Sometime within the next few weeks, your iPhone is going to start recording everything it hears when you begin tapping out a Facebook status update, hoping you'll include what you're listening to or watching. But do we want to carry around a hot mic for Mark Zuckerberg?
A more important question: will the app be able to pick up any audio over the deafening bliss-screams of the NSA, the chorus of stunned laughs and high fives from the Beltway? No matter how often or egregiously Facebook mangles our expectations of personal privacy and social boundaries, we keep giving it another chance. And another, and another. Even after learning Facebook has more or less collaborated with the NSA for years, everyone gets excited all over again when the company announces a brand new way to hand over personal sensor data:
The latest version of Facebook for iOS and Android automatically recognizes the song you're listening to or TV show you're watching and adds it to your status. The Shazam-like feature is called "audio recognition," and starts listening as soon as you start typing a new status. There's no need to tap "Listening To" or "Watching" in the status-creation screen. You can opt in to the feature for the first time by tapping a new button inside the status window. When there's a match, a badge pops up over Facebook's feelings button, a small smiley face.
It's opt-in, yes—but even after speaking with a Facebook rep, it's unclear how this opt-in process will work, and it's certainly unclear what users will actually be opting into. Once you've used the Facebook app to identify (and share) the song you're listening to or the movie you're watching, what happens to the original recording? What happens to all the information—conversations, background noises, voices—that was inadvertently recorded, too? Who gets it, and for how long? How will we know what Facebook really heard?
This too is completely inscrutable. The rep told me "if the feature finds a match and you do not post [a new status update], we only save that the content was matched in an anonymized and aggregated form." No elaboration was provided as to how your sound recordings are anonymized and aggregated—there are a lot of ways to deploy those words and have it mean pretty much squat. I asked for clarification on how information you didn't use—say, your phone starts recording the TV show you're watching, and you change your mind because you don't want your friends to see you're watching USA reruns at noon. Even then, the recording is retained, but in a "form that isn't associated with you." Your guess as to what this means is as good as mine.
But I wouldn't worry too much: the New York Times reports Facebook, which now reaches 1.28 billion people around the world, is implementing a "privacy checkup" feature, wherein a blue cartoon dinosaur will ask you if you understand your sharing settings. That ought to take care of it.
Update: A Facebook rep wrote to me with the following clarifications:
If you decide to turn the new feature on, the app will try to match sounds playing around you for 15s when you are writing a status update. On the device we will convert the sound into a code or "fingerprint." The code is created live, and the sound is not stored on the device, nor is the sound passed to Facebook. The code, or fingerprint is not reversible into any audio. We send this code to our servers and try and match it against our database of codes. We do not send the original sound.
If we find a match:
- We send you a back a suggestion – for example a Beyonce song. We log that we sent you a suggestion, but not the name of the song.
- We also count how many times a particular song is matched, but this is anonymized.
- So, for the example above, we log that we matched the Beyonce song for someone, but not that we matched Beyonce for you.