Identity / Profiles / Trust

It does seem like online privacy is starting to hit the big time. We got it wrong, thinking that 2009 would be the year it really hit home, but we were a year early. But now everyone is trying to get More Private Then Thou - see Google Chrome's attempts:

Google just launched a new stable version of Google Chrome, the company's increasingly popular browser, which introduces a number of new features and more advanced privacy controls. Chrome will now automatically detect the language of any site you surf to and offer you to translate the text for you. In addition, Google also added granular privacy controls to Chrome that allow you to turn off cookies and JavaScript on a site-by-site basis. For now, these new features are only available in the Windows version of Chrome.

But Google (and Facebook) are probably past the point of believability....PC World:

Several major U.S. Internet companies, including Google and Facebook, need to "step up" and better protect consumer privacy or face tougher penalties from the U.S. Federal Trade Commission, a commissioner said Wednesday.

And then there is this.....Twitter in its new "don't be evil" mode is getting the Security bug:

On Tuesday, Twitter added computer security veteran Bob Lord to the company's expanding employee roster as the manager of network and infrastructure security, bringing with him 20 years of experience focused on electronic security systems at large companies, most recently including Red Hat, AOL and Netscape. Highlights in Lord's background include his building security and encryption features into the Netscape browser, iPlanet servers (an alliance with Sun and Netscape) and the AOL Communicator product, which also included Mail, Address Book, Instant Messenger and Calendar. Since leaving AOL, Bob has worked with a team of cryptography experts to add security features to many projects including FireFox, Mozilla Thunderbird and Red Hat Linux.

Problem is, its hitting the mainstream - what we were writing 2 years ago is now hitting mainstream media - New York Times:

If a stranger came up to you on the street, would you give him your name, Social Security number and e-mail address?

Probably not.

Yet people often dole out all kinds of personal information on the Internet that allows such identifying data to be deduced. Services like Facebook, Twitter and Flickr are oceans of personal minutiae — birthday greetings sent and received, school and work gossip, photos of family vacations, and movies watched.

Computer scientists and policy experts say that such seemingly innocuous bits of self-revelation can increasingly be collected and reassembled by computers to help create a picture of a person’s identity, sometimes down to the Social Security number.

They go on to note:

You may not disclose personal information, but your online friends and colleagues may do it for you, referring to your school or employer, gender, location and interests. Patterns of social communication, researchers say, are revealing.

“Personal privacy is no longer an individual thing,” said Harold Abelson, the computer science professor at M.I.T. “In today’s online world, what your mother told you is true, only more so: people really can judge you by your friends.”

Collected together, the pool of information about each individual can form a distinctive “social signature,” researchers say.

The power of computers to identify people from social patterns alone was demonstrated last year in a study by the same pair of researchers that cracked Netflix’s anonymous database: Vitaly Shmatikov, an associate professor of computer science at the University of Texas, and Arvind Narayanan, now a researcher at Stanford University.

By examining correlations between various online accounts, the scientists showed that they could identify more than 30 percent of the users of both Twitter, the microblogging service, and Flickr, an online photo-sharing service, even though the accounts had been stripped of identifying information like account names and e-mail addresses.

That prediction from connected data is an effect we've also noted.

And so the dance begins, as the companies whose business models rely on massive privacy violation (see above companies...) try and keep one step ahead in the dance of the seven veils that keeps the publoc from sussing them out. But it takes two to tango, and the user is getting a lot of notification about what is going on now from both the mainstream media and from New Media researchers such as dana boyd as well.

So, whose cards will be marked this year?

I'm beginning to like dana boyd No, seriously, I first came across her stuff a few years ago and found it a bit too "Social media right on" - Teen Brave New World laced liberally with Kool Aid - the sort of academic stuff Posy Simmonds would send up most wittily. But I think moving to Microsoft has been the making of her as she has started to embrace the real world outside academia and the Teen. In other words, I find myself agreeing with her more and more

SXSW this year (to me) has seen the scary trend of a vicious competition between various privacy-busting location based services for (ahem) Buzz. Thus this piece from SXSW by dana on Privacy is rather good - here are some highlights:

DEAR ERIC SCHMIDT, PRIVACY IS NOT DEAD. KTXBY.

No matter how many times a privileged straight white male technology executive pronounces the death of privacy, Privacy Is Not Dead. People of all ages care deeply about privacy. And they care just as much about privacy online as they do offline. But what privacy means may not be what you think.

Fundamentally, privacy is about having control over how information flows. It's about being able to understand the social setting in order to behave appropriately. To do so, people must trust their interpretation of the context, including the people in the room and the architecture that defines the setting. When they feel as though control has been taken away from them or when they lack the control they need to do the right thing, they scream privacy foul.

To get at the challenges around privacy, let's consider a recent privacy FAIL: Google Buzz. What the outrage around Google Buzz showed us is that people care deeply about privacy and control. Don't get me wrong - plenty of people will use the service and it will be extremely popular, but this doesn't mean Google didn’t screw up. They’re taking a hit in terms of trust, because not everyone benefited from what they did.

Hear hear. And then there is this:

THE BINARIES OF PUBLIC AND PRIVATE

It's easy to think that "public" and "private" are binaries. We certainly build a lot of technology with this assumption. At best, we break out of this with access-control lists where we list specific people who some piece of content should be available to. And at best, we expand our notion of "private" to include everything that is not "public." But this binary logic isn't good enough for understanding what people mean when they talk about privacy. What people experience when they talk about privacy is more complicated than what can be instantiated in a byte.

To get at this, let's talk about how people experience public and private in unmediated situations. Because it's not so binary there either.

First, think about a conversation that you may have with a close friend. You may think about that conversation as private, but there is nothing stopping your friend from telling someone else what was said, except for your trust in your friend. You actually learned to trust your friend, presumably through experience.

Learning who to trust is actually quite hard. Anyone who has middle school-aged kids knows that there's inevitably a point in time when someone says something that they shouldn't have and tears are shed. It's hard to learn to really know for sure that someone will keep their word. But we don't choose not to tell people things simply because they could spill the beans. We do our best to assess the situation and act accordingly.

Quite - we have been saying for 5 years that the trust seeking systems in Real Life are far more nuanced than a few puffs of whuffie, and that online systems are still very risky as they are so crude in ability to divine intentions - especially given the economic motives of some of the major players. She sums up with:

CHANGING THE RULES

Let's think of this in terms of a second privacy FAIL: Facebook's changes in December. For those who missed it, Facebook asked users to reconsider their privacy settings. The first instantiation of the process asked users to consider various types of content and choose whether to make that content available to "Everyone" or to keep their old settings. The default new choice was "Everyone." Many users encountered this pop-up when they logged in and just clicked on through because they wanted to get to Facebook itself. In doing so, these users changed all of their settings to public, many without realizing it. When challenged by the Federal Trade Commission, Facebook proudly announced that 35% of users had altered their privacy settings when they had encountered this popup. They were proud of this because, as research has shown, very few people actually change the defaults. But this means that 65% of users changed their settings to public.

If one believes that no one cares about privacy, one might think that Facebook users consciously made their content public. But I've spent a lot of time browsing Facebook's "Everybody" feed since the privacy setting debacle in December and I don't think a lot of what I'm seeing is meant to be public. [Picture of some "public" status updates on Facebook.] So I started asking non-techy users about their privacy settings on Facebook. I ask them what they think their settings are and then ask them to look at their settings with me. I have yet to find someone whose belief matched up with their reality. That is not good news. Facebook built its name and reputation on being a closed network that enabled privacy in new ways, something that its users deeply value and STILL believe is the case. Are there Facebook users who want their content to be publicly accessible? Of course. But 65% of all Facebook users? No way.

And she concludes with Five key issues:

PRIVACY DISCONNECTS

When thinking about privacy in a digital context, there are five main things you need to know.

First, you must differentiate between PII and PEI. If you've spent any time thinking about privacy, you've probably heard of PII - "Personally Identifiable Information." All too often, we assume that when people make PII available publicly that they don't care about privacy. While some folks are deeply concerned about PII, PII isn't the whole privacy story. What many people are concerned about is PEI - "Personally Embarrassing Information." This is what they're brokering, battling over, and trying to make sense of.

Second, we're seeing an inversion of defaults when it comes to what's public and what's private. Historically, a conversation that you might have in the hallway is private by default, public through effort. It's private because no one bothers to share what's being said. The conversation may be made public if something worth spreading is said. Even though the conversation took place in a public setting, the conversation is private by default, public through effort.

Third, people regularly calculate both what they have to lose and what they have to gain when entering public situations. Having control over a situation is extremely important, but it must be weighed against the opportunities that one might have to gain a friend or have a new experience by being public. The equations people use differ depending on where they are at in their life. Most generalizably, youth focus on all that they have to gain when entering into public spaces while adults are thinking about all that they have to lose. Part of the challenge in this is figuring out where someone's at and what their expectations are.

Fourth concept. Keep in mind that people don’t always make material publicly accessible because they want the world to see it. Consider this quote from 17-year-old Bly Lauritano-Warner:

"My mom always uses the excuse about the internet being "public" when she defends herself. It's not like I do anything to be ashamed of, but a girl needs her privacy. I do online journals so I can communicate with my friends. Not so my mother could catch up on the latest gossip of my life."

Finally, I want to come back to what I keep raising briefly but not properly addressing. Just because something is publicly accessible does not mean that people want it to be publicized. Making something that is public more public is a violation of privacy.

All very good stuff and I urge you to tread the whole original. But I want to leave you with an observation of my own, which is that the people who are heading the companies espousing Public Living the most, are also ensuring their own privacy the most - to the extent that I think we are seeing the emergence of "Privacy Feudalism" - there is a risk that in the future only the rich/powerful will have privacy, life will be lived in a public bubble except for those who can live behind the gated online communities.

Useful interactive chart from Forrester Research on where your data is most compromised. Caveat USA!

Poor old Google - first the bad Buzz, now the EC is after them for search gerrymandering. But the story we like most is a classic of privacy hypocrisy - as we have noted before, the leaders of the various social networks try every stratagem they can imagine to get you to give up your privacy, but have totally the opposite view of privacy for themselves.

So it is with some delight we record that Eric Schmidt, Google CEO, recently (in)famous for saying

"If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place."

....is desperately trying to ensure we don't know something he did in the first place, and is pursuing his ex-mistress and her pesky website via the heavy mob - Gawker:

Now the site has been removed from Google's Blogspot, where it was hosted.

Bohner removed the site after threats from Schmidt's lawyers this weekend, according to a source close to the situation.

"When a billionaire threatens you, you get in line," this person said.

It made for a frightening weekend for Bohner, and no wonder: Not only is the former CNBC and Forbes journalist trying to come to terms with her sobriety and past addiction, she doesn't appear to be swimming in the money it would take to mount a plausible legal challenge to a powerful and well-connected tech executive worth $4 billion.

So what's the lesson here, apart from the well known issue of the law too often being on the side of the deep pockets?

Simple, for all you social media-ites - when it comes to matters of giving up online privacy, going for open-ness and transparency and all the Kool-Aid 2.0 - don't lap up what the big dogs say, watch what they do instead.

And just in case you thought that you can always find the dirt by searching on Google, turns out part of the reason the EC is after Google is that others are alleging that Google buries websites it doesn't want you to see.

I recall someone blogging last week that the bad news buzz about Buzz would be short lived, all Google had to do was wait for the next Facebook violation - well, they were right. Last year a satire called Faceboom was published in Argentina, but then it went European and the Facebook mafia stepped in - VentureBeat:

But in January, Faerman [the author] launched the book in Europe and drew a lot of attention after appearing on Buena Fuente, a popular night-time talk show.

Within days, his profile vanished. The same happened to Guillermo Otero and Fernanda Gaitan Broun, both involved with the book and its’ marketing. In addition, a Facebook group of fans of Faceboom was deleted. The trio claims it had 30,000 members at the time.

I spoke to Faerman and he showed me emails he sent to Facebook going back to January 27, requesting an explanation. Here’s a YouTube video showing him trying to sign in with his old login and receiving the message “cuenta deshabilitada,” which means “account inactivated.”

It has now been restored suddenly, the explanation being it was "an error" after a media uproar in the Hispanic speaking world then started to cross over to the English speaking one. However the Faceboom fan page with its 30,000 members will not be restored, and in fact Facebook have threatened legal action against the author if another is created, as they say the Faceboom logo is too close to their own and breaches the Facebook T&C. Leaving aside that this is probably spurious, since Facebook's T&C's allow them to help themselves to anything on the site into perpetuity, is this little social wrangle:

There’s only one problem – Faerman did not create his fan group. In fact, he says he has never met the creator. So it is unclear how Facebook can take future action against him, or how it would be justified in doing so given he does not control his fans.

This, as they say, can only get better. And Facebook using a "disappearing" strategy for Argentine dissidents - it seems they've learned the lessons from the various South American dictators well then

Post Script - I meant to say that this is not new behaviour for Facebook (our blog's page was "dissapeared" from Facebook years ago, ostensibly because we breached T&C at the time but maybe it was because we too were sometimes critical).

Thing is, what happens to a Facebook if a significant minority of users start to think it is no longer benign? Facebook hasn't IPO'd yet so the VC's, Founders etc have yet to fill their boots and are still on paper valuations. Trade buyers are much more aware now (after Bebo and MySpace) of buying the social boom town just as the tumbleweeds start to roll through it. Remember Friendster!

From BoingBoing:

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools' administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins's child was disciplined for "improper behavior in his home" and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.

I juxtapose this with the seemingly co-ordinated posts of some of the Silicon Valley Tech Bloggers weighing in today to rubbish those who were concerned about Buzz's privacy issues - Thomas Hawk for example:

Similarly a very small, but vocal, group of individuals are shrieking from the mountain top about the fact that Google Buzz might have allowed people to see who you email alot. Big deal. The story came out quickly. Those privacy zealots could quickly correct this by making their contact list private if they wanted to, while the vast majority of us don’t really care that Buzz lets people know who we follow. Want to know who I follow? It’s right here for the whole world to see, go for it. The whining about these privacy issues (which have now been fixed by the way) is getting old.

The price of freedom, a wise person once said, is eternal vigilance. In the Philadelphia school's case it has been wilfully misapplied, in Mr Hawk's case it has been (at best) forgotten.

Update - the School District has responded, saying it is turning the feature off - but the answer begs more questions:

• How did the security feature work?

Upon a report of a suspected lost, stolen or missing laptop, the feature was activated by the District's security and technology departments. The tracking-security feature was limited to taking a still image of the operator and the operator's screen. This feature has only been used for the limited purpose of locating a lost, stolen or missing laptop. The District has not used the tracking feature or web cam for any other purpose or in any other manner whatsoever.

So, if it was only turned on if the laptop was stolen, then how did it take a photo of a student and why are they now having to de-activate the feature?

As you may know, one of the areas of technology we monitor is online Location Based Services, and one of our hypotheses is that people are massively under-estimating the downsides of these services. For example, the recent Google Buzz service was launched complete with a back door into people's locations that was easily hackable.

Anyway, one of the more obvious applications of Location Based Dis-Service is typified by PleaseRobMe.com, a service that take your utterances on various LBS systems about where you are and aggregates them (see the graphic above).

Bit of fun, you may say, where 's the harm in that. I can already see harrumphing from those who are upset about all those people who didn't like Buzz's privacy issues - such as Louis Gray, who said:

Amidst the din of the pack clustering around the body of Buzz, kicking at it like a group of children at a 6-year-olds' youth soccer match striking at a ball, some folks have seen beyond the tin foil hat nonsense and told people to look forward to something new.

What would you say if I told you that I have seen beyond the Tin Foil Hat and seen something new? Oh yes, I took one of the people on the first PleaseRobMe screen I looked at (its not one of the people in the graphic above by the way), and found their home address via a quick use of Twitter and Google. Took 5 minutes or so (the person was about the 10th I tried). You could fairly quickly build some algorithms to automate that mashup process

So when Louis says that people who worry about social network privacy are:

....the shrill minority [that] has taken its pound of flesh, as Google's momentum with Buzz has taken body blow after body blow, primarily from an older generation of tech bloggers and business journalists unwilling or undesiring to embrace today's world of active sharing and aggregation.

All I would say in response to these arguments is, are you not therefore advocating "Please Rob Me" type services in this race to active sharing and aggregation?

And for whom

(Update - I am told Twitter has disabled PleaseRobMe, but that is irrelevant - this stuff is easy to get)

As we noted in our review of Buzz, one of the worrying things it does is expose your email contacts list for all and sundry to see. As others are tumbling onto this one the buzz about Buzz being a buzztard is growing. Evgeny Morozov has put it very eloquently:

It's business decisions like this that make me very suspicious of Google's highfalutin speeches about their commitment to defending the freedom of expression. From a business perspective, such decisions do make some sense -- how else, after all, can Google Buzz compete with Twitter and Facebook, who are already light years ahead of Google in terms of building up their user base -- but the ethics of such business decisions is extremely shoddy, to say the least. If Google executives are really committed to defending the freedom of expression, then they must be inhabiting in a dream world, where freedom of expression somehow always survives despite horrendous attacks on privacy.

I am coming to the conclusion, after listening to David Cameron last night, that drinking the Social Media Kool Aid produces a cognitive dissonance in which you have to believe that all people are good, all the time (or at least you profess to believe that while you build your service out with minimal privacy safeguards, as that is where the money is)

But watching the emerging kickback on this one, I think Google has - despite no doubt studying the Social Graphs of all the other networks intensely - f*cked up big time in its desperation to link up people's information for its own benefit.

Up to now their social media services have just been lame, this one looks like giving them the sort of rap that Beacon did for Facebook, and this will rebound far wider in my view - for example, I am increasingly looking at Google on my iPhone and thinking - do I want them on my device?.

I predict a few more days of bluster about this being "what we want", then an apology, and a shift to a default no show of email contacts by Sunday evening.

(Update - it's started as of Friday morning - Google is "responding to customer feedback" already! )

And then an attempt to back-door reintroduce it all in 6 months.

(By the way, did you know Buzz works on all iPhones but not on most Android phones, only those with v 2.0. Nothing like supporting your own mobile developers' efforts eh

Bruce Schneier on the futility of universal identification:

Universal identification is portrayed by some as the holy grail of Internet security. Anonymity is bad, the argument goes; and if we abolish it, we can ensure only the proper people have access to their own information. We'll know who is sending us spam and who is trying to hack into corporate networks. And when there are massive denial-of-service attacks, such as those against Estonia or Georgia or South Korea, we'll know who was responsible and take action accordingly.

The problem is that it won't work. Any design of the Internet must allow for anonymity. Universal identification is impossible. Even attribution -- knowing who is responsible for particular Internet packets -- is impossible. Attempting to build such a system is futile, and will only give criminals and hackers new ways to hide.

The article essentially argues that the tools for foolproof universal ID don't exist and never can, and the sort of identity that is do-able is too easy to subvert. Thus anonymity has to exist for certain applications. This penultimate paragraph is also interesting:

The whole attribution problem is very similar to the copy-protection/digital-rights-management problem. Just as it's impossible to make specific bits not copyable, it's impossible to know where specific bits came from. Bits are bits. They don't naturally come with restrictions on their use attached to them, and they don't naturally come with author information attached to them. Any attempts to circumvent this limitation will fail, and will increasingly need to be backed up by the sort of real-world police-state measures that the entertainment industry is demanding in order to make copy-protection work. That's how China does it: police, informants, and fear.

Bits are Bits. Universal Open Identification is misguided and its a passport to Stasiland, it would seem. Possibly a bit strong, but the basic point is made. This is a pipe dream.

El Reg:

Viviane Reding, European Commissioner for Information Society and Media, has promised tough new laws to curb privacy-breaching technology like body scanners and has also warned the social networking industry that it needs to do more to protect children using its services.

...........

She said there needed to be clarity as to how key principles like consent and transparency work in practice.

That data was safe no matter where the data controller was located.

There should be promotion of 'privacy by design'.

There should be stronger enforcement.

The basic principles of data protection should cover all areas of European life including police and judicial and dealings with countries outside the EU.

Reding named Facebook, MySpace and Twitter and warned that children's profiles on such sites should be private by default. She will report back on progress working with companies on 9 February.

2010 is definitely shaping up to be the biggest year for privacy issues. I have come to the empirical observation that for technology, its about 3 years from when the early adopter suss out what the issues are to when it starts to hit mainstream.