So I hear there’s this website called “The Facebook” that is really popular with the kids these days, and I decided to check it out…

Kidding, kidding. Of course I know what Facebook is. I’ve just been choosing not to participate. The whole “social networking” thing doesn’t offer me anything I want that I can’t already do through e-mail or by building websites. (I recognize that I am atypical in this regard).

I actually tried out Facebook back when it was university-students-only. I built a profile, linked it to my friends, and then said “Well, now what? I guess I’m done.” And I never went back. Eventually I deleted my profile, just to avoid spreading outdated information about myself.

Of course, Facebook now is not really the same application as Facebook in 2004. With over 350 million users (as many as Firefox), it forms a significant part of how many people experience the Internet, and as such it shapes their expectations for how web interfaces should look and feel, as well as how their real-life relationships should be represented in software.

This was the argument given by many of my coworkers, who told me that I ought to at least try out the modern Facebook, so that I could better understand where many of our users are coming from.

So I went to Facebook and started creating an account. I entered my first and last name and email address, and Facebook showed me a page saying “We think these people might be your friends”. There were several dozen people there who I actually know, mixed in with several dozen who I don’t.

Wait a minute, How does Facebook know who my friends are?? Remember, I hadn’t told them anything except an email address at this point. I was disturbed by how much they knew about me. More than disturbed. I was freaked out.

Where did this information come from? From the old account that I deleted? Unlikely. I believe it came from my friends importing their email contacts into Facebook. My email address was in their contact lists, so Facebook looked it up in their database and, not finding me, stored a sort of “dangling pointer”. This pointer laid dormant until I entered a matching email address, at which point it sprang into action.

The part that disturbs me about all this is that Facebook had my email address in their database, without my knowledge or consent, despite my decision not to use their service.

And they had a lot more than my email address. They had pictures of me, uploaded by my friends and tagged with my name. They knew who my friends were. They knew what my friends liked. They knew more or less how I would fit into their social network. If they wanted to, they could deduce a lot of information about the person behind the email address. It would have been fairly trivial for them to figure out what school I went to, about how old I am, what political activities I have been involved in, and what advertisers would be most interested in reaching my demographic.

My friends did not ask my permission before giving Facebook all this information about me. Why would they? There is no UI warning, no legal terms, no moral or cultural expectation that they should do so. They just typed in their own email password and clicked “Find Friends”.

Facebook makes money through targeted advertising. They profit from the detailed information that they extract from their extensive social network database. I was part of that database despite my choice not to participate. It’s not too much of a stretch to say that they have been profiting off of me, without my knowledge or consent, using information about me that was given away by my friends, again without my knowledge or consent.

I don’t think that Facebook as a company is doing anything unusual or exceptionally bad. This is pretty much standard practice in the industry. Facebook is in this position simply because they’re the social network with the biggest reach. I’d have the same concerns about any one company, no matter how seemingly benevolent, having this much information about people who chose not to participate (or rather, who thought they were choosing not to participate).

I want to be able to choose what information about myself I make available on the Internet. I want to be able to control how that information is used. And if I make a choice not to participate in an organization or do business with a company, then I don’t want that organization or company storing information about me.

Where do we draw the line between my right to control my data, and the right of other people to exchange information about me? The right of social network developers to innovate?

What do you think?