, to the degree that they want (e.g. there are things that people put on Facebook that they wouldn’t want indexed by Google) and I know that things aren’t perfect, but we’re continually striving to refine the product so that it provides people with exactly the control they want.
Your last point, then, is entirely correct. It just so happens that when it gets down to the nuts and bolts of actually implementing and running a product that does all this stuff, a lot of other things pop up (and I’m not talking profit motive) that keep what may appear to be at first a straightforward solution from working. We truly do believe that by implementing things that align with user requirements that we’ll be most successful; it’s just that user requirements are complicated. But we’re working on it, honest.
- Yishan
* For example, we could (and have in the past) provide a programmatic method by which you could export all the personal information you’ve entered. Unfortunately, the reality of the situation is that as soon as we do that, programs/webpages appear that trick people into entering their Facebook credentials (like in return for ringtones) that then suck their data out for nefarious purposes. The number of people to whom this Bad Thing happened far exceeded the number of people who wanted to do this intentionally (i.e. data portability), so we removed that feature. With Facebook Connect (not to sound like an obnoxious company shill), we are trying to re-create this functionality but in a way that prevents abuse by phishers.