No company has done more to push the boundaries of online privacy than Facebook. The world’s leading social network has changed the way friendships are maintained, news is shared, and protests are organized — among much else.
While many of these innovations have been enthusiastically embraced by Facebook’s 600 million-plus users, others have provoked serious backlash. Below are some of the most controversial steps — and missteps — Facebook and its founder and CEO Mark Zuckerberg have taken to remake online privacy.
- October 28, 2003
Facebook founder Mark Zuckerberg creates Facebook precursor site Facemash by hacking into the photo directories of nine houses at Harvard University, where he was a sophomore at the time.
The site attracted 450 visitors and 22,000 photo-views in its first four hours online, but was shut down a few days later by the school administration. A disciplinary committee at Harvard charged Zuckerberg with breach of security, violating copyrights, and violating individual privacy. He could have been expelled, but the charges were dropped.
- February 4, 2004
Zuckerberg, now a junior, launches “Thefacebook” for Harvard students only. It was originally located at thefacebook.com.
Six days later, Cameron Winklevoss, Tyler Winklevoss, and Divya Narendra, sent a letter to Zuckerberg accusing him of stealing the idea for the social network from the HarvardConnection.com, a project they had recruited him to work on. In September, the three sued Zuckerberg in an intellectual property dispute that drags on to this day.
- September 5, 2006
Facebook introduces the instantly controversial News Feed and Mini Feed, the latter of which would later evolve into the individual users’ Walls.
This now-popular Wall precursor provoked the fury of Facebook users, who were not given the ability to opt out or even control who would get their updates. A group called “Students Against Facebook News Feed” was set up by Ben Parr — the current co-editor of Mashable who was then a junior at Northwestern — to protest the change. It attracted 284,000 members in less than two days, which was an especially impressive mobilization in what was then a much smaller user community.
- September 8, 2006
Zuckerberg apologies for the way he introduced the News Feed.
“We really messed this one up,” Zuckerberg wrote in an open letter posted on the Facebook blog. “We did a bad job of explaining what the new features were and an even worse job of giving you control of them.” It was the first of many times he would be forced to update the site’s privacy controls in response to public backlash.
- September 26, 2006
Facebook, which had been gradually opening membership up to colleges across the U.S. and Canada, becomes available to everyone above the age of 13 with a valid email address.
In preparation for the change and inevitable backlash, the company beefed up its privacy offerings so that users can limit who can search, poke, message, friend or see them.
- November 6, 2007
In collaboration with 44 e-commerce sites, Facebook launches Beacon: a “completely new way of advertising online.”
An early attempt to make online shopping social, Beacon prompted an immediate outcry from privacy advocates. They were upset that their purchases on sites like Amazon and Fandango were automatically listed in their friends’ Facebook News Feeds.
- November 20, 2007
Netroots activists MoveOn.org create an online petition and Facebook group protesting the way Beacon publicizes on Facebook their activities on other websites without explicit permission.
In less than ten days, the group gained some 50,000 members and Facebook’s vice president of marketing and operations promised the New York Times that it had changed the feature from opt-out to opt-in. That turned out to be a lie.
- December 5, 2007
Facebook announces that it will allow people to permanently opt-out of Beacon and Zuckerberg apologies for the controversy.
“It took us too long after people started contacting us to change the product so that users had to explicitly approve what they wanted to share,” Zuckerberg wrote in the blog post. “Instead of acting quickly, we took too long to decide on the right solution. I’m not proud of the way we’ve handled this situation and I know we can do better.”
- August 12, 2008
A class-action suit is filed against Facebook and a handful of its Beacon partner sites for violating online privacy and computer fraud laws.
The lead plaintiff, Sean Lane, sued because Facebook ruined the Christmas surprise he’d planned for his wife. Beacon advertised his Overstock.com diamond ring purchase in his friends’ News Feeds and she found out about it.
- September 21, 2009
In a victory for privacy advocates, Facebook decides to shut down Beacon altogether.
According to a story in The Register, Facebook decided that Beacon had upset too many people to work. Instead, Facebook focused on Facebook Connect, an opt-in system that lets people sign in to Facebook on other sites.
- December 9, 2009
Facebook changes its privacy settings to make sharing information with everyone — not just friends, or friends of friends — the default and removes the News Feed privacy controls it introduced after the once-controversial feature was introduced. Users’ names, profile pictures and gender are also made public.
Eight days later, a coalition of privacy organizations filed a complaint with the Federal Trade Commission over what they referred to as Facebook’s “unfair and deceptive business practices.”
- March 17, 2010
Facebook settles Beacon lawsuits by agreeing to set up a $9.5 million fund for an Internet privacy foundation.
Lane, the upset husband who initiated the suit, was awarded $15,000 in damages. No word on whether the foundation was ever launched.
UPDATE: A Facebook spokesman told MediaShift that the Beacon settlement was “appealed by outside parties” so they could not launch the foundation. According to Facebook: “Absent the appeal, the foundation created by the settlement would be on the way to distributing $6.5 million to fund independent privacy projects. The public interest is not served by a delay in the start of this important foundation.”
- April 21, 2010
The company introduces new tools allowing users to log in on other websites using their Facebook username and password and share the content they “like” around the web in their Facebook News Feed.
Six days later, a group of Senators asked the FTC to establish privacy guidelines for social networks.
- May 5, 2010
Following a glitch in February that caused some private messages to be sent to unintended recipients, another coding error exposes private Facebook chats to other users.
In response to these incidents, privacy groups filed a formal complaint with the FTC alleging that the site’s privacy policies “violate user expectations, diminish user privacy, and contradict Facebook’s own representations.”
- May 11, 2010
Three web developers in San Francisco set up a Facebook parody site called Openbook.
The site’s tagline was, “Connect and share whether you want to or not.” The site let users search public updates using Facebook’s own search service and proposed simpler privacy settings.
- May 21, 2010
A Wall Street Journal investigation reveals that Facebook has been sharing with advertisers the personal information of users who click on Facebook ads.
- May 24, 2010
Mark Zuckerberg responds to the chorus of privacy complaints by announcing new, simplified privacy settings in a Washington Post op-ed.
Instead of apologizing, he promised greater concern for privacy and wrote “we do not and never will sell any of your information to anyone” — a promise the company has recently broken. Days later, Zuckerberg elaborated on the privacy changes in a blog post.
- July 20, 2010
Days after Facebook surpassed 500 million users, the University of Michigan Business school releases a study showing that many of those users are deeply unhappy with the social network’s privacy policies.
Of all public sector companies, Facebook ranked among the bottom five percent in consumer satisfaction, according to the report. That means Americans held the social network in the same esteem as the airline industry and cable companies.
- October 18, 2010
A further investigation by the Wall Street Journal discovers that many Facebook apps are not only providing data to advertisers but also linking it directly to users’ names and, in some cases, their friends’ names.
- January 14, 2011
Facebook expands the information users are able to share with external websites and applications to include addresses and phone numbers.
After hearing some initial negative feedback, Facebook disabled the feature four days later to rethink the option.
- January 23, 2011
The Facebook page of French President Nicolas Sarkozy is hacked and a misspelled, ungrammatical note announcing his decision to not run for re-election is posted. The hacker also sets up an event page inviting French citizens to “leave drinks” at a Parisian restaurant the following day.
Less than a week later, the fan page of Mark Zuckerberg was similarly compromised (see below). Perhaps as a result, Facebook rolled out the option to always use HTTPS secured pages on the site the following day.
Have we missed any major Facebook privacy snafus? Has Facebook compromised your personal privacy? Are you satisfied with the progress Facebook has made in protecting privacy? What else would you like to see the company do? Tell us in the comments below.
Corbin Hiar is the DC-based associate editor at MediaShift and climate blogger for UN Dispatch and the Huffington Post. He is a regular contributor to More Intelligent Life, an online arts and culture publication of the Economist Group, and has also written about environmental issues on Economist.com and the website of The New Republic. Before Corbin moved to the Capital to join the Ben Bagdikian Fellowship Program at Mother Jones, he worked a web internship at The Nation in New York City. Follow him on Twitter @CorbinHiar.