American in Spain

Trust and Passwords on the Social Web

December 2, 2014

Trust FallAs part of a sermon about being vulnerable, one of my Facebook friends, who is a religious leader of some capacity, has decided to give out his Facebook password... live on the radio. Of course this is strictly prohibited by Facebook's Terms of Service, which states:

4.8) You will not share your password (or in the case of developers, your secret key), let anyone else access your account, or do anything else that might jeopardize the security of your account.

Clearly this is intended as a hip new version of that old team-building exercise of letting yourself fall backwards and be caught by a group of your peers. It's also an expression of trust of the community and of Humanity in general, like leaving your house unlocked. Anyone involved with computers and security will, of course, tell you that that this is a really stupid stunt, just as anyone in the home security industry will tell you that telling everyone that you leave your house unlocked is just asking for trouble.

To my friend's mind, the worst case scenario is that someone malicious comes in and deletes his posts or posts spammy crap to his timeline, annoying his friends, in which case my friend (who somehow still thinks he will have control over the account) will go in and delete the account, start a new one, and contact all his 990 friends to re-friend him with the new account.

What both he and I think will happen is absolutely nothing, mostly because of Humanity's apathy than its kindness. A simple thought experiment using an account of higher importance, like that of a celebrity, is all that is needed to show where the balance lies.

The irony about his effort is that he is encouraging people to be more vulnerable and trust in others by betraying his friends' trust. Your Facebook account is not just about you. Giving someone access to your Facebook account is giving them access to information about your friends that your friends, potentially, had entrusted specifically to you.

Your Facebook account is not just about you.

I would love to know the actual numbers, but I might optimistically guess that, despite Facebook's attempts lately to do account security checks, 40% of Facebook users have overridden the default settings that make everything they post public to the world, and have set it to the only reasonable setting to only show their posts to the small subset of Humanity that they have marked as friends on the worlds largest social networking platform. Most of my online acquaintances have restricted access to their posts.

Obviously if there is a secret that you really, really need kept, don't go putting it on Facebook, but the network works as well as it does because there is this base assumption of trust. Just as in meatspace when you talk to a friend, there's no guarantee that the other person isn't feeding information of your whereabouts to a serial killer or your ex-husband against whom you had to file a restraining order, but there is an established level of trust either one-to-one or one-to-finite-approved-group communication. The same is true on Facebook.

Personally, I'm somewhat of an anti-example of this, as I, much to the horror of some of my friends and family, post stuff about my children publicly on my blog, but I have definitely said things in private online social media that I would not dare say in a television or radio interview. I understand privacy and I very highly respect that of my friends and family and even of strangers. It is a huge privilege to be able to live this openly; I have friends online that would be in physical danger, from bad people in their past, if I were to broadcast their location publicly.

Facebook ExclamationThere are tons of articles – try googling "Should I friend my boss?" – about how to best choose where to draw those lines, and there's a news story every month about someone getting fired for posting stuff about how much "this job sucks". The rise of services like Snapchat demonstrates our desire for more intimacy enabled by more privacy. Some people are very strict (and boring) about what they put online, and others are more willing to rely on the privacy provided by such social networks to open up a bit more.

My friend cannot know which of his 990 friends have posted photos of their children, or of their drunken partying, or of their religious or political beliefs, that they posted with a specific implicit trust that it was only going to be seen by people that they personally know and have chosen to be in their circle of trust. By releasing his password, he is showing all of those people that he is not to be trusted with such intimate details of their lives.

What a great way to teach people not to let themselves be more vulnerable.

UPDATE: He actually did it. I admit to logging in to verify that he really did it. Some of his other friends did too, changing his profile picture and relationship status and adding some silly life events, but that was about it. After about ten minutes, my friend took control back, either because no one changed his password or via Facebook's well trodden "Oh noes! Somebody guessed my password!" security steps. So in the end, it was a bit like someone who walked on a skyscraper ledge just for the thrill of it. Nothing happened, but it was still a stupid thing to do. However, it did make me think about these issues, and for that I'm grateful.