Online privacy is a growing concern as people become more and more willing to provide social networks with their personal information.  Many are especially concerned with what social networks do with our personal information, which may (and definitely does) include selling details to companies for use in targeted advertising.  However, I think it is important to take a step back from the behavior of over-zealous advertisers and examine our own online behavior.

Over Sharing

MetaFilter user blue_beetle said it best when he said “if you’re not paying for something, you’re not the customer; you’re the product being sold.”  The next time you receive a service for free, take a step and back and think, “What does the company providing this service get?”  The answer will almost always be advertising deals with other companies. Media attention to social networks selling user data has raised concerns about the ethics behind compiling “dossiers” on consumers.  But while it’s easy to get caught up in companies logging, compiling, and selling our personal information, it’s usually not so easy to recognize our own role in this decrease in online privacy.  Some information, like your browser history or the number of seconds you stared at those boots, is unknowingly given out.  However, we provide the majority of information that goes up on social networks, and it seems we continue to get more and more comfortable with posting increasingly personal information.

It started simply, with profiles that contained a photo, a few favorite things, and connections to people we had actually met.  Now we have entire networks dedicated to sharing a user’s location in real time.  Two such sites are Foursquare and Google Latitude.  For those unfamiliar with these sites, both allow users to share their physical location with other users on their network; Google Latitude even stores histories of locations.  While some users may find this a fun and novel way to interact with friends (by the way I don’t get it…if I’m at restaurant and I’d like a few people to join me, why can’t I just text them?), I find it disturbing that users are so willing to share their exact locations.  So do Frank Groeneveld, Barry Borsboom and Boy van Amstel, the creators of pleaserobme.com, a site dedicated to re-posting users’ locations.

The idea is that if you have posted your location and it’s anywhere but home, your home is currently empty, and now everyone on your network knows it.  What troubles me most is the willingness to share this much information without a second thought.  Admit it, most of us have friends on social networks that we haven’t met or don’t know very well.  If the ability for a company to know every website you visit is a violation of privacy, then the ability of someone to know every place you went last week is certainly a violation too.  And the worst part: we provide that information ourselves.  By over-sharing personal information, we assume some responsibility for the death of online privacy.  I think it’s time we start to recognize that we have a hand in reducing our own online privacy.

In her article “Are We All Asking to be Robbed?” Jenner Grovel makes an excellent point: we can also unknowingly reveal information about our friends.  Grovel writes that many people using sites like Foursquare think nothing of posting a friend’s address when at his or her house.  Not a faceless company, but a trusted friend.  Friends can tag us in pictures, comment on our walls, and easily release our personal information to the world.  It’s time to accept the role we play in violating our own online privacy.  As long as we continue to openly provide so much personal information, others will take advantage of it.

What Can We Do?

Over-sharing is not something people do consciously.  A really simple way to reduce oversharing of your personal information is just to check your privacy settings.  While it is difficult for most people to stop tracking of their online activity, it is relatively simple to reduce releasing your personal information.  For example, say I see this article on my Facebook news feed. (All these pictures are taken from my Facebook)

When I click on this article to read it, the app tells me exactly what it will do with my personal information.

This app is requesting a lot of personal information.  But many social networks like Facebook are making privacy settings more transparent.  It’s now up to me to decide whether I want this app to know my birthday or to be able to track and share what I’m reading. Assuming some responsibility for the distribution of our personal information can help us take back some control.   Further, taking the time to examine privacy policies and settings can sometimes give us information about what a social networking site may do with our information in the future.  This shot was taken from Facebook’s ad settings:

The fact that Facebook feels the need to ask me for this setting tells me that very soon, they plan on letting advertisers use my name and pictures in their ads, presumably to convince my friends that since I like something, they should buy it too.  It only took me four clicks to find this page and prevent advertisers from plastering my friends’ Facebooks with pictures of me endorsing some product.

Fortunately, we are currently seeing an increase in user discretion with personal information.  A survey taken by Princeton Survey Research Associates International in February showed that 63% of people have deleted people from their “friends” lists in 2011, and 56% have deleted others’ comments.

While it’s important that we be concerned about how much of our information businesses take, now is the time to begin reexamining just exactly how much information we give out. It can be difficult for the average user to control how some information (like browser histories) is disseminated to companies.  But we can control the information that we post.

Further Reading:

Top 5 Social Media Privacy Concerns 2012
Princeton Survey Research Associates International Survey
Social Times Infographic for Online Privacy
“Are We All Asking to Be Robbed?” by Jennifer Van Grove
“If You’re Not Paying for It, You’re the Product” by Jason Fitzpatrick
XKCD: Latitude

As the scope of the Web has continued to increase, so to must our understanding and expectations of privacy in this new era. The last few years has seen an explosion of private information being made public, with millions of people unaware of the scope at which this happening and if they are, blissfully ignorant to the serious consequences this system can have. We are in an era now where even older generations are expected to have a Facebook, a LinkedIn profile, or something of that nature; for younger generations it’s become a staple for social interaction. Sure, there are many positives to this new wave of interaction: for one thing, it connects cultures and societies oceans apart and helps foster understanding and familiarity with people you would otherwise never encounter. The spread of information and networking is a major development in suppressed or emerging countries, as it has in some cases helped them spring free of their captive situations. Running alongside the social media websites are other “social” services; social blogs, social news sites, and social forums, all of which are now linked through plug-ins and information sharing. New technology and services have allowed users to share everything they do throughout the day, ranging from where they eat in the mornings, what news stories they find interesting,  to what jokes and videos they find funny. While all this may at face value seem harmless and just a way to better interact with your friends online(most of whom you already know in person, making this barrier easier to cross) users often forget to think about what the true purpose of all this information might be.

My fellow friends, followers, subscribers, co-workers, stumblers and redditers can ALL know now!

What the information is really about

One of the surprising parts about social media when it was first introduced was the fact that it provided an intuitive, useful service seemingly for free. Thousands of pictures, videos, and files can be uploaded and shared for no cost and unlikely relationships can be formed without the use of subscription based dating services, to name a few examples. As noted here , however, TANSTAAFL(there “aint” no such thing as a free lunch). The price to pay for using these interactive services, is you yourself. The thousands of interactions you make through the Web 2.0—websites accessed and “liked”, places visited and rated, etc—can be brought together into a single digital persona which can be targeted by advertisers or sold to governments, corporations, etc.

How did I miss that caption?

“I always feel like someone is watching me”

The development and connectivity of mobile devices has added a new angle to the debate on how to manage privacy. Our iPods, iPads, iPhone, Blackberrys, Droids, Galaxy’s, etc.,  are all now designed to be functional with the dozens of social services and have even been the framework for new services of their own. While the benefit of this is it allows you to effectively choose the best local services or meet your friends, for example, it opens another door: someone can know exactly where you are and when, opening a Pandora’s box of consequences. The ability to rapidly share information is also effecting public behavior. In the past, the scope of an embarrassing or damaging event could be minimized to a local sphere. Nowadays, anything you do has the possibility of being recorded or tracked and possibly shared with thousands of people

Benefits of Web 2.0

For all the lack of traditional privacy which has become the norm in this new era, and the increasingly little you can do about it, there are a lot of positives to take from Web 2.0. In addition to the increased availability of information and people, the rapid dissemination of information by any actors has lead to increases in governmental transparency, particularly by agents of the government such as the police. One of the first major instances of viral media effecting the public was the Rodney King case, where a video of police brutality on a young African-American male sparked public investigations, lawsuits, and riots. The Rodney King video was captured by a private citizen but publicized by mainstream news, reflecting the fact that the Web at this time was in no position to make a video viral in the same way it can today. Now, nearly everybody carries a device which can record photos or video and many have the ability to instantly upload them to the internet and share with other people. On one hand, it allows people to catalogue every day happenings and funny occurrences, as well as capture embarrassing moments. On the other hand, it has also lead to several, well publicized cases involving police brutality or other forms of misconduct being caught on tape, as well as legal backlash by the establishment claiming these forms of public surveillance are illegal. Recently, Twitter was used as a cornerstone to organize protests in a host of repressive countries such as Tunisia, Libya, Egypt, Syria, Yemen, and many others. In regions like Syria, where media blackouts prevent information for entering or leaving the country, the Web presents the only way to let the world know what is happening.

Philosoraptor, here to answer your daily ponderings.

What Web 3.0 will have in store for users as far as connectivity, interactivity, and its double edged sword privacy, no one can know now. What Web 2.0 presents, however, is the opportunity to reach a middle ground between maintaining an infrastructure to share and store information and a breach of privacy. The ability for users to share personal information should come with the expectation that such information is private and that any use of it has some measure of consent, heralding some of the rules put forth in 1974. It is important for politicians to revisit these privacy rules and update them to a new and evolving landscape, or they risk alienating constituents and losing the battle for privacy all together. At the same time, these laws should not infringe on the free nature of the internet which has made it so unique and successful. The ability for the internet to be used as a public watchdog against corruption, brutality, and repression is one of its key functions and essential to prosperity moving forward.

 Don’t forget!

Throughout your busy day, have you ever stopped to wonder what you had for lunch, where you were 4 hours ago, or what article you read from the Washington Post?  It may shock you, but these small details about your life can actually harm you.

A post on Facebook that says I’m out eating lunch at Pepe’s Pizza, says much more than where I like to order a stuffed crust Hawaiian special.

It implicitly reveals all the places I did not order pizza from, and even worse, it reveals all the other places in the world that I could be at but am not at right now.  I am at Pepe’s Pizza, which means I am certainly not at home.  Seizing his opportunity, any thief with access to this information has a small window of time to rob my home.  Magnifying the situation, what if I post a picture of Stonehenge during the middle of my vacation to Europe from my smartphone?  Leaving the lights on will simply not suffice.

Because of our newfound love for pouring every detail of our lives over the internet, we can now document the smallest details of our day to day routine.  This may not seem like much, but Facebook and the internet reveal much more than what we ate for lunch; they reveal our likes and dislikes, birthplace and current location, employment and interests, and so much more.

This information by itself is not necessarily bad.  If you say on your LinkedIn account that you graduated from Yale University in ’96, earned your Masters in Computer Science from MIT in ’00, and worked at Google from ’03-’05, you probably wanted that information to be accessible, especially to future employers.   However, you fail to realize that that information allows people to see more than your education and work experience.

Our online footprint leaves much more information than we can first imagine.  Privacy settings give us the illusion of control, but these are no more than smoke and mirrors.  They may control who sees your photos and what information non-friends can see, but let’s be honest.  We all have many friends that we have either never met, or only shook hands with once at a party.  We add friends fairly indiscriminately, and we fail to realize what we are showing them.  The Facebook app Take This Lollip easily demonstrates (although exaggerated but still possible) the possible ramifications from posting too much information on Facebook.

For example, let us consider someone who wants to see your transcript, but has no legal right to do so.  Whether it’s a competitive classmate or a nosy parent, they can easily access the information needed to order one directly from the registrar’s office.  Here are Yale’s requirements for ordering a transcript through mail (directly from its website, http://www.yale.edu/sfas/registrar/#transcripts):

Let’s walk through the requirements.  A full name can easily be found on Facebook, LinkedIn, etc.  The actual date of birth can usually be found on Facebook (many people don’t make their birthday private, even to non-friends).  Student ID number does not need to be provided if it is not “available”.  School and year of graduation are both found on Facebook and LinkedIn, and the dates of attendance are likely to be the four years preceding graduation.  The only protection against fraud that the registrar requires is a signature, but is that really secure?  Any Joe-Shmoe working a cash register can see your signature when you sign for a credit card purchase.  The only other requirements necessary to steal a transcript are a temporary address and a small fee.  (And yes, you may pay mail orders in cash, thus hiding the thief’s identity.  Ironic, isn’t it?)

Now for argument’s sake, you may say that process simply takes too much effort for someone to steal a transcript.  Sure, they can do it, but who is actually going to put up with that JUST so they can get someone’s transcript?  And I’d agree; it is somewhat trivial. But it illustrates my point: it is possible and the information is accessible.

However, let’s raise the stakes a little.  What if it were possible for someone to break into your bank account without ever meeting you or without having any physical interaction with you or the bank?  The truth is, it is possible.  Because of our bad habits of presenting information on Facebook and other websites, we are at serious risk of identity theft and some fingerprint-less robberies.

Consider what information an online bank asks for when you log in: only a username and a password.  To a responsible internet-user, this may be enough protection, at least to stay moderately safe.  However, what if you don’t know your password?  The website asks you to submit your social security number and maybe a date of birth.  It will then email your password to your email account, so you can then log in.

We assume that this system protects us from others accessing our account, but does it really?

A social security number (XXX-XX-XXXX) isn’t as secure as you think.  A random sequence of 9 digits is a hard code to crack, but anyone who wants to know your social only needs to guess 2.  That’s right, 2.  So a hacker can essentially break into your bank account once every hundred tries.  This may not sound like much, but entering a social security code 100 times doesn’t take relatively long at all, even considering when the site temporarily shuts down its login after too many failed attempts.

So how are social security numbers chosen?  The first 3 digits are assigned by area.  For example, anyone born in Alaska after 1973 until 2011 will have a social that starts with 574.  Anyone can go on Facebook, see your hometown likely posted next to your name at the top of your profile, and find the first 3 digits with ease.  The middle two digits are labeled the Group Number.  They are harder to predict than the first 3 or the last 4.  The last four digits, which are random, would likely be the most protected part of your social.  Since they are random, no one should be able to guess what your number is.  However, these four numbers are often used on bills and other payment information as identification.  Therefore, someone would only need to steal a bill from your mailbox or email account to have a good shot at cracking your social security number.

These are all simple requirements to fulfill.  It is very plausible that someone can find discover your social security number in less than hour.  Once this is done, the only thing stopping him from hacking into your bank account is a password protected email address, which is probably not the safest thing on the internet.  A simple phishing scam or one email with a misleading link to keystroke capturing software is all it takes to hack an account.  Once inside, the hacker can look at bills that contain the last four digits of a social, find the bank’s email containing its login information, and much, much more.  So, only with a bit of extra computer knowledge and effort, a hacker can find your social security number, hack into your email, and login to your bank account without ever meeting you.  (The government has begun to help the cause by randomizing all digits of social security numbers as of June 25, 2011).

Even worse, if someone were to physically steal your laptop, all those saved passwords on your browser that have offered you the convenience of logging in quickly will allow your personal hacker to steal whatever information you do not want made public.

With all this being said, there are many ways to protect your data and ultimately yourself, but the most secure way to do so is through self-restraint.  HTTPS and SSL encrypted websites may make your data marginally more protected, but you can make sure no one knows your location or birthplace by not posting your location on Facebook.  Even as secure technology becomes more sophisticated to meet the demands of Web 2.0 users, the safest and simplest ways to maintain privacy are not through the “Privacy Settings” page of Facebook, they are maintained through time honored, tried and true web practices.  Create a long password, not a short complicated one.  Log out of websites after you have finished using them.  Do not let your browser save your passwords.  Limit the information you post about yourself.  With these rules of thumb and more, we may maintain our privacy.  Be smart, and don’t let your data destroy you.