Facebook Home isn't where your privacy is

<b>commentary</b> Facebook's latest attempt to get you to spend more time with its services bodes ill for the privacy-minded, but not all hope is lost.

Seth Rosenblatt Former Senior Writer / News
Senior writer Seth Rosenblatt covered Google and security for CNET News, with occasional forays into tech and pop culture. Formerly a CNET Reviews senior editor for software, he has written about nearly every category of software and app available.
Seth Rosenblatt
5 min read
Facebook CEO Mark Zuckerberg announces Facebook Home at a press event in Menlo Park, Calif., on April 4, 2012. CNET/James Martin

When Mark Zuckerberg and friends debuted Facebook Home yesterday, they downplayed the ever-growing importance your data has for the company. While the Facebook-obsessed may love Home, chances are your privacy won't feel welcome at all.

Facebook has earned a reputation for developing new products and features that are respectful of user privacy, and then slowly, sometimes with great subtlety and sometimes with mastodon-like lumbering, walking those policies back to a decidedly less-respectful state.

There's little indication that Facebook Home will be any different. At the Facebook Home question-and-answer session that followed Thursday's announcement, Zuckerberg said, "Analytics are made anonymous and used for half a percent of the user base." He added that that's the same as Google and Apple, which sounds reasonable, right?

The catch is that the more you share on Facebook, the more Facebook learns about you, and Facebook Home is designed to make you want to share even more.

Privacy and security researcher Ashkan Soltani agrees, and he explained that Facebook Home bridges the gap between passive data collection and active data-creating activities -- such as when you "Like" something in Facebook. "It's in the middle of every interaction on your device," he said.

"The number of times that you interact with Facebook or a Facebook-related service goes up. The number of times that you voluntarily interact goes up. I don't believe they'll be logging who everybody is, but they will be logging the voluntary interaction, checking in, liking posts," Soltani said.

He compared it to a "pornado," the whirlwind of illicit pop-up ads that would follow your mouse and plague Web sites before pop-up blockers were implemented. "Facebook Home will do that, where you'll always be on Facebook," he said.

For its part, Facebook says there's not much daylight between using Facebook Home and using Facebook.com or your Facebook mobile app. Facebook Home is covered under the same data use policy as the rest of Facebook, and the company said in a blog post addressing data use and privacy concerns in Facebook Home that there's nothing unusual or new about which data it collects.

Like other parts of Facebook, Home collects information when you interact with the service, such as liking or commenting on a post or sending a message. Home also may collect other information about how you use it. For example, Facebook maintains a list of the apps that you have in the Home app launcher. We store this information in identifiable form for 90 days and use it to provide the service and improve how it works.

For devices that come with Home pre-installed, Home can display system notifications, meaning that it will show notifications from apps on your phone. Since these notifications appear in Home, Facebook collects information about the notification (such as which app is generating them) but not the content of the notification itself. We remove identifying information from this data after 90 days.

Once it launches next week, it'll be easy, initially, to not use Facebook Home. I expect that to change, even though the launcher and chat interface are initially limited to HTC First phones and people who download Facebook Home from Google Play and live in the U.S. The purpose of Home is to expand Facebook on Android to become a permanent, pervasive layer between you and your apps. Why would Facebook not want to push that?

Sarah Downey, a privacy expert at Abine, a startup that makes privacy-protective browser add-ons and offers privacy-protective services, said Zuckerberg's assurances are not good enough.

"If the past is any indication, Facebook will expand their data sharing as time goes on and as the hype and scrutiny around the launch fades. They're deliberately underplaying the role data plays here, and there's a monetary incentive for Facebook to be with you everywhere you go," she cautioned.

A look at the HTC First, aka the 'Facebook phone' (pictures)

See all photos

And while ads won't be in Facebook Home at launch, my colleague Jennifer Van Grove expects that ads will start showing up sooner rather than later. Facebook ads are hardly random. Zuckerberg told Wired that his company targets ads specifically to its users, and that people are "more engaged" with Facebook because of it.

That also means advertisers are far more aware of whom they're pitching than it would appear.

And it's interesting to note that recent research shows that a cell-phone user can be identified with as few as three points of location data.

But unlike some pundits who say that it's too late to change the future, Downey remains optimistic for the future of privacy. "I'm going to go on a limb and say that people will have more privacy five years from now than they do today. People don't want this to happen anymore. The advertisers are going to fight this as long as they can, but people don't like being tracked and sold. Regulation is going to have to play a part in it. The cards are stacked so high against consumers that there's no other solution."

Watch this: Facebook unveils 'Home' for Android

So, just because Zuckerberg has a loose, almost nonexistent definition of privacy, doesn't mean he's right or that you have to abide by it. The short-term solution is to cut back on your Facebook usage while taking as much control as possible over how Facebook shares your data. You can turn off location sharing when you use Facebook Chat, turn Chat on or off for specific friends, and you can set your posts to be seen by Friends only instead of Public.

You can also dial-down location sharing in Facebook Home, turning it off completely. And if you must list e-mail addresses or phone numbers on Facebook, use secondary ones. Here's CNET's latest tutorial for customizing your Facebook privacy settings.

"Facebook's not your friend. It's less surveillance, and more forced publicity. It's the friend that I tell something to in confidence, who then tells others," said Soltani.

Whatever else Facebook Home is, it's not a place for your privacy. You don't have to "un-friend" it, but until there are better consumer privacy protections in place, it's time to take control over as much as you can.