Facebook private message issue raises more concerns over privacy

Commentary The general consensus is that Facebook is not leaking your private messages to your public timeline. I say "general", because there are still people who are not convinced. This is despite the company conducting its own investigations and publicly reassuring its users.

Facebook said in a statement to AAP that "a number of users have raised concerns about what they believe to be private messages appearing on their timeline," and that its own "investigations have shown them to be public wall posts that were always visible."

If it was a security concern, Facebook wouldn't be the first company to lie or be ignorant of a privacy breach, but the Australian Privacy Commissioner is also working with Facebook to figure out whether there really is an issue. Its investigation is on going, but what has it found so far? Nothing. Nada.

In fact, today the Privacy Commissioner issued a statement saying that "at this time we have not found or received evidence that private messages have been published", that it will continue to monitor this matter and that "if individuals believe that they have evidence that demonstrates that private messages are appearing on their Timeline they should provide this to Facebook and ask them to explain why this has occurred."

But if you don't trust the Australian commissioner either, how about the French one? Same deal. Canada's Privacy Commissioner is also looking into the issue. Again, nothing so far. And in New Zealand? Still nothing.

Bear in mind that these privacy tsars are the same ones that typically warn you about posting personal information online and set up initiatives like privacy awareness week.

It's true that Facebook has its quirks. As someone who takes considerable pains to keep what content I post to my own Facebook profile out of the public eye (as what others can post is mostly beyond my control), I've run into a number of issues that do not paint Facebook in a good light.

If we take the expert word of numerous privacy commissioners, and trust that Facebook hasn't made a technical goof, then it highlights something that is a little more disturbing: there are enough people out there who genuinely do not realise what privacy controls are applied to their messages to the point that rumour has become mainstream news, and it has become necessary to involve Australian officials.

So while the lessons that so many privacy advocates have been spouting are beneficial to those who are uncertain about their privacy controls, these lessons are not reaching the people who think they understand their security settings. And there appear to be an alarming number of these people.

But the blame isn't solely on the users.

Given the evidence (or lack thereof), Facebook might be clear of a technical blunder, but it isn't free of its responsibilities in ensuring that users know what is happening. The fact that users are convinced that there has been a privacy breach even though Facebook is adamant that one hasn't occurred is proof enough that the social network is failing at providing information for its users in order for them to apply the right privacy settings.

And some might suggest that this is exactly what it wants. After all, privacy-conscious users make it difficult to target advertisements at them by refusing to list their favourites or "liked" brands and pages, and fail to encourage the growth of the network by opting out of search results. They do this because they simply don't trust Facebook with their information, and by doing so they send a clear message to others that they shouldn't, either.

But the majority of people don't fall into that extreme, and are happy to reduce their own privacy to an extent for convenience, and, let's admit it, the ability to brag about their social life to anyone who might be interested. Relying on our egos has worked for a while, but, much like how coal miners look to the canary, when things turn bad — or, as in this case, are rumoured to have turned bad — the average user will look to the Facebook privacy buffs first.

Facebook has 1 billion monthly active users, 10 times that of its closest competitor, and it should pay dividends to get the privacy-conscious minority on their side, gain their trust, and turn the situation around.

Instead of these users being the ones instilling doubt into the main user base, they could be the ones who make other users feel as though they really are protected, turning the "don't post anything you wouldn't want your mother to see" message into the "you can post whatever you like as long as it's private to your mother" line.

Doing so requires a sound, consistent, and usable privacy implementation that has proper messaging to go along with it. If Facebook truly believes that it has succeeded in the former, then this issue only exists because of a failure in the latter.

Updated October 5, 2012 at 5:09pm AEST: added statement from the Office of the Information Commissioner.