Employee: I have. For engineering reasons.
Rumpus: Have you ever done it outside of professional reasons?
Employee: I will say, when I first started working there, yes. I used it to view other people’s profiles which I didn’t have permission to visit. I never manipulated their data in any way; however, I did abuse the profile viewing permission at several initial points when I started at Facebook.
Rumpus: How about reading their messages?
Employee: Never individually like that. I would mostly just look at profiles.
Rumpus: Would you suppose that Facebook employees might read people’s messages?
Employee: See, the thing is — and I don’t know how much you know about it — it’s all stored in a database on the backend. Literally everything. Your messages are stored in a database, whether deleted or not. So we can just query the database, and easily look at it without every logging into your account. That’s what most people don’t understand.
Rumpus: So the master password is basically irrelevant.
Rumpus: It’s just for style.
Employee: Right. But it’s no longer in use. Like I alluded to, we’ve cracked down on this lately, but it has been replaced by a pretty cool tool. If I visited your profile, for example, on our closed network, there’s a ‘switch login’ button. I literally just click it, explain why I’m logging in as you, click ‘OK,’ and I’m you. You can do it as long as you have an explanation, because you’d better be able to back it up. For example, if you’re investigating a compromised account, you have to actually be able to log into that account.
Rumpus: Are your managers really on your ass about it every time you log in as someone else?
Employee: No, but if it comes up, you’d better be able to justify it. Or you will be fired.
Rumpus: I would imagine they take this—
Employee: Pretty seriously. I don’t really fuck around, at all.
Rumpus: They invented a Chief Officer position for it, Chris Kelly, right?
Employee: Chief Privacy Officer Chris Kelly, correct. Running for Attorney General of California.
Rumpus: Is that a standard position at Silicon Valley web companies?
Employee: I think it’s becoming more of a standard officer position, especially with Web 2.0, 3.0, where the model is basically get as much information out there as you can. Obviously, someone needs to step back and make sure there is some information privacy here, or at least as much as we can put in place.
Rumpus: Facebook was probably a big trendsetter in that regard, right?
Employee: In my opinion, we’ve always provided the most nitty-gritty user privacy settings from the beginning. There’s no other site out there that’s this customizable.
Employee: It’s really hard to judge exactly the way users are going to react. We just didn’t have a good enough beta-testing system in place. When you have a group of twenty engineers working on a project, they think it’s the most beautiful, immaculate thing in the world, and then they build it, and a project manager approves it. Initially, when that was the case, we just pushed it, and if users didn’t like it we pulled it back. That was just our philosophy, one of trial and error. Whereas now we’ve started running psychological analysis, starting to…
Rumpus: Oh really?
Employee: Fuck yeah. Are you kidding me? We do eye-tracking to see where your eyes move while you browse Facebook.
Rumpus: What do you mean by “eye-tracking”?
Employee: For example, when we want to introduce new features, like when we streamlined the browsing of photo albums, you know, where you can click ‘next’ above the photo, and the page stays the same except you get the next photo? We did tests on that, and actually found out it increased the number of page views by 77%, essentially because we were reducing 77% of the page load, and therefore it was loading faster, and thus generating more clicks. We not only reduced our bandwidth, and how much we have to pay for our Internet, but we made the site faster and increased the clicks-per-minute, which is what we’re truly interested in.
Rumpus: So in what other ways do you track behavior, that isn’t necessarily obvious to users?