Blog

Facepile Live Stream Activity Comments

Open Data Partnership

Apr 06 2011

Oh boy. The Open Data Partnership puts themselves forward as a self-regulated solution for personal data and online privacy. They claim to be a “market-wide collaboration that allows consumers to gain more control over the information that companies have collected about their interests in one easy-to-use portal.” SmartPlanet has quoted Mike Zaneis, Senior Vice President and General Counsel for the Interactive Advertising Bureau (IAB):

Better Advertising’s Open Data Partnership is exactly the kind of initiative that will enable us to remain self-regulated as an industry. The more transparency we can provide consumers that enables them to retain control over their own data, the more trusted our ecosystem becomes – to the benefit of everyone.

This proposal assumes several key points, including these:

  1. economics defines the moral imperative for managing society,
  2. the marketing and advertising industries are the default economic framework going forward,
  3. these industries are fair arbiters and safe handlers of “consumer data” and that they know what the well-being of “consumers” is all about, and
  4. this industry will be successful and unified at self-regulation.

Big assumptions. Ones we don’t share.

Economics is important, but checks and balances are more important. Overexuberant industrialists and financiers have repeatedly shown they will take whatever they can get away with, even when it harms individuals and society at large.  Marketing and advertising in moderation can improve our quality of life, but given free rein, marketers have repeatedly exploited and manipulated the unwary and unsophisticated.

As far as self-regulation, that isn’t promising either. So far, there’s not a lot of industry buy-in and there are few self-regulation success stories we can point to for inspiration. MPAA movie ratings, perhaps. Others have cited the fraud prevention and protection practices of Visa and Mastercard… but the fact is the credit card industry is one of the most heavily regulated.

Instead of hoping the wolves can be trusted to guard the hen house–because they too hope to enjoy eating the hens for a long time to come–we need an approach based on the fundamental morality of individual liberty. We need a solution for the people, by the people.

In contrast, Evidon is for the advertisers, by the advertisers. Consider their language:

  • The Open Data Partnership helps us give them more.
  • Give consumers a snapshot of the interest information that you’ve collected about them
  • You own the data… we’re a distribution mechanism for users to opt-out, opt-in, and/or manage how you categorize them

Us verses them. Again and again.

Evidon does offer a consumer profile manager portal to let us manage our relationships. Go look at it. They call this managing a relationship? Wow. Maybe we’re old school, but a relationship is a lot more than just a few checkboxes for guesses about my interests.

Even as a tool for “increasing accountability and transparency”, the profile manager is a weak offering. Where did they come up with this information? Who have they given it to? What ads have been shown to me in response and where were did those ads appear? Evidon isn’t transparency, it’s whitewashing.

The Digital Advertising Alliance is powered by Evidon and DoubleVerify is built on top of both. All three claim to give consumers “choice and control”. But they don’t. In fact, it’s almost impossible to tell who is doing what with whose data.  That isn’t transparency. It’s obfuscation.

The framework remains us vs. them. They win, we lose, despite the rhetoric.

None of these efforts is about helping individuals or even about building a better, more efficient, more moral system. It’s about barely starting to do what they should have been doing from the beginning: respect the innate rights of individuals to control their person and their domain. We’re glad they are finally realizing that they’ve been behaving badly, but it’s a tiny shuffle in the right direction.

As Christopher Locke famously said in the Cluetrain Manifesto:

we are not seats or eyeballs or end-users or consumers. we are human beings – and our reach exceeds your grasp.

deal with it.

Clearly, Evidon isn’t dealing with it. Until we have a solution—self-regulated or not—that can deal with people as human beings, we don’t have a solution.

No responses yet

Permanent vs. Editable Records

Mar 30 2011

In Foggy thinking about the Right to Oblivion, Peter Fleischer raised several great questions about the data that we share. Fleischer hits the nail on the head.

Does too much user control lead to digital anarchy? If we are allowed to delete our online contributions at will, won’t that undermine the very fabric of this emerging society? We need to think about this as we restructure our online world from industrial models to user-driven ones.

His questions and discussion explore provenance, permanence, disputes and arbitration, degrees of affect (like when someone else posts information or a picture about you), potential obligations to delete, expire, or anonymize certain personally identifiable information, and more. It’s a messy, fractal, and emerging world, but not yet anarchy (in the sense of lawlessness or enforced authority)!

What we share online differs from what others may release about us, such as formal authorities like the Department of Motor Vehicles (DMV). However, when we control access to information provided by others online, such as with Facebook Connect, we should understand how and when we can disallow it.

Revoking consent and deleting our information once we’ve shared it remains a murky gray area. What happens to our data on the other saide? Does JibJab delete our profile when we disable their Facebook Connect application at Facebook?  We don’t know. Maybe.

In many cases, it’s clear where we should be able to delete or edit our own information… even if it disrupts the experience of those who have come to rely on it. And in those cases where editing or deleting is not appropriate, it should be clear that this is the case and why.

We don’t expect to be able to delete emails we’ve sent out to others, although we sometimes wish we could.  Other time our contributions *need* to become part of the public record. For instance, at the Information Sharing Work Group, contributions are tracked for purposes of determining the provenance of intellectual property. The challenge is to develop metaphors that align expectations with the underlying mechanics, and to use both when appropriate to the underlying human relations.

What is the nature of a permanent record? What makes them so? Who makes them so? Is it permanent and immutable? Or are there authorities who can change it?  Why or why not?

Similarly, what are the ramifications of a transient or mutable record? Why would it be either way?

Facebook posts, for example, are deletable but not mutable. So, while you can remove content that’s changed, you cannot change content, which others may have commented on. Facebook doesn’t explain this–it’d probably be confusing to the average user–but it makes sense once you stop to think about it.

So check out the post and think about it.

No responses yet

A Data Use Policy

Feb 28 2011

Facebook’s “privacy policy,” criticized as being “5830 words of legalese,” is being re-imagined as a data use policy. True to form, privacy is a misnomer in describing the data use by Facebook. In an article called Facebook Proposes ‘Data Use’ Policy To Replace ‘Privacy Policy’, Thomas Claburn of Information Week notes that:

Complexity is not just a matter of words per page. It’s a matter of time to comprehension. And unfortunately, Facebook’s “Data Use Policy” remains irreducibly complex because Facebook and its platform developers employ user data in many different ways. The company admits that is has “tried not to change the substance of the policy…”

And therein lies Facebook’s problem: Neither its “Privacy Policy” nor its “Data Use Policy” includes an option for actual privacy, which is to say unidentified use.

The problem isn’t in the complexity of the policy as much as it’s in the variable and unpredicted uses that Facebook has over a user’s data. Claburn describes the tensions between using the site and applications found there, and personal information disclosure that’s required by Facebook. Since you are required to give accurate data about yourself, and your interactions on their site may paint new and interesting patterns about you, Facebook may think of new uses for your data. The bottom line, however: it’s still lipstick on a pig.

No responses yet

Internet Driver’s License?!?

Jan 07 2011

Calling for an “Internet driver’s license” is a bit of a stretch, for now. Technology Review has an article, Facebook Wants to Supply Your Internet Driver’s License, that explores this possibility:

Facebook’s identity system might very well supply something that VeriSign, Microsoft, Yahoo, and Google have all struggled to offer: a single “driver’s license” for the Internet. (This leaves aside the question of whether it’s a good thing for one company to hold such a position of power.)

Putting aside necessary notions of sharing best practices (which might cut down on the amount of successful phishing that goes on) or a licensing body (whose “rules” we would need to agree to abide by), the article is really talking about user authentication and authorization: access to all the sites that you have accounts on. We use an account name and password for each site, and tracking them has long been recognized as a problem–how do we keep it all straight? Facebook, Technology Review points out, is positioning themselves to be THE single sign-on (SSO) site. The article continues:

Unfortunately, Facebook still has two important vulnerabilities that makes its website significantly less secure than those of most U.S. banks: its reliance on a single user name and password to gain access to an account, and its use of an unencrypted cookie for tracking which web browsers are logged in.

At the risk of turning everything digital that I care about over to a company whose practices are inconsistent at best and arguably not in their individual user’s interests, I’ll wait until a “driver’s license” is required. Meanwhile, to control my digital assets I’ll keep looking at new tools as they become available.

No responses yet

On Being Popular

Jan 02 2011

So what if “Facebook youth are an angry, foul-mouthed, selfish bunch,” or that “we Facebook users–at least the U.S. English speakers, anyway–start the day in a good mood, but as the day goes on and the coffee wears off we become increasingly demoralized?” These observations were among several in NetworkWorld’s article Facebook Offers Tips On Being Popular. Is this really something we want to know?

Well, yes we do want to know these things. There is much to learn and gain from an information-rich society. There is more to learn when the information is offered voluntarily, and tremendous untapped value when such information is within our ongoing control. So it is acting as a double-edged sword that Facebook wants to help show us a thing or two. From their recently published study, Facebook notes:

People use status updates to share what’s on their minds, to tell others what they’re doing, and to gather feedback from friends. The different ways people use status updates form some interesting patterns. In this study, we looked at the usage of words in different “word categories” in status updates. This led us to discover some patterns in how people use status updates differently, and how their friends interact with different status updates.

Facebook shared their findings in a recent post entitled “What’s on your mind?” The data was based on the Linguistic Inquiry and Word Count (LIWC), text analysis software that–as NetworkWorld pointed out#&150;uses word categories such as “past tense verbs, prepositions, religion and positive feelings.”

The part about a tremendous untapped value? What if this information could be used for new product and service discovery? Yes, caffeine drink makers might have a customized audience in the afternoons, but what if we could see a widget that would help with a common task, or a product that needs to be created? Or what if we could learn the source of our anger and demoralization? How would that change our society?

No responses yet

Kickin’ out the old (apps)

Dec 28 2010

As 2010 winds to a close, we came across great advice for kickin’ out the old apps on Facebook, and why you should do so. “The developers of these older applications required you to hand over your entire digital identity, and often have access to all of your personal data–including things like marital status, personal photos and videos,” says author Vanessa Dennis. From Delete Older Facebook Apps — or Risk Everyone’s Privacy, Ms. Dennis points out that:

illustration of permission changes from the original story

In 2009, Facebook made several highly publicized privacy changes as part of a settlement with the Canadian government. This means newer apps offer much more privacy control for the user.

So in addition to monitoring your profile privacy settings on Facebook, you should also consider deleting older apps and installing newer versions. Here is an example of the data access from an older YouTube app and then the newer YouTube app. Much less personal information is available, and much less is required for the app to work.

The author includes five clear, illustrated steps for checking on your apps and making changes. Now at the end of this calendar year, a little housecleaning seems in order.

Best wishes for an informationally aware New Year and beyond!

No responses yet

The Greatest Surveillance in History

Dec 07 2010

photo of Dr. Eben MoglenThe Wall Street Journal has an interesting story about a rare moment of legislative censure. “In an unusual move, the House Subcommittee on Commerce, Trade and Consumer Protection asked a Columbia University Law School professor to censor his remarks in a hearing about online privacy legislation,” states WSJ author Jennifer Valentino-DeVries. Whose testimony was censored? Eben Moglen, Professor of Law and Legal History at Columbia University Law School, Chairman of the Software Freedom Law Center, and Director of the Software Freedom Conservancy.

Moglen’s testimony got to the heart of the problem of information sharing as it is now:

We already have a world where more than half a billion people put everything they say and do in one great big database owned by a single for profit business. [...] How much surveillance is socially tolerable? How much are we prepared to abandon our traditional understanding that what we do in our daily life is nobody’s business except those with whom we choose to share?

Moglen’s prepared statement (PDF) is available at the Software Freedom Law Center and from the Wall Street Journal. His edited testimony (PDF) is available on the Committee’s website. If you’re interested in watching the whole 2+ hour hearing, you can catch it on C-Span or download it (WMV) from the Committee’s site. Note that Dr. Moglen’s testimony starts at 1 hour 37 minutes and ends at 1 hour 44 minutes.

Continuing from the Wall Street Journal,

Facebook spokesman Andrew Noyes confirmed that the company had seen a copy of Mr. Moglen’s prepared remarks before Thursday… Mr. Noyes indicated that Facebook had a problem with the written remarks from the start, saying Facebook was “surprised” to see that the remarks had “nothing to do with the topic of a serious and important hearing.”

The subject of the hearing was “Do-Not-Track Legislation: Is Now the Right Time?” The testimonies of other speakers are also available on the Committee’s website.

Moglen’s point, while evidently offensive to Facebook, seems right on topic, which is essentially a question of who gets to know what about whom:

Facebook holds and controls more data about the daily lives and social interactions of half a billion people than 20th-century totalitarian governments ever managed to collect about the people they surveilled.

Moglen’s written testimony–which triggered the censure–made it clear that he sees Facebook’s so-called “privacy settings” as outright deception. Although the settings give users control over what other users and applications can see, they do nothing to provide privacy from Facebook itself. This may seem so obvious it doesn’t get mentioned–that Facebook can see what users put on Facebook–but Moglen makes a convincing argument that it needs to be mentioned, precisely because it is a risk so many are ignoring.

It would be possible to engineer a solution so that Facebook can’t see everyone’s information.  Challenging, but possible.  Perhaps that’s in our future.

7 responses so far

But I’m not on Facebook

Dec 06 2010

We see Facebook “Like” buttons everywhere. They’re a common token of popularity: if you “like” someone or something, you’re connected in some direct-through-Facebook digital way. In Facebook’s ‘Like This’ button is tracking you (Whether you click it or not), author Stewart Meagher reports that Dutch researcher Arnold Roosendaal “warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not.”

“However, when a site is visited which includes Facebook Connect, this application issues a cookie. From that moment on, visits to other websites which display the ‘Like’ button result in a request for the Like button from the Facebook server including the cookie.”

Which means Facebook has swiped another batch of valuable data without asking for permission.

“Based on the cookie, the entire web behaviour of an individual user can be followed,” says Roosendaal. “Every site that includes some kind of Facebook content will initiate an interaction with the Facebook servers, disclosing information about the visited web site together with the cookie.”

Roosendaal’s paper is available at the Social Science Research Network (SSRN).

Our question is this: is there a way to change the system so that it is permissions-based?

No responses yet

Social Networking Silos

Nov 29 2010

Voluntary personal information sharing is most beautiful–and most powerful–when freely shared under circumstances chosen by the information holder. Today, however, we severely limit our power when we choose to share our information in closed sites such as Facebook, LinkedIn, and others. In those cases, we’re limited to sharing under rules set by those sites, and only to people who also agree to those closed practices.

Those sites are holding our information hostage, and the advertisers and marketing industry is paying wildly to keep this arrangement as a new status quo. This isn’t where we started though. Tim Berners-Lee reminds us that the web was built from “a profound concept: that any person could share information with anyone else, anywhere.” In a Scientific American article entitled Long Live the Web: A Call for Continued Open Standards and Neutrality, Berners-Lee states,

Several threats to the Web’s universality have arisen recently. Cable television companies that sell Internet connectivity are considering whether to limit their Internet users to downloading only the company’s mix of entertainment. Social-networking sites present a different kind of problem. Facebook, LinkedIn, Friendster and others typically provide value by capturing information as you enter it: your birthday, your e-mail address, your likes, and links indicating who is friends with whom and who is in which photograph. The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site. Each site is a silo, walled off from the others. Yes, your site’s pages are on the Web, but your data are not. You can access a Web page about a list of people you have created in one site, but you cannot send that list, or items from it, to another site.

While these sites offer a social networking benefit, they jail us with inconveniences and rules that disallow the sharing of our lives outside of their fortress. We at I Shared What?!? look forward to the days when we’re empowered to share according to our own rules, in our own ways.

No responses yet

Older posts »