The European Commission is telling Google that it needs to delete Google Street View imagery after six months to preserve the privacy of folks who may be seen in it. Google says its practice is to delete it after 12 months. I’m not sure if I completely understand the squabble, but this I know: The photo of my house in Google Street View is almost two years old. (It shows a “FOR SALE” sign that hasn’t been there since before I bought the place in June of 2008.)
The hubbub over Google Buzz’s conversion of your most frequent e-mail contacts into followers that anyone can see may die down eventually. Right now, though, it feels like the controversy is still heading towards the boiling point. And I think that Buzz’s basically confusing design isn’t helping matters.
If Search Engine Land has its facts straight–which it generally does–Google may end the melodrama decisively by simply removing Buzz from Gmail. That would be kind of stunning, since its integration into Gmail was one of the key features that Google trumpeted back on Tuesday when it announced Buzz. But stranger things have happened.
[UPDATE: Search Engine Land has updated its story, and says it didn't mean to suggest that Horowitz said Google was considering completely detaching Buzz from Gmail over privacy concerns.]
I think it would be a shame if Google went that far, and I don’t see why Buzz can’t be a good citizen within the Gmail framework. The company has already fiddled with Buzz’s default settings a bit. But can’t it end the Buzz discontent immediately by making it a cakewalk to simply skip the conversion of e-mail contacts into followers in the first place? Make Buzz accounts start with you following nobody by default; allow the e-mail contact conversion as an option, with an excruciatingly clear explanation of what’s happening.
Do that, Google, and you could confidently tell the world that the default state of Buzz is privacy. And virtually everyone who made their most-contacted list public would be doing so intentionally.
US-China relations have turned contentious over the past several months, particularly in regard to the issue of “Internet freedom.” But neither nation has an unblemished record on Internet privacy, says Eben Moglen, a Columbia University law professor and founder of the Software Freedom Law Center.
Last month, Google declared that it has discovered cyberattacks on its systems targeting Chinese humans rights workers, and made a decision to terminate the censored version of Google in China as a response.
Within a matter of days, U.S/ Secretary of State Hillary Rodham Clinton demanded that China investigate Google’s claims, and called for an Internet free of censorship. (Disclosure: I donated to Hillary Clinton’s presidential campaign and was an active volunteer)
Both countries should take heed to the call for freedom, Moglen says. The only difference between spying in the U.S and spying in China is that China’s is centralized through the government, and the U.S has the capitalist kind, he said.
“We won’t win any freedom of the Internet discussion carrying Facebook on our backs,” Moglen quipped.
Moglen, who is a well-known figure in the free software movement, is concerned about the impact that the Internet’s predominant client/server architecture has on privacy due to the architecture’s potential for abuse.
Americans, he said, live with a microphone under every bush, a Webcam in every tree, and “a data miner under your feet.” Facebook and other cloud services such as Gmail spy on their users, he claims.
Data is aggregated about things you don’t want people to know, Moglen said. People would be “creeped out” at the how somple it is to un-anonymize data, he added. “Commercial data sources can be used to assemble maps of people’s lives.”
That is technically true, but I do not have to jump through hoops to watch YouTube uncensored. The information that is collected about me online is probably more pervasive than I know, but the spying doesn’t have an immediate effect upon my freedom. Perhaps that makes it easier to take my privacy for granted.
Cloud services like Facebook and Gmail might be “free,” but they carry an immense social cost, threatening the privacy and freedom of people who are too willing to trade it away for a perceived convenience, according to Eben Moglen, a Columbia University law professor and founder of the Software Freedom Law Center.
On Friday, Moglen was the guest speaker at a seminar at New York University that was sponsored by local technology organizations. Moglen criticized the hierarchical nature of the Web today, and called for a return to peer-to-peer communications.
“The underlying architecture of the Net is meant to be about peerage,” Moglen said. “…There was nothing on the technical side to prevent it, but there was a software problem.”
The client/server architecture has been locked in over the past two decades by Microsoft Windows, Moglen claimed. “Servers were given a lot of power, and clients had very little.”
Control has been moved even further away from the client (people) by cloud services, which can be physically located anywhere in the world where the provider chooses to operate, Moglen said. Privacy laws vary widely from country to country.
There was so discussion of social consequences on the part of computer sciences as they created technologies that comprise the Web, Moglen said. “The architecture is begging to be misused.” Cloud providers are the biggest offenders, in Moglen’s view.
Privacy Obscured by Clouds
Cloud-based services range from simple offerings that could easily be duplicated to complex services that require clusters of computation and are administratively complex, Moglen added.
That affords providers a level of control that enables them to remain one step ahead of laws and regulations that meant to safeguard privacy, Moglen said. All server logs belong to the platform and service provider, he added.
Consequently, the public (and government) has lost ability to use legal regulation or to leverage the physical architecture of the network to prevent abuse when a cloud provider that might “fall from innocence,” Moglen said. He considers Facebook to be one of those bad actors.
Facebook, Moglen quipped, has turned into a “structure for denigrating the integrity of human integrity.” Joking aside, he called it a poor deal for users who receive a smattering of Web hosting, “PHP doodads,” and “all the spying that you can get for free all the time… It’s grossly overpriced.”
“The human race is susceptible to harm,” Moglen said. “[Facebook founder Mark Zuckerberg] has the distinction of having done more harm to the human race than anyone else his age.”
Facebook has recently taken steps to improve its privacy policies, and to give its users more rights to determine what other users and third party applications may see about them.
“Facebook knows who is going to have a love affair before we do,” Moglen said. Through accessing server logs, it can see whom “obsessively checks profiles,” he explained. People may also be telling others more about themselves than they realize.
In a dramatic example of that notion, a group of graduate students working with Moglen were able to use data from Facebook to identify homosexuals by examining their social mesh, pictures, and other information posted to the site.
“It’s not what they had in mind, and it’s not what we had in mind for them,” Moglen said. The biggest privacy problem, he noted, may be that people do not realize what is and isn’t discoverable about them.
Regardless of what steps Facebook has taken to address privacy concerns, Moglen believes that its business model is itself misuse. “It’s bad; it should be obsolete–not illegal. We are technologists, and we should fix it,” he told attendees.
The underlying social process that forces Facebook along is nothing more than perceived convenience, Moglen said. “Convenience is said to dictate you need Facebook in return to spying all the time, because web servers are so terrible to run.”
The “Freedom Box”
Running our own servers and keeping our logs is the solution to the problem, Moglen said. He proposed creating a “freedom box” device that is pocket-sized and portable, with a built-in Web server.
“If someone wants to know what is happening on your server, they can get a search warrant,” Moglen said. “You home is your castle, and the place where your fourth amendment rights sort of exist…when the Supreme Court is not in session.”
The freedom box would come pre-loaded with social networking software, use dynamic DNS, and replicate itself on trusted peers so that users still maintain a permanent online presence, Moglen explained. Existing open-source software would be up to the task, he suggested.
Moglen pitched a business model for the freedom box: end users pay $29.99 for a lifetime of use, get “great social networking,” “strong software,” and “no spying for free.” The idea is to create an economy of scale with many hundreds of thousands of users.
Attendees at the event seemed skeptical about the freedom box concept–their questions about it ranged from issues surrounding configuration and maintenance, and ISPs terms and use, to the perceived difficulty of building distributed systems. Me, I’m intrigued the idea of the freedom box in theory, but I’m not convinced that it could easily become a viable alternative to Facebook. Why? Because, “all my friends use it,” and people may not understand the value of peer-to-peer computing.
This past weekend, a trojan mimicked Facebook’s native functionality and sent notifications on the user’s behalf. While Facebook says that the application was harmless, its ability to break through a boundary of trust on the platform alarmed me.
The trojan came to my attention on Saturday after I received several Facebook notifications (in the form of a red number in the bottom right of the page) telling me that friends had commented on my photos. It was the same notification that I receive on a day-to-day basis.
When I clicked on the notification, it attempted to load an application called “Phutos,” which wanted access to my personal information and social network. I declined. A few minutes later, another notification appeared, but I was not taken to the application screen after I clicked on it. That seemed fishy, so I decided to review my applications.
“Phutos” was under my list of recently used applications–even though I never authorized its installation. At that point, I uninstalled the application and notified Facebook of my findings. Obviously, I also had some questions for it.
Facebook spokesperson Simon Axton stayed in steady contact with me over the weekend, and informed me today that the company had disabled the application because it violated Facebook’s Developer Principles and Policies. Facebook had determined that the application did not contain any malware, and has a dedicated enforcement team that investigates reports about suspicious applications, he told me.
When I asked what else Facebook does to protect its users, Axton said “We rely on reports from users for suspicious applications. Our team also conducts spot reviews of top applications and of many other applications, including looking at the data they need to run the application versus the data they gather. When we find a violation, we take action to enforce our policies.”
It’s great that Facebook says it’s taking its users’ safety seriously, but I am taken back by how easily a third-party application could mimic Facebook’s default Web applications. Users can now specify what information applications may access, but everyone users Facebook differently, so there is a bounty of information for malware to exploit.
There should be a wall between the Facebook development platform and the applications that make up the site itself.
Just how much Google do you have in your life? Now Google is giving you a tool to help answer that question: Google Dashboard, which puts personal information relating to twenty Google services you may be using on one page.
Dashboard includes everything from the number of conversations in your Gmail inbox to how many people are following you on Google Reader to the most recent task you completed with Google Tasks. Icons indicate if you’ve made a piece of information (such as your age) public; links let you go to the originating services and manage settings relating to them. It puts scads of information about you in one place, which is why you need to enter a password to get to it–even if you’re already logged in.
Here’s what Dashboard tells me about my usage of Google Docs:
And here it tells me that I’ve shared an album on Orkut (which was startling to hear, since I don’t remember ever using Orkut–but I figure Google has a better memory than I do):
The level of information that Dashboard provides is curiously inconsistent–the Gmail section is so granular that it tells me exactly when I last received a piece of spam and what the title was, but the Contacts one merely notes how many contacts I have. I’m not sure if there’s an overarching philosophy about what info goes into the Dashboard, or whether different Google teams simply had varying philosophies.
Dashboard could use some more explanation. I already knew that I use a ton of Google services and they know a lot about me, so seeing it all in one place was more entertaining than scary. As long as I’m looking at the big picture, I’d like to get more information on exactly what Google does (and doesn’t do) with my personal information–but Dashboard’s help is pretty perfunctory, and there’s no concise data-point-by-data-point disclosure.
Unless you don’t have a Google Account–and if you don’t, you’re surely not reading this–your Dashboard is here. If you check it out, let us know what you think. And here’s Google’s video introduction:
News sites in China are now being required to obtain the true identities of their commenters, likely in an attempt to suppress and deter so-called “subversive” behavior. Previously, commenters had been offered a bit more anonymity where they could either post without registering at all or with much less personal information.
The new policy took effect last month and requires a real name and government issued identification number. This would positively identify every commenter on top of their already traceable IP address.
It appears from news reports that the government has tried to keep its involvement in the change under wraps, working to suppress reports on the matter in the media. It has worked for much of this decade on bringing a “real name” system to the Chinese Internet, and those in China say this is likely just the beginning.
There’s also another reason why the government didn’t want this publicized: it is unpopular and previous attempts have gotten a lot of blowback. China tried in 2006 to implement the policy on blogs, but after prominent bloggers in the country came out against the new policy and the public also overwhelmingly opposed it, the country backed off.
Local officials tried it too: Hangzhou officials wanted a similar policy for all who post on sites in the city earlier this year, however again public criticism killed the government’s plans.
It is certainly disappointing to see China once again working to curtail their citizens rights. The “subversion” tactic is something they use frequently: in most cases it’s an excuse to prevent free speech. Truly, there isn’t much that can be said that could truly disrupt the country.
What they’re paranoid of is the fact that there is a large portion of their population that wants freedom of speech and to be able to speak out. What China’s learning now is that in the digital age, that’s going to be much harder than ever to control.
(Cross posted from TechPolitik)
With the mass migration from MySpace to Facebook by a good portion of the social mediarati, the ways we are using the service is certainly changing. Before, the two sites had rather distinct user types. This lead to the sites being used in different ways.
MySpace always seemed to be more casual, and personal use ruled. The atmosphere was less formal, which meant functionality such as personal information really was not necessary. The people you were adding weren’t always necessarily your true “friends.”
Facebook was different. It’s roots as a connection between college students, and later on businesspeople, made it much more formal. Typically, if you were adding somebody on Facebook, you either knew them, were friends with them, or worked with them.
Thus, Facebook by design allowed you to enter personal data such as contact information. A good portion of us, myself included, likely put this information here because we wanted those on our Facebook to have that information if they needed it.
I have tons of people on there that I completely lost contact with and have reconnected as a result of the service, which I am pretty grateful for.
But things are changing. With MySpace out of vogue, that crowd is coming to Facebook. This means that the less formal use of MySpace, including adding people you might not necessarily directly know, is much more commonplace.
There’s just one problem. The way Facebook stores your personal data has not changed. I found this out the hard way, and didn’t realize it until my contact information was used in a stalking incident but a person I had added who I really did not know.
Laying out in the open as long as they were on my friends list was just about every bit of personal information about me, including address, phone number, email, and IM contact information. I was shocked that I had forgotten this data was there, because typically I am very good with maintaining control over personal information.
Facebook doesn’t make it easy to block the information, either. It’s privacy settings left a little to be desired.
Essentially, I would have had to go through every single friend, adding them one at a time, to show my information to select people. This led me to think, how many other Facebookers may be inadvertently sharing information they may not be comfortable giving out?
Take this as a cautionary tale. Double check your Facebook to make sure you’re comfortable with the information you’re giving out: otherwise, you might find out the hard way.
Should Facebook do something? Probably yes. The methods to select who sees your data is a bit too cumbersome. Rather than making it a manual process, it might be better for the company to allow you to group friends, and from there allow/deny access to personal info.
I’m curious as to whether or not the ways you use Facebook have changed in this “post-MySpace era.” Have you checked to see how your data is being shared?
