Sharpen The Pitchforks. It's Almost Time For Facebook's Privacy Wake-Up Call

Yesterday, Facebook released a proposed privacy policy that foreshadowed a bold (and creepy) new feature: some third-party partners are going to be allowed to access and use your Facebook data without any prior consent. Make no mistake — there will be backlash. That’s par for the course for Facebook, which has shown time and time again that it isn’t afraid of a little bad press. But this time could be different: Facebook users may not only object to having their social graphs shared without their permission, they could also finally get a wakeup call as to what the site’s infamous ‘Everyone’ setting really means, as well some of the other unsettling privacy changes Facebook made last December. And things could get ugly.

Imagine what will happen the first time Joe Facebooker visits a third-party site he’s never been to and is greeted by the smiling faces of his friends, his most recent shared updates, and content tailored to his gender, location, and age. There’s a decent chance he’s going to assume something has gone terribly, terribly wrong — maybe he’s been hacked or phished. Or maybe he’ll realize that the privacy wizard he went through last December wasn’t as benign as he thought.

For those that haven’t been keeping score, Facebook’s ‘Everyone’ setting lets users share their content with the entire Internet, which includes search engines and (apparently) third-party sites. It was originally released last June, when it was buried deep in Facebook’s labyrinthine settings, but it wasn’t until December that it was used on a wide scale. The reason for the mass migration toward sharing data with Everyone instead of with just your friends on Facebook? As part of an ostensibly easier-to-use privacy overhaul, Facebook decided to make it the default setting. As part of that same overhaul, Facebook also decided to make data like your friends list, gender, and current city publicly available when it previously wasn’t.

Press, bloggers, and numerous privacy organizations attacked the Trojan horse of a launch as soon as it happened, contending that users were not being properly informed about what this new Everyone option entailed. Facebook’s PR team battled back by saying 35% of users had made changes to their privacy settings during the process, which supposedly implied that they knew what they were doing. A few weeks later, the uproar had dissipated.

Which brings us to today. I’m still firmly of the opinion that the vast majority of Facebook users do not fully understand their privacy settings, nor do they grasp what “Everyone” means in this context. Facebook may have gotten users’ consent, but it certainly wasn’t informed consent. Microsoft researcher Danah Boyd, who studies this sort of thing for a living, has come to the same conclusion: during her keynote at SXSW, Boyd revealed that she’s been asking “non-techie” users what they thought their privacy settings were, and then walked them through what they actually were on the site. Not once have the settings matched the user’s expectations.

So why haven’t Facebook users started unleashing a Beaconesque wave of fury over this? There’s a good chance that they simply have no idea that there’s been a significant change. From a functionality perspective, the Everyone setting changed almost nothing — it’s easier to find content in Facebook Search, and now some of the data is being shared with Google and Bing, but that’s about it. Likewise, the expanded definition of “General Information”, which now includes your social graph, hasn’t had much impact yet either.

That’s going to change with this forthcoming version of Facebook Connect — or whatever Facebook plans to call it — which will apparently give “trusted” partners access to your data as soon as you visit them, whether or not you opted-in to share it. Facebook will be sharing what it calls “General Information”, which includes profile photos, your gender, social graph, and — you guessed it — anything you’ve ever shared using that Everyone option. Facebook hasn’t outlined exactly how it will work, but a spokesman told ReadWriteWeb the following:

“The right way to think about this is not like a new experience but as making the [Facebook] Connect experience even better and more seamless… People love personalized and social experiences and that’s why Facebook and Facebook Connect have been so successful. We think there are some instances where people would benefit from this experience as soon as they arrive on a small number of trusted websites that we pre-approve.”

Facebook is hoping, of course, that users will embrace this — they’ll effectively have a personalized Internet experience that automatically draws from their social graph and demographic information, like age, sex, and location. It could make the web at large smarter and more social, which is actually a pretty exciting idea. Thing is, Facebook is shoving that dream down its users’ throats, and it’s the one deciding which sites are trustworthy enough to swap your data with.

If the inevitable backlash does lead to users raging against the Everyone setting, that could have a major impact on Facebook’s future. For over a year now, the site has been gradually evolving to leverage its data beyond Facebook proper so that it could better compete against Twitter and Google. This, in some senses, will be the moment of truth — will users be okay with sharing their data beyond Facebook’s walled garden, or will they feel like they’ve been duped?