For all it’s pretentious narcissism Facebook provides a level of utility. It also needs to build a business to pay for those servers, engineers and lavish parties. But there comes a point when building an empire that is minting billionaires on the back of a business model that’s predicated on crossing the line into creepy just becomes wrong.

If I use the web experience it gets what I explicitly chose to tell it - what I add to my profile, and post to my wall or message my friends. And I’m comfortable with that. It’s a trade-off - I give them some information, they serve me some ads and I get some value.

On my phone though it’s a different story:

Settings - Page 1 of 3Settings - Page 2 of 3Settings - Page 3 of 3

Why do they need to read my text messages, or record audio? What reason do they have to see what other apps I am running, or re-order running apps. Do I want them changing my audio settings, or wallpaper? Why the hell should they have access to read my calendar and contacts and be able to send email without my knowledge? Why would I want them to make calls or monitor what calls I’m making or be able to download files without asking?

It doesn’t just feel a little creepy - it feels like they are way across a line they shouldn’t even think about crossing because - while they’ve not had a major data leak yet, things like Beacon demonstrate a worrying mindset - they sure haven’t done anything to convince me that they have my best interests in mind with any data the collect.

Now maybe it’s not all Facebook’s fault. After all it’s just an Android app and maybe Android doesn’t allow them to be granular enough to get access to things that I might want them to do without inheriting a whole lot of extra stuff. But Google - the kings of making a living on the back of your data - are the driving force behind Android so unless their major partners have a reason ro push Google to let them be much more specific nothing is going to change there. Hopefully losing users (or the richness of their data) will given them the necessary motivation.

Google have obviously been looking at this problem - the short lived App Permissions capabilities that turned up “by mistake” in Android 4.3 and then disappeared again in 4.4.2 indicates that they know how to solve the problem. The goal of this feature was simple - no matter what permissions an app demanded at install you could override it and block, say, the ability to make a phone call or read your calendar. Despite the outrage though, Google made it go away - and you have to wonder if there were valid engineering reasons, or if partners like Facebook leant on them to stop that flow of information drying up.

So, Facebook are for me now a second class citizen. I’ll sometimes look at their mobile web experience but my usage will become one of checking them every now and then via a browser (where I run things like Clarion to tidy up the feed) to see if someone posted an amusing dog picture (yes, I know it's Instagram, not Facebook!). If they turn the Orwellian surveillance levels back down a bit then I’m quite happy to play again, but if they don’t then count me out.

NROL-39The same goes for any app - or platform - that starts asking too much. While I probably can’t avoid the all-seeing eye of the NSA I can start making more informed decisions about what apps I install and share my data with, and go back and review what I have allowed to stalk my electronic footprints so far.

In an ideal world, at the OS level (and iOS is leading the way here at the moment), these permissions would be sufficiently granular and allow an app to ask for what it wants at install/update time, but the user should have the option at any time (including during the installation experience) to opt out of default participation either asking the app/OS to prompt for certain functions (e.g. get explicit permission before making a phone call) or block a function always (e.g. the app can never read my contacts). While this does mean an app will have to do a little more validation as the cost of being a good citizen - they should assume the user blocks everything - the upside is both a more robust app and one where the developers think more about what data the collect and how they’re planning to use it.