Finding My Friends – by “Kojiro M – YLT2012”

December 18, 2012 ~ bradevanrosen ~ Leave a comment

When people find out about Apple’s Find My Friends app for the iPhone, they usually say, “That’s pretty creepy.” They then immediately download the app onto their phone.

Find My Friends takes location sharing to its inevitable conclusion. You know how it’s always such a pain to have to update your location manually (on Foursquare, Facebook, or Twitter) whenever you arrive somewhere in order to let your online friends know where you are? Well, Find My Friends solves this problem with a simple solution: it shares your location with your friends, all the time. That is, if you add a follower on Find My Friends, he will be able to look up where you are at any time of the day, without alerting you that he’s checking up on you. (I think Google Latitude does the same thing as Find My Friends, but does anybody actually use that?)

The implications of this app are incredible. To be honest, over the course of the month that I’ve had it, I’ve really enjoyed this app. I don’t have to text friends about getting to lunch or class at the same time, because I can see if they’re already there. And no longer can friends just mutter an excuse about “attending to some business” and sneak out of the door on a Thursday night. Sometimes, I don’t even bother looking up from my phone to see if a friend is sitting across the room from me. I just look it up on Find My Friends.

All of this sounds like Big Brother’s wet dream. Who would have thought that people would be not only able, but also willing to share their every movement with others? Who would have thought that locational privacy would be a commodity that we prize so little? Will our GPS data really only be used by us? The sum of our privacy is probably a combination of where we are, what we are doing, and what we are thinking. Find My Friends makes it seem normal to have people always knowing where you are, and perhaps even, by extension, what you are doing.

To point out the madness, I tried to think up a way to tangibly demonstrate the problem of oversharing. The result is this video.

To make this video, I followed two of my friends on Find My Friends over the course of 48 hours (Friday, Nov. 30 and Saturday, Dec. 1) by taking regular screenshots on my iPhone. Then, using Google Street View, I basically made a stop-motion video retracing their steps through New Haven. In essence, I recreated their day (or at least the time they spent outside) through the information I gleaned from Find My Friends. You’ll see that I also threw in a few Facebook pictures to illustrate that using other social media, I can add context to their locations as well.

It’s worth noting that Find My Friends doesn’t keep a log of users’ movements, so I had to manually take screenshots in order to keep track of my friends. If you’re curious, both of the friends are sophomores, one in JE and the other in Saybrook. I’m not revealing information beyond that, but you can probably infer a few more personal details from their various destinations.

I hope that people come away from this video a bit troubled by how easy it is nowadays to knowingly overshare and make your every movement a public affair. I certainly came away from this project with that impression. I also came away from this video with a newfound respect for the editors of stop-motion videos and a lasting hatred of screenshots.

The video’s production was hampered by a number of technical limitations. Google Street View does not cover all of the streets in New Haven, so I had to choose my source material carefully to make sure that nobody had to, for instance, walk all the way down High Street. In addition, my original intention had been to retrace my friends’ movements over two or three weeks, but I cut it down to two days when it became apparent how impractical that task would have been. I had also originally intended to follow four of my friends instead of two, but iMovie had no option for a four-way split screen (this says as much about the problems with appliancization as it does about my technical ineptitude). Finally, the compression artifacts and graininess of the video is due the fact that it was apparently necessary to convert the format of screenshots several times before I could import them into my video.

Finally, it might be worth making note of the blatant copyright infringement in the musical accompaniment of my video. It seems to me that this video could qualify for fair use on the grounds that it is educational and has no effect on the song’s market value, but we all know that YouTube doesn’t care about fair use. I’ll just write “No Copyright Infringement Intended” right here. That should keep those DMCA complaints away.

Government Data: Balancing Transparency and Privacy – by “Katherine L – YLT2012”

November 14, 2012 ~ bradevanrosen ~ 1 Comment

God knows this meme's been used to death on this blog, but I betchya weren't expecting this background image!

The government owns a lot of data. A lot. And a huge portion of it is public information that you’re allowed to request (i.e., through a Freedom of Information Act request/local equivalent, or by filing out some paperwork at City Hall). The information is always technically available to you, but more often than not the process is pretty cumbersome–your request might not be responded to quickly, it might be denied for various reasons (some of them pretty dubious), they might give it to you in hard copy, you might be charged for the printing costs, the information they give might not be quite what you requested…the list goes on. To illustrate that point, here’s an awesome blog post by Ian White of Urban Mapping describing his very humorous, VERY maddening dealings with various municipal transit authorities, just trying to get basic data from them like train schedules and locations of stations. It’s worth a skim, if only to see the incredible amount of incompetence and/or obstinacy one often must deal with just trying to get data out of government.

The idea that citizens should be able to access data is rooted in two basic facts. One, the US government isn’t allowed to hold copyrights. The reasoning behind this makes sense–if the taxpayers funded the creation of the data, they should be able to see the results. Turns out this provision of the US Code doesn’t apply to state or local governments. But that shouldn’t make much of a difference in terms of most datasets, because as we saw in Feist v. Rural, the Supreme Court ruled that a mere collection of facts expressed in a database is not afforded copyright protection (I say “most” because it’s not always quite so simple…but in general, much of the data cities collect is not protected by copyright).

In recognition of these facts and citizens’ right to data, some governments have adopted open data policies, encouraging the publication of government data. This often takes the from of an online portal–at the federal level (Data.gov), on the state level (Data.Colorado.gov, among others), and at the local level (Data.SFGov.org, among others). The benefits of an open data portal are great, both

from a public perspective:

Increased government transparency
Lowered barriers to access for government data
Data now available in more useful forms (i.e., not a ream of paper printed single-sided)
Data now available in one centralized location (i.e., not spread across various department websites)

and from a government perspective:

Reduces corruption by making ethics reports, employee salaries, campaign finance data, etc. public
Citizens can sometimes uncover inaccuracies or omissions; thus public availability can acutally improve government’s data
Developers can use data to develop useful applications at no cost to the city (examples from San Francisco)
Can pre-empt information requests by posting data publicly, reduce bureaucratic costs of complying with initial and duplicate requests

SF's open data portal. If you looked at the other examples and are wondering why they all sort of look the same, it's because one company (Socrata) pretty much has a monopoly on open government data at this point.

Sounds like a pretty sweet deal, right? So why doesn’t everyone have one of these? The overhead costs aren’t huge, and if you have a competent IT department the technical administration isn’t a terrible burden. Turns out the main objections are cultural. I worked on San Francisco’s open data policy this summer and found that the biggest concerns for departments reluctant to post data is just that they don’t recognize the larger benefits of open data, and therefore feel little motivation to commit resources to the cause. Another major concern was that many departments just didn’t know what they should and should not post. Every department has a ton of data, but it’s very much a subjective call to determine whether data is of public value and worth posting.

But beyond the public value question is an even larger one–the question of privacy, and this is of particular concern for local governments. The data released by the federal government tends to consist mainly of huge aggregations. Thus, the privacy concern from the release of that data is quite low for the average citizen. But local governments collect a lot of data that could be of concern to an individual citizen if it’s released–say, for example, crime data for incidents in front of your home that could lower its value just as you’re trying to put it up for sale. The laws currently in place in several local jurisdictions don’t provide much guidance on the matter. For example, San Francisco’s policy, which is sort of vague on the privacy issue:

Data prioritized for publication should be of likely interest to the public and should not disclose information that is proprietary, confidential, or protected by law or contract;

New York’s policy has several more provisions, but still leaves a lot of questions for those determining what to include on an online portal. Thus far, the interests of privacy and transparency have been balance-tested on an ad-hoc basis, and sometimes the data is modified to reflect privacy concerns before it is published. Crime data, the example above, has in many cases been aggregated to the block level so that individual homeowners are not targeted. Names are redacted, information related to ongoing criminal investigations is not released, and more. Local governments have mostly erred on the conservative side when cataloguing data for publication. Every once in a while, they mess up (and then learn their lesson). But for the most part the privacy concerns seem to be protected by these sites. However, lacking bright-line standards, governments will continue to have to make subjective calls of transparency versus privacy (having helped to write San Francisco’s policy this summer, I can say from experience that coming up with bright-line standards for this sort of thing is extremely difficult–maybe impossible).

More available data makes for more useful apps (just ask any third-party app on Facebook that’s stealing your information), but at a certain point government needs to weigh the interests of developers against those of their residents. We worry so much about private companies that have data about us online, but often don’t even think about all of the data that government collects. Concerns about online privacy extend here too, and only time will tell if less blurry standards for determining datasets for publication will be developed.

This generic government official knows ALL of your home resale value secrets.

————————-

Privacy as our last piece of bargaining power – by “Maria P – YLT2012”

November 12, 2012 ~ bradevanrosen ~ Leave a comment

‘If you use a tech product for free then the product is you…’ ~ Mark Suster

There’s a front end and a back end on the use of the web and current social media. While it’s masked as CRM, or individually targeted marketing so you can get better deals easier and faster, we are currently trading our privacy for free chips, or a $5 deal on brownies.

Foursquare or Twitter are helping us to willingly trade our privacy for a deal. Even if it could be considered a win-win situation, what the majority of users of the web tends to forget is that there are almost no barriers to entry for the cyberspace, as there is no limits to the data that it can actually hold. That’s why Please Rob Me sparked the controversy about geolocation. You are trading your information, which is not private anymore, to get a $5 discount at the cinema, and then you are willingly telling the world that you are not at home so they can come in and rob you.

From the author of Program or Be Programmed “Ask a kid what Facebook is for and they’ll answer ‘it’s there to help me make friends’. Facebook’s boardroom isn’t talking about how to make Johnny more friends. It’s talking about how to monetize Johnnny’s social graph. Ask yourself who is paying for Facebook. Usually the people who are paying are the customers. Advertisers are the ones who are paying. If you don’t know who the customer of the product you are using is, you don’t know what the product is for. We are not the customers of Facebook, we are the product. Facebook is selling us to advertisers.”

From mining to shaping

And you don’t even need to go “fancy” with social media. Nothing is as private as you think anymore. Just knowing how to send emails from the right place at the right time, and you can trigger probes and end up the career of your ex-lover, who happened to be the chief of the CIA, David Petraeus. I would bet General Petraeus wished he was Tom Cruise in Mission Impossible and had the power of send messages that will self-destruct themselves. It still may seem a little futuristic, but privacy is a business both for its excess or its defect. In fact “92% of the nation’s top divorce attorneys say that they have seen an increase in the number of cases using evidence taken from iPhones, Droids, and other smartphones during the past three years.“. And there is a business behind it, freeware or shareware:

http://howto.cnet.com/8301-11310_39-57377686-285/this-e-mail-will-self-destruct..–heres-how

http://youtu.be/vQRXPG8T4Hs

Even if you are still the kid that wants to make friends, it’s your responsibility to make sure you keep up to date on new privacy policies and how much are you protecting, and how much are you sharing on the web and how. Since advertisers are the users and you are the product, privacy is ultimately becoming currency and source of revenue.

Would you rather share a lot and become “cheap” or just share the necessary, protect your privacy and your “net” value?

A Little Privacy Please? – by “Alexander P – YLT2012”

November 8, 2012 ~ bradevanrosen ~ Leave a comment

For many years, the combination of video cameras, the Internet, and television have enabled many individuals, both talented and not so talented, to gain as much attention and fame as society will give them. Anyone today can easily attain and bask in their “15 minutes of fame”. For instance, there are plenty ordinary people on YouTube who have literally become famous and now earn their living by filming their lives and sharing it with the masses on the interweb. Daily vloggers and YouTube stars, Shay Carl and Charles Trippy, have amassed over 1 million followers each simply by giving people a behind-the-scenes look, so to speak, into their daily lives – their families, their work, their dreams, their highs, and their lows. After watching a few of their videos (or all of them…) you really feel like you know them on a personal level.

However, this isn’t for everybody. A lot of people are not comfortable with exposing the details of their daily lives on the Internet for everyone to see. If you didn’t catch it, that was a joke. One only has to look to Facebook and Twitter to see that this isn’t true. Like Shay Carl and Charles Trippy, we find it easy to share what we are doing every second of the day. All it takes is a status update like “Eating lunch at (insert restaurant name) with (Insert friend’s name) followed by gym, then homework” to let people know what we are doing, where we are, who we are with, and even what our schedule looks like. It should therefore not surprise us that we find our lives and the things we share garnering the attention of both friends and complete strangers. What should surprise you, however, and perhaps is more important to this conversation of online privacy is that the information that we do post online gains the attention of corporations as well, “people” who after getting acquainted with your search history, your wall posts, and your interests for some time also feel they know you on a personal level.

The explosion and popularity of social media has turned the individual consumer into a very visible and digital amalgamation of interests, friendships, likes, geographic locations, pictures, and wall posts which for companies looking to make a buck, is awesome. Companies can freely access our pages, which essentially serve as a gold mine of information that they can use to tweak and perfect their marketing and advertising strategies more effectively target us. Companies will use the information they can access to learn more about our personalities (whether we like traveling, food, sports, volunteering), our stage in life (whether we are married, single, the type of job we have) and even our household (where we live, if we have a pet, if we have a house or an apartment) to try and entice you on a deeper level to purchase their product.

Not only are companies trying to sell products to users with the help of social media, they are also using social media to look at potential employees. People have become extremely conscientious about their Facebook and LinkedIn pages when applying for jobs because they want to make sure that they present themselves in a professional light. Companies look at these sites to get a sense of a prospective candidate for employment and really place a significant emphasis on an acceptable social appearance. This has forced users to try and find the balance between sharing too much and sharing too little to the point that privacy has been commoditized. Too much privacy and an employer can’t get to know you; too little privacy and an employer might be turned away.

Ultimately, the massive collection and dissemination of our personal information has got people wondering – when will we be able to regain “15 minutes of privacy”?

But who is really to blame for our invasion of privacy, the social media giants or ourselves? One could argue that we place ourselves in these predicaments of vulnerability. By making a Facebook profile one is essentially signing away the right to control of one’s personal information and the right to seclusion and secrecy. We cannot complain about our privacy online if we are continuing to post all of our sensitive personal information willy-nilly.

On the flip side, these social media titans should handle the information that we do give them – either directly or inadvertently – responsibly. We should be able to hold these social media sites accountable to some extent. Efforts have been made by Facebook to be more transparent with users about the information that is being used like detailing the types of information that an application will use if approved and used by the Facebook user. But is that enough? Shouldn’t the user have more of say in how their information is collected and disseminated?

So from all us social media users to the social media titans and the information-digging companies:

The Six Most Troubling Digital Privacy Stories of the Year – by “Joseph Y – YLT2012”

November 5, 2012 ~ bradevanrosen ~ Leave a comment

1. Creepshots preys on women in public

You go to a coffee shop wearing your favorite sundress. You sit, sip your latte, and try to finish a fantastic 18^th century British novel. Don’t let the seasonal cups, peppermint aromas, and Imogen Heap music fool you—you may be in danger of becoming the next girl featured on Creepshots, a subreddit on which men post photos of random girls they see in public. Most of the time the pics are taken right out in the open. Sometimes, however, strategically placed camera angles go beyond simply what the other coffeehouse patrons would be able to see. Simply going out in public can make you a target for invasive photographers.

Reddit has attempted to ban Creepshots, but new iterations of the subreddit have come back—first as CreepSquad and even (apparently) as a fashion critique reddit.

2. Is Anyone Up? exposes bodies and ruins lives

One of the most controversial sites on the web, Is Anyone Up? specialized in posting nude pictures of men and women along with their real names and Facebook profiles. Ex-beaus often sent in pics of their former lovers, exposing them and their bodies to the World Wide Web. The implications this site could have on one’s career, relationships, and mental health were quite large. The site became the bane of anti-bullying groups, who would later pay the site’s creator to shut down the page.

While a huge invasion of privacy, some attributed the site’s success to how it made nude pictures “real” by showing the unsuspecting “models” in their sexual and non-sexual states. Some even think it was within Hunter Moore’s rights to express his notion of human sexuality by posting these photos of others. This is a prime example of how privacy rights can come into conflict with claims of free expression.

3. Predditors attempt to combat Creepshots

It seems brilliant: The creation of a tumblr called Predditors that identifies the men on Reddit who take creepy photos of non-consenting women. Posting their information is a surefire way to stop them, right?

At first glance, what may seem like an amazing means of revenge may be troubling. While Predditors attempts to do much legwork to ensure that they are accurate, there are disturbing implications should someone on the site be misidentified. While these guys who post creepshots are doing a horrible thing, outing them may not be sufficient to stop their misdeeds and could even be taken as acceptance of a lower standard for Internet privacy expectations.

4. Do not track? Do not care

Tracking is big business, with whole companies solely devoted to providing targeted advertising based on a user’s site history. It can often be a creepy experience to see ads for Calvin Klein after searching through underwear sales on a department store website. In its new iteration of Internet Explorer, Microsoft made sending “Do Not Track” signals more than just an option—it was the default setting on the browser.

While privacy advocates applauded Microsoft for the move, web advertisers were unhappy. Ultimately, companies decided that they would simply ignore these signals. After appearing to be a successful tool for consumers looking for a little more privacy, this exercise in web negotiations shows that tracking is not going away any time soon.

5. Queer users outed via Facebook

While Facebook offers its users many privacy settings, not all users have taken to making sure that Grandma doesn’t see the photos of you with a Solo cup. In fact, Facebook has become a new way that many queer people have been outed to friends and family. Simply getting added to a group can be seen by all one’s friends (depending on privacy settings), which leaves one open to someone getting included in an LGBT-related group and having that posted on their News Feed for Facebook friends (even non-knowing family members) to see. According to the recently Wall Street Journal article on this trend, Facebook is working with GLAD to offer special guidance to LGBT users.

Facebook isn’t the only site to come under scrutiny for potential outings. Netflix was sued in 2009 for releasing data on viewing habits that could potentially identify users as LGBT. These stories show just how much the digital era has changed the ability for young queer individuals to maintain privacy during the coming out process.

6. Nude pictures stolen off a phone by Verizon employee

When we get a new phone, most of us thinking nothing of handing over our old phones for the data transfer process. Even though our phones contain some of our most personal data, we think that cell carriers have to be honest folk, right? Unfortunately, not every employee respects the sanctity of one’s cell phone privacy. Just this past week, employees were caught stealing nude pictures off of a cell phone that they were doing a data transfer on.

What makes this story super scary is that we cannot avoid handing over our phones (and, with them, our sensitive data) when our phones break. In the smartphone era in which we practically have our entire lives on our devices, we ultimately just have to put our trust in someone and hope that instances like this are rarities.

Want to read more?

1. http://betabeat.com/2012/10/reddit-bans-creepshots-and-creepsquad-the-subreddits-that-fueled-its-war-with-gawker/

2. http://www.forbes.com/sites/kashmirhill/2012/04/19/isanyoneup-is-now-permanently-down/

3. http://www.huffingtonpost.com/2012/10/11/predditors-tumblr-creepshots-reddit_n_1955897.html

4. http://www.businessinsider.com/microsofts-do-not-track-plan-is-in-tatters-as-advertisers-vow-to-ignore-it-2012-10

5. http://online.wsj.com/article/SB10000872396390444165804578008740578200224.html

6. http://updates.gawker.com/post/34998266352/verizon-employee-arrested-for-stealing-naked-pictures?utm_campaign=socialflow_gawker_twitter&utm_source=gawker_twitter&utm_medium=socialflow

Final Project: My Big, Fat, Vaugely Acquainted Network – by “Charlie C”

December 15, 2011 ~ bradevanrosen ~ 2 Comments

People are getting smarter about their privacy online. By now we all (hopefully) know to restrict our profiles so that only friends can see our personal information. But after 3, 4, 5+ years of social networking, how many people still know ALL of their Facebook friends? For our final project, we set out to design a fun, interactive website that would work to remind Facebook users of their overly extended networks.

After launching this weekend, we’ve seen over 700 users (Mostly college age students) tag 35,000 friends, and it turns out that the average player only knew 70% of their Facebook friends presented. Now, of course, the term “average user” is very skewed given our user base. Facebook reports that the average user has 130 friends, while our average player has boasted a whopping 880.

We argue that anything under 100% recognition of your “friends” should raise some privacy red flags. Every one of your friends can share your information with third-party apps (in fact it’s this that allows our app to function); we are able to pull all of your friends photos, without their permission–that is, unless they’re smart about their privacy settings. Even if you can’t bring yourself to defriend a long-lost acquaintance, at the very least you should consider creating managed friends lists with restricted privacy settings.

We also hope to remind people to consider their audience when sharing content. “Friends of Friends” is never a good idea. For the average Facebook user, that’s 17 thousand people you don’t know, and why would they need to see your information anyways? Entire networks are generally a bad idea as well. You have no idea how large those networks can be, and with companies asking alums to Facebook stalk you on their behalf, does all of Yale really need to see you with your solo cups?

You probably think you know all your friends. Maybe you even pruned the list recently. But you had names and faces, and it’s so much easier to identify someone with a name. Try out whatsherface-book.com and you’ll understand just what we mean when whatsherface from freshmen year comes up and you’re forced to think, “Who the hell is that?”

Charlie Croom
Bay Gross

Google+ discourages oversharing – by “Zachary M”

July 1, 2011 ~ bradevanrosen ~ Leave a comment

We’ve all been hearing the …er, buzz… about Google’s new social network, Google+. As someone jaded by the oversharing and overall “bogged down” feeling of Facebook, I jumped on the opportunity to see if Google+ would be any different. It’s still in its early stages, but I’ve been pleased by the tangible steps that Google has taken against oversharing.

First, the emphasis on “circles” makes you think about who is going to read what you post. Circles are similar to the optional “list” function on Facebook. But the operative word here is optional. You need to go out of your way to customize who sees your statuses on Facebook, clicking the lock icon next to the “share” button, then going to a “Customize” menu.

Clearly, Facebook doesn’t want you to think about who sees your posts. For Google+, on the other hand, at the bottom of each post, you see who the post will be sent to (see below). It’s similar to an email mailing list, except the ensuing discussion looks more like Facebook. Now let’s think about this in the context of a useless post: “I just had some awesome pancakes for breakfast.” It’s on my mind, so on Facebook, I’ll just type it in, hit enter, and it’s there. On Google+, I’ll type it in, then go to select which Circles to share it with. Because of this, I’m forced to ask, “who would care about this?” Acquaintances are immediately unchecked. Family? Nah, they wouldn’t care either. Classmates? No dice. How about “Close Friends”? Come to think of it, why would they care about an above-average breakfast? No one wants to know this, so I’m not going to end up posting it. This is a perfect example of the power of defaults – two networks have the same options, but they feel fundamentally different since one integrates choice into the interface, while the other hides a default.

Second, there is no wall. This is a big move for Google, considering some form of public personal messaging has been a staple of both MySpace and Facebook, its precursors. There’s a complex psychology and sociology to the Facebook wall, but it just starts feeling weird after a while. It’s akin to people holding a loud conversation in public – you don’t necessarily want to eavesdrop, but you can’t quite avoid doing it. On Google+, if you want to direct a message at someone, you have two options. First, you can make a post that you share only with the intended recipient; the person will get a notification about your post. This is a bit odd, though, since it only appears in your “stream” along with posts not specifically directed at anyone. Second, just email the person. Depending on various privacy settings and whether you are Gmail contacts, Google+ profiles have an email link featured prominently under the profile picture. (Edit: You can control whether this link appears by going to your profile, then clicking “Edit Profile,” then the “Send an Email” icon. When people click this link, they send you an email without actually seeing your email address.) Either way, you’re encouraged to keep two-person conversations private.

It might seem surprising that the folks who brought us the Buzz disaster would discourage us from sharing too much, but they’ve clearly focused their network around what people don’t like about Facebook (and perhaps they’re trying to avoid the backlash they got from Buzz). Facebook has become inundated with information you never wanted to know from people you met once and became friends with out of politeness. Even to many people who are “hooked,” Facebook has become more of a social burden than a welcome way to keep in touch with friends. It’s hard to predict how Google+ will evolve as it scales up and is modified over time – after all, Facebook was once somewhat similar to the current Google+, but it incrementally eroded privacy to draw users in. However, Google has an advantage that Facebook didn’t have. It is already an established web resource with enough useful services independent of its social network to keep itself relevant for a good while. Google can continue to attract users by making Google a one-stop digital resource, leaving an unobtrusive social network intact.

Addendum: I should probably note that the “resharing” function leaves a privacy hole, but resharing itself requires that you think about who would want so see someone else’s post. Though it amounts to no more than automated copy and paste, this is another example of the power of defaults; hopefully Google will allow users to turn off resharing by default before Google+ becomes open. In general, the Google+ design allows you to limit the people you give information to, not what they do with it, which is really all you can hope for, anyway (see Hoffa v United States).

It’s 5:00. Do you know where your iOS device is? Because Apple does. – by “Evin M”

April 20, 2011 ~ bradevanrosen ~ 2 Comments

Today, Alasdair Allen and Pete Warden announced that “[e]ver since iOS 4 arrived, your device has been storing a long list of locations and time stamps.” Your device’s longitude and latitude have been recorded hundreds of thousands of times with timestamps getting backed up to iTunes, transferred to new devices and restored across backups. It’s not encrypted, it’s not protected, and it’s pretty easy to access.

A visualization of iPhone location data, from Alasdair Allan and Pete Warden

Let’s recall US v. Maynard, a 2010 case where FBI agents planted a GPS tracking device on a car when the car was on private property, and then recorded its location every ten seconds for a month without obtaining a warrant. The US Court of Appeals for D.C. held that obtaining such information required a search warrant, and rejected the Bureau’s claims that their actions didn’t constitute a search. The Bureau cited US v. Knotts, in which police used a beeper device to track the discrete movements of a suspected conspirator’s car over a limited period of time. In this case’s opinion, the court only addressed the use of such tracking technology for a single car trip–not limitless access to GPS data, regardless of previously specified time or place.

Accessing aggregated GPS data in an investigation constitutes a search and requires a warrant. However, we’re only familiar with this situation when a third party is seeking that location data. What’s unique about Apple as the original collector? They’re not going after data collected by another party–it’s a function built into the software, and it’s covered in the terms of service.

Indeed, Apple’s iOS 4 TOS says

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

So what’s next? The blogosphere is feeling squeamish, but is that the extent of the response? Thoughts, guys?

As an aside, Apple’s capitalizing upon the buzz with advertisements on Google, perhaps employing the same publicity tactics that BP did, post-oil-spill (I blogged about it here). I’d be interested to see if the content of these word-triggered ads changes to be more actively positive in Apple’s favor as more eyebrows are raised in response to this latest discovery.

Petition: Facebook, Stop Invading My Privacy! (a facebook group) – by “Anna D”

March 22, 2011 ~ bradevanrosen ~ Leave a comment

Experience has taught me that most humans like to talk about themselves, and, in the digital age, we all seem to have a guaranteed audience. If you can’t find anybody to listen to your stories in person, you can broadcast them over the internet for any friend, relative, coworker, stalker, or total stranger to enjoy. Thus the emergence of LiveJournal, MySpace (now My____), Facebook, Twitter, Gmail Buzz, Digg, and a plethora of other sites that allow us to feel connected to the world from the privacy of our own homes. Through these sites, we can share our intimate details of emotional turmoil and real-time updates about our most mundane actions (and, if you’re Jessica Simpson, you can demonstrate your affinity for clean ears).

Of course, with all of these social networking sights, there is the risk of overshare. One wrong click could make a journal entry that was supposed to be “private” readable to all the world, and a lapse in judgment could result in you complaining about your boss in your Facebook status update when, in fact, your boss is a Facebook friend. My high school teachers were quick to remind us that we should be very careful about what we posted online, as we might have viewers outside of our intended audience. They held up one of my peers as a prime example. A recently graduated student had tried to get a job in the school’s Computer Lab during his gap year before college, but he had made the mistake of alluding to his affinity for marijuana on his MySpace profile. In addition to refusing to hire him, they saw fit to share his faux pas with the entire faculty, student body, and association of parents as a cautionary tale.

I felt: Lesson learned. No open profile. No stupid photos. No exposing my personal information to school officials, potential employers, or strangers. I had assumed that, if I was careful, I could maintain my privacy. Of course, there was the issue of a friend writing something unsavory on my wall or tagging me in a photo I wasn’t proud of, but there are means of protecting yourself against that. As the author of “10 Privacy Settings Every Facebook User Should Know” suggests, you can protect your privacy by monitoring your friend list, removing yourself from Facebook result searches, removing yourself from Google, avoiding the infamous video/tag mistake, protecting your albums, preventing stories from showing up in your friends news feeds, protecting against published application stories, making your contact information private, avoiding embarrassing wall posts, and keeping your friendships private. If I did all of this, my profile might look a little boring, but I should have absolute privacy, right? Wrong.

Even Facebook users with the most strict security settings do not really have “protected” profiles. According to Wall Street Journal investigators, Facebook “apps” have been transmitting identifying information such as Facebook user IDs and names to external companies to use them for marketing purposes, regardless of whether the user has tried to make his/her information private. For some users with less strict privacy settings, their age, occupation, residence, and/or photos might be released to these advertising and data firms which could then attach them to “dossiers” they had already compiled on the user’s personal information and internet-activity history. When the WSJ conducted its investigation in the fall of 2010, each one of Facebook’s ten most popular apps (FarmVille included) was guilty of transmitting user IDs, contributing to a breach of privacy for tens of millions of Facebook users.

Facebook officials indicated that their company was opposed to such information sharing (evidently it is against its privacy policy for apps to user information to these external companies), and they promised that Facebook was working on limiting user’s exposure. Several “guilty” apps were disabled, but, how can Facebook monitor the activities of all 550,000 apps? What incentive do they have to bother?

After coming under a lot of scrutiny for its privacy policy (which most users could not even understand because of its length, density, and language), Facebook unveiled its plan for a new format, which should make the policy more readable and understandable. Facebook disseminated a graphic to demonstrate how the new format, characterized by “simplified explanation” and “interactive tools,” will help users understand the way their information is being used:

This is a nice gesture… but the privacy policy itself will remain completely unchanged, so personal information can still be used to target advertisements and “Sponsored Stories” about us can be used to advertise products to our friends. For a lot of people, this gesture is simply not enough.

Steven J. Vaughan-Nichols argues that our personal information and privacy is too high a price to pay for just “free web-hosting and some PHP doodads.” He believes that the Facebook’s Panopticonic system developed out of the centralized server/client architecture that pervades today, and he suggests that our freedom can be obtained through decentralization, through the use of small, inexpensive plug servers, dubbed Freedom Boxes. According to the Debian wiki, “We live in a world where the use of the network is mediated by organizations that often do not have our best interests at heart. By building software that does not rely on central service, we can regain control and privacy. By keeping data in our homes, we gain legal protection over it. By giving back power to the users over their networks and machines, we are returning the internet to its intended peer to peer architecture.” Freedom Boxes will offer data encryption and security, and it will allow Internet users to enjoy “safe” social networking through “privacy-respecting” services such as Diaspora, Appleseed, and Lorea.

Sounds very interesting, but I’m curious about how successful these new sites will turn out to be. The centralization of Facebook’s system might give it too much power, but it is a power that will be difficult to overthrow. Facebook has become not just a social network but THE social authority; as Hortsense Smith for Jezebel notes, “it often seems like its somewhat required to have a Facebook profile just to appear to have a presence on Earth.” If you’re not on Facebook, how will you get this invitation or hear about that piece of news (gossip)? How will the person you met at the dinner on Friday track you down to see you again? How will you announce to the world that you’ve just finished reading Twilight and the ending made you cry? While ceding control over one’s personal information is certainly a cost, it seems to be one that many millions of people are willing to pay for the convenience and size of the network. Seeing as so many of the people that join networking sites join them to have 1) an audience to perform to and 2) a constant source of entertainment as they watch other people’s performances, how could they walk away from so vast an audience and so great a spectacle?

I anticipate that Diaspora and similar “secure” social networking sites will become very popular within certain circles (most likely among computer-savvy users that already know P2P, appreciate open-source software, and understand how seed systems work), but I think they will remain niche. Most of us (many computer-illiterate) will just stay on Facebook and grumble about privacy breaches through status updates, wall posts, and Facebook groups.

’cause it’s a jungle out there ♪ – by “Russell K”

November 8, 2010 ~ bradevanrosen ~ Leave a comment

In all likelihood, I was not the only one last class who wanted to discuss further the issue of online identity and privacy. I tend to agree with Kashmir Hill in her suggestion (in class and in her website) that our sense of privacy will change. Yes, in a more transparent era, or perhaps just for a younger generation, last Friday’s embarrassing moment will remain just that and no more, despite and perhaps in part due to online evidence.

This perspective may be comforting, but we should qualify this comfort. It is a small, finite comfort.

The comfort lies in the realization that our own mistakes will not be as damaging as we might initially fear. Mr. Scalia (who often seems to be assigned in readings at Yale at his expense!) if little else in our readings does seem to remind us that the idea of the law protecting every little fact about us is absurd. Kashmir Hill suggested that more openness might lead to more comfort. And indeed, for stuff like what happened last Friday that a friend posted with you tagged in it, it might be less silly to turn to social norms than to turn to law. Social norms are formed online — we all have seen this happen in our generation — and we can expect a great deal of such online exposure to be made safer by online social norms, without overprotective, “silly” legislation. We can all simmer down now because the privacy FUD problem is solved.

If that leaves you less than satisfied, I’m with you. “Online exposure” can go far beyond being tagged in a Facebook pic. Specifically, your online exposure is not necessarily of your own doing, or even your friends’ doing.

Daniel Solove’s blog post in this week’s reading suggested an interesting term: Aggregation. Solove uses this term to describe a way that gathering data on someone can lead to violating his/her privacy, essentially by connecting “innocuous” points into a “detailed portrait of our personalities and behavior.” We can ask a sort of philosophical question: What other effects might the Internet bring about to data about you?

Like Seth Godin’s list of ways things can get broken, my list of privacy FUD is sure to be incomplete. Please comment and add your own!

1. Aggregation – Connecting innocuous dots can lead to an uncomfortably detailed big picture. For an example, do the readings.

2. Dis-gregation – Less is more — more harmful.

What if an online journalist or a Facebook friend isolated a couple (true) facts about you and leaves out other relevant facts?

3. Context Distortion – Taken out of context, new implications begin to arise.

I thought of this last class when I discovered searching for my name leads to a porn website. No, I don’t have a porn star double life! But in 2009 I did help promote Yale and other US colleges to Japanese students, and the Japanese term 中高生 (middle and high school students) landed links to YouTube versions of our video footage filled the greater part of a fuchsia-colored website. (Incidentally, if you’re being naughty and trying to find this website, at least on the page with my name in it there was nothing graphic, let alone anything involving minors.)

4. Unplanned Anti-Obsolescence – It’s forgotten by now, right? No, it’s in the Net’s hands now.

A friend thought he’d put up a silly status update, and delete it 30 minutes later. It wasn’t something he wanted everyone to know, but having a few know would have been acceptable to him. He had it planned out that way. But when another friend found it hilarious and re-posted it as his status, control over it had changed.

5. Promulgation – Data that’s out there, but in small circulation, can become less innocuous by gaining popularity.

A funny story shared to friends might not be best when shared on the Internet, where there are less degrees of separation from total strangers who might interpret it differently. Cyber-bullying examples come to mind as well — a few enemies at school is a smaller problem when they’re not enlisting online comrades. Or what if RapLeaf had sold (“inadvertently”) data about your online behavior not to a dozen advertisers, but hundreds? What if they also sold data to your workplace, school, or to the government?

I am sure there are more effects we could talk about, but the bottom line is that an embarrassing Friday should not be our only concern. Even if greater transparency helps establish social norms online, we shouldn’t ignore that it’s becoming easier and easier for the Internet to affect info about you. What you post about yourself or reveal to marketers tracking you is really just where that data might start off – really we’re talking about the potential for that data to take on a life of its own. Much of this seems difficult for the law to prevent, but I suspect we’re more eager to turn to the law rather than social norms when we consider that it’s not just about our own mistakes confined to a few popular sites.