Facebook private message issue raises more concerns over privacy

Facebook private message issue raises more concerns over privacy

Summary: If Facebook is in the clear and no private messages were actually exposed, what does that say about users who were adamant that they were?


Commentary The general consensus is that Facebook is not leaking your private messages to your public timeline. I say "general", because there are still people who are not convinced. This is despite the company conducting its own investigations and publicly reassuring its users.

Facebook said in a statement to AAP that "a number of users have raised concerns about what they believe to be private messages appearing on their timeline," and that its own "investigations have shown them to be public wall posts that were always visible."

If it was a security concern, Facebook wouldn't be the first company to lie or be ignorant of a privacy breach, but the Australian Privacy Commissioner is also working with Facebook to figure out whether there really is an issue. Its investigation is on going, but what has it found so far? Nothing. Nada.

In fact, today the Privacy Commissioner issued a statement saying that "at this time we have not found or received evidence that private messages have been published", that it will continue to monitor this matter and that "if individuals believe that they have evidence that demonstrates that private messages are appearing on their Timeline they should provide this to Facebook and ask them to explain why this has occurred."

But if you don't trust the Australian commissioner either, how about the French one? Same deal. Canada's Privacy Commissioner is also looking into the issue. Again, nothing so far. And in New Zealand? Still nothing.

Bear in mind that these privacy tsars are the same ones that typically warn you about posting personal information online and set up initiatives like privacy awareness week.

It's true that Facebook has its quirks. As someone who takes considerable pains to keep what content I post to my own Facebook profile out of the public eye (as what others can post is mostly beyond my control), I've run into a number of issues that do not paint Facebook in a good light.

One of Facebook's quirks: The number of images in an album are apparently displayed to the public even if all photos are private.

If we take the expert word of numerous privacy commissioners, and trust that Facebook hasn't made a technical goof, then it highlights something that is a little more disturbing: there are enough people out there who genuinely do not realise what privacy controls are applied to their messages to the point that rumour has become mainstream news, and it has become necessary to involve Australian officials.

So while the lessons that so many privacy advocates have been spouting are beneficial to those who are uncertain about their privacy controls, these lessons are not reaching the people who think they understand their security settings. And there appear to be an alarming number of these people.

But the blame isn't solely on the users.

Given the evidence (or lack thereof), Facebook might be clear of a technical blunder, but it isn't free of its responsibilities in ensuring that users know what is happening. The fact that users are convinced that there has been a privacy breach even though Facebook is adamant that one hasn't occurred is proof enough that the social network is failing at providing information for its users in order for them to apply the right privacy settings.

And some might suggest that this is exactly what it wants. After all, privacy-conscious users make it difficult to target advertisements at them by refusing to list their favourites or "liked" brands and pages, and fail to encourage the growth of the network by opting out of search results. They do this because they simply don't trust Facebook with their information, and by doing so they send a clear message to others that they shouldn't, either.

But the majority of people don't fall into that extreme, and are happy to reduce their own privacy to an extent for convenience, and, let's admit it, the ability to brag about their social life to anyone who might be interested. Relying on our egos has worked for a while, but, much like how coal miners look to the canary, when things turn bad — or, as in this case, are rumoured to have turned bad — the average user will look to the Facebook privacy buffs first.

Facebook has 1 billion monthly active users, 10 times that of its closest competitor, and it should pay dividends to get the privacy-conscious minority on their side, gain their trust, and turn the situation around.

Instead of these users being the ones instilling doubt into the main user base, they could be the ones who make other users feel as though they really are protected, turning the "don't post anything you wouldn't want your mother to see" message into the "you can post whatever you like as long as it's private to your mother" line.

Doing so requires a sound, consistent, and usable privacy implementation that has proper messaging to go along with it. If Facebook truly believes that it has succeeded in the former, then this issue only exists because of a failure in the latter.

Updated October 5, 2012 at 5:09pm AEST: added statement from the Office of the Information Commissioner.

Topics: Security, Networking, Privacy, Social Enterprise

Michael Lee

About Michael Lee

A Sydney, Australia-based journalist, Michael Lee covers a gamut of news in the technology space including information security, state Government initiatives, and local startups.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • A lot of people....

    Post on other people walls instead of using the Message feature. There is a difference between the two and I don't think that Facebook makes the distinction clear enough, so it confuses people.
    • I just don't see that.

      That would mean that these people are simultaneously thinking that "their" Wall posts are supposed to be hidden from public view, yet [b]not[/b] thinking about the fact that they're reading everyone else's Wall posts on their friends' Walls.

      I know we should expect the Lowest Common Denominator when it comes to Internet behavior, but even that small amount of logic should be something that at least 99.44% of Facebook users should be able to manage.
  • Facebook is only marginally useful to me

    Messaging works best when it is send as an email - to the intended party / parties. Why worry whether we posted a private message on a public wall.
    Jay Krishnan
    • Except that email isn't private either...

      at least if one is determined enough to sniff out the packets. I have my FB set on SSL; but I'm not kidding myself to think it is only a little secure on that site.
  • I disagree.

    I finally did get round to checking my own wall (obviously expecting to find nothing). However, I have identified around 15 messages (from 3 or 4 conversations) that used to be private messages beyond ANY doubt. I have obviously hidden those from Timeline now. Granted, there are hundreds of messages in my inbox that are still there and have not been posted to my Timeline, but I do find it concerning that this would happen even with a small fraction of messages.
  • What is Facebook...

    ...and why should I be so concerned about a bunch of gullible folk thinking they are privately posting their life stories on a social media site that could care less about their privacy in search of its own revenue streams.

    BTW: I do know what facebook is and I have never, and will never use it. Sorry, Suckerberg.
  • Fakebook

    I love FB and I actually know about 4 or 5 people out of the 4500 on my list. Evil ass games that require a billion friends to get ahead or thousands of dollars of course... Thank god I've dumped that habit :o

    Still I never trusted FB so they have zero useful data on me. Sue me for lying to FB I could give two #*$&@ :P
  • Private Message WERE Being Displayed

    I have screenshots that I took before I deactivated my account. I am a graphic designer and have years of experience with the internet and computer-related things under my belt. I'm not mistaking things that fb friends posted to my wall years ago as private messages. One way that I know- private messages that were sent to me by someone who was NOT a friend of mine (and therefore could not have posted on my wall) were being displayed, among other clearly personal messages. I find it deeply disturbing that these "investigations" and uncovering nothing. FACEBOOK IS LYING TO SAVE FACE. What will it be next? How bad do the privacy breaches have to get before people are no longer willing to turn a blind eye and give up their addictive social networking habits? That's what scares me the most, that people will be unwilling to see the truth because they can't bear to stop facebooking. To have a "glitch" like that happen and deny that it ever happened is unconscionable and frankly, terrifying.
  • Rumours always trump the truth...

    Given how many of these messages are all "copy and paste" chain letters, my curiosity was piqued and I checked out their rather detailed settings for myself. Number of publically-available private messages? Zero.

    People are willing to believe anything about Facebook concerning security. There's the "(username) is a hacker, don't accept his/her friend request", the "terrible new virus that steals/destroys your data" and, from the opposite end of the scale, "check this video out (celebrity name) sex tape leaked XXX" which installs a fake codec/malware, retrieves your Facebook login data, and randomly posts similar messages as you until enough are reported and removed to get it to stop.