Privacy, permission, and opting out

Ear­li­er today I got an update noti­fi­ca­tion for the Face­book app for Android, and to install the update I had to agree to some new per­mis­sions:BcFRREcIAAA9tvW.jpg_large

The thing is, I don’t agree to those new per­mis­sions. So I tweet­ed this:

Looks like this new update to Face­book for Android means it’s time to unin­stall the app.

It seemed to hit a pop­u­lar nerve and got retweet­ed a hand­ful of times, but then I start­ed to get peo­ple telling me I was in error or hav­ing a knee-jerk reac­tion. Twitter’s 140 char­ac­ters are great for short bites but some­what lack­ing in con­text, so I thought I’d (hasti­ly) put togeth­er this expla­na­tion.

I don’t believe that my per­son­al data should be a con­di­tion for installing an app. I believe that when an app or ser­vice wants my data, it’s enter­ing into an exchange with me. For me to be hap­py with the exchange, I need a sat­is­fac­to­ry answer to these three ques­tions:

  1. For what pur­pose do you want my data?
  2. What do I get in return?
  3. How can I get my data delet­ed if I change my mind?

In my opin­ion, Facebook’s expla­na­tions aren’t sat­is­fac­to­ry. In the case of SMS per­mis­sions, they give the exam­ple of using SMS con­fir­ma­tion codes for autho­ri­sa­tion. This is a rea­son­able exam­ple, but the word­ing is clear that it is only an exam­ple of what they require the per­mis­sion for.

That caus­es what is, to me, an unac­cept­able ambi­gu­i­ty: a per­mis­sion may be grant­ed for a use I deem rea­son­able now, but once grant­ed it doesn’t have to be request­ed again for a rea­son which I may find unrea­son­able.

Per­haps it doesn’t mean that, and maybe I’m being para­noid, or unchar­i­ta­ble, or think­ing the worst, but to be hon­est, I’m a very light Face­book user and I don’t need the has­sle of work­ing out whether that’s the case or not.

So I don’t agree with the lat­est per­mis­sion requests, and as they’re not option­al requests I took the only course of action open to me and unin­stalled the app. I’m not think­ing about ter­mi­nat­ing my Face­book account, I can avoid the per­mis­sions issue by using the mobile web­site instead, so I will.

If Android had an option­al per­mis­sions mod­el, or if there were def­i­nite guar­an­tees from Face­book about what these per­mis­sions were required for, this would have all passed with­out inci­dent.

There are, of course, much big­ger con­ver­sa­tions being held about per­son­al data and pri­va­cy, but it’s almost Christ­mas and I should stop writ­ing this.