Facebook Email Follow-up

My post about how Facebook altered my displayed email address to one routed to their servers has garnered a certain amount of attention. I just did an interview with NPR for “All Things Considered”, which I think will be broadcast today.

In the interview, I said that one question this raises is “who controls my online presentation of myself – me or Facebook?”

I was led down this line of thinking because I’d recently read an article by one of the pastors of my church, Tim Chester. He has been blogging about Facebook and about the relationship between our online presentations of ourselves and our true identity. Article 2 in the series is particularly relevant:

Celebrity culture pores over the minutiae of the lives of the rich and famous. Facebook, blogs and Twitter allow us all to be celebrities with our lives on show. It blurs the public and the private. The world becomes my audience. On Facebook you do not have a conversation, you have an audience. Your life takes place on a stage and you are your own playwright, creating or recreating yourself through your words.

If this piques your interest, here are links to the entire series, titled “Will You Be My Facebook Friend?”:

Some of the points Tim makes are other reasons (than privacy) that I am not a heavy user of social media.

13 thoughts on “Facebook Email Follow-up

  1. I think you overreacted a bit in your original post, talking about MITM attacks and silently intercepting communications, which makes it sound a lot more serious than it is.

    Because what have they really done? They’ve simply hidden your previous address, and shown an @facebook.com one instead – people might not have noticed it changing, but they’re not exactly hiding the fact that that it’s a Facebook email address being listed. It’s not like they display the old address, but with a mailto link to the Facebook one, or something evil like that…

    • How is this really any different from your second “evil” scenario? Someone finds me on Facebook and wants to email me. They think “Ah, Gerv uses Facebook email; I’ll email him there.” And the email ends up at Facebook, not in my email inbox; I don’t see it, and Facebook gets to data mine it. That’s the problem.

  2. This is actually worse than what you described. This made up email that forwards to my real email was created and displayed even though I had selected DO NOT SHOW MY EMAIL ADDRESS!!!

    • If only it forwarded to your real e-mail address. The problem is it doesn’t.

      I did some tests a few days ago:
      https://www.facebook.com/ottodv/posts/324425214308191

      Not only is the e-mail not forwarded to you and placed instead in a subfolder of your Facebook messages, but also:
      – they don’t send you an e-mail notification either, even when you’ve turned that setting on, and
      – the message count in the Facebook header bar doesn’t show them either.

      So basically you’ve got to dig into your Facebook message, find the “other” subfolder and check to ee if you’ve received any mail on your @facebook.com e-mail address.

  3. I don’t think you can credit yourself for initiating all of those articles. A few things to clarify:

    – Many users didn’t intentionally put their personal e-mail address on show and this change made it so that it was private by default (a good thing).

    – The @facebook.com e-mail addresses have been around for ages (since at least January 2011). Most people just didn’t notice the announcement and additional e-mail address in settings.

    – Anyone e-mailing your @facebook.com e-mail address should realise that Facebook will have access to it and also realise that you have a separate e-mail address. That’s not really a MITM attack since the sender doesn’t think they are sending an e-mail to your private e-mail account, but to your Facebook inbox.

    If I am at work (where Facebook is banned) and I want to send a Facebook friend a link but I don’t know their e-mail address (or I know that they rarely check their e-mails) then I can send them an e-mail to @facebook.com and know that they will probably see it because they check Facebook fairly often.

    • 90% of the articles credit me as being the first person to raise the issue; I don’t think my claim is unreasonable :-)

      I think we need some clarification from Facebook about exactly what change they made in a number of different circumstances before you can be certain that some of the changes were privacy-enhancing. I also think you can’t assume that “most people” don’t know what their profile says. I suspect many Facebook users carefully curate their profiles.

      I am not claiming that it’s wrong for Facebook to provide email addresses, or that they have no use. I’m saying it’s wrong for them to substitute out my chosen one for their one.

  4. (By the way, you don’t need to post my previous comment. That was just a request for correction.)

  5. We’ve been updating names on Facebook to make them consistent across our site. Your name is now 429762Facebook.

    Slap 3 digits on my forehead while you’re at it.