In the coming years most of us will be carrying or wearing smart technology. How to manage the digital trails we emit in everyday interactions? We need solutions that can protect both our identity and our right to anonymity Read More
In the past couple of weeks there have been a series of articles raising concerns about the amount of personal data being published to online social networks and the potential for it to be used for ill intent.
There are two different scenarios people should consider before sharing personal information:
- Would I mind if a complete stranger knew that information?
- Do I mind what any of my ‘friends’ do with the information?
If the answer is Yes to either question think twice before putting that personal information online at all. That’s not to say sharing is inherently good or bad. But once you have shared information with anyone, you have lost control of it. If you answered ‘No’ to question two above, you answered ‘No’ to both.
Here is a simple scenario using Facebook. In the image above, the green buddy is you. The blue buddies are your ‘friends’. The red buddies represent everyone else with Internet access.
You set up your privacy settings so that only friends can see your personal information. Anyone who is on Facebook but not a friend will only see your name, nothing else. That’s your decision. Sounds sensible. Sounds under control.
But if one of your friends decides to share information with their friends or third party applications, they may handover your personal information as well. It can be done in complete innocence and for good intentions – ‘I want to send birthday cards to my friends’, ‘Are any of my friends nearby to meet up with?’, ‘I’m interested in this group, I’ll add my friends to it as well’, ‘Has anybody in my network bought this <insert name of any item>?’ In the right context, all great stuff. But information about you has now been handed over to and stored somewhere beyond your control. The same applies to every application or web site that you allow to connect to your Facebook profile. Do you read all the terms and conditions, the notes about agreeing to data being stored indefinitely or granting access to other third parties?
It is not just you who decides how secure your personal information is. If you decide to share it with them, all your friends get to decide too. As do all the apps and web sites you connect to. And if you’re one of Facebook’s social butterflies, everyone gets to decide.
This doesn’t mean you should head straight to Facebook and switch everything off (too late for existing content anyway) but if you are going to participate in online social networks and care about what happens to your personal data, it’s a good idea to keep track of privacy settings and changes to policies.
If you’re not paying for a product, you’re not the customer, you are the product being sold. – Andrew Lewis
For Facebook and every application/advertising tool that uses it, it is in their best interests to get you to share your personal information. They will make it as easy and seamless to do as possible. And many will make it difficult or inconvenient to change those default settings to be more private. So think long and hard about what you want to share with anyone. And question whether having different privacy policies for everyone versus ‘friends’ actually means anything. A simpler (and more reliable) approach is to either share something with nobody or share with everybody.
A hassle, yes. But massive online social networks are still a young concept on the Internet meaning lessons will be learned the hard way. And everyone with a Facebook account can count themselves as one of the testers.
- Selling you on Facebook – Wall Street Journal, Apr 2012
- Selling digital fear – TechCrunch, Apr 2012 (response to WSJ article)
- This creepy app is a wakeup call for Facebook privacy – Cult of Mac, Apr 2012
- Facebook: Tracking your web activity even after you log out? – PCMag, Sep 2011
[Update] Adding links and references as they bubble up on this topic…
There has been a range of news recently about Facebook’s latest approach to users’ privacy.
Wired has an article – Facebook’s Gone Rogue; It’s Time for an Open Alternative – explaining the concern being raised by many. By default, Facebook is now connecting and publishing every piece of data you choose to share on the platform. You may think you are only sharing your photos with your friends and family, but you are granting permission for Facebook to share your content with everyone and anyone on the Internet.
Robert Scoble has an article – Much ado about privacy on Facebook – with the counter argument. That we’re kidding ourselves if we ever thought anything we share on a computer, especially one connected to a network, is private. Facebook is just exploiting that which others have exploited less visibly (or easily – and that’s the key difference) in the past, and in the process helping people find what they need in ways Google never can.
Facebook is transitioning from a site for building social networks between friends to being one giant social network. A new mesh of connected personalised data is being created that has never before been possible. And that mesh is being shared with whatever organisations Facebook chooses to do business with. At the same time as we are seeing new tools arise that can mine massive amounts of data for patterns and profiling… We don’t yet know what all the implications – good and bad – will be. And whilst Robert highlights the good, history tells us there will also be bad. This is a live experiment that over 400 million people (and that’s just the active users) unknowingly volunteered to participate in.
Related Blog Posts
- Do search and social networks mix? – March 2010
- Facebook’s Gone Rogue; It’s Time for an Open Alternative – Wired
- Much ado about privacy on Facebook – Robert Scoble
- Facebook’s “Evil Interfaces” – Electronic Frontier Foundation
- Top 10 reasons you should quit Facebook – rocket.ly
- Facebook Statistics – Facebook Pressroom (as published on 9th May 2010)
- Infographic: Facebook privacy options – New York Times
Other posts of interest on this topic:
- The Facebook Alienation: Pleasing the Wrong Stakeholders – Strategyist, May 2010
- Why I am using Google Buzz as an alternative to Facebook – Louis Gray, May 2010
- Publicly searching Facebook status updates – TechCrunch, May 2010
- Facebook as a utility, utilities get regulated – Danah Boyd, May 2010
- Goodbye Facebook – Neville Hobson, May 2010
Here’s a selection of links shared during February via Google Reader, Delicious and Twitter. Organised into the usual overlapping categories: Systems and the bits and pieces that make them work.Hot topic this month- games and reputation starting to be examined seriously as social media rumbles on into the workplace. Enjoy!
- Rwanda’s laptop revolution – the ‘one laptop per child’ programme in practice and enabling change
- Lessons from Chile – better building codes work and the importance of architecture
- Social media protest against Nestle may have long standing ramifications – other brands, take note
- Social Media cheat sheet – nice guide for any looking to use social media to enhance their business
- On unintended consequences – three unrelated examples remind of the unforeseen
- Keep Moving Forward vs Defend & Extend – Opposing strategies: how Apple and RIM took mobile market share from Microsoft and Palm
- Planning is very important … it doesn’t work – the plan is not the goal, it is the current best picture
- Blog post: Did the clouds just get darker – global cloud services get entangled in local borders
- Blog post: Social Media judges the Olympics – trending topics on Twitter show real-time analytics
- Blog post: You cannot walk in another’s shoes – how our perception trumps reality
- Blog post: How to lower productivity – monitor what everyone is doing
- The Performance Paradox – focus on movement rather than timing
- 10 principles for leading and managing in the networked knowledge workplace
- Cognitive learning theories and e-learning – how cognitive learning abilities are acquired
- Before they were titans: putting rejection letters in perspective – nice reminder of priorities in life
- Will Twitter Spam Ruin Your Reputation – the challenge facing social media and the systems depending on it
- Should Doctors Google Their Patients – revenge of the professional? 🙂 but a serious question… changes diagnosis?
- Games entering the workplace as a topic is hotting up – and not before time
- Gaming can make a better world – TED Talk
- Thinking the unthinkable – 12 months ago, who would have thought Toyota would be in the position its in today?
- Unifying probabilistic and rules-based approaches to artificial intelligence – human and machine-based approaches to learning and decisions
- Analysis of the UK budget on a human scale – puts deficit in perspective (FT.com – subscription may be required)
- Blog post: Do Search and Social Networks mix? – Does all information want to be found? Google Buzz thoughts
- Blog post: Blogging mistakes help improve policy – sometimes you need to learn the hard way
- On risk – defining the boundaries between good policy and excessive application gets harder
- Pew Internet on how we get our news – latest statistics: Of those who get news online, 75% forwarded through email or posted on social nets and 52% then share onwards – suggests participation is increasing over pure consumption
- Stanford Uni Workshop on Algorithms for Modern Massive Date Sets – presentations
- Why privacy is a human right – an old post by Bruce Schneier worth dusting off once in a while as data goes public
- Blog post: SharePoint 2010 and Adobe PDF indexing (updated from SharePoint 2007)
- Blog post: Microsoft’s Productivity Hub (add-on site collection for SharePoint)
- Analysts review of SharePoint 2010 – Gartner, IDC, Forrester
- Blog post: Concerns with cloud computing – looking beyond the technical issues
- Blog post: Private Public Sector Clouds – how commerce is creating dedicated cloud services for government
- Microsoft on cloud computing – gallery of video talks
- Redesigning school from in-world out – how a UK school used SecondLife to 3D model plans and avoid costly mistakes
- Do experiments, not projects – IT is no longer simply automating existing manual processes, it is trying to change the way people think and behave. Nobody really knows what’s going to happen (the need to move away from the fixed delivery boundaries of IT projects)
…and finally, finishing with the usual bit of fun. Well two bits this month as couldn’t decide between them:
1. Dilbert highlights a painful reality for too many projects
2. Why companies needn’t worry too much about how people blog – stuff usually catches up with you and lessons are often best remembered when learned the hard way…
The rumblings over Facebook banning Robert Scoble have opened up all sorts of conversations about who owns or controls your data – see also: Data as currency. One issue that has been highlighted is how easy it is for people to scrape enough information about you to form an identity. Scoble was running an automated script to pull out contact details by the thousand.
Yesterday, another related article cropped up on Techmeme – Sears Exposes Customer Purchase History. It appears that Sears added a feature on their web site where you could look up your purchase history. All you had to do was enter your name, address and telephone number. Trouble is, whilst you had to have an account and login to the site, you could then enter anybody’s name, address and telephone number to view their purchases. Somebody forgot to restrict access to only purchases associated with the authenticated user. Since the news became public, Sears have disabled the feature to sort it out.
But it does raise yet another warning about how easy it is for companies to accidentally make too much information public, be it downloading database records to a CD or making those records available online. Mash-up poor (or missing) security controls with automated scripts to gather contact details and our criminal friends won’t need to go phishing for dinner.
During the past 24 hours, there has been a flurry of discussion about Facebook banning Robert Scoble. Robert was running an automated script to scrape his ‘friends’ contact information (5,000 of them) out of Facebook. The script was being tested on behalf of Plaxo, an online address book that can automatically update contact details.
I think Facebook was correct in having a process that detected suspect behaviour and automatically disabled it. If only the HMRC could have implemented something similar, 25 million people in the UK wouldn’t be wondering if they are going to be the victims of identity fraud…
But the debate that is really kicking off is who owns the data that was being scraped – the service that stores it, the individual who posted it, or the ‘friend’ who has been given access to view it. This will be an ongoing argument for 2008 and Facebook will not have a monopoly on headlines. The Financial Times ran an article just before Christmas – The devil in the details – that explored the effects and cost of privacy breaches as more and more personal data is stored online. One particularly interesting scenario highlighted how government agencies are using data as currency:
¨While you can obtain [Transport for London’s Oyster Card] over the counter without providing personal details, you can get a refund on a lost card only if you have given your name and address. So to get full economic value from an essential service, you must hand over your data. Is this informed consent, or de facto coercion?¨
It’s an interesting development. In the past, you would have just needed to produce a valid receipt to get a refund.
- Scoble: freedom fighter or data thief? (Rough Type, Jan 08)
- I’ve been kicked off Facebook; What I was using to hit Facebook; Facebook lets me back in (Robert Scoble, Jan 08)
- Devil in the details: Why personal data are ever more open to loss and abuse (FT, Dec 07)
- UK families put on fraud alert (BBC News, Nov 07)