When are Facebook’s privacy settings too complex?


The obvious answer is, “when even their former marketing director (Mark Zuckerberg’s sister, no less) gets caught out by them” – as happened recently, though let’s face facts, the real answer is “several years ago”.

The story, if you missed it, is that Randi Zuckerberg posted a family photo to Facebook, marked for her family and friends to see. Unfortunately, another Zuckerberg sister was tagged in the photo, meaning it showed up in her own timeline for people who weren’t the originally intended audience to see it. It was tweeted by one person in particular, who Ms Zuckerberg then contacted to call out for sharing it before imparting a rule of ‘digital etiquette’ to the world:


The resulting discussion about the incident has gone in several directions. Much has been made of the irony of a Zuckerberg/former director of the company being caught out by the system; some other commenters have noted that Ms Zuckerberg used clout that most of us don’t have to get an item that annoyed her taken down; still others observed that this ‘tagged in a photo’ loophole appears to be a fairly glaring gap in the privacy settings that ought either to be clarified or closed.

For myself, I’m most concerned with this lesson in digital manners and human decency from someone who worked for a business that by any sensible measure doesn’t appear to have any of either. Facebook’s default approach to privacy settings is to change them then tell its users that they need to update their preferences to fit the new norm. Let’s face it, Facebook doesn’t want you to be a completely private island in its growing archipelago – it depends on you interacting with the community of the islands around you. Every time it can cause you to do that, even if you didn’t intend it, is good for Facebook.

I’d mind it less (okay, so actually, I wouldn’t) if this lesson wasn’t so obviously disproven when you look at how Facebook actually works. Any user is free to tag anyone in their photos, with that tagging just becoming part of the mountain of data associated with the ‘tagee’ in Facebook’s database. The ability not to have tags of yourself show up in extended network timelines is buried in the privacy settings, and would in any case only apply in this instance if everyone in the photo had applied the same restriction. Worse, there’s no way at all of someone who (increasingly sensibly) doesn’t have a Facebook account knowing if their likeness has been posted, whether their permission was obtained or not. As with the privacy settings, the default is to allow the tagging then tell you about it.

While I’m CERTAIN that given her moral lesson to the rest of the world Ms Zuckerberg requested and obtained explicit opt-in permission from all her pictured family members before posting the photo, there’s no point in pretending that Facebook itself doesn’t require or want that to happen. Trying to spin a situation where the ‘rules’ of her brother’s business clearly didn’t work in the way she thought they did into one where she can claim some moral high ground over someone who used it pretty much as intended is a rather shallow endeavour.