We explain why we consider Address Book Importing (ABI) and friend connection tools dangerous for journalists; and why we believe it’s time for social networks to be more upfront about how they use our data.
Our research on social networks and Address Book Importing (ABI) published today shows that Facebook has a big problem, which will only get bigger, as it develops its connection-making features.
[See full report: How social networks are using your email address book data – and what it means for journalists]
If you are a member, like 400 million other people worldwide, then that problem could become your problem through no fault of your own. Journalists, in particular, are more vulnerable than most.
Why they do it
Like all social networks, Facebook strives to be seen as indispensable. Facebook wants you to tell it who you are connected to and it has a vested interest in making those connections public.
For Facebook, the more connections it can make between people the better. That’s what drives membership and visits and profits. Many claim that user privacy is the main casualty of a business model that depends on users revealing personal information online.
It is an issue that has come to involve stalking, grooming and identity theft. Facebook argues that instead of imposing regulation on social networks, governments should leave the control of personal information in the hands of the users.
That argument would carry weight if the company’s privacy controls were transparent and easy to use, and its members were given the information they need to make informed decisions.
Threat to journalists
But here’s the crux. Our in-depth look at the practice of ABI reveals that Facebook is failing to provide users with the information they need to properly protect their privacy. From the perspective of a journalist, this means ABI can threaten the privacy of your sources and even your career.
Facebook presents its ‘Find People you Email’ tool as a way for you to check if people you know are also Facebook members. You do this by giving Facebook access to your online contacts file on Gmail or Yahoo for example, or by giving it access to your desktop contacts file.
Facebook says: ‘Upload a contact file and we will tell you which of your contacts are on Facebook.’ Sounds harmless enough and sounds like it will do what you expect. Use the ‘learn more’ option here and Facebook tells you that they may use the imported information to generate ‘suggestions’ for you and your contacts on Facebook (see statement below).
But we’ve pieced together what Facebook doesn’t tell you. Not only does Facebook ‘find people you email’ on Facebook, it downloads all the email addresses in your contacts file whether you want it to or not.
Users aren’t given clear information that this will happen. Then, without giving you any control over the process, it uses the email addresses to generate ‘friend recommendations’ for people you know – and those you don’t.
Then, without telling you and without your control, Facebook generates ‘recommendations’ linking you directly with others in your contact file on any email invites you choose to send. Facebook also holds on to your contacts file – linking you to your file on an on-going basis.
You may have countless reasons why you don’t want to be publicly connected with people in your contacts file. People in that file may be professional contacts, confidential sources, business associates or even the target of a long-running investigation; people from whom you may want to keep a discreet distance for any number of reasons.
If you are not completely aware what ABI means, the potential for disaster is endless. Imagine if you use Facebook’s ABI to check if your mates are on Facebook and you give it access to your desktop address book.
On there are your friends, your sources and your colleagues. Many may not be impressed if, out of the blue, they are ‘recommended’ your husband, your boss and your mate who has tagged you in a dozen Christmas party pictures.
What if the NHS manager you’ve lined up to interview is ‘recommended’ to the health service whistleblower you’ve cultivated? What if your source in an investment bank is ‘recommended’ to your source in the Financial Service Authority? Will any of them trust you again?
We grew suspicious about Facebook’s ABI tool precisely because two of us at Journalism.co.uk started to receive bizarre recommendations. Recommendations that could only mean one thing – Facebook had accessed the email addresses of our contacts.
We think the majority of Facebook users and, certainly, the vast majority of journalists, wouldn’t use ABI if they were given the full picture. Patti Laubaugh’s devastating experience with Facebook’s ABI reveals what can happen when you mistakenly mix your professional and private lives on social networks.
As we’ve reported, Reuters is so concerned about the potential for calamity that it is warning its journalists: “Be aware that you may reveal your sources to competitors by using ‘following’ or ‘friending’ functionality on social networks.” But this doesn’t mention the risk of ABI.
We had a useful dialogue with Facebook about our findings but nothing it told us made us any more relaxed with the practice of ABI.
The company defended its practice by stating that people can opt to ‘learn more’ about the Friend Finder tool by accessing this statement:
“We may use the email addresses you upload through this importer to help you connect with friends, including using this information to generate suggestions for you and your contacts on Facebook.”
Time to be more upfront
We think Facebook members are not adequately warned exactly how ABI is used and could be misled by the information provided.
Worse still, users have to click through to yet another window before they learn that they can delete an uploaded contacts file. Facebook knows better than anyone that the more clicks you ask a user to perform the less likely they are to get somewhere you don’t particularly want them to find.
“We believe that people come to Facebook to find their friends, and so we provide this as part of our efforts to help people find each other, and to share and stay in touch. We use a variety of different factors to determine whether to suggest that people connect on Facebook and we respect privacy settings of the users when we do.”
But in order to use the privacy settings in an informed way users must be given the whole picture. Like Gus Hosein of Privacy International says in our main report, it’s time for social networks to stop pretending they’re cuddly start-ups and face up to their privacy control responsibilities as world communication systems.