As I mentioned a few days ago, the task of standardising identity on the web is a huge one:
...this is complex and requires a lot of organisation. It unfortunately takes someone with the size and power of Google or facebook to be able to pull it off.
The problem with any such initiative is that it needs the backing both from site owners and the end consumer. An established company such as facebook already has a high number of users so, while they may not all agree with the changes, a decent rate of uptake should be pretty easy to achieve. The question then becomes should it be an opt-in or opt-out system and four US Senators have even written to facebook to demand that the open graph implementation should indeed be changed to opt-in.
The interesting point here is not that the Senators consider the system as an invasion of privacy as of itself but that "users have less control over private information, and it was done without the users' permission" and, therefore, once you have agreed to using it that there is not a problem.
Facebook, obviously, disagree and consider the behaviour to be fine as it is and you can see their point of view; it is only natural that they are going to want as many people as possible using the new tools or it will be a waste of time developing them. The aim here is to become the 'de facto' standard for web identification which will not happen if no-one enables it.
The position is different for web sites: as it's base level the site merely adds the social plugins of their choice - many are already using facebook connect to manage logins; the problems occur when the site owner is also a facebook user and is concerned over the privacy issues. The benefits of having your site given, essentially, free advertising on facebook are immense but, as Steven Hodson points out, those site owners who are worried about the open graph could be effectively held to ransom over whether they install the plugins or not. The promise of the potential extra traffic a site may receive "is huge and that is very hard to turn away from". This is a dog-eat-dog world and people will do just about everything they can to get an advantage over their competitors. It may not win me any friends but I have added the like button as I feel it can be of benefit.
The biggest issue with anything like this is communication. The open graph protocol was announced at the f8 developers conference and immediately implemented - perhaps there should have been a bigger lead in time and more communication detailing the changes provided directly to the end user. Personally, I do not have an issue with the opt-out nature as I am able to make an informed decision but your average facebook user does not read the same sites and, as such, is not aware of many of the issues.
Hindsight is a wonderful thing and maybe facebook could have handled this differently. By all means have the new functionality as opt-out but on the proviso that the user receive the choice as to whether to allow this functionality before they are able to continue using the service - perhaps a landing page giving all the necessary information which requires a user action before it will let you get to the normal facebook page. Changes of this magnitude warrant something like this.
Their is still a great deal of naivety over what the changes entail and how it all works. For example, I have seen comments such as not being able to log in to facebook because it is blocked (because of the country they are in) and then presuming that personal data will just be shared - this type of ignorance needs to be addressed by facebook and fast.
There also appears to be a deal of hypocrisy and belligerence surrounding the whole affair. Bloggers claiming that open graph is the root of all evil then proceeding to add the plugins to their site and statements such as "I see a “Like” Button: I leave the site." serve no purpose.
Duty of care
The age old maxim "you get what you pay for" can often be applied to web services but with something as wide reaching, and with such huge implications, as open graph facebook have a duty of care to their customers to protect their personal data from misuse and abuse beyond anything that may be laid down by data protection legislation. Facebook are now firmly under the microscope so must tread very carefully and ensure they make the right decisions or face the wrath of user, providers and the Senate alike.
Image by j / f /photos