Facebook shares private information via your friends

This week Facebook made sweeping changes to its privacy and upset a lot of people. Users were greeted with an obligatory pop-up which forced them to set their preferred privacy but appeared to default to a “show everyone everything” setting. Many users just clicked OK and carried on their merry way.
Jason Calacanis make a great post in his newsletter this week, and asked whether Facebook was unethical, clueless or unlucky. This however is half the story. What nobody seems to have realised yet, is that Facebook have ended up sharing your private information, via your friends’ lack of privacy control.
We still have a fair amount of control over our own privacy through Facebook’s privacy controls. However, Facebook have now decided (in all their wisdom) to allow people to publish their wall posts. This means that Facebook have created a back door, around your privacy settings, and now, anyone can view your status updates, pictures and anything else you post, when your friends “like” or “comment” on your content in Facebook.
Let’s take Jason Calacanis as an example here. Jason has allowed Facebook to show his wall publicly. I presume he’ll change this fairly quickly, so here’s a screenshot of what I can see at the moment.

Scanning through his wall, you’ll see all the things he has commented on, liked or also where friends have liked or commented on content of his. This includes a picture of him holding his new baby “London Athena Calacanis, born December 8th 2009 at 7 pounds 11 ounces“. It also includes a comment on a photos posted by Randi Zuckerberg (Mark Zuckerberg’s sister), specifically a comment on a private photo of Randi and Demi Moore. Also included are seemingly private family Halloween photos and various other people’s photos (including Leo Laporte), and their status updates and comments.
However the problem doesn’t stop there. Facebook has always employed a security through obscurity methodology when it came to photos. That meant that you could easily “share” photos with people that weren’t on Facebook, but they needed to know the exact link. You might have also noticed that if someone shared one photo, you also had the link to the rest of the photos in that album. Randi Zuckerberg’s photo album for instance is linked in the “Back to Album” link. No security is employed here, thus any user, as long as they have the link to one picture, has access to all of the photos in that album. Now that is public, and not just limited to your friends via other public walls of your friends.
You can prevent friends from interacting with your content in the future, including preventing friends from posting on your wall, and commenting on photos. You can set “Posts by Friends” and “Comments on posts” to yourself only, but this rather destroys the basic ethos of Facebook. Worst of all, the status updates are a static archive, so if you prevent friends from commenting on your photos today, any previous “comments and likes” will still remain in their Wall history.
So, how can you stop this? The basic answer is that you can’t. You can protect all of your content through the privacy controls, but you can’t prevent your friends from sharing their walls as well. If just one of your friends has shared their wall, then potentially your private content is left open to the world, through what I think is the worst, most public back-door-fuck-up that Facebook has made to date.

The misuse of geo-ip technology – multi-language the right way

The vast majority of websites can’t get their multiple language support right. I’m talking here about the big players; Facebook, Myspace, Google. There are many big websites out there that offer their websites in more than one language and that’s a great thing. There have been some great innovations, such as Facebook getting its own users to translate their website for free. However, when it comes down to it, all have failed, and more often than not, it is a reliance on a misused piece of technology called geo-ip location.

First of all a little about geo-ip location technology. Quite simply, it maps an IP address to a geographical location. The technology is pretty good, and the databases out there commercially and free are, on whole, fairly accurate. There are of course inconsistencies, but many websites use this technology to attempt to provide a better experience to their users. In the case of online advertising, ad distribution networks use the technology to geo-target ads to audiences. However, more and more, the technology is being misused. It is becoming the defacto way to determine a users language preference, and this is wrong. A great example is in Spain, where there are 14 million speakers of Catalan. To put this in perspective, there are around 4 million more Catalan speakers in the world than those who speak Norwegian. That’s 14 million people that you would potentially piss off, if you assumed and forced them to the Spanish language just because they live in Spain. Similarly in the US, there are millions of Spanish speakers, but again, the US is defined as English in all cases. This misuse of the technology is firstly provides a bad user expereince, but secondly, it is in the case of advertising, a huge and costly mistake.

I’m in a great situation to test region and language support. My preferences is to have the website in English, and the region set to the UK. I live in Germany, so most website owners would assume that I am German and want the site in German. Admittedly, it must be accepted that one can not always have one’s preferred region, because in the case of e-commerce you need to be served with products, taxation and shipping costs related to your region. That aside, the core issue still remains; that is to say, the best place to get the user’s preference is nearly always ignored.
Where is that “best place” then? The answer is the browser. All modern browsers allow you to set a language preference. Most of them base that language preference off the locale defined in your computer’s settings by default, but you can of course change it. Internet Explorer, Firefox, Safari, Chrome and Opera all have options to allow you to do this. Whenever you make a request, this preference is passed to the website serving you up the HTML. Therefore, that website is being gifted the user’s preference, but it most cases, it simply ignores it.
So, now we understand the background, let’s look at the big players one by one, and evaluate the problems:
Google
Google fails from its home page. If I type in Google.com in the browser, I get redirected to Google.de and the website is in German (-1). If I type Google.co.uk into the address bar, I get Google.co.uk and in English (+1). There is a way to force Google.com into English. Now I’ll search for the word “handy”. If you don’t know, “handy” is the German word for “mobile phone”. The search results are focused on the English definition of the word, but I’m not so interested in that. What I am interested in are the sponsored links, which now in this case, are all German links to German websites selling mobile phones. Wrong (-1).
Facebook
Facebook on the whole gets most things right. If I enter Facebook.com in the browser, I get the default home page with a list of langiages at the bottom, written in the appropriate language (+1). If I type Facebook.de, I sadly still get the same page. If I change my browser preference to be German (DE-DE), I still get the English welcome page (-1). Whilst logged in, Facebook allows me to set my languages preference. In nearly all situations Facebook sticks to this, with the exception of advertising. Facebook ads first consider geo-location, and then language, rather than the other way round, which would be the correct user experience (-1).
Myspace
Myspace has never understood how to get the user experience right. I’m guessing that Tom doesn’t speak anything apart from English, and doesn’t really give a shit about anyone that speaks a different language. Myspace has a half hearted approach to multi-language support that relies heavily on geo-ip, and even, then, they screw it up. For me, Myspace.com is set right off the bat in German. Luckily, my German is good enough to know that “Sprache ├Ąndern” means change language. Clicking on this gives me a list of regions and languages. Fair enough, but clicking on “Gro├čbritannien” or Great Britain redirects me to the UK Myspace and gives me a mish-mash of English and German (-2).