Web Sites Let Others See Users' Personal Data
Journal, Wall Street, Tribune-Review/Pittsburgh Tribune-Review
In November, users of social-networking site Facebook Inc. started seeing updates on what their friends had bought online. Last month, users of a Google Inc. news service began receiving lists of articles their friends and acquaintances had read online. And earlier this month, Sears Holdings Corp. let people type anyone's name, phone number and address on a Web site to learn about their Sears purchases.
All three examples have one thing in common: The companies allowed Web users to access personal information about other people they know -- sometimes without the knowledge of those people.
Online-privacy debates used to center on how Web sites share their users' information with the government, advertisers or complete strangers. But in recent months, a new question has emerged: How much should your friends and acquaintances really know about you?
Internet-privacy experts, and in some cases the users themselves, are demanding more controls on how information is shared with so- called friends. Web sites, in turn, are taking steps to make it easier for users to change their privacy settings and determine exactly which friends see what information.
The data-sharing issues grow as more companies take a page from popular social-networking sites like MySpace and Facebook that let their users create pages full of details like where they live and work, who they are dating, and what their weekend plans are. People can share that information with other people by adding them as "friends," a term usually taken to describe anyone they know. As that idea has caught on, Internet companies have taken it further. If people like sharing basic information, the thinking goes, they'll love sharing even more particulars -- like their shopping and reading habits.
"These companies think, 'Oh, neat, look what we can do,' but some consumers respond by saying, 'Wait, we didn't want you to do that,"' says Lillie Coney, associate director of the Washington-based Electronic Privacy Information Center.
For consumers, there is no silver bullet to solving these privacy issues because each Web site shares information differently. So right now the onus is on individuals to protect themselves by painstakingly visiting each site to change their settings.
Facebook in November introduced a marketing program called Beacon to keep their users on the site longer. In this feature, Overstock.com Inc., Fandango Inc. and dozens of other companies agreed to notify Facebook every time one of its users made a purchase on one of their sites. In turn, Facebook began notifying those users' friends of the purchases.
Rachel Hundley, a law student in Chapel Hill, N.C., experienced this firsthand. After the 24-year-old bought a dress and some shoes on online retailer Overstock, the online retailer notified Facebook of the purchase. Facebook in turn sent a message telling several of Hundley's friends about it. The next day, a friend commented on her "cute dress." Hundley says she was "disgusted" by the experience, saying she wanted more control over how her information was shared.
When she tried to fix the situation, she faced hurdles. She first checked a box on Facebook asking the site never to tell her friends about her Overstock purchases. But when she later looked over her privacy settings, she realized she also needed to check a separate box to keep the Web site from telling her friends about activities on other sites outside of Facebook.
Responding to criticism from Hundley and others, Facebook changed its privacy settings in December, making it easier to opt out of the program altogether. Still, because of the backlash, Overstock.com pulled out of the arrangement, although other retailers remain.
Jennifer King, a privacy researcher at the University of California at Berkeley, suggests several privacy-strengthening steps for people who use services like e-mail, photo-sharing and social- networking sites that allow users to create lists of "friends. …