Richard Stallman's personal site.

https://stallman.org

For current political commentary, see the daily political notes.

If you feel your organization needs a "presence" in Facebook

-- Richard Stallman

2016-12-11

Facebook is a surveillance engine, accumulating lots of personal data which is also available to the state. For your privacy and freedom's sake, it is important not to have an active Facebook account; refusing blocks Facebook's main channel for collecting information about you and, through you, about your friends and relatives. (Whatsapp, a subsidiary of Facebook, is also important to avoid.) Explaining to them why you firmly insist on routing your communications with them through some other system will strengthen your will power to resist systems that use you to harm you and others.

Nowadays Facebook has gained so much power that it puts freedom and democracy in danger. Its rules for what can be published amount to censorship of society as a whole, leading to political disputes. But those disputes are a distraction from the bigger point that no company should have so much power.

Facebook has the power to manipulate elections through subtle policy changes. Whether or not it has intentionally done so, this state of affairs is dangerous.

Many organizations maintain a Facebook page to attract public support. Having the page does not directly harm the organization. However, if it's not careful, the page will add to Facebook's power.

Organizations typically manage Facebook pages to aim for the maximum possible visibility. Facebook's cunning engineers have designed the system so that the way to get maximum visibility is to boost Facebook's power as much as possible.

The simple way to completely avoid this is to refuse to have a Facebook page. However, a compromise may be possible, one which attracts public support while not boosting Facebook's power much. This article proposes such a compromise.

General principles

Make the organization's own web site the go-to place for all information about the organization. Whatever people want to know, the web site should be the best place to look for it.
Say in the Facebook page that the organization's own web site is the best place to look for information about the organization. Explicitly ask people to make links always to the web site, never to the Facebook page.
Adopt this motto: "Facebook is a bad place for a person to be. When people find us on Facebook, we lead them away from Facebook and then talk with them elsewhere."

What to post on Facebook; what not to post

Select what you post on the Facebook page so that the organization's own web site is clearly the best place to find information about the organization.
Do post important new articles and announcements from the organization on Facebook, but only around half of them. Then say, in the Facebook page, "See our web site — we have a lot more there."
When you announce an event in Facebook, don't put the full story there. Do state the place, date, time, and a brief description, enough for people to attend if they wish — but give a link to the page in the organization's web site about the event, and reserve part of the interesting information about the event for there.
Post the same list of event summaries in the web site, so that people who want a summary don't think Facebook is the best place to look for it.
Don't update all the fields of transitory information in the Facebook page. Instead, when you change your the organization's web site significantly, update the Facebook "status" with a few words to say so.
On the organization's website, provide a way for people to ask for notifications of changes and new announcements, so that they don't depend on Facebook for this.
Don't post on Facebook any information about the participants in your events — especially not their names. Respect their privacy! The only exception is names of speakers or teachers, as part of the advance description of events.
In particular, don't post photos on Facebook that show any people. Remember that Facebook identifies people in photos from their faces, and even from the backs of their heads. Don't show anyone's head, viewed from any angle, to Facebook.

Avoid Facebook messages

State in the Facebook page that those who wish to talk with the organization should use other systems, not through Facebook messages. State which systems you prefer, and give the account names or numbers to use.

Other communication systems may have other flaws. At the FSF we use mainly email and phone calls; we use SIP for audio/video communication over the internet, but never Skype because Skype requires proprietary client software. However, the crucial point here is that any communication method other than Facebook and WhatsApp (owned by Facebook) will move people out of Facebook.

If someone sends you a Facebook message despite your request, respond by saying, "Please let's switch to system X, Y or Z to have this conversation. We do not want to give Facebook any more information about our organization or its participants, including you."

Avoid helping or boosting Facebook

Don't mention the Facebook page in your web site or other postings. The Facebook page is for those that look for it on Facebook.
Don't display a "Like" button on your web site. Facebook uses "Like" buttons in non-Facebook pages to track all visitors to those pages. The button tracks even visitors that don't have Facebook accounts.
It is advisable on general principles to use a browser such as IceCat that blocks tracking systems in web pages, including the Facebook Like buttons and most advertisements.
Another reason not to have a "Like" button in your own web site is that they encourage visitors to be more involved in Facebook.

How you can communicate safely with Facebook

Facebook uses many methods to get data about people. Some of them are rather tricky. If people in the organization have Facebook accounts and want to use those to manage the organization's page, the organization has no reason to object. But the organization must never urge a person to submit to Facebook's surveillance in order to manage the organization's page. That would be a gross wrong to the person in question.

Here is a guide for how people can manage the page using pseudonymous Facebook accounts. A few of them stretch Facebook's commands, but it is not wrong to do that — Facebook does not deserve obedience.

Make an account under an alias for maintaining the organization's page. Give made-up plausible data which is not humorous and doesn't relate to you. Then never use the account for anything except to handle the organization's page. Facebook will never have a reason to doubt the data on the account.
If several people manage the organization's page, give each one a separate alias account. Don't give any of the same data in two accounts.
Make a couple more such accounts as backup.
The only more-or-less safe way to connect to Facebook is through a browser. Never connect using Facebook's mobile app, because that requires giving Facebook access to other information on the mobile device, including personal contact information, text messages, calender events, and other confidential information. This can expose personal information — yours and others'. It can even expose sensitive information, harming you or others you know. This is no surprise, because the app is proprietary software (an injustice in itself; see here), and proprietary software commonly snoops on users (see proprietary surveillance).
It is safest to connect to Facebook only from a computer that belongs to the organization and is in the organization's office.
To make the site work without the need to run nonfree Javascript code, visit to m.facebook.com rather than facebook.com itself.
If you ever connect to Facebook from your own computer (rather than the organization's computer in its office), do it this way: install the Tor Browser Bundle (available for Windows and OS X as well as GNU/Linux) and use it to visit https://m.facebookcorewwwi.onion/ rather than Facebook directly. This stops Facebook from determining your location or your IP address.
Note: the site facebookcorewwwi.onion.to is a fake. Don't be fooled.
Never "check in" at a location no matter how much Facebook nags you.
Make a separate local account on the computer for each Facebook account, connect to it from that local account, and don't ever use that local account for anything else.
If you don't make a special local user account to talk to Facebook from, delete cookies immediately after each connection with Facebook. Not just once a day! Facebook uses cookies to surveil other browsing done from the same account. Many browsers will allow you to specify a setting to treat all cookies as one-session cookies. That will delete them automatically, provided you shut down the browser after each connection with Facebook, which is advisable.
Do not give Facebook access to any real account on any other site. If Facebook demands info about your other accounts, make real accounts that you don't really use, and tell Facebook about those. It is OK to give Facebook the email addresses that the organization publishes for contact from the public, but not the passwords of those email accounts.

Facebook harms people in many ways, and there is no way to completely avoid the harm. We hope this compromise approach to Facebook will provide benefit to the organization, while saving it from becoming Facebook's tool. Meanwhile, there are many other social networks one can use. Many well-known centralized social networks are less intrusive than Facebook; what's more, GNU Social and Diaspora respect users' rights through a decentralized architecture, based on free software — why not try them?