Facebook (Probably) Didn’t Expose Your Private Messages. It Just Made a UI Mistake.

Most folks have probably seen some blog post or story warning them that Facebook has exposed their private messages from 2010 and before on their public timeline, which Facebook denies of course. And Facebook is (probably) right — what you’re really seeing are old wall posts that you thought were private. That’s not much solace to some Facebook users though, who — based on the message content — insist that the messages *must* have been private.

Here’s what I think really happened.

Facebook used to have a wall-to-wall feature, which showed the wall posts between you and your friend in a back-and-forth conversation format. It looked sort of like this. Or this. Because this layout looks very similar to how messages work in Facebook, people treated wall-to-wall the same way they treat private messaging. But as the name suggests, wall-to-wall posts actually go on your (very public) wall. The wall-to-wall feature was removed in late 2010. Coincidentally, people are only reporting private messages on their timeline for 2010 and earlier.

That’s not to say there hasn’t be a privacy snafu. There absolutely is. Regardless of whether they’re wall posts or PMs, old embarrassing messages on your Timeline are still embarrassing. And if that bothers you, you should hide them.

But the cause of this privacy breach isn’t some Facebook engineer inadvertently flipping the privacy bit in the FB database. It’s really a UI / design problem, or more specifically, a divergence between Facebook’s model of users behave and the user’s mental model of how Facebook behaves. Two divergences really.

The first is the aforementioned wall-to-wall issue. From Facebook’s perspective, two users were posting on each other’s public walls. But from the user’s standpoint, based on the visual cues presented to them, they were engaging in a private conversation.

The second is Timeine itself. Timeline exposes old, possibly-private and sensitive information. Again, this is because of a divergence between mental models. For Facebook, the question of whether something is public is a binary decision. When the server receives a request for some particular information, it either provides it or it doesn’t.

But for many Facebook users, public really means accessible. And accessibility isn’t quite so binary. Prior to Timeline, sifting through old messages was time-consuming and difficult (it still is in a way). So by the time an old wall post was buried several months in the past, it may still have been public (as Facebook understood it), but it was relatively inaccessible. Timeline changed the accessibility of old information, and combined with the earlier wall-to-wall issue, we ended up with a huge chunk of Facebook users thinking their private messages were exposed (and in a way, they were).

Some final takeaways / questions:

Don’t trust your memory. When it comes to technology, what matters is what the technology thinks is true, not what you remember as true. As the Wall-to-Wall issue shows, poor UI design can affect how people perceive things are happening on the backend. In this case, if you still think there’s a PM on your timeline, the easiest way to verify this is to cross-reference it against your email archives (if you have your email archived that far back and you had e-mail notifications turned on). Until recently, Facebook would send a separate e-mail for wall posts and private messages. If it’s a private message, the e-mail will say so. And you should notify Facebook, because that’s a huge $#@&-up.

Privacy is often a design problem. Same with security. Or really anything else whether the error exists between keyboard and chair.

How do you resolve old UI mistakes? Facebook was almost certainly aware that many wall posts were intended to be private, despite being marked public. But because of the mis-marking, there’s no easy way to identify what user intent actually was for many of these messages. So what’s the proper response? This actually reminds me of the 2000 election in which many Gore voters likely inadvertently voted for Buchanan. But at least some of those Buchanan voters actually intended to vote for Buchanan, and there’s no easy way to tell who intended what, short of a re-vote. So what’s the fair thing to do here?

How do you roll out new paradigms with old data? Start-ups are all about rapid growth and change. Lots of iterations. The occasional pivot. The problem is this can look a lot like a bait-and-switch. Users may provide a company private information based on implicit assumptions on how that data is being used. And indeed, the company may share those assumptions, at least initially. But start-ups often to change course. Sometimes those changes may seem slight from the start-up’s perspective but strongly conflict with the user’s assumptions about how the data is handled. In such case, what’s the best way for a start-up to handle that?


Thoughts on Instagram

I’m not entirely sure why Facebook bought Instagram for $1 billion. It doesn’t solve a personal pain point. But someone asked me about the deal, so … here we go.

Instagram’s user value is instant gratification:

  • The time I most to want to share a photograph with friends is right after I take it. If I have to interact with other apps on my phone, or (heaven forbid) upload the pictures to my computer, photo sharing becomes less fun and more chore. Or I’m just going to forget to upload / send the photo to my friends. Instagram makes it easy to share the picture immediately, all within one app.
  • It’s hard to take a good photo on a phone — even if the phone has high quality camera, the phone may be shaped awkwardly, hands are unsteady, etc. Instagram’s filters quickly makes photos “acceptable” for sharing. Of course, I could edit the photo in a photo-editing app on my laptop, but that means I can’t share my photo right away.
  • Likewise, let’s say you take a photo of your friends and it’s sort of “meh”. Should you take another photo or is this fixable with some Photoshop filters? You can’t ask your friends to hang around while you fool around with Photoshop. On the other hand, Instagram lets you know right away.
  • Instant gratification generates positive feedback loops. If you take a photo and Instagram makes it look awesome, you’ll want to take another photo. You’ll also want to share it. Sharing makes the Instagram community seem more active, which attracts new users. It also makes existing users want to come back and check for new content.

Continue reading “Thoughts on Instagram”

Harvard and The Social Network

I have a longish list of coincidences between my life and Mark Zuckerberg’s. It extends beyond going to Harvard and founding a startup but does not include success. So watching The Social Network was unsettling, to say the least.

That’s not what this post is about. This post is about how accurately the film portrays Harvard. Note that there may be spoilers below, so read at your own risk.

Anyhow, it’s easy to point out what the film gets wrong. Life at the Harvard I knew was not driven by final clubs and rigid social hierarchies. The notion that Zuckerberg screwed Eduardo Saverin because Zuckerberg was jealous about Saverin getting into the Phoenix is just slightly more plausible than Barack Obama being born in Kenya. That opening scene where’s there some musical prodigy playing violin outside in the courtyard? The only person I knew playing violin outside at night was homeless. And he sucked.

I think this misses the point. What The Social Network gets right is the mythology of Harvard. Yes, the mythology doesn’t accurately reflect what Harvard actually was (or is), but Harvard students were intimately aware of it. To the extent that the film portrays how out of place that mythology is within the real world, it captures the zeitgeist of the Harvard. Continue reading “Harvard and The Social Network

Facebook Redirect Phishing

Two of my friends inadvertently gave away their passwords to a Facebook password phishing site yesterday. If you don’t know what phishing is, see the Wikipedia article.

Hypothesis: The way Facebook formats its links in e-mails actually makes it easier for phishing sites to trick some users into giving their info.

Phishing websites work by creating mirror images of other websites and tricking you into logging in to them with your account info from the other site. So let’s pretend I owned notfacebook.com. I could trick people into giving me their Facebook password by sending them to http://notfacebook.com/login.php, a page that looks exactly like the actual Facebook login page, except when you entered in your password, you would be sending it not to Facebook, but to me.

Continue reading “Facebook Redirect Phishing”