Public by Default

The other day I was talking to my wife about privacy on Facebook – or rather, the lack therein. I can’t remember the specific context, but I was arguing that Facebook being more or less “public by default” isn’t the greatest policy – perhaps good for sharing, bad for privacy. Her take on it was something along the lines of, “Well, if you’re putting something on the Internet, you should realize that it’s going to be public.” Hmm…it’s hard to dispute that, particularly in an online space specifically designed for connecting with other people and sharing things with them. I still had kind of an “ooky” feeling about it, though, so I tried to back it up.

My first thought was to try the Principle of Least Surprise argument. It went something like: You should be able to post something on Facebook with a reasonable expectation that it won’t be blasted out to everyone who happens along – your grandma, your boss, etc. Well, this particular argument didn’t go over so well since “least surprise” for my wife in this case is summed up by “if you put it on the Internet, everyone will be able to see it.” I couldn’t talk her around to the point of view that you should be in control of how private your thoughts and conversations are, regardless of whether you’re on the Internet. It was a little like trying to apply the principle to pulling the pin on a hand grenade and releasing the lever; from her standpoint, you’d be an idiot if you expected not to get blown to smithereens.

So I think my next thought was to try to point out that it needn’t necessarily be that way. “Well, Google+ is ‘private by default’ and only shares your posts with other people that you explicitly include!” I don’t recall what she said specifically at this point – probably “Google+ blows because no one uses it and all of my friends are already on Facebook” (heh) – but even I know that comparing one social networking site to another in order to take the moral high ground on which of them “does it better” is kind of silly. Besides, I don’t have any reasonable way of proving – even to myself – that posts on Google+ are any more or less private than those on Facebook. Oh sure, I could set up two accounts and share things with some circles and not others or what-have-you…but at the end of the day, I have zero assurance that that shit isn’t getting read by folks that I didn’t want to share with. End of story.

Okay…so how about this. Let’s expand this to include anything you put on the web. It may not be entirely fair to extend an argument about social networking sites in this way, but I’m going to do it anyway. We can start off benignly: How about your Netflix viewing habits? They’re on the Internet; should they be public? What about all of the Google searches you’ve ever done. I’d throw out a random guess that for every Google search you do there are (at least) 1,000 machines that end up with a copy of that search and enough information to tie it back to you. That’s fairly “public”, right? So how comfortable would you be if Google had a policy of making those publicly available with your name attached? No? Okay, how about your bank? It’s on the Internet, right? So let’s just let anyone with a cable modem have your account numbers – no big deal, eh?

Okay, I think I’ve probably gone far enough toward the absurd here. Bank websites are clearly not social networking sites and it’s obvious that they must adhere to different standards. But Netflix? Google? Think about it. Think about what movies you’ve watched. Think about how different things would be if every time you searched for something you did so knowing that everyone you know – and even some you don’t know – would see what you’d searched for. Think long and hard about it and then try to tell me your search habits wouldn’t change. That is the problem that I have with “public by default”, and why I do not think I’m wrong in disliking it as a policy.