Zuck. (Photo: scrapetv.com)

Bad news for anyone paranoid about what Facebook might do with his data: VentureBeat reports that as of January 16, Instagram and Facebook will begin sharing information. Resistance is futile; your data will be assimilated. "We’ve learned that by being able to share insights and information with each other, we can build better experiences for our users," writes the company in an update of its privacy policy and terms of service.

Guess what that means! All the data points you're generating with your use of Instagram are now available for Facebook to use in whatever it's up to these days. 

Perhaps with Facebook's long history of privacy-related stumbles in mind, Instagram is treading very carefully. For example:

We want to make sure you understand that you still have control over who sees your photos. You still get to choose who can see your Instagram photos, and you still get to choose whether you post your photos on Facebook.

Implied: "So don't flip shit on us, okay?" You're not going to end up with a unified profile or some such. And in a blog post announcing the move, Instagram also added:

"Our updated terms of service help protect you, and prevent spam and abuse as we grow."

However, the update does also explicitly state that information gathered might be used to "provide personalized content and information to you and others, which could include online ads or other forms of marketing." And, remember, both services have access to the data.

We can't wait for the day when an Instagram snapshot of an espresso is followed by Facebook ads for espresso makers.

Meanwhile, let's take a look at their terms of service, shall we? Or, as photographer Clayton Cubitt is calling it, Instagram's "suicide note":

Some of the Instagram Services are supported by advertising revenue and may display advertisements and promotions, and you hereby agree that Instagram may place such advertising and promotions on the Instagram Services or on, about, or in conjunction with your Content. The manner, mode and extent of such advertising and promotions are subject to change without specific notice to you.

Emphasis ours. Insert obligatory reference to the fact that if you're not the paying customer, you're the product [here].

The Borg shows no mercy.

Mr. Schrage (facebook.com)

Following its botched IPO and site downtime, Facebook is making an effort to redeem itself with another global site governance vote, this time on changes to its statement of rights and responsibilities and data usage policies. The site solicited user feedback to the proposed changes back in March, and is now putting the changes up to a Facebook-wide vote.

Elliot Schrage, Facebook's VP of communications wrote:

We proposed changes to these documents to, among other things, improve them by adding examples and detailed explanations to help you better understand our policies and practices, comply with the law, incorporate feedback from regulators and individuals like you and reflect the addition of new products and services like Facebook Timeline....Today we are posting the proposed revised versions of both documents and asking you to join our second global site governance vote.

The vote is an effort by Facebook to be "a more transparent, accountable and responsive service provider for our users," which is very commendable. If only all Facebook changes could be open to a democratic vote! Our bet is that few users will vote and most will still complain about the changes, but such is the way of the Internet.

Voting opened this morning and will end on June 8th at 9am PDT.

Ms. Falque-Pierrotin (cnil.fr)

Mere weeks after being slapped with a $25,000 fine from America's own F.C.C., Google is antagonizing yet another government body with its tight-lipped, unhelpful responses.

All Things D reports that France's C.N.I.L., the data protection organization investigating the company's privacy policies on behalf of the EU, is none too pleased with the company right now. Whatever answers Google does provide are often "incomplete or approximate," and that simply won't do.

The C.N.I.L. sent Google a questionaire back in March; the company returned the questionaire in April. Representatives from the two organizations have also met in person. And yet, the French still don't have the information they want. And so now C.N.I.L. head Isabelle Falque-Pierrotin has taken to the Internet with a chiding public letter for CEO Larry Page. She writes: 

"For a large number of questions, the elements provided do not give a precise, clear and comprehensive response to our questions. While in some cases the questions themselves may have been misunderstood or not clearly expressed, many answers merely provide illustrative examples without describing the exact [processes], procedures or systems Google actually operates.”

Oh, and she's not done yet:

"The fact that Google's position on personal data processings is still unclear on many points after an in-depth exchange with the CNIL raises additional concerns about Google's adequate information of its users."

Translation: The fact we still don't get how you handle user data leads us to suspect shadiness.

via instartupland.com

Well Forbes privacy reporter Kashmir Hill certainly showed her detractors! Earlier this week, Ms. Hill was taken to task for the fauxtroversy of getting pageviews for generously quoting from--and repeatedly linking to!--a New York Times magazine article about how companies like Target track personal data based on what you buy, an important piece of work in her area of expertise. We believe that practice is called blo-gging? But a big, juicy profile of Joe Sullivan, Facebook's chief security officer, should help answer the Times' writer's condescending question of what Ms. Hill really wants to do with her life.

Now that we've gotten that distasteful business out of the way, let's make things even squirmier by discussing the revelations in the article itself. Mr. Sullivan, who operates as the de facto "head of Homeland Security" for Facebook and its 845 million users heads a team in charge of everything from prosecuting spammers gaming Facebook to ferreting out pedophiles to figuring out how much of your info to turn over to the police.

Mr. Sullivan, a lawyer who worked with the DOJ's cyber-crime unit during the Internet boom, also took a similar role at eBay, including units like PayPal and Skype. At times, his relationship with law enforcement sounds a little too snug:

In 2003 off-the-record remarks Sullivan made at a cybercrime conference were secretly taped and given to a reporter at Haaretz.com, the Israeli news site. Sullivan claimed that eBay’s privacy policy was “flexible,” allowing it to freely provide information to investigators—“no need for a court order,” Sullivan said. Haaretz wrote an outraged report about eBay’s collusion with Big Brother.

Mr. Sullivan claims the willingness to bend over had to do with policing corrupt sellers and that it was a different at Skype. "With Skype we’d tell law enforcement to go through Luxembourg, and good luck with that,” Mr. Sullivan told Forbes, comparing Facebook more to Skype than eBay:

Sullivan says the experience of looking through different legal lenses in terms of what to give to law enforcement was “really helpful” when he came to Facebook in 2008, “where expectation of privacy is paramount and our philosophy has to be the Skype policy.” He claims that “99.9% of the time” when Facebook resists a request, the government backs down.

Despite collecting scads of data on its citizens (one Austrian student got a 1,222 page report based on three years on the site), "Facebook Constitution" or terms of service, as Ms. Hill points out, doesn't specify when it's appropriate for Facebook to look into that data to police your activity or hand it over to the police. Rather, Facebook's only relevant policy focuses on "prohibitions for users, such as bullying, creating fake accounts or uploading images of violence or nudity, as well as Facebook’s rights to intellectual property uploaded to the site."

Add in outmoded Fourth Amendment provisions and things get muddy real fast:

Still, the Fourth Amendment against unreasonable searches and seizures can’t shield against these requests ­because of the so-called third party doctrine, which says the information you knowingly provide to a third party loses its privacy protections, making it much easier for the government to get your phone, banking and Internet records.

Here's Facebook's basic internal guidelines for dealing with requests from authorities:

The company gives law enforcement “basic subscriber information” on requests accompanied by subpoenas: a user’s name, e-mail address and IP address (which reveals approximate location). Sullivan insists that everything else—photos, status updates, private messages, friend lists, group memberships, pokes and all the rest—requires a warrant.

However, the bigger can of worms may be when, exactly, Facebook decides to get proactively involved. Mr. Sullivan offers a number of designed-to-be-reassuring instances of reaching out to authorities to protect children by policing photos and would be predators or catching kidnappers, as well as somewhat self-serving attempt to catch the Russian Koobface gang of spammers.

Where do Mr. Sullivan and his social network draw a line in the sand? Depends. Oh yeah, and calling your mom could be on either side.

Sometimes Facebook goes too far—then pulls back. While Sullivan won’t be specific, he cites the hypothetical case of teens using Facebook in a “spammy but borderline legal way”—say, by mass inviting people to events. In such instances his team usually doesn’t turn the offenders over to authorities but instead calls their mothers.

Just to be on the safe side, kids, better go old school and plan your raves on Evite instead.

Earlier this week, when Google announced it would be consolidating 60-some privacy policies into one simple form, the reaction from privacy wonks was pretty much: No, Google! Bad! Google already drastically revamped its primary search function by integrating social connections (err, meaningless Google+ connections) into your browser with Search, Plus Your World.

It's all part of the company's efforts to further integrate products like YouTube, Google Calendar, and Gmail into one Google Account, so that once you're logged in, information is shared across products.  Most surprisingly, THERE WAS NO OPT OUT. Larry Page reportedly told employees who objected to get on board or get out.

At the time, Danny Sullivan compared it to some kind of dystopian version of Miranda rights, "Anything you do can be used to target you?" It would be almost like Google knows you better than you know yourself, the company seemed to imply:

"But there’s so much more that Google can do to help you by sharing more of your information with … well, you. We can make search better—figuring out what you really mean when you type in Apple, Jaguar or Pink. We can provide more relevant ads too. For example, it’s January, but maybe you’re not a gym person, so fitness ads aren’t that useful to you. We can provide reminders that you’re going to be late for a meeting based on your location, your calendar and an understanding of what the traffic is like that day. Or ensure that our spelling suggestions, even for your friends’ names, are accurate because you’ve typed them before. People still have to do way too much heavy lifting, and we want to do a better job of helping them out."

Buried into the announcement was one small nod to transparency about kind of information, exactly, Google has been collecting about you with a link to its Ads Preferences Manager, which "enables you to edit the interest categories we advertise against or turn off certain Google ads altogether."

Ars Technica's Casey Johnston decided to make a game of letting Google guess your age and gender by tweeting out the link. A male friend in his mid-twenties first sent it to us yesterday afternoon, along with the news that Google thought he was a "65+ year-old man.  No joke."

"I think it's the slow jamz I play on 'the Youtube,'" he conjectured.

We tried it ourselves and got "25-34 man." The age was right, the gender, eh, not so much. Under "categories" of interest we saw why they made that assumption: business--venture capital, business--technology, business--finance, etc.

Somehow, when we checked again this afternoon, those more detailed categories were gone (did someone tell them about the game??). Left in its place were only three interests: "Games, Shopping, World Localities - Asia - West Asia - Israel." Hahaha, um, what? Well, there was that time we really wanted to go to Urumqui and our feature about Israeli startups, but if that's all the GOOG knows about us, our privacy concerns seem overblown. That is until March 1st, when one policy to rule them all goes into effect. Until then, everyone take a shot for every year Google is off on your age. What the hell, it's almost Friday.

Careful about entering your real name, leaf people.

"Your friends at Etsy" sent out an email this afternoon alerting Etsy community members now "over 10 million strong!" to some notable changes in its privacy policy.

Guess they were hoping transparency would help them avoid the same PR debacle that happened when an opt-out feature in the Feedback System inadvertently made some users' purchases, including artisanal dildos, searchable under their real name. In response to the media, Etsy decided to make all purchase and feedback private by default in March, but users alleged that prior to the policy change, the company shut down Etsy forums complaining of the same glitch.

Today's notification directs users to two separate blog posts, one on changes to the privacy policy and one about Etsy's new policy of showing real names, if they are provided, rather than usernames.

The updates to the privacy policy appear to be centered around clarifying the policy for users, as well as offering more control for communication settings now that there is an SMS integration (friends will be able to find you by your phone number). It also details what will happen now that Etsy is enhancing its integration with Twitter and Facebook.

"In respect of your privacy, Flash cookies, clear gifs, and any third-party tracking technologies are not connected to your personal identifying information from Etsy," says the post, adding rather circuitously, "As a reminder: Etsy still does not share your information without your explicit consent, except as specified in our Privacy Policy."

According to the company's post, the real name change, which applies to both buyers and sellers, is supposed to clarify the difference between a person and a shop.

"Almost everywhere on the site, the single username/shop name represents a person and a shop and cannot be changed. As Etsy grows and evolves, this makes less sense. There are also several places on the site where, if you click on a username (which is also a shop name),  you don’t know where you are going. Will you find more information about the person (shop owner) or the shop? The changes we are announcing today aim to make this more clear.

Starting October 18, 2011, shop owners will have two ways to represent themselves across the site. Instead of being just a username/shop name, shop owners will now be displayed as a person who owns a shop. Shop owners can enter their full name, if they choose to, which will be displayed with their shop name and link when they participate in Forums, Teams and other areas of the site. This will allow shop owners to promote their shops while they participate across Etsy."

This way, there are separate profiles: personal profiles and shop profiles. It also addresses what Etsy says is a popular request: letting shop owners change the name of their shop.

However, the real name policy also applies to users without a shop, ostensibly for consistency.

"As part of these changes, we will also start to show the full names of members who don’t own shops, so everyone is represented consistently across the site. Showing your full name is always optional. You don’t need to enter a full name and you can always remove your name from your profile completely. If you choose not to provide a full name, we will show your username to represent you as a person."

The post notes that real names will not be displayed for past activity.

"We will make these changes in Treasury, Forums, and Team discussions starting October 18 and going forward. However, it’s important to note that your past participation (Forum and Team discussion, etc.) will remain attached to your username and will not display your full name and shop name."

It's unclear, at least to Betabeat, whether you need to opt-out of it going forward. We've reached out to Etsy for comment. But we all know how that worked out the last time.

UPDATE: Adam Brown, Etsy's press manager emailed Betabeat to clarify the new policy and emphasized that the name change was merely response to demand, "We're separating user identity and shops to fulfill a long-requested feature that shop owners be able to change their shop names," he wrote, adding:

"It is not a matter of opting in or out. Starting on October 18, If a person provides their full name during Etsy site registration or adds it to their profile, then it will be displayed publicly. If they decide not to enter it, or if they decide to remove it, then their username will be displayed instead. As always, providing full names is 100% optional.

As you can see from the comments in this forum thread, it has been well-received by Etsy members already: http://www.etsy.com/teams/7718/site-help/discuss/9114846 We've also received many emails from members who are very excited about the changes, and the additional features that we plan to release. We're excited about them too, because it makes navigation easier for shoppers, and also gives shop owners more space to represent themselves."

However, after we asked whether individuals who registered before Oct. 18th, i.e. those 10 million strong, would have to remove their real name if they didn't want it displayed, Mr. Brown said, "Yes, regardless of when a person has registered, if they have entered their full name, it will be displayed. If they do not want it to be displayed, then they will need to remove it from their account profile. Everyone has to choose a username, and their username will be displayed if their full name is not entered, or if they remove their full name."

Since we don't actually remember if we used our real name, guess we'll have to go into our account and check--or risk exposing our love of  zipper necklaces and vintage maps of Alabama.

Update to the update: Mr. Brown would like us to clarify the last statement, "If you're talking about exposing your love of them because they are in your favorite items list (which can be set to public or private), then yes, that is true. However, all feedback for items that have been purchased is anonymous." If you're still with us, we promise no more updates. At least not tonight. But we may have to update you on that.