Author Archives: Judith Townend and Colin Meek

#snprivacy: Journalists’ privacy plea to social networks

This post was written following months of mounting concern about the way new sharing and connection features are being implemented on the most popular social networks. If you agree with what we ask of social network developers, feel free to quote this blog, or tweet marking your messages #SNprivacy. will be putting more questions about privacy policy to Facebook later this week. To have your say, please leave comments below, tweet @journalismnews, or email judith [at]

Re: Privacy policy

Dear social networks,

You say you want to reflect real world relationships and connections. Well, in the real world there are connections and information that journalists don’t want made public, shared or given to third parties. Please help us protect our privacy, so vital to responsible journalistic work. It will help you avoid law suits and government inquiries, too.

We know that we need you to help us work more effectively as journalists, to share with others, and to make connections in ways impossible before your birth. But likewise social networks need users and their endorsement. Google’s head of public policy and government relations, Susan Pointer, recently said: “We live or die by the trust our users have in our services.”

Social networks also rely on bloggers and technology/media journalists to communicate new and changed tools accurately.

We realise there is some shoddy and inaccurate reporting around social networking, especially in some of the mainstream press, but there are also many writers who care about relaying information responsibly.

We believe changes to Facebook’s privacy settings are particularly worrying for journalists and bloggers, who have good reason for protecting their privacy and confidential sources.

As the US blogger and librarian Bobbi L. Newman reported, users now have to ‘opt out’ of auto-personalisation settings that allow their friends to share their content.

Furthermore, as developer Ka-Ping Yee exposed, privacy breaches were made in the original open API which allowed external access to Facebook users’ ‘event’ information. We are pleased to see Facebook has reacted to this and corrected the privacy error.

We believe Google Buzz was naive in setting up auto-connections between contacts in Gmail address books. The public availability of email addresses on Buzz, as reported by TechCrunch, was also of concern. We are pleased to see Google has amended these privacy errors. has recently revealed misleading information surrounding Address Book Importing (ABI), which we feel does not adequately explain how social networks are using – and keeping – users’ email address book information.

We argue that the default options should always be set so that the privacy of the user is respected. With friend friend finder tools, like Facebook’s, users should have to opt in to share email addresses and opt in to each one shared.

It’s an issue publicly highlighted by Facebook’s former chief privacy officer, Chris Kelly (currently running for office as attorney general in California):  he is calling on Facebook “to structure all its programs to allow Facebook users to give permission before their information is shared with third parties”.

We are worried by Twitter and Friendster’s lack of engagement with us on privacy and ABI issues.

Facebook, with which we did enter lengthy dialogue, has said it welcomes feedback. Nonetheless, we are concerned it continues to dismiss the issues thrown up by its friend suggestions and connection features, which are implemented with harvested email addresses. Наши друзья: желают вам хороших праздников и смотреть только качественное секс видео. порно 365 это жемчужина в мире порнухи, куча роликов, много категорий и тегов, вы всегда можете сочетать теги и категории по вашим предпочтениям и найти то, что вы действительно хотели!

In light of the privacy breaches and concerns outlined above, we ask six things of growing social networks.

1. Please conduct thorough user research before you implement new features

2. Please publicise new features before you launch them fully, allowing us time to change new or existing privacy settings as necessary

3. If you change privacy settings, please ask us to opt *in*, not opt *out*. Social networks should NEVER set the default option to share users’ information

4. Please provide clearer explanations about how data is shared and how connections are made

5. Please test your new features more thoroughly before launching

6. Please answer our emails or postings on your forums about privacy concerns and reports of privacy breaches – written as either users or journalists / bloggers

Note to bloggers: please feel free to reproduce this plea on your own blogs, with a link back to the original post.

Comment: It’s time for social networks to tell us how our data is used

We explain why we consider Address Book Importing (ABI) and friend connection tools dangerous  for journalists; and why we believe it’s time for social networks to be more upfront about how they use our data.

Our research on social networks and Address Book Importing (ABI) published today shows that Facebook has a big problem, which will only get bigger, as it develops its connection-making features.

[See full report: How social networks are using your email address book data – and what it means for journalists]

If you are a member, like 400 million other people worldwide, then that problem could become your problem through no fault of your own. Journalists, in particular, are more vulnerable than most.

Why they do it

Like all social networks, Facebook strives to be seen as indispensable. Facebook wants you to tell it who you are connected to and it has a vested interest in making those connections public.

For Facebook, the more connections it can make between people the better. That’s what drives membership and visits and profits. Many claim that user privacy is the main casualty of a business model that depends on users revealing personal information online.

It is an issue that has come to involve stalking, grooming and identity theft. Facebook argues that instead of imposing regulation on social networks, governments should leave the control of personal information in the hands of the users.

That argument would carry weight if the company’s privacy controls were transparent and easy to use, and its members were given the information they need to make informed decisions.

Threat to journalists

But here’s the crux. Our in-depth look at the practice of ABI reveals that Facebook is failing to provide users with the information they need to properly protect their privacy. From the perspective of a journalist, this means ABI can threaten the privacy of your sources and even your career.

Facebook presents its ‘Find People you Email’ tool as a way for you to check if people you know are also Facebook members. You do this by giving Facebook access to your online contacts file on Gmail or Yahoo for example, or by giving it access to your desktop contacts file.

Facebook says: ‘Upload a contact file and we will tell you which of your contacts are on Facebook.’ Sounds harmless enough and sounds like it will do what you expect. Use the ‘learn more’ option here and Facebook tells you that they may use the imported information to generate ‘suggestions’ for you and your contacts on Facebook (see statement below).

But we’ve pieced together what Facebook doesn’t tell you. Not only does Facebook ‘find people you email’ on Facebook, it downloads all the email addresses in your contacts file whether you want it to or not.

Users aren’t given clear information that this will happen. Then, without giving you any control over the process, it uses the email addresses to generate ‘friend recommendations’ for people you know – and those you don’t.

Then, without telling you and without your control, Facebook generates ‘recommendations’ linking you directly with others in your contact file on any email invites you choose to send. Facebook also holds on to your contacts file – linking you to your file on an on-going basis.

You may have countless reasons why you don’t want to be publicly connected with people in your contacts file. People in that file may be professional contacts, confidential sources, business associates or even the target of a long-running investigation; people from whom you may want to keep a discreet distance for any number of reasons.

If you are not completely aware what ABI means, the potential for disaster is endless. Imagine if you use Facebook’s ABI to check if your mates are on Facebook and you give it access to your desktop address book.

On there are your friends, your sources and your colleagues. Many may not be impressed if, out of the blue, they are ‘recommended’ your husband, your boss and your mate who has tagged you in a dozen Christmas party pictures.

What if the NHS manager you’ve lined up to interview is ‘recommended’ to the health service whistleblower you’ve cultivated? What if your source in an investment bank is ‘recommended’ to your source in the Financial Service Authority? Will any of them trust you again?

Strange recommendations

We grew suspicious about Facebook’s ABI tool precisely because two of us at started to receive bizarre recommendations. Recommendations that could only mean one thing – Facebook had accessed the email addresses of our contacts.

We think the majority of Facebook users and, certainly, the vast majority of journalists, wouldn’t use ABI if they were given the full picture. Patti Laubaugh’s devastating experience with Facebook’s ABI reveals what can happen when you mistakenly mix your professional and private lives on social networks.

As we’ve reported, Reuters is so concerned about the potential for calamity that it is warning its journalists: “Be aware that you may reveal your sources to competitors by using ‘following’ or ‘friending’ functionality on social networks.” But this doesn’t mention the risk of ABI.

We had a useful dialogue with Facebook about our findings but nothing it told us made us any more relaxed with the practice of ABI.

The company defended its practice by stating that people can opt to ‘learn more’ about the Friend Finder tool by accessing this statement:

“We may use the email addresses you upload through this importer to help you connect with friends, including using this information to generate suggestions for you and your contacts on Facebook.”

Time to be more upfront

We think Facebook members are not adequately warned exactly how ABI is used and could be misled by the information provided.

Worse still, users have to click through to yet another window before they learn that they can delete an uploaded contacts file. Facebook knows better than anyone that the more clicks you ask a user to perform the less likely they are to get somewhere you don’t particularly want them to find.

It added:

“We believe that people come to Facebook to find their friends, and so we provide this as part of our efforts to help people find each other, and to share and stay in touch.  We use a variety of different factors to determine whether to suggest that people connect on Facebook and we respect privacy settings of the users when we do.”

But in order to use the privacy settings in an informed way users must be given the whole picture. Like Gus Hosein of Privacy International says in our main report, it’s time for social networks to stop pretending they’re cuddly start-ups and face up to their privacy control responsibilities as world communication systems.