Blog

Facepile Live Stream Activity Comments

Archive for the 'silos' category

Open Data Partnership

Apr 06 2011 Published by under info sharing, silos

Oh boy. The Open Data Partnership puts themselves forward as a self-regulated solution for personal data and online privacy. They claim to be a “market-wide collaboration that allows consumers to gain more control over the information that companies have collected about their interests in one easy-to-use portal.” SmartPlanet has quoted Mike Zaneis, Senior Vice President and General Counsel for the Interactive Advertising Bureau (IAB):

Better Advertising’s Open Data Partnership is exactly the kind of initiative that will enable us to remain self-regulated as an industry. The more transparency we can provide consumers that enables them to retain control over their own data, the more trusted our ecosystem becomes – to the benefit of everyone.

This proposal assumes several key points, including these:

  1. economics defines the moral imperative for managing society,
  2. the marketing and advertising industries are the default economic framework going forward,
  3. these industries are fair arbiters and safe handlers of “consumer data” and that they know what the well-being of “consumers” is all about, and
  4. this industry will be successful and unified at self-regulation.

Big assumptions. Ones we don’t share.

Economics is important, but checks and balances are more important. Overexuberant industrialists and financiers have repeatedly shown they will take whatever they can get away with, even when it harms individuals and society at large.  Marketing and advertising in moderation can improve our quality of life, but given free rein, marketers have repeatedly exploited and manipulated the unwary and unsophisticated.

As far as self-regulation, that isn’t promising either. So far, there’s not a lot of industry buy-in and there are few self-regulation success stories we can point to for inspiration. MPAA movie ratings, perhaps. Others have cited the fraud prevention and protection practices of Visa and Mastercard… but the fact is the credit card industry is one of the most heavily regulated.

Instead of hoping the wolves can be trusted to guard the hen house–because they too hope to enjoy eating the hens for a long time to come–we need an approach based on the fundamental morality of individual liberty. We need a solution for the people, by the people.

In contrast, Evidon is for the advertisers, by the advertisers. Consider their language:

  • The Open Data Partnership helps us give them more.
  • Give consumers a snapshot of the interest information that you’ve collected about them
  • You own the data… we’re a distribution mechanism for users to opt-out, opt-in, and/or manage how you categorize them

Us verses them. Again and again.

Evidon does offer a consumer profile manager portal to let us manage our relationships. Go look at it. They call this managing a relationship? Wow. Maybe we’re old school, but a relationship is a lot more than just a few checkboxes for guesses about my interests.

Even as a tool for “increasing accountability and transparency”, the profile manager is a weak offering. Where did they come up with this information? Who have they given it to? What ads have been shown to me in response and where were did those ads appear? Evidon isn’t transparency, it’s whitewashing.

The Digital Advertising Alliance is powered by Evidon and DoubleVerify is built on top of both. All three claim to give consumers “choice and control”. But they don’t. In fact, it’s almost impossible to tell who is doing what with whose data.  That isn’t transparency. It’s obfuscation.

The framework remains us vs. them. They win, we lose, despite the rhetoric.

None of these efforts is about helping individuals or even about building a better, more efficient, more moral system. It’s about barely starting to do what they should have been doing from the beginning: respect the innate rights of individuals to control their person and their domain. We’re glad they are finally realizing that they’ve been behaving badly, but it’s a tiny shuffle in the right direction.

As Christopher Locke famously said in the Cluetrain Manifesto:

we are not seats or eyeballs or end-users or consumers. we are human beings – and our reach exceeds your grasp.

deal with it.

Clearly, Evidon isn’t dealing with it. Until we have a solution—self-regulated or not—that can deal with people as human beings, we don’t have a solution.

No responses yet

Permanent vs. Editable Records

Mar 30 2011 Published by under info sharing, silos

In Foggy thinking about the Right to Oblivion, Peter Fleischer raised several great questions about the data that we share. Fleischer hits the nail on the head.

Does too much user control lead to digital anarchy? If we are allowed to delete our online contributions at will, won’t that undermine the very fabric of this emerging society? We need to think about this as we restructure our online world from industrial models to user-driven ones.

His questions and discussion explore provenance, permanence, disputes and arbitration, degrees of affect (like when someone else posts information or a picture about you), potential obligations to delete, expire, or anonymize certain personally identifiable information, and more. It’s a messy, fractal, and emerging world, but not yet anarchy (in the sense of lawlessness or enforced authority)!

What we share online differs from what others may release about us, such as formal authorities like the Department of Motor Vehicles (DMV). However, when we control access to information provided by others online, such as with Facebook Connect, we should understand how and when we can disallow it.

Revoking consent and deleting our information once we’ve shared it remains a murky gray area. What happens to our data on the other saide? Does JibJab delete our profile when we disable their Facebook Connect application at Facebook?  We don’t know. Maybe.

In many cases, it’s clear where we should be able to delete or edit our own information… even if it disrupts the experience of those who have come to rely on it. And in those cases where editing or deleting is not appropriate, it should be clear that this is the case and why.

We don’t expect to be able to delete emails we’ve sent out to others, although we sometimes wish we could.  Other time our contributions *need* to become part of the public record. For instance, at the Information Sharing Work Group, contributions are tracked for purposes of determining the provenance of intellectual property. The challenge is to develop metaphors that align expectations with the underlying mechanics, and to use both when appropriate to the underlying human relations.

What is the nature of a permanent record? What makes them so? Who makes them so? Is it permanent and immutable? Or are there authorities who can change it?  Why or why not?

Similarly, what are the ramifications of a transient or mutable record? Why would it be either way?

Facebook posts, for example, are deletable but not mutable. So, while you can remove content that’s changed, you cannot change content, which others may have commented on. Facebook doesn’t explain this–it’d probably be confusing to the average user–but it makes sense once you stop to think about it.

So check out the post and think about it.

No responses yet

Internet Driver’s License?!?

Jan 07 2011 Published by under silos

Calling for an “Internet driver’s license” is a bit of a stretch, for now. Technology Review has an article, Facebook Wants to Supply Your Internet Driver’s License, that explores this possibility:

Facebook’s identity system might very well supply something that VeriSign, Microsoft, Yahoo, and Google have all struggled to offer: a single “driver’s license” for the Internet. (This leaves aside the question of whether it’s a good thing for one company to hold such a position of power.)

Putting aside necessary notions of sharing best practices (which might cut down on the amount of successful phishing that goes on) or a licensing body (whose “rules” we would need to agree to abide by), the article is really talking about user authentication and authorization: access to all the sites that you have accounts on. We use an account name and password for each site, and tracking them has long been recognized as a problem–how do we keep it all straight? Facebook, Technology Review points out, is positioning themselves to be THE single sign-on (SSO) site. The article continues:

Unfortunately, Facebook still has two important vulnerabilities that makes its website significantly less secure than those of most U.S. banks: its reliance on a single user name and password to gain access to an account, and its use of an unencrypted cookie for tracking which web browsers are logged in.

At the risk of turning everything digital that I care about over to a company whose practices are inconsistent at best and arguably not in their individual user’s interests, I’ll wait until a “driver’s license” is required. Meanwhile, to control my digital assets I’ll keep looking at new tools as they become available.

No responses yet

Kickin’ out the old (apps)

Dec 28 2010 Published by under info sharing, silos

As 2010 winds to a close, we came across great advice for kickin’ out the old apps on Facebook, and why you should do so. “The developers of these older applications required you to hand over your entire digital identity, and often have access to all of your personal data–including things like marital status, personal photos and videos,” says author Vanessa Dennis. From Delete Older Facebook Apps — or Risk Everyone’s Privacy, Ms. Dennis points out that:

illustration of permission changes from the original story

In 2009, Facebook made several highly publicized privacy changes as part of a settlement with the Canadian government. This means newer apps offer much more privacy control for the user.

So in addition to monitoring your profile privacy settings on Facebook, you should also consider deleting older apps and installing newer versions. Here is an example of the data access from an older YouTube app and then the newer YouTube app. Much less personal information is available, and much less is required for the app to work.

The author includes five clear, illustrated steps for checking on your apps and making changes. Now at the end of this calendar year, a little housecleaning seems in order.

Best wishes for an informationally aware New Year and beyond!

No responses yet

The Greatest Surveillance in History

Dec 07 2010 Published by under info sharing, silos

photo of Dr. Eben MoglenThe Wall Street Journal has an interesting story about a rare moment of legislative censure. “In an unusual move, the House Subcommittee on Commerce, Trade and Consumer Protection asked a Columbia University Law School professor to censor his remarks in a hearing about online privacy legislation,” states WSJ author Jennifer Valentino-DeVries. Whose testimony was censored? Eben Moglen, Professor of Law and Legal History at Columbia University Law School, Chairman of the Software Freedom Law Center, and Director of the Software Freedom Conservancy.

Moglen’s testimony got to the heart of the problem of information sharing as it is now:

We already have a world where more than half a billion people put everything they say and do in one great big database owned by a single for profit business. […] How much surveillance is socially tolerable? How much are we prepared to abandon our traditional understanding that what we do in our daily life is nobody’s business except those with whom we choose to share?

Moglen’s prepared statement (PDF) is available at the Software Freedom Law Center and from the Wall Street Journal. His edited testimony (PDF) is available on the Committee’s website. If you’re interested in watching the whole 2+ hour hearing, you can catch it on C-Span or download it (WMV) from the Committee’s site. Note that Dr. Moglen’s testimony starts at 1 hour 37 minutes and ends at 1 hour 44 minutes.

Continuing from the Wall Street Journal,

Facebook spokesman Andrew Noyes confirmed that the company had seen a copy of Mr. Moglen’s prepared remarks before Thursday… Mr. Noyes indicated that Facebook had a problem with the written remarks from the start, saying Facebook was “surprised” to see that the remarks had “nothing to do with the topic of a serious and important hearing.”

The subject of the hearing was “Do-Not-Track Legislation: Is Now the Right Time?” The testimonies of other speakers are also available on the Committee’s website.

Moglen’s point, while evidently offensive to Facebook, seems right on topic, which is essentially a question of who gets to know what about whom:

Facebook holds and controls more data about the daily lives and social interactions of half a billion people than 20th-century totalitarian governments ever managed to collect about the people they surveilled.

Moglen’s written testimony–which triggered the censure–made it clear that he sees Facebook’s so-called “privacy settings” as outright deception. Although the settings give users control over what other users and applications can see, they do nothing to provide privacy from Facebook itself. This may seem so obvious it doesn’t get mentioned–that Facebook can see what users put on Facebook–but Moglen makes a convincing argument that it needs to be mentioned, precisely because it is a risk so many are ignoring.

It would be possible to engineer a solution so that Facebook can’t see everyone’s information.  Challenging, but possible.  Perhaps that’s in our future.

7 responses so far

But I’m not on Facebook

Dec 06 2010 Published by under contacts, info sharing, silos

We see Facebook “Like” buttons everywhere. They’re a common token of popularity: if you “like” someone or something, you’re connected in some direct-through-Facebook digital way. In Facebook’s ‘Like This’ button is tracking you (Whether you click it or not), author Stewart Meagher reports that Dutch researcher Arnold Roosendaal “warns that Facebook is tracking and tracing everyone, whether they use the social networking site or not.”

“However, when a site is visited which includes Facebook Connect, this application issues a cookie. From that moment on, visits to other websites which display the ‘Like’ button result in a request for the Like button from the Facebook server including the cookie.”

Which means Facebook has swiped another batch of valuable data without asking for permission.

“Based on the cookie, the entire web behaviour of an individual user can be followed,” says Roosendaal. “Every site that includes some kind of Facebook content will initiate an interaction with the Facebook servers, disclosing information about the visited web site together with the cookie.”

Roosendaal’s paper is available at the Social Science Research Network (SSRN).

Our question is this: is there a way to change the system so that it is permissions-based?

No responses yet

Social Networking Silos

Nov 29 2010 Published by under info sharing, silos

Voluntary personal information sharing is most beautiful–and most powerful–when freely shared under circumstances chosen by the information holder. Today, however, we severely limit our power when we choose to share our information in closed sites such as Facebook, LinkedIn, and others. In those cases, we’re limited to sharing under rules set by those sites, and only to people who also agree to those closed practices.

Those sites are holding our information hostage, and the advertisers and marketing industry is paying wildly to keep this arrangement as a new status quo. This isn’t where we started though. Tim Berners-Lee reminds us that the web was built from “a profound concept: that any person could share information with anyone else, anywhere.” In a Scientific American article entitled Long Live the Web: A Call for Continued Open Standards and Neutrality, Berners-Lee states,

Several threats to the Web’s universality have arisen recently. Cable television companies that sell Internet connectivity are considering whether to limit their Internet users to downloading only the company’s mix of entertainment. Social-networking sites present a different kind of problem. Facebook, LinkedIn, Friendster and others typically provide value by capturing information as you enter it: your birthday, your e-mail address, your likes, and links indicating who is friends with whom and who is in which photograph. The sites assemble these bits of data into brilliant databases and reuse the information to provide value-added service—but only within their sites. Once you enter your data into one of these services, you cannot easily use them on another site. Each site is a silo, walled off from the others. Yes, your site’s pages are on the Web, but your data are not. You can access a Web page about a list of people you have created in one site, but you cannot send that list, or items from it, to another site.

While these sites offer a social networking benefit, they jail us with inconveniences and rules that disallow the sharing of our lives outside of their fortress. We at I Shared What?!? look forward to the days when we’re empowered to share according to our own rules, in our own ways.

No responses yet