Nearly every website and blog has a Facebook fan page, and most of those use the Facebook API to insert a fan page frame at the bottom of their own site.  The fan page frame lists the number of fans and the names and pictures of ten Facebook users that “like” the particular site or blog.  I had always wondered if the 10 Facebook users in those frames were even real users at all.  Yesterday, I found that’s not the case at all:

Out of 746,369 fans, the Facebook API randomly selected my fiance as one of the 10 lucky fans to have his or her name, picture, profile link, and fan status broadcasted to the world on a website other than Facebook itself.  Or maybe it wasn’t random, but reloading the page selects a new set of 10 fans, and I don’t think I’ve ever looked at one of these before and noticed someone I knew.  How many of these 746,369 fans are even aware that by “liking” PostSecret, this information can be accessible to anyone on the internet and not just from Facebook?  Unclear and ever changing privacy policies are just one of several significant problems with the shift to trusting third parties for nearly all of your data.

Everyone is becoming increasingly reliant on social networking sites, cloud computing, webmail, software as a service, and content distribution platforms to handle their data.  Fewer and fewer people are storing their data on their own computer and instead are forking it over to third parties in droves.  Entrusting a third party with your data raises three chief concerns: reliability, privacy, and freedom.  First, how can you be sure a third party web service will always provide you access to your data?  Next, how can you be sure your data is protected by a third party according to its privacy policy?  Lastly, can do do as you please with the data you have submitted to a third party?  The answers to these questions are dubious at best, but there are some steps anyone can take to minimize the problems and regain control of your information.

Reliability

Gmail seems to have a lot more problems than it used to.  There’s been several occasions in the last year where I could not log in to retrieve my mail because of some server-side problem.  Furthermore, I’ve been getting that yellow “still working…” bar flashing across the top of the Gmail page quite a bit, making my mail experience all the more frustrating.  It makes me wonder, what incentive does Google have to ensure the integrity of your mail?  It’s a free service, so if Gmail goes down, it isn’t as if they are going to lose revenue due to paying customers pulling out.  Indirectly, ad revenue will decrease, but there is no direct motivation for Google to provide you, the user, with your email 100 percent of the time.

Without direct control over my email, I’m more or less living in fear of a sudden and long lasting outage, unable to read, send, or receive email.  What if Google, intentionally or not, decides to block access to my account?  A similar incident occurred to one Google Groups user who was locked out for three years until finally getting in touch with a customer service rep from Google after upgrading his account to a paid service.  With a direct incentive to provide reliable service, Google was able to quickly fix the problem in this case.   As with most web service models, users are not the customer, advertisers are, so you get what you pay for.

Privacy

When users submit data to a third party on the internet, privacy is anything but assured.  As evidenced by the latest Facebook scandal, privacy policies mean nothing and are changed at will.  Information thought to be private is sold to advertisers or suddenly exposed to the internet as was done with Facebook users’ likes and fan affiliations.  What would happen if Gmail decided to open users’ email accounts for all to read?  Users don’t have much clout to stop such changes from happening, especially without providing a monetary incentive for third parties to keep their word.   Incidents such as these show that third parties care little about users and their wishes as to how their data should be handled.  Users themselves are probably the only ones that can be trusted with their own data, for third parties see user data only as a commodity that can be bought and sold.

The worst case imaginable is a third party with an ax to grind against one of its users, deliberately ignoring its privacy policies to turn users’ private information against them.  Unfortunately, this happens quite frequently.  In the Duke Lacrosse incident, an unnamed source, most likely a Duke employee with administrative access to students’ email accounts voluntarily turned over to police an inflammatory email written by one of the lacrosse team members.  If a university cannot be trusted with keeping student emails private, than how can anyone expect a free web service to keep its word?  Even Mark Zuckerberg himself has been accused of accessing private information stored by Facebook users.

Freedom

While privacy explores the misuse of user data by third parties, another aspect defines the lack of control users have over data they submit to third parties: freedom.  While most social networking sites, webmail, and other web services assert that any user data stored on their services is still owned by the user, this seems to be anything but true.  Handing over data to a third party effectively gives that third party complete control over how that data can be used.  Anyone who has ever attempted to completely erase their Facebook profile can attest to how little control they have over their own information: it’s nearly impossible.  Ever tried to export from Facebook your status updates, wall posts, news stories, and photos?  That’s impossible, too.

Along with Facebook, the iTunes/Apple content distribution system also provides an excellent case study of how third parties effectively have complete control over user data.  As users invest more time, money, and more of their own content into such systems, the harder it is to switch to a competing system or quit altogether.  Like Facebook, the Apple/iTunes model prevents data portability and forces users to stick with Apple products even if better products exist.  Since users cannot move their purchased apps from one platform to another, they are forced to stick  with Apple.  To return to the Facebook analogy, Diaspora is billed as a completely open source and distributed social networking system.  This social networking service could be argued as being “better” than Facebook, but lock-in will keep users on Facebook.  There’s no way for Facebook users to export their friend lists, photos, and wall posts to Diaspora, so everyone will just stay on Facebook.

Any Solutions?

There aren’t really any clear cut solutions to this increasing dependence on third party web services.  The best move is to decrease reliability on such third parties.  I’ve tried running my own mail server, but outgoing email is blocked by my ISP in fear that I’m a spam relay.  Downloading mail with a client is an option so at least I have copies on my own computer of everything I’ve sent and received in case Gmail were to go down.  With respect to privacy, I’ve pretty much assumed that everything I post on the internet will be available to everyone, regardless of privacy controls.  Anything I don’t want out there, I don’t post.  To maintain at least some control over my own data, I host my own blog and ensure that I have a copy of everything I write and submit to sites like Facebook, Google Docs, and Dropbox.  My guess is that as the internet evolves, and especially with the new and annoying “cloud computing” buzzword, this reliance on third parties is only going to become greater.