Facebook, YouTube, MySpace, Blogspot/Blogger, Wordpress, Twitter, Flickr—these are just some of the World Wide Web platforms that have become popular in recent years. Blogs, wikis, file-sharing platforms, and social networking platforms are some of the techno-social systems that shape Internet experiences of users in contemporary society. Scholars, the media, and parts of the public claim that the Internet has become more social, more participatory, and more democratic (see Fuchs 2010b). These claims might be overdrawn, techno-optimistic ideologies. E-mail technology was created in the early 1970s, and has for a long time been the most popular and widely used Internet technology, which shows that the Internet was social and communicative right from its beginning. Therefore the claims about “web 2.0” should be more modest. Many web 2.0 sites combine older applications such as forums, guest books, e-mail, multimedia, and hypertext in one user-friendly platform, which increases appeal and ease of use and so supports increased usage. Increased bandwidth and cheaper production technologies (digital cameras, etc.) now allow the easy, fast, and cheap transmission and sharing of audio and video files and has resulted in increased popularity of user-generated content. The discussion of surveillance in web 2.0 is important because such platforms collect huge amounts of personal data in order to work.

I want to start with an example of data commodification and web 2.0 surveillance: Google Buzz. In February 2010, Google introduced a new social networking service called Buzz. Buzz is directly connected to GMail, Google’s webmail platform. Google’s introduction of Buzz is an attempt to gain importance in the social networking sites market that has been dominated by Facebook and Twitter. In February 2010, Facebook was ranked number 2 and Twitter number 12 in the list of the most accessed web platforms, whereas Google’s own social networking platform Orkut, which is only very popular in Brazil, was at number 52 (data source: http://alexa.com, the top 500 sites on the web, February 14, 2010). Popular social networking platforms attract millions of users, who upload and share personal information that provides data about their consumption preferences. Therefore commercial social networking sites are keen on storing, analyzing, and selling individual and aggregated data about user preferences and user behaviour to advertising clients in order to accumulate capital. Google is itself a main player in the business of online advertising. One can therefore assume that Google considers Facebook, Twitter, and other platforms that attract many users as competitors, and that as a result of this competitive situation Google has introduced Buzz. In 2009, GMail had approximately 150 million users (see http://www.tech24hours.com/2009/09/number-of-gmail-users-worldwide-as-of.html, accessed on February 14, 2010), which explains that Google integrated Buzz into GMail in order to start from a solid foundation of potential users.

Buzz supports the following communicative functions: creating postings that are shared with contacts, sharing of images and videos, commenting on and evaluating others’ Buzz posts, forwarding of Twitter messages to a Buzz account, linking and integrating images uploaded to Flickr or Picasa, uploading videos to YouTube, generating posts on Blogger, and using Buzz via mobile phones. Buzz messages can either be presented publicly or only to selected groups of followers. Each user’s Buzz profile has a list of followers, and users can select which Buzz accounts they want to follow. Buzz mobile phone messages include geo-tags that display the current location of users. Buzz posts of nearby users and information about nearby sites, shops, restaurants, etc. can be displayed on mobile phones. Buzz also recommends postings by other users.

In December 2009, Google’s CEO Eric Schmidt commented about online privacy: “If you have something that you do not want anyone to know, maybe you should not be doing it in the first place” (http://www.youtube.com/watch?v=A6e7wfDHzew, accessed on February 14, 2010). This statement is an indication that Google or at least its most important managers and shareholders do not value privacy very highly. Schmidt’s statement points towards the assumption that, in the online world, all uploaded information and personal data should be available publicly and should be usable by corporations for economic ends.

When first installing Buzz, the application automatically generated a list of followers for each user based on the most frequent GMail contacts. The standard setting was that this list of followers was automatically visible in public. This design move resulted in heavy criticism of Google in the days following the launch of Buzz. Users and civil rights advocates argued that Buzz threatens the privacy of users and makes contacts that users might want to keep private available in public. Google reacted to public criticism (see: http://gmailblog.blogspot.com/2010/02/new-buzz-start-up-experience-based-on.html, http://www.huffingtonpost.com/2010/02/13/buzz-changes-google-drops_n_461656.html, accessed on February 14, 2010) and changed some of the standard settings of Buzz on February 13, 2010. Some changes were made to the auto-follow option, so that now a dialogue is displayed that shows which users Buzz suggests as followers (see: http://gmailblog.blogspot.com/2010/02/new-buzz-start-up-experience-based-on.html, accessed on February 14, 2010). But still all suggested followers are automatically activated, which does not make this solution an opt-in version of the follow feature. Google also said that Buzz would no longer automatically connect publicly available Picasa and Google Reader items to the application. An options menu that allows users to hide their contact list from their public Google profiles was also announced. The problem here is, again, that this was planned as an opt-out solution, not as an opt-in option (see: http://gmailblog.blogspot.com/2010/02/new-buzz-start-up-experience-based-on.html, accessed on February 14, 2010). From a privacy-enhancing perspective, opt-in solutions are preferable to opt-out solutions because they give users more control over what applications are allowed to do with their data. However, it is clear that opt-in solutions are rather unpopular design options for many Internet corporations because they tend to reduce the number of potential users that are subject to advertising-oriented data surveillance.

Google’s economic strategy is to gather data about users that utilize different Google applications in different everyday situations. The more that everyday situations can be supported by Google applications, the more time users will spend online with Google, so that more user data will be available to Google, which allows the company to better analyze usage and consumer behaviour. As a result, more and more precise user data and aggregated data can be sold to advertising clients who then target users with personalized advertising in all of these everyday situations. The introduction of evermore applications does primarily serve economic ends that are realized by large-scale user surveillance. As more and more people access the Internet from their mobile phones, the number of times and the time spans users are online, as well as the number of access points and situations in which users are online, increase. Therefore supplying applications that are attractive for users in all of these circumstances (such as waiting for the bus or the underground, travelling on the train or the airplane, going to a restaurant, concert, or movie, visiting friends, attending a business meeting, etc.), promises that users spend more time online with applications supplied by specific companies such as Google, which allows these companies to present more advertisements that are more individually targeted to users, which in turn promises more profit for the companies. We can therefore say that there is a strong economic incentive for Google and other companies to introduce new Internet and mobile Internet applications.

Google Buzz is part of Google’s empire of economic surveillance. It gathers information about user behaviour and user interests in order to store, assess, and sell this data to advertising clients. These surveillance practices are legally guaranteed by the Buzz privacy policy, which says, for example:

A second example of economic surveillance and data commodification on web 2.0 is Facebook. Mark Zuckerberg, Eduardo Saverin, Dustin Moskovitz, and Chris Hughes, who were then Harvard students, founded Facebook in 2004. Facebook is the second-most-often accessed website in the world (data source: alexa.com, accessed on 09–10–2010). Facebook’s revenues were more than $US 800 million in 2009¹ and are likely to increase to more than $US 1 billion in 2010.

Turow (2006b, 83f) argues that privacy policies of commercial Internet websites are often complex, written in turgid legalese, but formulated in a polite way. They would first assure the user that they care about his/her privacy and then spread over a long text advance elements that mean that personal data is given to (mostly unnamed) “affiliates”. The purpose would be to cover up the capturing and selling of marketing data. I will now show that Turow’s analysis can be applied to Facebook.

Facebook wants to assure users that it deals responsibly with their data and that users are in full control of privacy controls. Therefore as an introduction to the privacy issue, it writes: “Facebook is about sharing. Our privacy controls give you the power to decide what and how much you share” (http://www.facebook.com/privacy/explanation.php, accessed on 19–11–2010). The use of advertisement is spread throughout Facebook’s privacy policy, which is 35,566 characters long (approximately 11 single-spaced A4 print pages). The complexity and length of the policy makes it unlikely that users read it in detail. Facebook says that it uses the user’s data to provide a “safe experience”, but also says that it uses targeted advertising to sell user data to advertisers: “We allow advertisers to choose the characteristics of users who will see their advertisements and we may use any of the non-personally identifiable attributes we have collected (including information you may have decided not to show to other users, such as your birth year or other sensitive personal information or preferences) to select the appropriate audience for those advertisements. For example, we might use your interest in soccer to show you ads for soccer equipment, but we do not tell the soccer equipment company who you are” (Facebook Privacy Policy, revision from October 5, 2010; accessed on November 16, 2010). Facebook avoids speaking of selling user-generated data, demographic data, and user behaviour by always talking of “sharing information” with third parties, which is a euphemism for the commodification of user data and usage behaviour data.

The privacy policy also allows Facebook to collect data about users’ behaviour on other websites and to commodify this data for advertising purposes: “Information from other websites. We may institute programs with advertising partners and other websites in which they share information with us” (ibid.). These data can be stored and used by Facebook, according to its privacy policy, for 180 days. Facebook’s data collection is not at all transparent; the single user does not know which data exactly it collects from which sources about him/her and to whom these data are sold.

Facebook’s privacy policy is a manifestation of a self-regulatory privacy policy regime that puts capital interests first. It is long and written in complex language in order to cover up the economic surveillance and commodification of user data for targeted advertising that helps Facebook accumulate capital. Facebook euphemistically describes this commodification process as “sharing”. The privacy policy advances the perception that Facebook always seeks consent from users before selling user data to advertisers, which masks the facts that Facebook does not ask users if they truly wish to have their personal data, user-generated data, and user behaviour data sold for advertising; that users cannot participate in the formulation of privacy policies; and that they are coerced into having to accept Facebook’s policy in order to use the platform. Facebook hides an opt-out option from cookie-based advertising deep in its privacy policy and only provides a minimum of advertising privacy options in its settings. It reduces the issue of privacy to controlling the visibility of user information to other users and neglects the issue of control of advertising settings as a fundamental privacy issue. Faceboo...