Category: Privacy in a Web 2.0 World

The Assumption of Privacy: Unplugged and Plugged – by “a Slade”

~ bradevanrosen ~ Leave a comment

As a social good, I think privacy is greatly overrated because privacy basically means concealment. People conceal things in order to fool other people about them. They want to appear healthier than they are, smarter, more honest and so forth.
Richard Posner 

A doctor, a lawyer and a priest walk into a bar.  The bartender looks up and says “What is this, a joke?”

Joking aside, consider the following scenario.

A doctor, a lawyer and a priest walk into a bar.  The bartender recognizes the doctor who had performed tests and diagnosed a fatal illness she had unwittingly contracted from her lover.  The lawyer is the bartender’s attorney, who is defending her for the murder of her (former) lover, claiming self-defense.  That morning, the priest had heard the bartender’s confession, and, while condemning her actions, had offered her absolution.

If you were to ask any scholar of twenty-first century American jurisprudence – by which we mean any regular viewer of the television series Law and Order – this set of facts poses a number of legal issues that might thwart the successful prosecution of the murderer bartender.  The police and the district attorney would no doubt want to solicit the cooperation and testimony of the doctor, the lawyer, and the priest to present the case to the jury and to convict the bartender.  However, in each instance, there are societal norms and professional restrictions that might prevent each of them from testifying.  These prohibitions are, to one degree or another, instances of privacy protections.  These cases illustrate privacy unplugged, that is, privacy outside cyberspace.

The bartender went to the doctor voluntarily and submitted to invasive tests, such as x-rays, blood work, or urinalysis.  The bartender had the expectation that the doctor would not share the results with anyone outside the medical team.  This presumption of confidentiality is a central tenet of medical ethics known as the doctor-patient relationship.  Without this privacy policy, a patient might be reluctant to confide in her doctor.  The patient could of course choose not to disclose private information to the doctor, but the patient realizes that she benefits from letting the doctor know the full story, thus allowing the doctor more effectively to diagnose and treat her.  The bartender profits from this voluntary loss of privacy, albeit with the understanding that the doctor will not reveal the information.

The bartender went to the lawyer voluntarily and revealed the details of her ostensible crime.  Again, the bartender had the expectation that the lawyer would not share her confidential information with others, particularly not with the law enforcement community.  As was the case with medical ethics, the concept of attorney-client privilege is at the heart of the legal profession.  The intent is to encourage the “full and frank” disclosures of clients to their attorneys.  The bartender could of course choose to lie to her attorney, but she might then prevent the attorney from giving her his best professional advice.  The bartender profits from this voluntary loss of privacy, albeit with the understanding that the lawyer will not reveal the confidential information.

Finally, the bartender went to confess her sin to the priest of her own accord.  The bartender once again had the expectation that the priest would respect her privacy and not reveal any confidential information with others, including the police.  This presumption of confidentiality is also enshrined in the professional tenet of priest-penitent privilege.  In the United States, this principle is often considered implicit in the First Amendment protection for freedom of religion.  The bartender was under no compulsion or obligation to confess her sin to the priest.  It was a voluntary admission, presumably with the expectation that the priest could then offer her a path to redemption, that might save her soul, if not her life.  In any event, the bartender (and her soul) benefits from this voluntary loss of privacy, albeit with the understanding that the priest will not turn her in to the police.

Thus, long before the Internet or databases or Wikileaks, there were long standing norms and legal protections of privileged communication between clients and professionals.   In the cases presented here, the bartender (a) voluntarily revealed confidential information, (b) expected to benefit from divulging the information, and (c) expected the professional who received the information not to reveal it to others.

 

Privacy Plugged In

The issue of privacy protection in the Internet age is not a mere extension of pre-Internet privacy issues.  The difference between unplugged pre-Internet privacy and plugged in Internet privacy is akin to Mark Twain’s observation regarding le mot juste:

The difference between the almost right word & the right word is really a large matter–it’s the difference between the lightning bug and the lightning.
– Letter to George Bainton, 10/15/1888

In the past, a person could keep a diary.  Today, she may post her daily thoughts and activities to Facebook or Twitter.  In the past, a person might unlock her door or open her windows.  Today, she may have a web cam in her bedroom.  In the Internet age, many of these actions are voluntary, though it is now easier for unscrupulous people to invade the privacy of others, for example by hacking into cell phones, as the News International phone hacking scandal has revealed.  Leaving aside such malicious and larcenous invasions of privacy, the Internet has enabled people to share information – arguably, too much information – to millions of faceless strangers.

Following our unplugged analysis, what benefit accrues to the individual by this voluntary disclosure?

We might speculate that posting to Facebook and Twitter has evolved into an accepted standard of behavior.  The social networks are now the social norm.  However, we are interested in examining cases in which the individual who reveals private information has a more tangible benefit.

Publication of Private Electronic Mail
Years ago, Ralph Goren was the administrator of the Stanford University undergraduate computing facility.  As legend has it, he received a considerable volume of daily emails, which he never bothered to read.  However, he chose to make his email file world-readable.  Thus, he reasoned that if anything important appeared in his email, the conscientious Stanford undergraduates would tell him about it.  Goren was willing to sacrifice his privacy in return for saving the time of reading tons of irrelevant emails.

Publication of Private Medical Data
On a Thursday in March of 2010, Jonathan Zittrain, the Harvard Law professor and co-founder of the Berkman Center for Internet University, found himself in the hospital with severe and puzzling symptoms (fevers that came and went, and abnormal blood results).  By that Saturday, since his doctors had thus far been unable to get a diagnosis, he availed himself of an option offered by a colleague: post symptoms and associated data to a medical blog, and see if this community of doctors can come up with a diagnosis.  The posting did not include Zittrain’s name, but just his initials, JZ.  The assumption was that the readers of the blog did not need to know the identity of the actual patient.

There were several results.  First, the crowdsourcing effort quickly revealed a similar case in the literature from South Korea.  Zittrain provided his doctors with the information and subsequently received appropriate diagnosis and treatment.  Second, a subsequent posting on another blog revealed the fact that Jonathan Zittrain was ill and lead readers to connect the dots and conclude that “JZ” was Jonathan Zittrain.  Finally, Zittrain, as a staunch advocate for the benefits of transparency in general and crowdsourcing in particular, saw this episode as a teachable moment, demonstrating the tradeoff between individual privacy and the benefit from collective medical wisdom.  He voluntarily permitted his health information to be revealed on the Internet, and reasoned that he stood to benefit by the diagnosis and treatment of a possibly life-threatening disease.

Publication of Comprehensive Private Data (Sousveillance)
Hasan Elahi is a professor media studies who was detained and questioned by the FBI in 2002, after his name was included on the terrorist watch list.  The FBI interrogated him extensively and had him submit to a polygraph test.  Elahi was able to secure his release.  He could provide detailed answers to the questions concerning his exact whereabouts, as he maintained his schedule on a personal digital assistant.  In response to this harrowing experience, during which Elahi believed that he faced incarceration, albeit unjustly, Elahi concluded that going forward he would not be able to remove his name from the terrorist watch list, and he would proactively catalog every event in his life.  Elahi created a web site to detail his comings and goings every day of his life.  He kept a GPS device on his person which would constantly record his location.  The FBI had provided him with a contact number which he would call ahead of time whenever he traveled, which was often.  Elahi flies over 70,000 miles each year.  Rather than be subject to covert surveillance by the authorities, Elahi initiated sousveillance – a voluntary publication of personal information, not only saving himself the annoyance of being taken in for questioning, but also saving the FBI the expense of following him.

As a media artist, Elahi turned this project into a work of art, which has been exhibited widely.  He gave a TED talk describing his work.  In this case, we have an individual divulging almost every mundane detail of his life, more or less voluntarily.  In return, Elahi benefits from both traveling without interference from the authorities, and also achieving an artistic and professional goal through his exhibits.

Publication of Private Passwords
We may view Elahi as the extreme case of transparency and foregoing all pretense of privacy.  However, he still retained control over his own systems, files, accounts, and passwords.  Only he could update the web site.  He still held the keys to open the door.

By contrast, Richard Stallman, the renowned MIT Artificial Intelligence Lab hacker who developed the emacs text editor, and the GNU open software project, is known to leave his personal account unprotected by passwords.  Thus, like Goren, he allows anyone to view his personal communication, but he goes a step further.  The Stanford undergrads could read Goren’s emails, but could not edit or delete his files.  Stallman, as a matter of principle, willingly accepted these possible adverse consequences.  It is as if Stallman left the door to his house unlocked, advertised the fact, and did not prosecute the burglars who stole his stereo.  Stallman gave up his privacy voluntarily, and benefited by exemplifying the principle of freedom of information.  Stallman, like Zittrain but more so, is an advocate of the free and unencumbered flow of information.  In his days at the MIT AI Lab, he encouraged his colleagues to remove their passwords.   Passwords for computers are akin to locks and keys for apartments.  Stallman wants to live in a house or dormitory in which everyone trusts each other and leaves their doors unlocked.  No keys are required.  Stallman voluntarily sacrifices his privacy in return for the utopian principle of a trusting and just society.  The price he pays is replacing his stereo from time to time.  Not altogether a bad tradeoff.

Privacy Tradeoffs: Plugged vs Unplugged

Almost any technology has adverse consequences.  Miracle drugs cure diseases, while people may die from side-effects.  The airplane transforms modern transportation, while thousands die from airplane accidents.  The Food and Drug Administration acts to insure that drugs are safe and effective.  The Federal Aviation Administration, the Transportation Security Administration and the National Transportation Safety Board act to regulate air travel. Society accepts trade-offs, but creates institutions to mitigate and regulate the adverse effects.

Privacy issues create similar trade-offs.  These issues have been with us before the Internet.  The long-standing unplugged privacy protocols (doctor-patient, attorney-client, priest-penitent) may help inform the debate for the brave new world of plugged-in privacy.  At the least, we should expect the individual to have a choice when revealing private information and to be able to justify that decision with a concomitant benefit.

Obligatory Lame Joke

We feel a duty to fulfill the initial promise of a humorous anecdote.  Here goes.

A doctor, a lawyer, a little boy, and a priest were out for a Sunday afternoon flight on a small private plane. Suddenly, the plane developed engine trouble. In spite of the best efforts of the pilot the plane started to go down.

Finally the pilot grabbed a parachute, yelled to the passengers that they had better jump, and bailed out. Unfortunately, there were only three parachutes remaining. The doctor grabbed one, yelling to the others, “I’m a doctor, I save lives, so I must live.” And out of the plane he jumped.

The lawyer then said, “I’m the smartest man in the world, I deserve to live!” He grabbed a parachute and jumped.

The priest looked at the little boy and said, “My son, I’ve lived a long and full life. You are young and have your whole life ahead of you. Take the last parachute and live in peace”.

The little boy handed the parachute back to the priest and said, “Not to worry, Father. The smartest man in the world just took off with my back pack.”

Deriving the story’s relevance to privacy is left as an exercise to the reader.

 

Transition from Privacy 1.0 to Privacy 2.0, and a few ways to protect ourselves… – by “Michael A”

~ bradevanrosen ~ Leave a comment

As the world and human race have evolved, so has the means by which we communicate. At first, hand signals, cave drawings and the primitive languages of ‘caveman’ marked the earliest forms of communication. This transitioned into fully formed languages and writing. Along with writing, new sources of media such as photos, videos and songs became popular forms of communication. And with the invention of the silicon chip, all forms of communication became available and transferable through computers. This marked the beginning of our shift toward digital data.

Offline dossier to online dossier

Modern information technology trends suggest that we have an insatiable desire to aggregate all of our information through digital means. Companies such as Facebook, Flickr and Google provide useful services to users that participate in these communities. Other products, for whatever reason, seem only to be a nuisance that create no palpable value (See Blippy, Foursquare; and again later). The importances of these products reside in their ability to provide real-world effects, through Internet means. Friends can stay connected through Facebook with common sharing of information and can inform each other of given locations, so as to make the connection come full circle back into the real-world. In the process, small bits of information are left behind.

Important or not, this data is collected, stored and forever connected to our username, or IP address. Companies such as Facebook, Google and Amazon target ads and ‘recommended products’ based on proprietary algorithms coupled with all of their known information. If you look for a few programming books on Amazon, chances are you’re going to get a suggestion for some sort of Tim O’Rielly book next time you log on. Amazon has taken the place of a bookstore employee that suggests the next related book for whatever your interest may be. In this case, it does so instantly and with better-assembled data about a person’s interests. Whether you like it or not, these digital dossiers of personal information are formed based on everything digital. From places you’ve been, websites you’ve visited, products you’ve viewed or mouse movements you’ve made.

Some (myself included) choose to participate in the construction of our digital dossiers. Facebook has become a great way to transform the entire social portion of people’s lives into 1’s and 0’s that are stored on the Internet.  (Watch)  Users actively participate in the construction process by uploading pictures, maintaining conversations through posts, messages or chats or liking certain bands, movies, or books. Ever wondered what all the data might look like aggregated? (Try it out, seriously, download all of your FB data and see the substantiality).  Small tidbits of information observed in pieces may seem inconsequential. But, when aggregated, this information creates a much different situation and it becomes much more valuable. The individual wants to protect the dossier, while other services want to obtain and exploit the dossier.

What if privacy is breached?

With most personal information digitized, such as Facebook likes, bank statements, medical records, or relationship statuses, how can we be sure that it will always remain in a secure location? Sure, server warehouses seem safe (maybe not).  But what if the data is stolen/found/obtained over the Internet? (Firesheep) Imagine the outbreak if Facebook, Google or some other products were found to be emitting data about its users to others. Oh wait…whoops  (Here, Here, Here).  There’s sever backlash when an Internet service fails to make good on its social contract of maintaining tight security of users’ data. On the other hand, Foursquare and Facebook Locations are built on the premise that people want to share their much more with others. The iPhone OS 5 has this feature as well that allows GPS tracking of other phones (sometimes for incriminating purposes).

How can we be sure that this information with always be for the betterment of society? Up to the minute tracking abilities could possible pose security threats to anyone that may be interested exploiting them.

Whatever our obsession may be with sharing personal information, it could pose a substantial threat if used in ways that target the real-world individual from digital information. The interest in uploading, sharing and aggregating all information lies in the movement to digitize the real world. The comfort levels that some experience on the Internet suggests either misunderstanding of the dangers involved, or irrational behavior.

A few ways to protect yourself:

–       For those who maintain personal websites and seek protection, Robots.txt allows the creator to disallow most web-crawling bots to index such sites. While most major search engines support it, it is not perfect. A good start, nonetheless.

–       To create secure files, TrueCrypt provide a free, open-sourced product that will take any file, encrypt and mount it to a disk image with password protection.

–       For a secure email service, Hushmail is considered the best.

–       Good web practices such as disabling cookies or taking note when a certain website is secure (HTTPS or SSL encrypted) will help prevent any unnoticed breached or privacy

 

Should there even be more protection?

While taking certain precautionary measures is important, such as described above, there is no guarantee that all digital information amassed will be completely protected. The only sure-fire way to make sure is to not participate in the creation of a digital dossier in the first place. But, for most it’s too late. In this case, what else can be done to bring about more protection from potential leaks of data? Government intervention or control won’t work; as they’re most likely those that could best use such information for incriminating purposes. Legislation could only seek retribution after data is already ‘misplaced’ and would not create any new incentives to further protect it. Is there anything that can legitimately protect someone like me?

What about the idea of ‘Mutually Assured Destruction’ in this context? If we all have incriminating, embarrassing, or private information online, then we all at the mercy of those who control such data. Surely there’s someone else out there with worse or more incriminating or more embarrassing information than I have. As such, any exposure will look relatively much worse for them; and as long as I’m not the worst, I’m not a target…Yeah, that’s probably the best way to think about it.

Google+ discourages oversharing – by “Zachary M”

~ bradevanrosen ~ Leave a comment

We’ve all been hearing the …er, buzz… about Google’s new social network, Google+. As someone jaded by the oversharing and overall “bogged down” feeling of Facebook, I jumped on the opportunity to see if Google+ would be any different.  It’s still in its early stages, but I’ve been pleased by the tangible steps that Google has taken against oversharing.

First, the emphasis on “circles” makes you think about who is going to read what you post.  Circles are similar to the optional “list” function on Facebook.  But the operative word here is optional.  You need to go out of your way to customize who sees your statuses on Facebook, clicking the lock icon next to the “share” button, then going to a “Customize” menu.

facebook
Sharing options for Facebook posts

Clearly, Facebook doesn’t want you to think about who sees your posts.   For Google+, on the other hand, at the bottom of each post, you see who the post will be sent to (see below).  It’s similar to an email mailing list, except the ensuing discussion looks more like Facebook.  Now let’s think about this in the context of a useless post: “I just had some awesome pancakes for breakfast.”  It’s on my mind, so on Facebook, I’ll just type it in, hit enter, and it’s there.  On Google+, I’ll type it in, then go to select which Circles to share it with.  Because of this, I’m forced to ask, “who would care about this?”  Acquaintances are immediately unchecked.  Family? Nah, they wouldn’t care either.  Classmates? No dice.  How about “Close Friends”?  Come to think of it, why would they care about an above-average breakfast?  No one wants to know this, so I’m not going to end up posting it.  This is a perfect example of the power of defaults – two networks have the same options, but they feel fundamentally different since one integrates choice into the interface, while the other hides a default.

Sharing a post on Google+
Select who you share with.

Second, there is no wall.  This is a big move for Google, considering some form of public personal messaging has been a staple of both MySpace and Facebook, its precursors. There’s a complex psychology and sociology to the Facebook wall, but it just starts feeling weird after a while.  It’s akin to people holding a loud conversation in public – you don’t necessarily want to eavesdrop, but you can’t quite avoid doing it.  On Google+, if you want to direct a message at someone, you have two options.  First, you can make a post that you share only with the intended recipient; the person will get a notification about your post.  This is a bit odd, though, since it only appears in your “stream” along with posts not specifically directed at anyone.  Second, just email the person.  Depending on various privacy settings and whether you are Gmail contacts, Google+ profiles have an email link featured prominently under the profile picture. (Edit: You can control whether this link appears by going to your profile, then clicking “Edit Profile,” then the “Send an Email” icon.  When people click this link, they send you an email without actually seeing your email address.)   Either way, you’re encouraged to keep two-person conversations private.

It might seem surprising that the folks who brought us the Buzz disaster would discourage us from sharing too much, but they’ve clearly focused their network around what people don’t like about Facebook (and perhaps they’re trying to avoid the backlash they got from Buzz). Facebook has become inundated with information you never wanted to know from people you met once and became friends with out of politeness.  Even to many people who are “hooked,” Facebook has become more of a social burden than a welcome way to keep in touch with friends.    It’s hard to predict how Google+ will evolve as it scales up and is modified over time – after all, Facebook was once somewhat similar to the current Google+, but it incrementally eroded privacy to draw users in.  However, Google has an advantage that Facebook didn’t have.  It is already an established web resource with enough useful services independent of its social network to keep itself relevant for a good while. Google can continue to attract users by making Google a one-stop digital resource, leaving an unobtrusive social network intact.

Addendum: I should probably note that the “resharing” function leaves a privacy hole, but resharing itself requires that you think about who would want so see someone else’s post.  Though it amounts to no more than automated copy and paste, this is another example of the power of defaults; hopefully Google will allow users to turn off resharing by default before Google+ becomes open.  In general, the Google+ design allows you to limit the people you give information to, not what they do with it, which is really all you can hope for, anyway (see Hoffa v United States).

 

New Privacy Hypotheticals – by “Bobby D”

~ bradevanrosen ~ Leave a comment

Technology is eroding individual privacy more rapidly than either the judiciary or the general population realize. Our project, through a series of hypothetical situations, seeks to (1) provide a clearer look at how today’s technologies put individual privacy at risk, and (2) draw attention to the judiciary’s current understanding of certain issues these developments have created.

Today’s judges do not entirely understand the ubiquity of new technologies in modern America, or the staggering amount of data these technologies (such as smartphones or laptops) contain. Scalia’s public embarrassment at the hands of a Fordham Law class indicates that he does not quite grasp the nature of privacy in today’s Internet age, and judicial opinions in a variety of cases (People v. Diaz, US v. Moreno) reveal that judges do not comprehend the scope with which new technologies affect personal privacy or control. Our Legal Background section describes these matters in more depth, and the Memorandum to the Judiciary enumerates specific proposals to improve judges’ understanding of these issues.

To gauge the public’s opinion, we surveyed Yale students. The survey enforced the notion of a gap in understanding modern privacy: it showed that information or data students hold “somewhat” to “very” private is often data they do not have control over. Students held the content of emails and text messages more private than almost every other piece of data, yet these data are archived by corporations in full. Internet searches and web browsing were considered rather confidential, but Google has no qualms about gathering and using these data. The survey also highlighted areas where law lags behind contemporary expectations. Every piece of data considered substantially private on the survey is collected by web-based corporations, but most Internet users do not realize. Income / Financial Aid Status was considered as private as Medical History, yet nothing like HIPPA exists to protect financial information. What students deem most private is not necessarily well-protected; these students should be aware of that fact, and the judiciary ought to take into account these new societal expectations in determining privacy law.

The privacy hyoptheticals deserve attention from both the judiciary and the broader public. We aim to educate both parties about the countless new ways an individual can lose their right to privacy in today’s world.

To see the project in its entirety please visit our website

Frances Douglas TC ’11 / Bobby Dresser PC ’14 / Stephanie Rivkin PC ’13 / Emily Rosenberg PC ’11 / Joel Sircus TC ’14

 

 

It’s 5:00. Do you know where your iOS device is? Because Apple does. – by “Evin M”

~ bradevanrosen ~ 2 Comments

Today, Alasdair Allen and Pete Warden announced that “[e]ver since iOS 4 arrived, your device has been storing a long list of locations and time stamps.”  Your device’s longitude and latitude have been recorded hundreds of thousands of times with timestamps getting backed up to iTunes, transferred to new devices and restored across backups.  It’s not encrypted, it’s not protected, and it’s pretty easy to access.

A visualization of iPhone location data, from Alasdair Allan and Pete Warden

Let’s recall US v. Maynard, a 2010 case where FBI agents planted a GPS tracking device on a car when the car was on private property, and then recorded its location every ten seconds for a month without obtaining a warrant.  The US Court of Appeals for D.C. held that obtaining such information required a search warrant, and rejected the Bureau’s claims that their actions didn’t constitute a search.  The Bureau cited US v. Knotts, in which police used a beeper device to track the discrete movements of a suspected conspirator’s car over a limited period of time.  In this case’s opinion, the court only addressed the use of such tracking technology for a single car trip–not limitless access to GPS data, regardless of previously specified time or place.

Accessing aggregated GPS data in an investigation constitutes a search and requires a warrant.  However, we’re only familiar with this situation when a third party is seeking that location data.  What’s unique about Apple as the original collector?  They’re not going after data collected by another party–it’s a function built into the software, and it’s covered in the terms of service.

Indeed, Apple’s iOS 4 TOS says

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

So what’s next?  The blogosphere is feeling squeamish, but is that the extent of the response? Thoughts, guys?

As an aside, Apple’s capitalizing upon the buzz with advertisements on Google, perhaps employing the same publicity tactics that BP did, post-oil-spill (I blogged about it here). I’d be interested to see if the content of these word-triggered ads changes to be more actively positive in Apple’s favor as more eyebrows are raised in response to this latest discovery.

Hide your account settings, Hide your email, cuz Facebook’s changing everything up in here – by “Evin M”

~ bradevanrosen ~ 2 Comments
mysideproj3ct.wordpress.com

Last spring, Facebook rolled out a new interface with oodles of novel functionality and a handful of big flashy security holes.  In At In April 2010, we met the Open Graph, which utilized Facbook’s Social Graph technology to transform your stated affiliations and affinities from static comments to active connections–literally, your favorite books and music became hyperlinks.  If you didn’t agree to hyperlink your lists of favorites, interests, etc., they were deleted (and so it was that I had a rather blank profile).  This change both made profile information infinitely easier to manipulate on the back end (and thus package and distribute to third parties), and rolled in with a LOT of default rules.  The power of the default capitalizes upon laziness–if a new element of your profile is introduced with a default setting, odds are you won’t change it (unless you’re neurotic like me and check your account and privacy settings every few weeks).  The biggest baddest April ’10 default of them all was Instant Personalization, which handed over your connections to recipients like Windows Docs, Yelp and Pandora because it was originally an opt-out feature.  Only later did Facebook take a step back and change the default rule–but discussion about it didn’t die down before, due to a glitch, some users were able to creep in and see the live chats of their friends.  It was a scary bug, but one what got fixed after it was flaunted in the NY Times.  And so began a renewed wave of privacy freakouts and Facebook hating in the general public–one that, I’ll wager, is about to make another comeback.

What concerns me more than mistakes in code is when they team up with the deliberate integration of opt-out settings.   It seems that the quick-quick-forget-the-debugging-just-push-the-fun-new-toys-out-there mentality has again taken Mountain View by storm, and we’re getting a repeat of last spring.  I think I’m been deemed either hip or unlucky by the Facebook team, because my profile currently seems to be sporting more new tricks than some of my friends’.  The spelling and capitalization of my status updates and chats are automatically corrected, I’ve got e-mail integration in my private messages, and my account settings show an option for suggesting profile pictures to friends.  Nifty!   Except….hey, wait.  I had painstakingly gone through all of my account settings to uncheck the boxes permitting email and SMS notifications for various apparently noteworthy events (you’ve been tagged in a picture, your status has 9088 new comments, grandma just liked your link, etc.).  However, ALL of the boxes were checked–including the new options and the old ones that I had previously unchecked.  I was irritated, so I unchecked all of the boxes, hit save, and let out a sigh of relief when Facebook affirmed that my new settings were saved.

I returned to my account settings page a minute later, to find that a large majority of the aforementioned boxes under the notifications heading were still checked.  I unchecked them, saved my settings, and refreshed the page.  To find these boxes checked again.

There’s not TOO much at stake right now–I’m just going to receive an annoyingly large amount of email in the future informing me that I have notifications.  That said, I’m still concerned.  What if this happened to my privacy settings?  Not cool, Facebook.  Not cool.

 

Edit: Tuesday, April 19th, 2011. 10:20 pm.

Yet again, I entered my account settings to find this:

UGH.

Privacy is for Meatspace – by “Max C.”

~ bradevanrosen ~ 1 Comment
Agent Smith: orly?
Just because you're in an avatar doesn't mean you aren't accountable.

Any online projection of your meatspace avatar should have no private details. For all online material traceable to you in real life, you must expect it to represent you to people that you haven’t met in real life (note: not the Pirate Bay’s definition of real life). Ignore the illusion of Facebook privacy settings: anything on there should be something you are okay with anyone seeing. Any non-encrypted email you send out you stand behind, legally and socially (unless you’re Eric Schmidt). A click, a screenshot, or more realistically an automated tracker has already saved it for all time. Get used to it.

the only embarrassing search is World of Warcraft
There's only one embarrassing search here...

It starts with a simple question: when is privacy important? Privacy is valuable if you don’t want other people knowing things about you. All digital material is easily distributed. Anything put online, therefore, should pass a simple test: is it okay if everyone in the world has seen it?

hi brad
Don't worry about creepy strangers. Only your friends want to look at your ugly mug anyway.

Frankly, most things we do are so mundane and outrageously uninteresting to others that you don’t care if other people know. But keep the sex, illegal acts, and medical history off your Facebook, Twitter, Myspace, and whatever else you have registered to your true moniker. Practice self-censorship, but also be proud of every word you tap out in your boring little status updates.

omg im at a party! brb buzy bein' cool
This is my Facebook profile picture. I chose it because it makes me look hotter than I am in real life.

I’m willing to put my privacy where my big mouth is. I don’t have a Twitter or Myspace. But I’ll upload my entire Facebook for anyone to download. Disclaimer: I deleted my Facebook messages. Other people that send me messages imagine that Facebook messages are private, and therefore I won’t force them to stand by their secret words.

disappointingly demure
A true patriot takes one for the young people of America.

We will one day live in a world that doesn’t find scandals in every teenage indiscretion, sext, or hit off a bong. Until that day comes, societal standards for “appropriate behavior” must be gradually eroded one sex tape at a time. Kim Kardashian did her part. Why aren’t you?

Stalking 101 – by “Xiyi X”

~ bradevanrosen ~ Leave a comment

In high school, I came home one day to see an envelope thumb-tacked onto my front door. Interesting… I thought, and proceeded to open it. Bad idea. The letter contained information from private (or so I had naively thought) Facebook messages regarding a boy on whom I had a crush, various photos of me that someone had printed out, and–the creepiest of them all–the words: your so pretty, C… i saw your mom on your driveway this morning. she was looking good, i can see where you get it from. why won’t you spend some time with me instead of [name redacted]? leave me your response under your doormat.

I had a bona fide stalker on my hands.

Stalkers are nothing new, but social media sure is making it a lot easier for stalkers to do their job nowadays. Stalking used to be a rather difficult task, believe it or not. When I think about it, I realize that my High School Stalker must have put in a lot of effort into harassing me. He had to find, download, and print the pictures; stake out my house to deliver letters to my front door without being seen; loiter around my house more in order to receive my replies, which were under my front porch’s doormat; go back to his house to type up and print out another letter; and then go back to my house, wait for a time when no one was there, and tack it onto my front door again. That’s a lot of time spent just waiting outside of my house.

Courtesy of Google, now you can see my house, too!

Now, thanks to Foursquare, Facebook Places, Twitter, or what-have-you, stalking has become much more accessible for the general public. It doesn’t even take that much effort to stalk anyone anymore. People practically advertise their whereabouts and actions through these platforms, almost asking to be stalked. Stalkers have their work cut out for them, too–all they have to do is visit your Facebook, take a look at your recent status updates or event RSVPs or Foursquare posts, and that would give them a pretty good idea of where to find you. It’s that easy.

Once they’ve gathered information about you, it’s even easier to harass you with it. Gone is the era when stalkers stealthily waited outside houses for opportune times to deliver letters! Thanks to anonymous services such as being able to leave anonymous blog comments and Formspring, harassing someone without fear of repercussion only takes a couple taps on the keyboard and a click of Submit. Any drunken idiot can do it. And I do mean any drunken idiot.

Case in point, from a friend’s Formspring (I apologize in advance for the language and poor spelling):

This actually isn't even the creepiest or most hostile comment, just the most that I could get away with in a class assignment.

There are two things that are clear here: 1) The anonymous commenter spotted my friend somewhere and 2) then decided to communicate to her that she was seen and is as attractive irl as through Facebook stalking. This is stalking made easy in the Web 2.0 age. Web 2.0 allows any random person to find out something about you (location, in this case) and then immediately disseminate that information to everyone else on the Internet. Not only do you have to be concerned about your own privacy, but you now also have to worry about some random stalker’s lack of discretion! Since stalking requires so little effort in the digital age, more and more people are willing to expend that little amount of effort it takes to be anonymously creepy. The result? We now have an ever-increasing population of lazy creeps.

It really makes me miss my High School Stalker. At least he had class and put some effort into being creepy.

Facebook Business Model 2.0: Infringe Now, Ask Questions Later – by “Thad D”

~ bradevanrosen ~ 1 Comment
Well This Zucks...

Welcome to the new business model: infringe on your privacy first, ask questions later.  Now before I fully delve into the issue of Facebook’s new user privacy settings, I should note that I have always been a proponent of Facebook’s right to pursue what it feels is a profitable and satisfying business model.   Capitalism at its finest.  I have defended Facebook using what I have termed “The McDonald’s Defense”.  Often, consumers demand that businesses comply with outrageous orders.  For example, consider the following conversation:

McDonald’s Employee: Welcome to McDonald’s, may I take your order?

Customer:  Yes, hi.  I would like to order, uhm, a large double unsaturated soy mocha float, and two uncooked vegan tofu gluten-free eggs.

McDonald’s Employee:  Uh, sir, we don’t sell those-

Customer:  Oh and could those eggs be fried in omega-3 monopolyunsaturated fats from a Komodo dragon?

McDonald’s Employee:  **Confused Look**  May I help the next customer?

Of course, such a scenario seems ridiculous, but I use it to illustrate the fact that McDonald’s (i.e. Facebook) has the right to refuse service based on what it offers.  If you don’t like the way Facebook organizes its privacy controls, or any of its other features, go to Burger King (maybe, MySpace?).

But, what happened to me the other day was not a matter of asking for unreasonable privacy controls, but rather having my privacy infringed upon with a deceptive “opt-out” system.  Facebook now has a new “Instant Personalization” feature that allows partner websites to access personal information stored on Facebook’s servers without you knowing.  That’s right: FACEBOOK GAVE NO NOTICE OF THIS SERVICE, the only “warning” they gave was a small blue box at the top of each person’s home page that said privacy settings had changed.  Only after clicking “Learn More…” and digging to the very last section did I discover the feature.  Then, when I tried to disable it, I was confronted with the following confirmation page:

The More You Share, The More You Care (For Facebook's Wallet?)

Note that, although I have some of the strictest privacy settings on Facebook (no public search and the only things people who aren’t my friends can do are message me or add me as a friend), I was automatically opted into this Instant Personalization module.

So Facebook, where does that leave us?  You’re probably right, the “richness of the social interaction” from these new features is probably worth the hassle of a slight loss of anonymity because they provide so much convenience.  But why make it so hard to opt out?  Why not notify us about these changes?  WHAT INFORMATION ARE YOU GLEANING FROM THESE PROGRAMS THAT MAKE YOU WANT US TO PARTICIPATE SO BADLY?  WHAT IS “THE MAN” PAYING YOU?

Please, Mark Zuckerberg, get back to me on that.  You know how to reach me: just add “Thaddeus Diamond” as a friend, and click “Share”!