A lot of people have been trying to be more careful about their privacy on every platform — especially on social media sites — ever since this past summer. Nonetheless, nearly no one has objected to what is one of the scariest, most invasive and exploitative programs that a social network could come up with: Facebook’s “Instant Personalization”.
What is it that makes Instant Personalization one of the biggest social network privacy violations you’ve ever seen?
If you go all the way to page 13 of their marked up Data Use Policy, you can find a section called “About instant personalization.” Here, you can read about an already active program created to help its corporate partners provide “a more personalized and social experience for logged in users.” Essentially: the program works by allowing certain sites to “know some information about you and your friends the moment you arrive” including your User ID, your friend list, and your public information.
What does that mean, exactly? Basically, the first time you land on a partner’s website, you’ll be notified of the fact that the website has accessed your Facebook data, including your basic profile information, all your public content, and your friends’ basic information. Facebook says that it’s completely “kosher” because you can choose to opt-out; if you do, the site is “required to delete all of the information about you.”
Except… Wait, hold up: what’s that line about how partner sites are prevented from accessing any information about you “until you or your friends visit its site”? Did Facebook just say in a very subtle way that if even just one of your Facebook friends goes onto a partner site, your data will be accessed?
What Facebook’s data use policy tries its damned hardest to get you to not really understand is that you don’t ever need to go to a website personally to confirm or deny the acquisition your public data to some partner company — all it takes one of your friends landing on their site. And that opt-out Facebook provides? Yeah, it only applies to that one person who clicks the button — not you. This is what it looks like in simple form:
Friend “X” goes to Facebook Partner Website “Y” → Y gets X and your data → whether or not X opts-out, Y gets to keep your data (at least until you go to that website and opt-out)
Hold up, say what? Have you personally been to all of the websites below? Chances are, you’ve not been to all of them, but if anyone else in your network has, your data is already saved on their servers — even though you also probably never directly consented to participate in Instant Personalization.
Playdom – Social Games (Full Bloom and Mobsters: Criminal Empire)
Playdemic – Social Games (Village Life)
Wooga – Social Games (Monster World)
GSN – Social Games (Games by GSN)
Happy Elements – Social Games (演義亂世)
Fun+ – Social Games (Royal Story)
Williams Interactive – Social Games (Jackpot Party Casino Slots)
King – Social Games (Pyramid Solitaire Saga)
Playtika – Social Games (Caesars Casino)
Fortunately, you can email each of those websites’ webmasters and request to have your data removed from their servers (since they won’t do it automatically), and they’re required by Facebook policy to abide by your request. But–and here’s the rub–in order to do that, you’re going to have to visit their websites to find the contact information, thereby exposing your entire network of friends, family, acquaintances, and maybe even some business associates along the way.
Still want to go to those websites to email them about how you want your privacy back? Maybe not so much now, huh?
If your settings have been set up to allow Instant Personalization, chances are, you’ve already been “exposed” through one of your friends. However, if you want to protect yourself from future partners snagging your data, you can permanently opt-out of Instant Personalization. To do this, you can go the “Instant Personalization” tab in your settings or follow Facebook’s instructions on how to remove yourself.