Facebook's data feeds a data leak?

[Update, 8/16/07, 11:50 a.m.: Facebook's Chief Privacy Officer Chris Kelly has responded that Facebook addresses these issues, but I think there's more they should do on the disclosure front, and hope there's more they can do on the technological one.]

Please correct me if I'm wrong about this; I want to be wrong about this. Or I want to learn that Facebook has already considered and dealt with the issue and it's just not readily apparent to me. But I'm thinking that Facebook's feeds for Status Updates, Notes, and Posted Items must in many instances be at odds with privacy settings that attempt to limit users' Facebook activities to "friends only" (or are even more restrictive).

Dave Winer, Mike Arrington, and others have applauded Facebook's publishing of RSS feeds for various data streams that otherwise would only exist behind Facebook's registration wall. I'm thrilled about it too; as an Attention Trust board member, I'm firmly behind users owning their own data and being able to zap it around the 'Net to their hearts' content. In fact, as Marc Canter and Justin Smith point out, there's considerable distance yet to be covered in Facebook's opening up of user data.

But the more I look at it, the more I think there are uncrossed t's and undotted i's on the privacy front concerning the feeds that are currently available. Part of the reason Facebook has been so enthusiastically embraced is the company's approach to privacy, and the ability for a user to control not just who sees his or her profile, but also the constituent parts thereof. It's here that the walled garden aspect of Facebook is a positive. By restricting who can see your information (and what chunks of it), you're able to largely vanquish the spam monster, and be comfortable (assuming no major security snafus) sharing more sensitive information than you would not otherwise broadcast to the Web at large. E.g., I want my Facebook friends to have my address, phone, and email, and to see where I am and what I'm up to; I don't necessarily want all my readers, listeners, and search engine visitors to have that information. Those who never join a network in Facebook (whether Regional, College, or Work) can purportedly rest easy that only those they specifically accept or invite as friends will see any of their activity. And even for those who join a network, as Facebook urges you to do (witness this from my Profile Privacy Settings: "[B]ecause you have no networks, most people cannot get to your profile to see those things. Facebook is most useful when you let some people see your profile, so you might want to consider changing these settings"), there are many ways to supposedly ensure your activities are available to "friends only."

Facebook's Status Updates are a perfect example:

By default, if you have no network, only friends can see your status updates. If you are in one or more networks, you can manage the settings to achieve the same result. In either case you can also choose whether friends can subscribe to your status updates. As Dave Winer has blogged, among the feeds Facebook is generating are those for friends' status updates and your own.

The privacy settings and syndication options on Notes and Posted Items operate similarly. (And, I found three more feeds I haven't seen discussed anywhere yet; read on.) Notes is a Facebook-created application that lets you "blog" within Facebook — either by importing posts from an external blog via RSS or Atom (hmm, we'll have to think about the copyright/implied license ramifications of that in a later post), or by writing something new in the application itself. Like Status Updates, Notes can be designated for friends-eyes-only:

You can further dictate who can subscribe to your Notes: anyone who can see them (i.e., friends only, if that's what you've selected), or no one at all:

The Posted Items application is similar to Notes, but is link oriented: users highlight and can annotate links either by pasting in a URI or using a toolbar bookmarklet. The privacy options for Posted Items are "friends only," "only me," or "no one:"

As has been much discussed in the last couple of days, there's a feed for your friends' Posted Items:

There's also (and I haven't yet seen this one discussed) a feed for your own:

So to recap, Facebook is at minimum — and there're probably more, based on all the needle-in-a-haystack discoveries of the last 48 hours — publishing feeds for:

• friends' status updates;
• your own status updates;
• friends' notes;
• your own notes;
• friends' posted items; and
• your own posted items.

So where's the data leak? Here's where. These feeds are public. All one needs in order to view and use them is the feed's URI. There's no requirement that a reader or user of the feed be the "friend" of individuals whose data is in the feed, or even that the person be logged into Facebook. Are you following me?

So say you're my Facebook friend. And say further that you, like me, have dialed your "Status Updates" setting to "friends only" for something like the reason I mentioned earlier — you want your Facebook friends to know where you are and what you're doing, and you want a secure way of sharing that information with them; you don't want it sent to the Web at large. Well, you've got a problem. Because I (or any of your friends) can thwart that security simply by posting the link to the feed for my Friends' Status Updates. Or by broadcasting the feed data via something like Jaiku (the Feeds option), or Twitter, or Google Reader's Shared Items, or a wiki, or...

This potential collision between Facebook's privacy settings and its feeds extends to Notes and Posted Items too, since the visibility of both can be restricted to "friends only," "only me," or "no one," and since entries in each can (and often do) incorporate not just imported blog posts and links but material generated in the Facebook application itself, with the expectation (in the "friends only" case) that the material going out to a limited audience. Yet, because friends can do whatever they want with the feeds (and not everyone is terribly selective about who they accept as a "friend"), the audience for Notes and Posted Items can easily become much bigger than a user's privacy settings might lead him or her to believe likely or possible. As mentioned above, in Notes at least there's a separate privacy setting for Syndication, which allows users to specify that "no one can subscribe." But that option is pretty easy to miss, sitting two clicks past the main privacy page. It's also an overkill remedy for those who do want their friends to have access and flexibility, but don't want the information to go further.

As Mike Arrington reminds us, there was a good deal of consternation last year when Facebook introduced its News Feed and Mini Feed features — and those didn't/don't take data designated "friends only" and make it potentially available to anyone. The seemingly inevitable clash between what's in Facebook's feeds and what's in its users' privacy settings strikes me as a much bigger deal. What am I missing?

And though unrelated to Facebook's feeds per se, it's worth noting that once you start playing around with all the fun non-Facebook applications, you lose the ability to tell Facebook not to share information about you through its API:

To wrap up, it seems to me there's a divide between the warm, fuzzy "friends only" feeling of security Facebook strives to give its users, and the reality of what can be done with feeds containing "friends only" data. I'll leave it to folks more technologically adept than I to tell me how Facebook can close that divide and still continue down the much desired and anticipated path to openness.