Facebook simply doesn't have an ethical central core. They've shown over and over that when user privacy or security conflict with facebook's goals, they'll choose facebook over the user. It's always relatively subtle; they strive to only do what they can get away with...but it's always pushing the line, and is never based on trying to do what's right, merely avoiding backlash. Facebook, the company, is kind of a sociopath.
I wish it weren't this way. I have several friends within facebook whom I like and respect, and they produce a lot of great technology. But, I fear facebook having more power than they already have. It can only end badly for the user.
Facebook really needs a "don't be evil" moment, but I suspect it's too late, and I suspect that Zuckerberg simply doesn't think that way.
I don't advertise my company with facebook, for this very reason. I'm sure there are other people out there who feel this way. I spend about $1500 a month with Google, because they're trying not to be evil (even if they fail at the attempt sometimes). Not big money, by any means, but if a few thousand companies are opting to not advertise with facebook because they're kinda evil, it could start to be real money.
> I have several friends within facebook whom I like and respect, and they produce a lot of great technology.
I find this idea interesting. Can an entity like a corporation have a life beyond that which is given to it by its employees? Like the ship of theseus, can you replace all employees and still have a business that "feels" the same?
Of course. Work with any government bureaucracy and you'll notice it pretty quickly. Entire divisions can be filled with good, bright, well-meaning people, yet that division can still churn out crap work product. How is that? An organization's culture and the way incentives are aligned can quickly override any pockets of talented individuals.
It seems obvious, to me, but I guess I'll spell it out:
Facebook wants access to your email so badly that they're willing to steal it. This is, in my opinion, among the worst things they've ever done for user privacy (and security, but mostly privacy in this case), in a long list of subtle, and not-so-subtle tactics.
It also has very real security consequences. The automatic contact list updates for potentially millions of users means that sensitive information is likely flowing into facebook servers as we speak, without users knowing it. Passwords, medical information, company secrets, who knows what else? Someone who trusts facebook enough to use it for social interactions might not trust them enough to know about their medical conditions, proprietary company data, passwords for other sites, etc. Facebook took away that privilege for many people with this change.
All that said, here's what's important: This does nothing good for users, and a few bad things. The fact that facebook made this change, knowing that the vast majority of users were not interested in using facebook email thus far, tells us that facebook thinks first of facebook. Even if there were no privacy or security concerns, what the user wants wasn't even in the equation, when facebook did the math on this.
Why would that sensitive information start flowing to people's @facebook.com email addresses automatically when Facebook changed the email address shown on the site?
Wait, seriously? People are using websites where the password reset emails are being sent from somebody's Droid phone? I think you've gotten a little carried away.
I said nothing about password reset emails. I come from an IT background. I can't even count the number of times I've sent temporary passwords over email to co-workers, customers, etc., including from my phone. If something can be sent via email, it will be, and when the numbers are in the millions...there's a lot of data that people consider private.
Maybe a phone call to communicate a password would be better. Not as convenient of course, but security and convenience don't often go together. That assumes your voice provider isn't recording the call.
Frustrated voice fades in, "Right, capital L. No, slash, not backslash. The one that's leaning to the right. Bottom-left to top-right. By the shift key. On your phone? I'm not sure where it is on your phone's keyboard. Ohh, you got it? Ok, the rest is lowercase..."
Sometimes an email or text is better for everyone. But I always split up the info between two bands. Most info in an email and a SMS for the password. Or just have them change it after they log in.
Sure, sometimes that's what you need to do. But, other times, if you know you're sending to a trusted server, such as your own company server that you manage yourself (or people who are trusted manage), it's deemed acceptable to send passwords via email. The problem here is that facebook has introduced a new vector.
It's low grade evil; but low grade evil multiplied by millions starts looking like more serious evil. Just like low grade incompetence begins to cause serious harm when it is inflicted on millions.
Ever seen sites with the ability to connect via Facebook? It often grants said site(s) with the user's Facebook primary-email. Now all personal emails, including password recoveries, are going through Facebook for said site(s).
I'm having a hard time imagining a scenario where a site would send some information via email but that same information would not be available to anyone logging in via the web interface. But whatever.
You seem to lack imagination when it comes to nefarious deeds, which is fine; unfortunately, facebook does not lack imagination in this area (and in fact, one could argue this is a core belief at facebook, since it was founded upon a hacking incident wherein Zuckerberg borrowed student data).
They desperately want your email...they don't want it because it's cool to be an email provider. They want it because they intend to use it. The point isn't what specific piece of data they'll get from it (though passwords will be among that data--as a mail server administrator of 15+ years I can assure you of that); the point is that it's simply evil for them to interject their servers into the path via deceptive means.
I wish it weren't this way. I have several friends within facebook whom I like and respect, and they produce a lot of great technology. But, I fear facebook having more power than they already have. It can only end badly for the user.
Facebook really needs a "don't be evil" moment, but I suspect it's too late, and I suspect that Zuckerberg simply doesn't think that way.