I agree that this is appalling behaviour from Facebook, but how anyone could give a third party website access to their Google Mail account is beyond me.
This isn't just any third-party site though - it's Facebook, the company people already entrust with their personal/private data.
I think this situation is like giving a friend your house keys while on vacation. You'd expect your friend to feed the dog, water the plants, and then lock up. Facebook is the friend that also takes the opportunity to rifle through your desk.
I had a friend sign up recently, and didn't realize what was happening, he thought it was that gmail and facebook were working together. That surprised him, but not as much as me explaining that he had effectively just been phished.
I don't think the point of the article is to explain how to prevent malicious use of your private data, the point is that a big public company like Facebook should not be doing certain stuff with the data it mines.
If you give Facebook your ssh password, there are much bigger problems than "Facebook shouldn't do such-and-such with the information it gets" - and those problems are not with Facebook. Same goes for any other password that you want to actually protect something.
If you give up your password just because a stranger asks you nicely, whatever happens is your problem, imho.
Nobody is talking about giving away ssh passwords: this is about a tool that Facebook has provides that helps you find friends that are already in your (Gmail) address book. Heck, just 3 posts above the OP says that he even temporarily changed his Gmail password.
The problem being described is a shady side-feature of this tool, where it apparantly stores all your contacts in your address book, even the ones not on Facebook, and when one of those email addresses ever pop up in the future, it is being re-used again. That isn't really nice if you're not up-front about it.
And you can't compare Facebook with a stranger in this context, it's a big company with a public image to maintain.
Giving your password to anyone is a problem (and probably violates the TOS of the passworded site, do people and services think about that?), but it's not the problem being raised here.
"If you give up your password just because a stranger asks you nicely, whatever happens is your problem, imho."
The problem being raised here has nothing to do with giving up a password. FB no longer has the OP's password, and cannot do anything password-related. The OP making a mistake does not give FB a free pass to do anything else it likes.
However FB got the OP's contact list, they're using it in a way that goes beyond what he understood they would use it for. That's a problem. And there's nothing you can do about it. Privacy statements are a joke, they're written in a way that gives the service maximum flexibility, they're long and inconvenient, and services will ignore them and then change them when it suits them. Privacy statement violations are likely ongoing as we speak, in every service of note. They will assume the wiggle room in the present, and brush off the challenges when necessary.
You should assume that any data you give to any entity will be used in ways that you did not consider and that may surprise or disturb you. By entity I include the entire spectrum from friend (low risk, except insofar as they save your data on a higher risk service) to corporation and government (high risk).
The more money a corporation makes from data, the more likely they are to spend the resources to use your data in creative and long-lived ways.
Then add in a corporation's parent/child companies and business partners ("... and our affiliates ..."), and business sales, and there's no way that you will ever be able to track or control your data.
The OP's problem was not giving up a temporary password, it was giving up data and expecting that it would only be used in the way he assumed. Even if he read the TOS he may not have been able to predict this, and there are additional surprising and creative violations of individuals' expectations of privacy waiting to be thought of; at best those violations might be tailored to the privacy statement in effect at the time, regardless of what the privacy statement may have said when you signed up ("... we may from time to time change these policies, and it's on your head to keep up ...").
"I'm guessing that what happened here is that these people have my email address in their address book."
I don't think this is necessarily true. In my experience most of these suggestions have come from friend-of-friend commonality. For example, two of the people you are friends with on Facebook are also friends with these people, so Facebook thinks you know them.
Even if your thoughts on what happened in this case are correct, this kind of connection making, social graph building utilities if you will, are so fundamental to the purpose of Facebook that your objection seems odd to me. This kind of stuff is exactly why many people join.
I would think you were right if it were not for the fact that the email was sent to an email address that I have not registered with Facebook. That means that they can't have identified my Facebook profile and must have been going off on the presence the email address used in the address books of those people in the email.
No, Facebook definitely looks into email addresses from address books to make suggestions. I know because Facebook has made suggestions of people I have no common friend-of-friends with.
The only interaction I had with them was via email (mostly for work-related questions).
Even then, if you can reach the transitive closure of your friends, (and vice versa), then your profile is just as public as a personal web page. Unfortunately, Facebook strongly suggests otherwise (you are supposed to connect with "friends", and external links arbour big warnings flags about privacy on the scary open web). I think this mere mismatch is creepy by itself.
Facebook allows me to see pictures of people who are not in my friend list, but which are commented by any of my friends...I can their complete album even if only one pic is commented by any of my friends...How is that for privacy ? Any thing more private than your pics...
I've always assumed that a part of what Import your friends from your email! did was exactly what you describe - try to invite the non-Facebook users in your address book to Facebook.
This is one of the reasons why I would have never thought of trying to import my email account's address book.
A colleague of mine pretty much came unglued when LinkedIn came up with friend links he did not supply (he had not used the address book surfing feature). He actually contacted a rep and had a back and forth argument: "You opened my address book without my permission," "No, we did not."
I'm fairly sure that people are not thinking through the ramifications of giving _anyone_ else _any_ data online. This seems to be a similar learning curve as those who are finding their offline shenanigans haunting them later in online life.
And it seems quite a business opportunity to offer "reputation clean-up" services, maybe similar to the "credit clean-up" services existing now.
I am aware of an instance of a non-refundable charge of $1200.00 and the reply of "there is nothing we can do in your case."
I refused to get on FB for years because their privacy policy was so awful (I eventually relented). It's always been one of the worst privacy policies around, which is saying something.
I don't want to be the pedant who says "you should have read the privacy policy before you signed up," but you should just assume that any site like this is going to do all sorts of shady things with any information you provide, until you find evidence to the contrary. This kind of paranoia is absolutely called for on the web.
I'm quite impressed by Facebook's friends suggestions, I discovered a lot of friends thanks to it.
I'm not sure he received this suggestions solely on his emails contacts as I haven't allowed Facebook to access my email contacts and I could find most of them in my suggestions anyway.
I suspect that they also log when you view someone's profile and use this metric to offer better recommendations.
Anyone know more about how it works and what data they use ?
I'm perfectly with fine with Facebook recommending new friends based on their social graph - it's an entire other story when this involves snooping through people's emails.
Truth be told, you loved Porky's Revenge, but you'd prefer that your five-star rating stay between you and Netflix. But those situations are rare and getting rarer.
I'm sorry? Are situations requiring privacy getting rarer? I hope you can back that up with some kind of numbers, Slate.
