> "Please make sure your friends are comfortable with any use you make of their information."
All 425 of my friends? And how, pray tell, did you expect people do go about doing this?
Simply putting up a simple click-through disclaimer is poor moral defense.
That message is incredibly disingenuous, and I do not believe whoever launched it believed for one fraction of a second that users will actually go out and seek their friends' permissions to activate the feature. Facebook expected people to just tap merrily through, and well, people did.
Of course, that warning is from the Facebook app. The above comment is correct that there is no fine-grained security in iOS for user data (except location info). If Apple approves an app and you install it, you are trusting it will much of the data on your phone.
I do not work at Facebook or even know a single person who does. I've never even talked to someone — including on the Internet — who works for Facebook.
Your personal attack was incredibly uncalled for. Just because I do not feel Facebook is evil does not mean that they are paying me to say so.
(As to your actual point: yes, it actually does. The claim I was refuting is that Facebook "steals" contact information on your device. Well, in fact, it doesn't. It makes you confirm that you are okay with sharing this information with Facebook.
What else could they do? The only other thing I could think of is Facebook not offering this feature. They are doing quite a good job here making it clear what happens to your information if you share it with them and you have to explicitly give your okay.)
> "What else could they do? The only other thing I could think of is Facebook not offering this feature."
"Your friend [Bob Smith] wants to use Facebook Mobile Sync on his phone. This would allow Facebook to see any information he has in his address book relating to you. You can [learn more about Facebook Mobile Sync here]."
> "They are doing quite a good job here making it clear what happens to your information if you share it with them and you have to explicitly give your okay."
There are two issues with this:
- There is a social contract (at least, in Western countries, I cannot speak for this as a universal rule) where your contact information is private. This is why people ask "is it ok if I give Bob your number?". Facebook violates this fundamental assumption by allowing Bob to unilaterally upload all this private data with a simple button push, without clearing it with anyone.
- The fact that we had viral outrage when people's private numbers started showing up on accounts seems to suggest that they have not explained the use of this information sufficiently. If people are quite clear about what happens to this information, there would have been little cause for outrage.
That prompt doesn't really make clear what information Facebook will roll into its databases, nor does it make clear in what way it is exposed. The only thing users are clear about when they click through that prompt is that it means their Facebook friends' numbers will show up in their contact list.
You do realize, on iOS, that most contact info on the device is synced with either Google, or (in iOS 5) iCloud? Facebook is not making this information public, neither are those services.
And how can they ask every person in your contacts if they approve: even incorrectly assuming all of them have an account on Facebook, you would still need to upload that information for those accounts to be linked and the request messages to be sent. And that's invading the privacy of the user's address book: they are now sharing that someone is in their address book, even if they didn't want that person to know.
Finally, it does say exactly what is uploaded (which is much better, even, than iCloud or Google's sync: seriously, how can you argue that Facebook's contact sync is so awful and ignore Apple and Google's services?): emails, phone numbers, and names (I may be forgetting some here).
> "And how can they ask every person in your contacts if they approve"
By prompting the user the next time they sign into Facebook. This really isn't that hard. You can even make this a blanket permission: "I allow all of my contacts to store my contact info with Facebook". It's still miles better than what's there right now.
> "And that's invading the privacy of the user's address book: they are now sharing that someone is in their address book, even if they didn't want that person to know."
That's not the only choice. Facebook can just as easily say "Hey, we have [X] information about you that [Bob Smith] uploaded. You may [opt out] and we will delete this data."
There are many, many, many ways to mitigate the privacy concerns of this. Facebook right now is doing none of it.
Again, let me ask: you have all these concerns about Facebook optionally letting you upload some data stored on your device to be shared with nobody. Exactly what Google's Contacts, Apple's iCloud, and Microsoft's Live let you do. Why is this any different? All of those companies have competing social networks, why do they get a free pass from you? Why don't you block them in your hosts files and not let them track you on the web with their +1 buttons or Bing results?
But, anyway, how would they ask the person that doesn't have a Facebook account. What if they get the match wrong, if you have two friends named "John Smith"? This is a non-trivial solution for an issue fabricated against Facebook when identical (or even worse, see Google's use of contact data with Buzz: Facebook has never made this info public or even shared the uploaded information with anyone but you) situations have occurred since the first online contact management solution? Why is this the only case where every person should have to agree to let someone else use the service to store information about you?
This is why people let Google Contacts and iCloud "have a free pass". Neither Google Contacts nor iCloud does anything with my data - it's on their servers for backup and sync purposes. Could they be doing anything nefarious in the background with my private information? Sure, but neither company have a strong history of this.
With Facebook this trust simply does not exist, and when coupled with a poorly explained, poorly documented feature that seemed to have very few privacy controls around it (many Facebook features with less privacy impact have more privacy visibility), people flip out. Rightly so.
We cannot trust Facebook not to mine the shit out of the information uploaded from our phonebooks (and in fact, Facebook has never ruled this out), and eventually expose it to other people, even indirectly. When your company has a long track record of taking a cavalier (if not outright dismissive) attitude towards user privacy, the onus is on you to show you're above-board. The phone sync feature hasn't done this due diligence.
The fact that the phonebook data I'd be uploading isn't exposed directly to my other friends is very, very small comfort.
[edit] I've seen this exchange way more times than I'd like to. It's just a total failure of communication on Facebook's part:
Seriously, I am getting tired of these outright lies or unsubstantiated rumors being perpetutated against Facebook.