Is Facebook Ready To Face The Music?

On today’s Gillmor Gang recording, Marc Canter frequently alluded to a Facebook announcement next Wednesday, July 23rd at its F8 platform conference in San Francisco, about their new thinking on the privacy of user-contributed data. While Canter is under NDA until the 23rd, this clearly is the much-promised and answer-avoided response to Facebook’s denial of service attack on Google’s Friend Connect gambit, where Google harnessed OpenID, Oauth, and Open Social to help users access their data from social platforms.

Facebook has a solution for solving the problem of having a container receive and store profile data while still respecting Facebook’s privacy controls. MySpace, says Canter, does not allow such a capability. Further, he hopes Google will do whatever it needs to to access these bits according to Facebook’s new rules, therefore cracking open the flow of profile data between Facebook and the Open Social alliance.

Though we don’t know the details of the Facebook strategy, it’s already apparent that Google has succeeded in smoking Facebook out of its bunker. It’s instructive to see how Google responded to a similar challenge to its social media plans, the misuse of Gmail’s contacts list for exposing Google Reader shared feeds to unexpected view.

We’ve strongly criticized this reverse engineering of unrelated social data into a social media fabric for months, but it was only recently that Google responded with a series of conversations to identify whether in fact there was a problem, and if so, what to do about it. Today comes official word of a change in how Gmail’s Contact Manager handles auto-updating of contacts.

Previously, Gmail added contacts by one of 4 methods: Manual entry, importing, synching, and algorithmically when a current threshold of five or more emails to the same address is reached. This was seen as a helpful feature by adding frequently emailed recipients to auto-complete, where typing the first few letters of a name produced a list with the best match highlighted for entering with a single keystroke.

Unfortunately, when Google rolled out its new UI for Google Reader several months ago, it automatically included a list of shared RSS items from what Google deemed friends, in this case including people who you might have emailed 5 times but might not be interested in exposing shared items that, though meant to be shared, were only public to those with whom you shared an unguessable URL. The only way to remove this visibility was a draconian delete of the friend’s contact record or even worse, taking down the entire shared feed. Those of us who have been using shared items for years would lose all of the data in the process.

Google has made no change to the default settings for Contact auto-creation, but instead have separated contacts into two buckets: My Contacts and Suggested Contacts.

Suggested Contacts is where Gmail puts its auto-created contacts. By default, Suggested Contacts you email frequently are automatically added to My Contacts, but for those of you who prefer tighter control of your address books, you can choose to disable usage-based addition of contacts to My Contacts (see the checkbox in the screenshot above). Once you do this, no matter how many times you email an auto-added email address it won’t move to My Contacts.

This doesn’t provide any kind of granular control over who you might want to cull from the shared items group (hopefully that will be addressed next), but at least you can move those previously added automatically to just the Suggested list. Auto-complete still works, and a way is provided to move people off Suggested and into the My Contact list.

In so doing, Google provides tools that return the user to being in charge, something that not only empowers the user but sends a loud message about how to manage perceived or accidental violations of the implicit user contract with cloud services. Contrast that with Facebook’s stance to date: supply an API for developers to access user-contributed data on behalf of the user, then change the rules and block services that follow those rules because of unanticipated business considerations. The fact that Facebook hides behind a concern for guarding user privacy is both insulting and a hole they have to dig out of on the 23rd. We’re looking forward to it.