Face Recognition & Facebook's Recurring Privacy Problem

Facebook has a problem with privacy--but it makes sense.

Once again, Facebook has messed with users' privacy in the name of a new feature.

The latest controversy is over Facebook facial recognition, which can automatically tag friends in photos just by matching the image to a massive database of faces.

Face recognition is a useful, time-saving feature -- at least when it works. But it's also a creepy addition to Facebook that opts you in automatically. As my colleague Sarah Jacobsson Purewal reported, you can only opt out of getting automatically tagged by friends. The database can still technically match your name to your face.

Therein lies Facebook's big dilemma, the one that comes up time after time, with each new change to the site that demands more of users' personal information: Yes, letting users opt-in to new features would be a more respectful approach. But because Facebook is inherently social -- that is, it relies on the participation of many users -- opt-in is much trickier to pull off. In some cases, it's just impractical.

Take, for example, the "instant personalization" feature introduced last year. This allows partnering Websites to use and display information from your public Facebook profile, and from your friends' public profiles. For example, if you write user reviews on Rotten Tomatoes or Yelp, your friends can see those reviews when they visit the site, provided they're logged into Facebook. Had Facebook made this feature opt-in instead of opt-out, most people wouldn't have bothered. That would defeat the purpose of personalization, which relies on having lots of recommendations from people you know.

A simpler example is Facebook's broader attitude toward public vs. private information. In late 2009, Facebook made changes to its privacy settings to put an emphasis on "everyone," so that users would share their status updates with the entire Internet by default. In making this change, Facebook was trying to be more like Twitter -- a massive, ongoing, public conversation between lots of people, regardless of whether they're friends or strangers. I like Twitter, and I understand by Facebook would want to make this change. But again, it only works if a critical mass of people are participating. That's why the "Everyone" option for status updates is opt-out, rather than opt-in.

With facial recognition, Facebook faces the same dilemma. Facebook could give people the choice to opt in to its photo recognition database, but then how many people would bother? The whole point of Facebook facial recognition is to tag all of your friends in a photo without any manual work. If most of your friends aren't participating, the feature is worthless.

I'm not defending Facebook's actions, but I understand why the site behaves the way it does. As long as Facebook introduces new features, there will be new privacy snafus. Facial recognition wasn't the first, and won't be the last.

Follow Jared on Facebook and Twitter for even more tech news and commentary.

Join the CSO newsletter!

Error: Please check your email address.

Tags Internet-based applications and servicesprivacyinternetFacebooksocial mediaonline privacysecurity

More about FacebookNewman

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Jared Newman

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place