Shortlog - a log of everyday things

Home

2012-03-31

Today I resealed the cork on my Birkenstocks. Yay.

TL;DR for the rest of the post: PRIVACY RANT PRIVACY thoughts RANT

There's been some himhawing about the Internet lately over an iPhone app called "Girls Around Me" which has become a posterchild for "social media privacy wake-up call". The app itself takes public Foursquare checkins and cross-references them with Facebook accounts. Read this article explaining why that's creepy.

Now, the app has had its Foursquare API key pulled and has been removed from the iTunes store.

Several people have written interesting responses about the incident. Parker Higgins compares Girls Around Me to Firesheep. Charlie Stross makes an eloquent case for how social networks are financially incented to structure their products to mislead their users or at least intentionally avoid educating their users about privacy. It's how they make their advertising money, after all.

To me, I see the problem of privacy as having (at least) two large facets: informed consent and control of context. Informed consent means the user must understand the risks and implications of the action they are going to take (say, sharing their information with a web service). Control of context means that the user is in charge of where that information can be disclosed - I may be fine talking to my colleagues or family about things that I wouldn't want shared with everyone on the street. Surely you can relate.

Here, users are inadequately informed of the implications of sharing their information, so even though they've "given consent" to the system, they don't realize the impact that could have. Second, once they've handed this information to a platform like Facebook or Google+ or really, any social media product, they are letting whoever runs that product be in charge of the context that information is used in. And so many platform owners make APIs that let third parties use the data that there's little control left to the user. The concept of communications defaulting to private the way we'd expect in real life no longer works on these platforms. I'm not trying to ignore Facebook's privacy controls nor Google's circles concept, but far too few people understand what's going on here, and the (profitable!) default is to share everything. Some part of me thinks that people who don't think about these topics get what they deserve, but I digress.

Switching gears (but still within the broader topic of privacy): Al Franken raises concerns over the power of dominant tech firms (pdf for the brave). While I don't appreciate his support of SOPA, I'm inclined to agree with him here on issues of antitrust. A couple lines struck a particular chord:

"The more dominant these companies become over the sectors in which they operate, the less incentive they have to respect your privacy."

"And so when companies become so dominant that they can violate their users' privacy without worrying about market pressure, all that's left is the incentive to get more and more information about you. That's a big problem if you care about privacy, and it's a problem that the antitrust community should be talking about."

To those who would claim to not care about privacy, I need only point to the previous section of this post to explain why such a cavelier attitude in general might be unwise. While obviously Google isn't about to publish all of their users' searches everywhere, and Facebook isn't about to yank all security controls, there's a concerning amount of homogeneity. We're there, and like the US government's budget failures, I suspect that this will become clear to the public only once it has become too late.

There's a place for startups here - ones that will respect the privacy of their users. DuckDuckGo comes to mind. The hard part is making sure that they'll remain that respectful even when they start to succeed, or when the cost of doing so means their economic failure when they have to compete with larger, less-scrupulous competitors.

In the meantime, I'll stick to personally running as many of the things I use as I can, like this website and a number of other services upon which I rely.

I'll probably continue to spend a certain amount of effort to stay in personal control of my image and my communications and be looked upon as a paranoid phobiac with silly concerns who makes it hard for people to interact with him and stay in touch.


Comments:

avatar from Gravatar

Jono | 2012-04-04T23:53:29.986838

I think this incident also nicely responds to the classic line, "if you're doing nothing wrong you should have nothing to hide". Many people say privacy is dead, but I think you're right, and the big problem is that consent and control are rarely at the forefront of design for cool new things.

Of course, while I say this, I am also doing the research that may one day enable automatic analysis of the linguistic data people produce (and so improving the ability to mine people's digital footprint for information) :-)

Sadly the solution is unclear, and I doubt this will actually have a significant impact on user behaviour, and therefore won't lead to a change in corporate behaviour. The only thing I can see working is some very disruptive alternative to faebook/google+/etc that is clearly better for other reasons too, but doesn't survive off advertising. Is there such a thing? It's an interesting question.