Posts Tagged: privacy

NoticedNo Comments
27
Jun 08

Google Debuts Personalized Adverts

From Saul Hansell at the NYT:

Google acknowledges that it is now testing ways to use some of the data it has been gathering to better aim search ads at Web surfers, although it won’t say how.

Hansell continues (bold mine):

This is important because it marks the first time Google is using the store of data it collects about people to target its advertising.

Google is upfront that it places a cookie on the browser of all of its users. And it records the number of the cookie, along with what the user searches for and some other information.

A few years ago, Google changed its privacy policy to warn users that it might capture personal information about them for reasons that include “the display of customized content and advertising.” Yet despite this broad disclosure, Google has told me and others it doesn’t use the data about what people search for, or any other information they provide, in selecting ads.

Finally:

Google is quick to point out that some of these systems are not connected to each other. And most of the information it gets is not what is generally considered to be personally identifiable, like a name or e-mail address. But the issues are not so simple. Once a user chooses to provide personal information to Google, say by signing up for Gmail or Google Checkout, that information can be linked to much of the information that had been until that time collected anonymously.

This is the real singularity.

Noticed1 Comment
4
Jun 08

Huge Data Breach at Myspace

I’ve not personally verified this, but Valleywag is reporting on a massive data leak from Myspace via Yahoo. From VW:

Want to see Paris Hilton’s MySpace profile? How about Lindsay Lohan’s? Don’t worry about those pesky privacy settings. Thanks to “data portability,” a faddish technology movement that the Valley has been buzzing about for months, you can see any profile you want on MySpace. Byron Ng, a Canadian computer technician with a knack for finding Web security holes, has discovered that Yahoo’s integration with MySpace makes it easy to view photos for any profile.

The instructions for the hack are presented in a separate article. We should note this isn’t the first time Myspace has been breached, and while privacy nuts get all worked up over this, I’m not sure how much this registers with the mass audience. The takeaway in this episode is summed up nicely by writer Owen Thomas:

This points to a flaw in the notion of data portability, a movement which seeks to have personal information shared between social networks and other websites. Data portability was borne out of a wrongheaded assumption: That data needs to be shared. Most consumers, I believe, aren’t particularly interested in the concept; they belong to a few social networks at most, and don’t find managing their online personas to be a particular challenge.

Indeed. And the reason big companies have “signed on” to DP isn’t because they want to make the web easier for us, it is because DP is personal, monetizable data sharing taken to the nth level.

Noticed / Thoughts3 Comments
4
Jun 08

Google’s missing privacy policy

Over the past week, Michael Zimmer has been analyzing Google’s odd policy of making you search for its privacy policy. That is, Google – the web’s personal data warehouse – doesn’t link to its privacy policy from its home page. Someone interested in Google’s privacy policy will only find it “if you happen to click on “About Google,” and then happen to find the “Privacy Policy” link at the bottom of that page,” according to Zimmer.

In fact, Google would rather have you search for their privacy policy – using their own search box. This is troubling, as Google forces users to divulge personal information (using search queries) before one can figure out what is going to happen with the information they divulge. According to Zimmer, “much of Google’s resistance to adding a link to its privacy policy on its homepage seems to boil down to little more than aesthetics.” According to a Google spokesperson, the importance of having limited text on the homepage outweighs a simple link to the privacy policy or privacy center.

This is a particularly odd situation for the web’s largest personal data collection company. Google’s business is our information, and we’re clearly past the late 90′s, do no evil phase of Google’s corporate maturation. Perhaps groupthink at Google reinforces this notion, but the reality is the company is a tremendous collection of information about us – our searches and email, our clicks and health records, our financial transactions and our chat logs. Google should do the responsible thing and make privacy information easily findable. There’s a huge difference between a hyperlink and a search query, and Google of all companies knows this.

Updated 7/3/2008: Google has listened to the all-powerful Zimmer, and placed a link to their privacy policy on their homepage. This news came on the same day as the YouTube-Viacom decision, so the timing is quite suspect. Nevertheless, congratulations to Google for making the right choice.

Thoughts8 Comments
21
Mar 08

The Perfect Virtual Community

In yesterday’s post about Facebook’s new privacy system, I discussed the concept of “community health” in online social networks. This is a topic I’ve thought about for some time, and explored in my essay The Vibrancy of Online Social Space. What is a healthy, vibrant online social network? How does one build or shape a social network (or other virtual community) so that it is healthy and vigorous, an approximation of our best cities or communities?

This is actually a very important point – one that I encourage social entrepreneurs and community managers to ponder; it’s never enough to just throw affordances or rules at a community, a community must be gardened with love.

Remembering Facebook ca. 2005 (or even Friendster ca. 2003), we can reflect on how the community has changed. In yesterday’s post I talked about “privacy” as a key proxy for gauging community health. In early 2005, everyone in Facebook felt like they knew one another; your audience was your network, and your network was your friends (or potential friends). As a result, we didn’t use privacy, we disclosed a lot, and we engaged each other digitally at a level never before seen.

At the time, when I began studying the community, I sensed there was a privacy divide, that young people don’t understand or care about privacy like “we” do. Over time I’ve realized I couldn’t be further from the truth. To those users, Facebook in 2005 was the perfect community, a digital place they felt so comfortable with that privacy didn’t enter the equation. It would have been as weird to use privacy in Facebook ca. 2005 as it would be to walk around with a bag over your head on campus today.

And just think about that for a minute – the perfect virtual community. That’s a remarkable achievement, and much credit to Facebook for creating such a remarkable success. Unfortunately, as Facebook opened the doors widely, they learned that community doesn’t scale. This isn’t new – danah boyd documents the clash of communities in Friendster in her paper “None of this is real“. As contexts collide and communities become more heterogeneous, virtual communities become more real – and the privacy fears and stranger-danger that come with real-world networks erode our feelings of community and cohesion.

The Facebook of today is vastly different from the Facebook of 2005. With the influx of new people and new networks comes the clash of contexts. This forces us to put locks on our doors, to shut ourselves off to all but our friends, to confront the non-idyllic parts of community.

Reflecting on Facebook 2005 and Facebook 2008, I think there are important lessons to be learned – for makers of social software, for community gardeners, for those who might wish to make a living at this one day. What can we learn from Facebook, and how can it be applied to the communities we’ll construct tomorrow? And can we ever have a community as strong and vibrant as Facebook 2005 again? I certainly hope so.

Noticed / Thoughts7 Comments
19
Mar 08

Facebook’s New Privacy Settings: Too little, too late

This morning, Facebook introduced some fairly significant updates to their privacy controls. Documented in this Facebook blog post, the changes are:

  • Facebook has rolled out a consistent privacy interface, which allows access to shared elements based on access-control lists (i.e. work network, school network)
  • These access-control lists (ACL’s) have been expanded to include ad-hoc groups of your creation. Therefore, it’s possible for you to share some elements with only your work friends, and others only with family, etc.
  • Finally, Facebook has changed their network-based control model to allow friend-of-friend access. That is, you may now share things with your friends of friends that aren’t in existing networks. This is a big departure from Facebook’s operating plan to-date.

I want to begin by giving Facebook a lot of credit for the standardization move. As an outsider looking in, I’ve always sensed a HCI/UI-vs-BizDev disconnect when it comes to privacy. Facebook actually has very elegant and granular privacy controls, used most extensively by power users, but they’ve always been there. This attention to detail (the engineering and UI challenges of deploying item-level privacy are not trivial) always clashed with ham-fisted efforts like Beacon or privacy-less Newsfeed. Score one for the engineering team for the development of the consistent privacy interface, which is a good move.

Now let’s consider the business implications of these changes to Facebook’s privacy model. Facebook is trying to solve two problems here – the context problem and declining core-user pageviews. With regards to context, Facebook’s users are facing the problem of multiple contexts: what happens when my friends, my boss and my parents are all my Facebook friends. As Facebook becomes less about our everyday friends and more about our bosses and coworkers (or people you have to sit across from on Thanksgiving), Facebook naturally becomes less interesting, with people sharing less. It’s hard to manage these jumbled contexts, to know who you should and shouldn’t be disclosing to, especially when one has 500 or 1000 friends.

With context jumbling comes a natural move towards privacy. As Facebook has expanded, its cores users have increase privacy and shut their profiles off from the world. Gone are the days of wide-open Facebook; in a recent pilot survey of Facebook users (average age 25), 86% reported they use privacy settings in Facebook. Why? As more users have joined, as contexts have jumbled, Facebook has transitioned from a friendly community where no one kept locks on doors, to a normal, mundane community where one locks the door and shuts out strangers. Remembering the Facebook of 2005, this place where everyone shared with one another, one can’t help but wonder just what Facebook lost as it forced users to confront the real world via Facebook.

With the addition of contact lists, Facebook is taking a stab at solving the context problem. Theoretically, one can segregate one’s friends, family, best friends, roomates, and so on into private networks for selective sharing. Of course, when you have 500 contacts, it becomes rather difficult to remember who belongs where, or what lists contains what friends/family. Contact lists are bubblegum in the dam when it comes to the context problem; it will prove useful to some, but most hardcore users have such large networks that the contact-management process will be challenging. I expect most users to create one, maybe two groups. Of course, if they get value from that, it’s a win for Facebook.

By adding friend-of-friend optional sharing, Facebook is trying to address the smothering privacy trend moving through the system. In our pilot study, 88% of users reported viewing less than ten profiles a day, with 35% of users viewing less than three profiles per day. As privacy has increased, the value one gets from the browsing process has decreased. Have you tried to browse anyone’s friends recently? It seems that all you run into is private profiles. By allowing friend-of-friend connections, Facebook hopes to make browsing a popular function again, one that increases ad and page views. Newsfeed, cluttered with spam, has become less useful for generating pageviews – so Facebook is turning back to what made the service so initially valuable – our interest in one another.

I hate to say it, but this is a too-little, too-late move on Facebook’s part. Privacy is epidemic in the community, spurred by media narratives and self-regulation. Unlike Beacon or Newsfeed, these changes are an opt-in measure, meaning that only intentful users will switch their privacy settings. Unless Facebook figures out a neat gimmick to get people to buy in, they will have a challenge in pushing adoption.

Stepping back from this initiative, I think there’s a valuable lesson here for others managing virtual communities. Its much harder to ad-hoc technical fixes onto jumbled communities after the fact. It is also extremely hard to scale community effectively; Facebook’s initial segmentation allowed expansion without problems for some time, but ultimately, as the friend requests from the uncles and old friends you’ve never seen in ages pile up, the place became one where any rational person would be afraid to “live publicly.” Unfortunately, this cat is out of the bag for many of Facebook’s users, and I doubt that friend lists will solve the problem.

What do you think?

On an unrelated note, why does Facebook’s blog have a comment form if it doesn’t allow comments?

Noticed / Thoughts4 Comments
14
Feb 08

Your house, now searchable

A few days ago, Google expanded its street view program, adding a bunch of new metro areas. I was both pleased and a little freaked out to find both my hometown and current residence included in the maps. This has given me some new perspective, which I’ll share today.

First and foremost, the streetview maps are really interesting. The technology and integration is very cool, and the maps are useful. I’ve used them to pre-navigate around cities, and its fun to get a street level view of cool parts of Manhattan or SF. Please don’t accuse me of not appreciating the maps.

As the mapping program scales out nationwide (as it inevitably will), I wonder how people will negotiate the loss of personal privacy implicit in being streetmapped. Its certainly one thing to have your address online, and its another to have multiple, zoomable views of your house pop up with you Google yourself.

Of course, the streetview data is public. There’s no law preventing anyone from taking a picture from a public street and putting it on a map. But as we’ve seen again and again, privacy is both quantitative and qualitative; Google isn’t breaking any laws by posting this data online, but one can certainly argue they are pushing the boundaries of our senses of privacy.

Employing Altman’s theorization of privacy as sets of boundaries, or danah’s notions of publics, we see there is a privacy negotiation in “living public.” I live on a public street; I expect people to drive down my street and see my house; some of these people will know it is my house, some won’t. This process of disclosure informs my privacy expectations, and if I’m not OK with it I move out to the country and live on a mile-long private road.

Implicit in the disclosure process is also a “finding” process. Up until last week, if you wanted to find someone, you had to locate their address in a white page and then drive down their street. Certainly a high bar for the non-stalker types. Now, the finding process has been shortened by one step: all you need is an address.

This change in the finding process forces us to remap our privacy expectations. One’s domicile is no more than a click away; entire cities at a time are forced to live publicly because of Google’s decision. As this program fans out to lower-density areas, I wonder if there will be any significant pushback.

Having one’s house streetmapped also affects one’s relationship with Google. When you search your name in Google and find less-than-desirable results, its likely you’ve shrugged it off because that is a small tradeoff for the aid Google affords you. Google has significant agency in your online identity, but its not a big deal because most of us don’t care about our online identity all that much yet.

With streetview, Google has gained significant agency in your offline identity. Your house is now searchable by anyone; others may peer into your windows, zoom in and out, and explore your house from multiple perspectives. Is this simply another tradeoff we’ll make so we can gawk at the houses of others? And to put it more bluntly, has Google gone mad with power?

In one fell swoop, Google has taken millions of people and made them searchable. Sure, most people won’t notice, and many don’t have the technical skills to try and fight this invasion of privacy. I wonder how it will affect these people’s perceptions of Google. Is Google still the friendly search engine now that it has your house on file? Does it matter? Google’s in the ad business, not the perception business.

Even Facebook, for all its creepiness, doesn’t encroach on this real-life boundary. This is a new form of disclosure, and I hope if it will start a discussion on how much information about a person a corporation can disclose. There are so many other databases out there Google could buy and make public (credit reports, arrest records, magazine records, etc.), if this deeply visceral disclosure doesn’t give us pause, what will?

Research / ThoughtsNo Comments
8
Feb 08

The subjective computer has found us

For the past few days, I’ve been thinking about the information products and byproducts of social computing. Products may be thought of as things we create with intent; our Facebook profile, our home page. Byproducts, respectively, are the things we create with limited intent; our attention data, the traces we leave in server logs, the software products that appropriate our agency.

From a volume standpoint, the amount of data byproducts we produce significantly outweigh our pure data products. Maybe we’ve got 15 profiles on social networks, but Google’s got gigs of our email, search logs, and click streams. Following Irwin Altman’s notion of privacy as boundaries, its easy to see how we delineate between these two data sets, even though they’re identical at the binary level: one we see, and one we don’t.

At SGFoo, I participated in a number of discussion around data byproducts and the social graph. Leveraging your explicit connections (a data product) and attention or network data (byproducts), service providers could expose all sorts of novel information to you. I tend to agree; the jumble of connections and intentions and algorithms can likely tell me all sorts of new and interesting things.

In a post danah boyd wrote a few days ago, she cautioned against where such objectively computational approaches lead us, that the negative effects of such systems may outweigh the perceived gain. I tend to agree; the leaders of the social computing space possess an alarming antipathy towards privacy, especially when weighed against the benefits of derived, latent knowledge. Of course, this is the ideology of Google or competitors; in the graph, we’re all just documents with linkages, our behaviors subject to Map Reduce. The privacy advocate stands in the way of progress, the natural state of industry.

Drawing back to the initial distinction I posed, the product and byproduct, I wonder if there isn’t a self-regulation implicit in the system. Perhaps norms other cultural processes will make taboo the “reveal” implicit in surfacing computed data byproducts. It’s creepy when a computer tries to figure you out, it’s creepier when a computer tries to figure you and your friends out, and perhaps the creepiness of all of this makes leveraging such knowledge in social processes taboo. We may be able to compute it, but we may not actually want the information because the objective boundary is crossed.

In 1996 Sherry Turkle proposed that we were looking for the subjective computer, one that became a place of identity reflection and expansion. At the time, it was alarming to think of a computer to which we bared our souls. Of course, 1996 was a different time for computers: we weren’t hyperconnected, massive data stores like Google were nascent, the notion of sharing one’s real identity online was anything but pervasive. These conditions established a sense of mastery over what one was sharing; the computer could become your second self because, well, you didn’t have to worry about a creepy Facebook app sharing your deep political opinions with your friends without your knowledge.

Do we still seek the subjective computer? I’d argue that, in 2008, the subjective computer seeks us. Since Turkle wrote Life on the Screen, we’ve placed much emphasis on using objective measures to uncover subjective knowledge. Rather than the computer being the device you pour your heart out to, it has become an intelligent proxy. At the same time, there no longer exists the monolith computer; the computer is simply the networked device, routing you to the best places for disclosure and community.

In 2008, we find ourselves in a unique situation where the things we say, and the things we don’t say become central parts of our computer disclosure. It’s no longer simply about our blog post, it’s about who we’ve looked at or talked to. Our machines have frameworks for computing both the intentful and ephemeral things we disclose, our data products and byproducts.

Where does this leave us? When we reached out to the subjective computer, it was a powerful tool that one could master and appropriate for specific purposes. Social interaction, identity play – these were affordances of the device. Now computers master us, leveraging our data to fit us into modeled interactions, exercising tremendous power through selective disclosure, and offering us freedom through a participation process that is essentially repressive.

As I alluded earlier, it is unlikely that we’ll ever become comfortable with the spaces of complete disclosure. There’s always going to be a difference between our shared and mined data, and there will always be social rules standing in the way of leveraging data a person or system has collected about another. This is not to say that the boundaries won’t be tested, or that they aren’t already stretched to frightening levels. Beacon didn’t work because we were uncomfortable with the removal of boundaries, and I’d argue that we’re going to continue to feel this way in similar situations.

It is now time to push back against the devices and networks that seek to master us. It is time to return to places where we exert control, where our data isn’t an asset, and where our mastery over the device sets us free. Horribly naive? Perhaps, but I also might be right. The arms race of analytics may fail simply because we’re not comfortable with the “reveal”. The true loss here, however, is the sense of freedom we once had when the subjective computer was our agent. As we now live in fear of the computer, we’ve lost the ability to seek freedom in it; I think one day we’ll want that back.

← Older Entries
Newer Entries →