Xbox Live’s ‘Friend of a Friend’ Feature
Posted November 27th, 2007 @ 11:27am by Erik J. Barzeski
If you have an Xbox Live account (my "gamertag" appears in the right-hand column, currently), please be aware that Microsoft is set to thoroughly abuse your privacy and the privacy of your friends:
After the software update to Xbox in early December, you will be able to meet new friends by browsing the Friends lists of other Xbox LIVE members. You can determine who can see your Friends list now on this page – Everyone, Friends Only, or Blocked. You will be able to check your status and change your Friends list setting anytime after the software update in the Account Management section of Marketplace on your Xbox 360 or My Xbox on Xbox.com.
The default setting for who will be able to see your Friends lists depends on your age:
Adults - Everyone
Teens (13-17) - Friends Only
Children (under 13) - Blocked
The default option for adults is roughly the equivalent of giving customer privacy the middle finger. Now, everyone can see who's on everyone's friends list. Yippee!
And on top of that, if you follow the instructions and go to xbox.com/fof, and choose one of the saner options like "Blocked," your choice is not actually stored. Re-visit the page and "Everyone" will again be selected.
When I'm finally allowed to make a selection that sticks, I promise my friends that I will only ever set this to either Blocked or Friends Only. I would also ask that anyone who has me on their friend list do the same.
Posted 27 Nov 2007 at 12:03pm #
Your definition of privacy is a little strict since the only thing people can get from this feature is your gamertag and your friends' gamertags. It's not like they are broadcasting your name and credit card number or anything else that could directly identify you. The only thing they can do with this is join games you are playing online, send you a message, or request to be your friend.
Even people you have in your friends list don't have to know anything about you unless you tell them. I doubt if more than three people in my list could tell you my real name. A few more may know the city I live in because I've mentioned my home town ice hockey team. Hell, I know more identifying information about you, a complete stranger, from this blog then I could ever get from Xbox Live.
If you think friend of a friend is bad, then you should also be aware that by default anyone can see what your current Xbox Live status is (online or offline) as well as what you are doing (what game you are playing or if you are watching a movie, listening to music, etc.). You may want to go block that in the settings as well given how vitally important it is to keep such things private.
Posted 27 Nov 2007 at 1:33pm #
I think Erik (and myself) is more concerned that Microsoft is setting this feature to the most open as a default. As you mentioned, you can turn your Xbox Live Presence on and off either in your Dashboard or Xbox.com. There are a couple of additional issues with the way Micrsoft issues Dashboard updates. First, you have to update; your only choice is to ignore the update request that time and then you will not be able to use Live. They say that this is to insure quality of service, and I buy that, but it's still annoying and heavy handed. The other issue is that you aren't presented a change history or new feature list when your Xbox starts up after an update is applied. If a change history was at least alluded to when you booted the console, Microsoft could get away with setting your Friends of Friends feature to be wide open, and at least you would know to go change it. SInce the only information about it is on the web, there is a good chance that many users will never realize that it is there unless they go digging around in the Dashboard. I don't know about Erik, but that is my problem with this new setting. Not the content, but how it's deployed.
It's not what Microsoft is sharing, it's the fact that they are doing it and not specifiying on the device that it is being done.
@ Erik: Changes made to your Live account through the website can take up to 4 hours to stick. If you make it on your console, it's immediate. At least that's been my experience.
Posted 27 Nov 2007 at 5:19pm #
FYI, Xbox live sent a message to my console last night telling me about the change and telling me how to make my friends private, so they're not trying to hide it.
Posted 28 Nov 2007 at 3:19am #
eck, do not like this at all. I don't follow any of the 360-news so I didn't even know about this. Thanks for the heads-up 🙂
Set it to "friends only" for the moment.
Posted 28 Nov 2007 at 9:45am #
[quote comment="44616"]Your definition of privacy is a little strict since the only thing people can get from this feature is your gamertag and your friends' gamertags.[/quote]
No doubt I am, but it's not "my" gamertag I'm worried about. Heck, I publish my gamertag right there in the sidebar - erikjb.
But what this privacy setting does is let someone else control my privacy. Granted, they're my "friends," but imagine I have Steve Jobs on my Xbox buddy list (I don't). Suddenly my settings affect HIS privacy. Perhaps he doesn't want people to know his gamertag is "BillGatesBlows" lest he be inundated with friend requests, messages about the iPhone, etc.
That's my problem: the settings of one person affect the privacy of another person. Though it may be my friends list, the friends listed on it are people too. It's not like I'm just publishing a list of songs like the Celebrity Song Lists on the iTunes Store.
And the default setting is "Everyone" - i.e. "Privacy? What's that?"
[quote comment="44616"]The only thing they can do with this is join games you are playing online, send you a message, or request to be your friend.[/quote]
Not true. This affects my friends, not me.
[quote comment="44616"]If you think friend of a friend is bad, then you should also be aware that by default anyone can see what your current Xbox Live status is (online or offline) as well as what you are doing (what game you are playing or if you are watching a movie, listening to music, etc.).[/quote]
But that's all within my power and only shares my information, not the information of others.
[quote comment="44620"]@ Erik: Changes made to your Live account through the website can take up to 4 hours to stick. If you make it on your console, it's immediate. At least that's been my experience.[/quote]
True, but even today my setting hasn't remained "stuck." It still displays "Everyone" when I load it up and there seems to be no place in the current Xbox dashboard to try to set this setting.
[quote comment="44623"]FYI, Xbox live sent a message to my console last night telling me about the change and telling me how to make my friends private, so they're not trying to hide it.[/quote]
Two things about that: 1) It probably didn't "stick." Go back and it will say "Everyone" again. I've just checked mine again today and it still says "Everyone." 2) Telling people about something 10 days ahead of time and not letting the settings they choose stick is almost as bad as not telling them at all. I set an iCal alarm to try making my settings stick every day until it finally does - but how many other people are going to remember to keep trying until it works?
Posted 28 Nov 2007 at 12:15pm #
[quote comment="44623"]FYI, Xbox live sent a message to my console last night telling me about the change and telling me how to make my friends private, so they're not trying to hide it.[/quote]
Nice to know Travis. I haven't turned on my console in a couple of days. But Erik is totally right. Your privacy is in somebody else's hands. That is so not right.
Posted 28 Nov 2007 at 12:53pm #
[quote comment="44633]That's my problem: the settings of one person affect the privacy of another person. Though it may be my friends list, the friends listed on it are people too. It's not like I'm just publishing a list of songs like the Celebrity Song Lists on the iTunes Store.[/quote]
The problem with your argument is that no one will know that BillGatesBlows is Steve Jobs so they most likely won't be sending him friend requests or messages about the iPhone. The only thing someone else will know is that some person with a gamertag erikjb has a friend with a gamertag BillGatesBlows. Yes, they can send him messages and friend requests, but I don't see that as a privacy concern. It's more of a nuisance if anything.
If BillGatesBlows doesn't want to get random text and voice messages from people he doesn't know, then he can go into his settings and disable it or set to friends only. Then even though you may still allow everyone to see your friends, the only thing others can do is send him a friend request.
This is similar to how all the social networking sites like MySpace work. People can see your profile and the profiles of your friends unless you and your friends specifically set your profiles to private. Xbox Live has always been a social network for finding people to play games with. This new feature just extends it. The defaults for adults are set to everyone because Microsoft wants people network as much as possible. If you don't want to participate in that, the settings are there for you to disable it.
Posted 28 Nov 2007 at 4:10pm #
[quote comment="44637"]The problem with your argument is that no one will know that BillGatesBlows is Steve Jobs so they most likely won't be sending him friend requests or messages about the iPhone.[/quote]
That completely misses the point (and you know it). What if Steven Frank of Panic (a "celebrity" to many) is on my buddy list with the username "stevenf"? Or a family member, as others pointed out above.
The base truth is that it's dumb that MY privacy is placed in the hands of others. And you can't even say "Well, they're your friends" because Microsoft today told me that even pending friend requests will be listed. So, theoretically, someone could create a list of celebrities, file friend requests, set this option to "Everyone," and gamers worldwide could figure out celebrity gamertags. Even if the Microsoft person misspoke about pending requests, it's still a hole - my privacy is diminished because of the choices of others.
[quote comment="44637"]If BillGatesBlows doesn't want to get random text and voice messages from people he doesn't know, then he can go into his settings and disable it or set to friends only.[/quote]
No, you're swimming up the river here. I will probably never enable that setting because if my meat-space friend "Bob" has an Xbox 360, sees my gamertag here on my blog, and wants to make me his buddy and send me a message, I want to allow that. If Steve Jobs (to continue the example) wants to allow Apple employees to add him, via a gamertag he shares amongst trusted Apple employees, to their friend list or message him regarding the weekly After-Hours Apple Campus Worms Championship, he should be allowed.
You've got people jumping through all sorts of hoops when the solution - make the default option "Blocked" - is so, so, so much easier. Or, rather than sharing your buddy list, make all buddy lists available to "Everyone" but allow me to control whether my name appears on a viewed buddy list or not. I like the second option, personally, but the first would work in the existing system. Obviously in the second I'd favor setting it to "Blocked" by default.
[quote comment="44637"]This is similar to how all the social networking sites like MySpace work.[/quote]
Perhaps that's one of the many reasons I don't use the social networks. You know, besides them being pointless and a waste of time. 😀
[quote comment="44637"]This new feature just extends it.[/quote]
Look, I'm just saying two things:
[quote comment="44637"]If you don't want to participate in that, the settings are there for you to disable it.[/quote]
Except that I can't truly opt out! I can:
And by "me" of course I mean everyone.
Posted 28 Nov 2007 at 5:46pm #
[quote comment="44640"]The base truth is that it's dumb that MY privacy is placed in the hands of others. And you can't even say "Well, they're your friends" because Microsoft today told me that even pending friend requests will be listed. So, theoretically, someone could create a list of celebrities, file friend requests, set this option to "Everyone," and gamers worldwide could figure out celebrity gamertags. Even if the Microsoft person misspoke about pending requests, it's still a hole - my privacy is diminished because of the choices of others.[/quote]
What I don't get in your argument is how am I supposed to know that this list of friends are celebrities? Did the person that created the friend list name their gamertag Celebrity Gamertags? Are the celebrities' gamertags their own real names? How would I know that it really is them. Anyone with an e-mail address can pick any unused string as their gamertag as long as it doesn't go against the MS terms of service. Also, the pending friend in the list should disappear when the person declines the friend request.
Do you actually think most people on Xbox Live even care who you or your friends are? I doubt it. The fact is that you are giving away more of your and other people's privacy on your website than is available on Xbox Live. I know your full name, the town you live in, your e-mail address, your wife's name including her maiden name. I'm sure I can get much more information just from that. I could fairly easily get public records access to your home address. That seems much more worthy of privacy than a list of arbitrary user names on a gaming service.
Also, the only reason I would ever know your gamertag is because you gave it to me on this site. Otherwise, I would never know that erikjb is Erick J. Barzeski of Erie, PA. I obviously won't be able to convince you that you are making a mountain out of a mole hill so I won't continue after this post.
[quote comment="44640"]No, you're swimming up the river here. I will probably never enable that setting because if my meat-space friend "Bob" has an Xbox 360, sees my gamertag here on my blog, and wants to make me his buddy and send me a message, I want to allow that. If Steve Jobs (to continue the example) wants to allow Apple employees to add him, via a gamertag he shares amongst trusted Apple employees, to their friend list or message him regarding the weekly After-Hours Apple Campus Worms Championship, he should be allowed.[/quote]
Just a note here. I think people can still send you a friend request even if you have other messages disabled. I could be wrong, but I think this only blocks generic messages and not friend requests.
Posted 28 Nov 2007 at 6:35pm #
[quote comment="44641"]What I don't get in your argument is how am I supposed to know that this list of friends are celebrities?[/quote]
This is why you're missing the point. It doesn't matter if people are celebrities. They were examples.
[quote comment="44641"] The fact is that you are giving away more of your and other people's privacy on your website than is available on Xbox Live.[/quote]
Bull. I'm not giving away other people's privacy.
[quote comment="44641"]I could fairly easily get public records access to your home address.[/quote]
Or you could do a whois lookup. The point remains that that's MY information, not the information of others.
Posted 04 Dec 2007 at 11:04am #
[...] Update" is set to hit consoles at 2am PST tomorrow. Among its many features (some of which I've already talked about), the update adds the option to "Tell a Friend" about a [...]
Posted 05 Jan 2008 at 2:47am #
Interesting find. Microsoft, as usual, amazes me once again with how snoopy they can be.