Instagram says it won't sell your pics; will amend terms

Facebook-owned photo sharing app Instagram is easing fears that it will sell people's photos on to other corporations.

Yesterday the company revised its terms of use and privacy policy, leading to assumptions that people's photos could be sold on to other companies and later used in their advertising material, with no compensation to the original copyright holder.

Instagram posted an urgent blog seeking to clarify the situation, saying that the wording in the terms was unclear.

Co-founder Kevin Systrom used the word "clear" six times in the blog post. He wrote: "To be clear: it is not our intention to sell your photos. We are working on updated language in the terms to make sure this is clear."

Systrom added that Instagram was a business. "We envision a future where both users and brands alike may promote their photos and accounts to increase engagement and to build a more meaningful following." He gave the example of a business seeking to promote itself on Instagram. "It would be helpful to see which of the people you follow also follow this business." This is similar to the sponsored stories that already happen on Facebook, but you're allowed to opt out from your name showing up next to these business associations. There does not seem to be a similar opt-out clause on Instagram.

It seems surprising that Instagram (that is, Facebook) was not prepared for the backlash to come -- and perhaps it was already bracing itself for it. Cynics may say the whole thing was a publicity stunt; designed to get the company back in the news. Certainly, Facebook has not been immune to this kind of behavior. Back in 2009 (see our article, "Facebook backtracks on terms of service"), The Consumerist blog posted about Facebook's revised terms which could have been interpreted to mean that Facebook had the right to all of your content, forever, even if you closed your account. After the public outcry, Facebook then reverted to its old terms of service while it sought to reword the terms and make things a little more unambiguous. (It also started a new group asking for input from users called the Facebook Bill of Rights and Responsibilities, which no longer exists.)

Facebook's bewildering privacy options: in graphic form

The New York Times recently attempted to explain the plethora of privacy options available on Facebook and how this has changed over the years. As I blogged earlier, the privacy policy has more words than the US Constitution. Flickr, the photo sharing site, only has about 350 words in its privacy policy; Facebook has upwards of 5,000.

Even if you lock your privacy policy down, your friends can still share some of your information with third-party applications: check to see exactly what's being shared. I don't recall which ones of these are ticked/checked by default but some of the information includes relationship status and political views.

http://www.nytimes.com/interactive/2010/05/12/business/facebook-privacy.html

Facebook founder speaks to BBC

Facebook founder Mark Zuckerberg has spoken to the BBC in a rare video interview about the recent concerns surrounding the company's privacy issues.

He said: "The person who's putting the content on Facebook always owns the information... They want to share it with only a few people and it's important that the information only goes to those people."

He added: "We're not going to sell or share the information except with the people that they've asked it to be shared."

Zuckerberg said that the advertising on the site has grown quickly and that is how it will make its money. And would not sell people's information on in order to do so. But to a lesser degree, Facebook is providing demographic information - not personally identifiable, but still personal information nonetheless - to advertisers.

Online advertisements need to be targeted to relevant markets. Let's look at how GMail works, for instance. I know my information remains personal, but the site still scans my emails for keywords and displays relevant advertisements down the site of the page that relate to those keywords. Effectively, my information is still being used for profit. The same thing happens on Facebook but to a greater degree. I've used its ad service, and have managed to narrow down demographics in order to buy targeted ads, and narrow down the number of targeted users by interest, age, relationship status and more.

Like I said, this isn't personally identifiable. But it means that your information is still being used for advertising, whether you like it or not.

Does Facebook 'own' your data?

Facebook quietly updated its terms of service last week, sparking outcry among consumer advocates who interpreted the changes as meaning that Facebook can do what it wants with your data at any time. Forever. Even when you leave the service.

The Consumerist weblog (it's part of the non-profit conusmer rights publication Consumer Reports) cited some pretty scary changes that Facebook made to its terms, which are the conditions you agree to when you use it. The Consumerist wrote:

'Facebook's terms of service used to say that when you closed an account on their network, any rights they claimed to the original content you uploaded would expire. Not anymore.

'Now, anything you upload to Facebook can be used by Facebook in any way they deem fit, forever, no matter what you do later. Want to close your account? Good for you, but Facebook still has the right to do whatever it wants with your old content. They can even sublicense it if they want.'

Facebook has since responded and defended itself, saying that the changes don't, apparently, give it carte blanche to do what it likes with your content, and if you deactivate your account, it will respect the privacy settings you had put in place prior.

What it does mean though is that your content won't be deleted from, say, a friend's Wall when you delete your Facebook account, in the same way that an email you send a friend won't be deleted when you delete your email account. A representative from Facebook told The Industry Standard:

'We are not claiming and have never claimed ownership of material that users upload. The new Terms were clarified to be more consistent with the behavior of the site. That is, if you send a message to another user (or post to their wall, etc...), that content might not be removed by Facebook if you delete your account (but can be deleted by your friend). Furthermore, it is important to note that this license is made subject to the user's privacy settings. So any limitations that a user puts on display of the relevant content (e.g. To specific friends) are respected by Facebook. Also, the license only allows us to use the info "in connection with the Facebook Service or the promotion thereof." Users generally expect and understand this behavior as it has been a common practice for web services since the advent of webmail. For example, if you send a message to a friend on a webmail service, that service will not delete that message from your friend's inbox if you delete your account.'

After the outcry from Facebook users, who set up protest groups such as 'FACEBOOK OWNS YOU: Protest the new changes to the TOS!', founder Mark Zuckenberg responded on the official company blog, clarifying that the terms were changed to make it clearer that information may appear in two places, such as when a person sends a message to a friend.

'We think this is the right way for Facebook to work, and it is consistent with how other services like email work,' he wrote, adding that 'in reality, we wouldn't share your information in a way you wouldn't want. The trust you place in us as a safe place to share information is the most important part of what makes Facebook work. Our goal is to build great products and to communicate clearly to help people share more information in this trusted environment.'

What Zuckenberg acknowledged was that, 'We're at an interesting point in the development of the open online world where these issues are being worked out. It's difficult terrain to navigate and we're going to make some missteps, but as the leading service for sharing information we take these issues and our responsibility to help resolve them very seriously.'

The interesting thing about all this is that Facebook hasn't amended the terms of service to make it clearer to users. Why doesn't it just give an example like the one they mentioned about about how your content might still stay on their system? Why does the fine print have to include so much legalese? Google has a privacy page that gives examples in plain English about how your data is used, and why.

Also, the way Facebook works isn't just like someone's inbox - it has public parts, semi-public parts, photos and applications. It's a completely different dynamic. All very interesting stuff!

What Facebook collects about you

Facebook's privacy policy is written in plain English, but there are still a few vague phrases kicking around. So, what stuff does Facebook hold on you?

Apart from the usual stuff all websites know about you when you visit (like the numerical identifier, called the IP address, that traces you back to your internet provider) Facebook says it holds personal information you "knowingly choose to disclose that is collected by us and Website use information collected by us as you interact with our Website". This essentially means everything you say and do on Facebook is collected, because everything you do on there is a knowing disclosure - right?

It also says "you provide us with certain personal information, such as your name, your email address, your telephone number, your address, your gender, schools attended and any other personal or preference information that you provide to us". Wow. I certainly haven't told it all of this stuff. I think I registered before you had to specify your gender, so it doesn't know this, either. If people make all of this stuff available for even close friends to view (and say a friend's account gets hacked), it's perfect fodder for an identity thief.

You also need to provide Facebook with your date of birth, because you need to say you're over 13 to use the service. I always provide my date of birth to identify myself when I call a bank.

Note: All this doesn't even apply to the third-party applications that you might have installed. As soon as you give them permission to install themselves on to your Facebook profile, they have access to your data, too. And in an earlier post we discussed Beacon, the feature that broadcast certain actions on third-party websites to your friends that you may have preferred to keep private.

Third parties that you haven't even given permission to access your profile can access aggregated information about you. It's not personally identifiable, but your actions are contributing to Facebook's bottom line. "We do this for purposes such as aggregating how many people in a network like a band or film and personalising advertisements and promotions so that we can provide you with Facebook. We believe this benefits you."

We believe this benefits Facebook, too, n'est-ce pas?

Oh, and most creepy of all, "We may use information about you that we collect from other sources, including but not limited to newspapers and Internet sources such as blogs, instant messaging services, Facebook Platform developers and other users of Facebook, to supplement your profile."

Huh? This is probably something Facebook will focus on more in the future, as information becomes more easily tied to individuals. Does this mean Facebook will be able to associate your profile with, say, a mention of you in a local newspaper? When you list your blog on your profile, will it scan the blog and tie it up with your likes/dislikes? And as Microsoft has a small stake in Facebook, and you list your Hotmail address to sign up - where will that end? Facebook says: "Where such information is used, we generally allow you to specify in your privacy settings that you do not want this to be done or to take other actions that limit the connection of this information to your Profile (e.g. removing photo tag links)."

What I don't like about Facebook is it doesn't make it easy to delete information about myself. If I need to delete things individually from my Wall, for instance - I can't do multiple deletes. Making it possible is one thing, but it's also quite difficult to do.