In case you didn’t notice, this past week Facebook changed your default email address.  I wrote about this a couple of years ago in that Facebook was rolling out @facebook.com email addresses which let users communicate within its own messaging service to people outside of Facebook.  However, use of this feature was optional (and judging by the encouraged switchover, I’d guess usage was low).

Where Facebook landed in hot water is that they changed your default email address from whatever it was before to you@facebook.com (for example).  Kashmir Hill at Forbes wrote about it this past week in an article entitled Facebook’s Lame Attempt to Force Its Email Service on You:

You may or may not realize that you have a Facebook email address. It’s an @facebook.com address you can use to correspond with people on external email accounts from your Facebook inbox. Though it was called a “Gmail killer” when it first came out in 2010, it seems instead to have been D.O.A. As far as I can tell, no one really uses it. No one seems to want the Facebook inbox to be their main email account (with good reason). Facebook is trying to change that with a new little nudge. On your profile page, Facebook has taken the liberty of making your Facebook email your default contact address.

In other words, Facebook silently inserted themselves into the path of formerly-direct unencrypted communications from people who want to email me. In other contexts, this is known as a Man In The Middle (MITM) attack. What on earth do they think they are playing at?



A Facebook spokesperson says the company has been updating Facebook addresses for users since April. Without specifying when exactly the company made this the default contract address for its users, the spokesperson says the site is “rolling out a new setting that gives people the choice to decide which addresses they want to show on their timelines.”

“Ever since the launch of timeline, people have had the ability to control what posts they want to show or hide on their own timelines, and today we’re extending that to other information they post, starting with the Facebook address,” says spokesperson Andrew Noyes via email.

In all the articles I’ve read about this, nobody is happy about the change.  In fact, reaction is the opposite: what was Facebook thinking? Leave my default email address alone, I put it there because that’s the way I like it!

Facebook has a history of updating its user interface – from timelines to photos to news feeds, they do it all the time.  People complain at first, but Facebook’s position is that eventually come to accept it.  And you know what?  They’re right.

But are they right about this?  And will they get away with it?  At least one privacy group is asking the Federal Trade Commission to investigate Facebook’s actions as a security risk and an unfair trade practice. From Mediapost:

Facebook's email move shows that the company "still believes that it can override users’ preferences without informing them or obtaining their consent," the advocacy group Electronic Privacy Information Center said Wednesday in a letter to the Federal Trade Commission.

EPIC is now asking the FTC to probe the email switch. The privacy group says that the move calls into question whether Facebook will comply with a proposed consent decree in another case; that order, which isn't yet final, prohibits Facebook from overriding users' privacy settings without their opt-in consent. (The tentative order stems from Facebook's decision several years ago to revise users' settings so that information that had been private was now public.)

Facebook reportedly says that its email switch didn't change people's privacy settings, but their "visibility" settings -- as if there's a difference.

EPIC also says the email shift is an unfair and deceptive trade practice. "Substituting the company’s own email address for the email address preferred by the user has the practical effect of directing email messages to Facebook’s servers that would otherwise have been received through the email service chosen by the recipient," EPIC argues. "It is widely known that access to user email provides additional opportunities for commercialization of data.  And the collection of email necessarily creates new security risks for users."

Whether or not Facebook’s action is an unfair trade practice is open for discussion.  But take it from me, when a large company makes changes to users’ settings, and users have sat in those settings for years, they react strongly against it.  It doesn’t even matter if it is better than it was before, they don’t like it and complain.

Sometimes doing nothing is the best action.