As I have mentioned before, Facebook put images, rather than text, of email addresses in Facebook profiles. They suggest this is a privacy-enhancing measure, but given that it’s fairly easy for someone with nefarious intent to circumvent it, it’s quite clearly done to encourage your average person to use mechanisms within Facebook to communicate, rather than normal email. Chris Finke wrote the Image-to-Email extension to turn the images back into HTML clickable links.
Now, Facebook have sent him a cease-and-desist regarding Facebook Image-to-Email (and another extension of his). According to Chris, their stance is that both extensions violated the section of the TOS which says “you shall not use automated scripts to collect information from or otherwise interact with the Service or the Site”.
For Image-to-Email, at least, this is wrong in two ways:
1) The extension doesn’t violate the section of the TOS they claim it does
2) The extension is not a threat to user privacy
1) This extension cannot count as an “automated script”, unless a web browser counts as an “automated script”. A web browser takes the HTML that Facebook sends to a user and, instead of displaying it as plain text, renders it in a different way which is more visually pleasing and easier to read and interact with. Facebook Image-to-Email takes an image Facebook sends to a user and, instead of displaying it as an image, renders it in a different way which is also easier to interact with. Both tools do exactly the same job; you cannot prohibit one without prohibiting the other.
Image-to-Email doesn’t follow links, walk your social graph or any of the other things that might cause it to be labelled “automated”.
2) Facebook Image-to-Email saves people having to retype email addresses in order to email their Facebook friends. This cannot be a threat to privacy because any email address I could use it on, I could already see. There is no way I can use it to access email addresses I don’t already have access to.
Facebook should come clean and admit their real reason for threatening Chris (“We will be forced to become more formal… Hopefully you won’t choose that path”) is to maintain platform lock-in.
Can they not spin it as being an accessibility aid?
Gerv, I’m being lazy in not checking Facebook but if they provide alt text with the image you could harvest that. If they don’t that is an accessibility violation and anyone using a screen reader will either not have any access to the email address or will have to use the facebook mail system. Mind you I have no idea how accessible the rest of the site is. Perhaps someone at http://www.mozilla.org/access/ could comment?
As a “non-facebook” user or member I found several elements of this issue curious or “interesting” – if not an aggravation.
1. I find no problems with “generation” of a “tool” to convert information contained in a “graphic image” to another “format” – say a text file. I wish it (a comparable utility) was more available in that browsers would enable me to convert text contained in graphic images to a “notepad” format so I do not have to waste time “re-typing” information embedded within graphic images into other formats.
2. If Facebook does not want the “e-mail” address to be accessible – remove it from the image. Does it “have” to be there?
Possibly this is something the user or “member” controls or can or should control as part of their profile…
Thought to check it and find that in the privacy statement on the Facebook site they state:
“Facebook follows two core principles:
1. You should have control over your personal information.
Facebook helps you share information with your friends and people around you. You choose what information you put in your profile, including contact and personal information, pictures, interests and groups you join. And you control the users with whom you share that information through the privacy settings on the My Privacy page………………”
So I tried to view or review the controls of the “My Privacy” policy for the site but cannot – I would have to join first……..
So let me get this straight…….Facebook requires that I reveal my “personal information” and agree to their “policies” before I “get to review” what control I have over my personal information – some of which I have to supply to access the policy I wish to review.
Sorry but that is a “non-starter” in my view. I have to reveal “private” information before I “get” to review what controls I have over this information. Reminds me of some of the scams I get daily supposedly from Nigeria and other “locales”.
3. Am I to understand that legal counsel for Facebook communicates to this individual via e-mail but does not provide in that communication or on their stationary a “return” address using the “same medium” – possibly the image is an edited or truncated version of the original – if not……seems a bit “disingenuous” to me. Doesn’t the legal counsel for this “Company” know that on the internet the “primary” means to share information between individuals is via, e-mail, web pages, or a joint (aka – community forum) – none of which that “communication” seems to contain or offer.
As stated before, I have not and do not use “Facebook” but can honestly state any opinion I may have had of that venue and that “Company” has plummeted from this “event” – which again – should have been a “non-starter” for Facebook to be concerned with in the first place.
SteveLee: It is true that screen-readers cannot access e-mail addresses on Facebook. I brought up that exact point with Facebook the first time they contacted me, and this was their (non) response:
“All I can say is that there is an effort to make the site more accessible but only through ways that continue to safeguard user privacy.”
In other words, blind users can use Facebook, but they can’t access their friends’ e-mail addresses. I’m surprised that they haven’t been challenged yet by someone affiliated with the ADA.
So, does anyone know how this violates user privacy? I’d have to agree with Gerv here in thinking it doesn’t – was there any email conversation on the matter? I don’t really understand how they are able to claim that it does, but I’m wondering if they can back that assertion up with facts or not.
Yeah Gijs, all a I can think of is that they mean they have the rather misguided idea that an image is less prone to bot harvesting than the text (and Chris has shown how tenuous that is if not using a full blown captcha).
They could always use entities rather than the actual letters which is a little more obscure. But then whatever you do will probably get circumvented eventually. I gave up and just let gmail filter the spam these days (currently 61K messages in spam folder).
So how are privacy and accessibility in conflict? Thinking ‘I want it on the web but only usable for good purposes by the nice guys’ will lead to the wearing of a tin hat. It’s a sad state of affairs I know but probably a fact of ‘the fall’.
Seems Facebook may have had some even bigger issues that they should have been concerned with:
“Security Lapse Exposes Facebook Photos”