Facebook users are expressing strong disapproval of proposed privacy changes that will let the site share some user information with third-party Web sites and applications.
Under Facebook's current rules you're asked first if you want to share information (your name, photos and friends list) with third-party sites. The proposed policy, which Facebook hasn't implemented yet, would bypass asking you for approval when visiting some sites and applications Facebook has business relationships with, sharing limited personal information automatically.
In other words, if Facebook deems a Web site or application trustworthy, it'll immediately grab your information when you visit or use it, provided you're logged into Facebook when that happens. Users will be able to opt-out, but it's not clear if this would happen on a user's settings page or by some other means. Facebook didn't get into specifics on when these changes will be made, why they're happening now or which sites will be participating.
Right now, there are more than 900 comments on the blog post in which Facebook Deputy General Counsel Michael Richter announced the proposed changes. Most of them are negative (though more than 2000 people "like" the blog post itself). Users are particularly angry that the third-party data sharing is opt-out, meaning users will take part by default.
"Don't be evil," Scott Allan Wallick wrote. "Or if you do have to be evil, at least make the evil opt in and not the other way around."
"Has Facebook compared the projected revenue gained from this proposed change to the projected revenue *lost* by the number of users (including myself) that will be driven away?" wrote Nick Williams.
"Why isn't opt-in the default for all public disclosure of information? The next time Facebook changes its policy from opt-in to opt-out, I'll be gone," wrote David Jasinski.
Facebook users are understandably sensitive about what the site does with their personal data. In 2007, the site got into hot water over Beacon, which logged user activity on third-party sites even when they weren't logged into Facebook, and optionally published that activity to users' profiles. That resulted in a $9.5 million lawsuit settlement last December. This proposal differs from Beacon in that the user must be logged into Facebook to share data, and there's no indication that Facebook will log or publish what you do on those sites.
Facebook also retooled user privacy settings in December in hopes that people would make parts of their profiles public. That effort backfired when users realized their friends lists were made public even when the rest of their profiles were not, causing Facebook to relent and tweak its settings.
If anything, those past examples show that Facebook is willing to bend on privacy when its users get mad enough. Keep in mind that the changes announced by Richter aren't in effect, and the announcement itself was meant to spur feedback from users. Maybe the overwhelming negativity will prompt even more backpedaling from the behemoth of social networking.