Subscribe to
Posts
Comments
NSLog(); Header Image

Xbox Live’s ‘Friend of a Friend’ Feature

If you have an Xbox Live account (my "gamertag" appears in the right-hand column, currently), please be aware that Microsoft is set to thoroughly abuse your privacy and the privacy of your friends:

After the software update to Xbox in early December, you will be able to meet new friends by browsing the Friends lists of other Xbox LIVE members. You can determine who can see your Friends list now on this page – Everyone, Friends Only, or Blocked. You will be able to check your status and change your Friends list setting anytime after the software update in the Account Management section of Marketplace on your Xbox 360 or My Xbox on Xbox.com.

The default setting for who will be able to see your Friends lists depends on your age:

Adults - Everyone
Teens (13-17) - Friends Only
Children (under 13) - Blocked

The default option for adults is roughly the equivalent of giving customer privacy the middle finger. Now, everyone can see who's on everyone's friends list. Yippee!

xbox_fof.jpg

And on top of that, if you follow the instructions and go to xbox.com/fof, and choose one of the saner options like "Blocked," your choice is not actually stored. Re-visit the page and "Everyone" will again be selected.

When I'm finally allowed to make a selection that sticks, I promise my friends that I will only ever set this to either Blocked or Friends Only. I would also ask that anyone who has me on their friend list do the same.

12 Responses to "Xbox Live’s ‘Friend of a Friend’ Feature"

  1. Your definition of privacy is a little strict since the only thing people can get from this feature is your gamertag and your friends' gamertags. It's not like they are broadcasting your name and credit card number or anything else that could directly identify you. The only thing they can do with this is join games you are playing online, send you a message, or request to be your friend.

    Even people you have in your friends list don't have to know anything about you unless you tell them. I doubt if more than three people in my list could tell you my real name. A few more may know the city I live in because I've mentioned my home town ice hockey team. Hell, I know more identifying information about you, a complete stranger, from this blog then I could ever get from Xbox Live.

    If you think friend of a friend is bad, then you should also be aware that by default anyone can see what your current Xbox Live status is (online or offline) as well as what you are doing (what game you are playing or if you are watching a movie, listening to music, etc.). You may want to go block that in the settings as well given how vitally important it is to keep such things private.

  2. I think Erik (and myself) is more concerned that Microsoft is setting this feature to the most open as a default. As you mentioned, you can turn your Xbox Live Presence on and off either in your Dashboard or Xbox.com. There are a couple of additional issues with the way Micrsoft issues Dashboard updates. First, you have to update; your only choice is to ignore the update request that time and then you will not be able to use Live. They say that this is to insure quality of service, and I buy that, but it's still annoying and heavy handed. The other issue is that you aren't presented a change history or new feature list when your Xbox starts up after an update is applied. If a change history was at least alluded to when you booted the console, Microsoft could get away with setting your Friends of Friends feature to be wide open, and at least you would know to go change it. SInce the only information about it is on the web, there is a good chance that many users will never realize that it is there unless they go digging around in the Dashboard. I don't know about Erik, but that is my problem with this new setting. Not the content, but how it's deployed.

    It's not what Microsoft is sharing, it's the fact that they are doing it and not specifiying on the device that it is being done.

    @ Erik: Changes made to your Live account through the website can take up to 4 hours to stick. If you make it on your console, it's immediate. At least that's been my experience.

  3. FYI, Xbox live sent a message to my console last night telling me about the change and telling me how to make my friends private, so they're not trying to hide it.

  4. eck, do not like this at all. I don't follow any of the 360-news so I didn't even know about this. Thanks for the heads-up 🙂
    Set it to "friends only" for the moment.

  5. Rich said on November 27, 2007:

    Your definition of privacy is a little strict since the only thing people can get from this feature is your gamertag and your friends' gamertags.

    No doubt I am, but it's not "my" gamertag I'm worried about. Heck, I publish my gamertag right there in the sidebar - erikjb.

    But what this privacy setting does is let someone else control my privacy. Granted, they're my "friends," but imagine I have Steve Jobs on my Xbox buddy list (I don't). Suddenly my settings affect HIS privacy. Perhaps he doesn't want people to know his gamertag is "BillGatesBlows" lest he be inundated with friend requests, messages about the iPhone, etc.

    That's my problem: the settings of one person affect the privacy of another person. Though it may be my friends list, the friends listed on it are people too. It's not like I'm just publishing a list of songs like the Celebrity Song Lists on the iTunes Store.

    And the default setting is "Everyone" - i.e. "Privacy? What's that?"

    Rich said on November 27, 2007:

    The only thing they can do with this is join games you are playing online, send you a message, or request to be your friend.

    Not true. This affects my friends, not me.

    Rich said on November 27, 2007:

    If you think friend of a friend is bad, then you should also be aware that by default anyone can see what your current Xbox Live status is (online or offline) as well as what you are doing (what game you are playing or if you are watching a movie, listening to music, etc.).

    But that's all within my power and only shares my information, not the information of others.

    Aaron said on November 27, 2007:

    @ Erik: Changes made to your Live account through the website can take up to 4 hours to stick. If you make it on your console, it's immediate. At least that's been my experience.

    True, but even today my setting hasn't remained "stuck." It still displays "Everyone" when I load it up and there seems to be no place in the current Xbox dashboard to try to set this setting.

    Travis said on November 27, 2007:

    FYI, Xbox live sent a message to my console last night telling me about the change and telling me how to make my friends private, so they're not trying to hide it.

    Two things about that: 1) It probably didn't "stick." Go back and it will say "Everyone" again. I've just checked mine again today and it still says "Everyone." 2) Telling people about something 10 days ahead of time and not letting the settings they choose stick is almost as bad as not telling them at all. I set an iCal alarm to try making my settings stick every day until it finally does - but how many other people are going to remember to keep trying until it works?

  6. Travis said on November 27, 2007:

    FYI, Xbox live sent a message to my console last night telling me about the change and telling me how to make my friends private, so they're not trying to hide it.

    Nice to know Travis. I haven't turned on my console in a couple of days. But Erik is totally right. Your privacy is in somebody else's hands. That is so not right.

  7. That's my problem: the settings of one person affect the privacy of another person. Though it may be my friends list, the friends listed on it are people too. It's not like I'm just publishing a list of songs like the Celebrity Song Lists on the iTunes Store.

    The problem with your argument is that no one will know that BillGatesBlows is Steve Jobs so they most likely won't be sending him friend requests or messages about the iPhone. The only thing someone else will know is that some person with a gamertag erikjb has a friend with a gamertag BillGatesBlows. Yes, they can send him messages and friend requests, but I don't see that as a privacy concern. It's more of a nuisance if anything.

    If BillGatesBlows doesn't want to get random text and voice messages from people he doesn't know, then he can go into his settings and disable it or set to friends only. Then even though you may still allow everyone to see your friends, the only thing others can do is send him a friend request.

    This is similar to how all the social networking sites like MySpace work. People can see your profile and the profiles of your friends unless you and your friends specifically set your profiles to private. Xbox Live has always been a social network for finding people to play games with. This new feature just extends it. The defaults for adults are set to everyone because Microsoft wants people network as much as possible. If you don't want to participate in that, the settings are there for you to disable it.

  8. Rich said on November 28, 2007:

    The problem with your argument is that no one will know that BillGatesBlows is Steve Jobs so they most likely won't be sending him friend requests or messages about the iPhone.

    That completely misses the point (and you know it). What if Steven Frank of Panic (a "celebrity" to many) is on my buddy list with the username "stevenf"? Or a family member, as others pointed out above.

    The base truth is that it's dumb that MY privacy is placed in the hands of others. And you can't even say "Well, they're your friends" because Microsoft today told me that even pending friend requests will be listed. So, theoretically, someone could create a list of celebrities, file friend requests, set this option to "Everyone," and gamers worldwide could figure out celebrity gamertags. Even if the Microsoft person misspoke about pending requests, it's still a hole - my privacy is diminished because of the choices of others.

    Rich said on November 28, 2007:

    If BillGatesBlows doesn't want to get random text and voice messages from people he doesn't know, then he can go into his settings and disable it or set to friends only.

    No, you're swimming up the river here. I will probably never enable that setting because if my meat-space friend "Bob" has an Xbox 360, sees my gamertag here on my blog, and wants to make me his buddy and send me a message, I want to allow that. If Steve Jobs (to continue the example) wants to allow Apple employees to add him, via a gamertag he shares amongst trusted Apple employees, to their friend list or message him regarding the weekly After-Hours Apple Campus Worms Championship, he should be allowed.

    You've got people jumping through all sorts of hoops when the solution - make the default option "Blocked" - is so, so, so much easier. Or, rather than sharing your buddy list, make all buddy lists available to "Everyone" but allow me to control whether my name appears on a viewed buddy list or not. I like the second option, personally, but the first would work in the existing system. Obviously in the second I'd favor setting it to "Blocked" by default.

    Rich said on November 28, 2007:

    This is similar to how all the social networking sites like MySpace work.

    Perhaps that's one of the many reasons I don't use the social networks. You know, besides them being pointless and a waste of time. 😀

    Rich said on November 28, 2007:

    This new feature just extends it.

    Look, I'm just saying two things:

    1. I think it goes too far and I think it's sleazy of Microsoft to default to "Everyone."
    2. I am promising "my" friends that I will never set mine to "Everyone" and I encourage everyone else to do so.

    Rich said on November 28, 2007:

    If you don't want to participate in that, the settings are there for you to disable it.

    Except that I can't truly opt out! I can:

    1. crawl into a cave by disabling all uninitiated contact, which is bad because I may miss out on meat-world friends contacting me via Xbox Live.
    2. Trust that the exposure I get from friends who don't change the default setting from "Everyone" isn't a bad thing overall.

    And by "me" of course I mean everyone.

  9. Erik J. Barzeski said on November 28, 2007:

    The base truth is that it's dumb that MY privacy is placed in the hands of others. And you can't even say "Well, they're your friends" because Microsoft today told me that even pending friend requests will be listed. So, theoretically, someone could create a list of celebrities, file friend requests, set this option to "Everyone," and gamers worldwide could figure out celebrity gamertags. Even if the Microsoft person misspoke about pending requests, it's still a hole - my privacy is diminished because of the choices of others.

    What I don't get in your argument is how am I supposed to know that this list of friends are celebrities? Did the person that created the friend list name their gamertag Celebrity Gamertags? Are the celebrities' gamertags their own real names? How would I know that it really is them. Anyone with an e-mail address can pick any unused string as their gamertag as long as it doesn't go against the MS terms of service. Also, the pending friend in the list should disappear when the person declines the friend request.

    Do you actually think most people on Xbox Live even care who you or your friends are? I doubt it. The fact is that you are giving away more of your and other people's privacy on your website than is available on Xbox Live. I know your full name, the town you live in, your e-mail address, your wife's name including her maiden name. I'm sure I can get much more information just from that. I could fairly easily get public records access to your home address. That seems much more worthy of privacy than a list of arbitrary user names on a gaming service.

    Also, the only reason I would ever know your gamertag is because you gave it to me on this site. Otherwise, I would never know that erikjb is Erick J. Barzeski of Erie, PA. I obviously won't be able to convince you that you are making a mountain out of a mole hill so I won't continue after this post.

    Erik J. Barzeski said on November 28, 2007:

    No, you're swimming up the river here. I will probably never enable that setting because if my meat-space friend "Bob" has an Xbox 360, sees my gamertag here on my blog, and wants to make me his buddy and send me a message, I want to allow that. If Steve Jobs (to continue the example) wants to allow Apple employees to add him, via a gamertag he shares amongst trusted Apple employees, to their friend list or message him regarding the weekly After-Hours Apple Campus Worms Championship, he should be allowed.

    Just a note here. I think people can still send you a friend request even if you have other messages disabled. I could be wrong, but I think this only blocks generic messages and not friend requests.

  10. Rich said on November 28, 2007:

    What I don't get in your argument is how am I supposed to know that this list of friends are celebrities?

    This is why you're missing the point. It doesn't matter if people are celebrities. They were examples.

    Rich said on November 28, 2007:

    The fact is that you are giving away more of your and other people's privacy on your website than is available on Xbox Live.

    Bull. I'm not giving away other people's privacy.

    Rich said on November 28, 2007:

    I could fairly easily get public records access to your home address.

    Or you could do a whois lookup. The point remains that that's MY information, not the information of others.

  11. [...] Update" is set to hit consoles at 2am PST tomorrow. Among its many features (some of which I've already talked about), the update adds the option to "Tell a Friend" about a [...]

  12. Interesting find. Microsoft, as usual, amazes me once again with how snoopy they can be.


Trackback URI | Comments RSS

Leave a Reply

Please abide by the comment policy. Valid HTML includes: <blockquote><p>, <em>, <strong>, <ul>, <ol>, and <a href>. Please use the "Quote Me" functionality to quote comments.