Computer Ethics, Fall 2011
Corboy 423; 7:00-9:30 Th, Sept 29, Class 5
Readings:
Paper 1, due Friday Sept 30
They are watching you: http://www.youtube.com/watch?v=8JNFr_j6kdI.
Is this a real threat? (See especially the section between 0:45 and 1:25)
I'm offering this as an example of a possible
threat, but which definitely has elements of "paranoia" as well. (I
imagine somewhere on YouTube there's a video of someone explaining the
dangers of the government eavesdropping on your conversations by
beaming lasers on your windows.)
Privacy
What is privacy all about? Baase (p 45) says it consists of
- control of information about oneself: who knows what about you?
- freedom
from intrusion -- the right to be left alone in peace
- freedom
from surveillance (watched, listened to, etc)
Are these all? Note that Baase put control of information as #2; I moved
it to #1.
In some sense the second one is really a different
category: the need to get away from others. A technological issue here
is the prevalence of phones, blackberries, and computers and the
difficulty of getting away from work.
The third one is to some degree a subset of the first: who gathers
information about us, and how is it shared? Another aspect of the third
one is freedom from GOVERNMENTAL spying. Privacy from the government is a
major part of Civil Liberties.
Privacy is largely about our sense of control
of who knows what about
us. We willingly put info onto facebook, and are alarmed only when
someone reads it who we did not anticipate.
Privacy from:
- government
- commercial interests
- workplace
- local community (ie online info about us)
Sometimes, when we try to argue for our privacy, we get asked what do you have to hide? Is this
fair?
On the other hand, should we care at all about privacy? Or is it just
irrelevant?
Strange history: once upon a time we were mostly concerned about privacy
from the government, not from private commercial interests.
Once upon a time, concern about privacy was on the decline. People knew
about the junk-mail lists that marketers kept, but it did not seem
important, especially to younger people.
In the last few years, privacy has become a significant issue. Why is this?
Psychologists have ways of defining general personality traits, eg the OCEAN set of
- Openness (to new ideas and experiences)
- Conscientiousness
- Extraversion
- Agreeableness
- Neuroticism (tendency towards anxiety and worry)
(The Myers-Briggs system has four dimensions, and classifies you as at
one end or the other (eg extraverted or introverted) on each axis.)
Are we approaching the point that outsiders can create a psychological profile of us using online data only?
Is this even what we mean by losing our privacy? Psychologists have
suggested that "getting to know someone" is based significantly on the slow voluntary exchange of personal information.
Or is it much simpler: perhaps the marketing information about us was
too remote for us to be concerned, but that Facebook has ushered in a
new era of online information about our social situation: friends, events, likes, and that these are the things that are relevant in our day-to-day interactions with others.
What do computers have to do with privacy?
Old reason: they make it possible to store (and share) so much more data
Newer reasons:
- They enable complex data mining
- They allow us to find info on others via google
- Records are kept that we never suspected (eg google searches)
- Electronic eavesdropping
Baase, p 45: Communist East-German secret police Stasi, and
non-computerized privacy invasion
Fourth amendment:
The right of the people to be secure in
their persons, houses, papers, and effects, against unreasonable
searches and seizures, shall not be violated.
Baase p 47: computers "make it easy to produce detailed profiles of
our personal characteristics, relationships, activities, opinions, and
habits"
Maybe also of what sales pitches we're likely to respond to??
Some non-governmental privacy issues:
- shopping data
- RFID chips in cards and merchandise
- search-engine
queries
- cellphone GPS data
- event data recorders in
automobiles
Maybe some of the most sensitive information gathered about us today is
our location, typically from a cellphone. Traditional phones do not
necessarily track GPS in real time, unless an emergency call is placed,
but "smartphones" do this continuously in order to display
advertisements for nearby businesses. What undesireable things could be
done with this information?
We will return to this later.
http://pleaserobme.com, listing twitter/foursquare announcements that you will not be At Home (now "off"; I wish I'd kept some sample data)
In ~1990, a big privacy issue was Caller ID. Whose privacy was at
stake?
Facebook has made us our own worst privacy leakers.
Facebook and college admissions, employment, any mixed recreational
& professional use
Some specific things we may want to keep private, from a few years ago:
- past lives (jobs, relationships, arrests, ...)
- life setbacks
- medical histories
- mental health histories, including
counseling
- support groups we attend
- organizations of
which we are members
- finances
- legal problems (certainly criminal, and
often civil too)
- alcohol/drug use
- tobacco or alcohol purchases
- most
sexual matters, licit or not
- pregnancy-test purchases;
contraceptive purchases
- private digressions from public facade
- different facades in different settings [friends, work,
church]
- comments we make to friends in context
- the fact that
we went to the bar twice last week
- the fact that we did not go to the gym at all last week
- minor transgressions (tax deductions, speeding, etc)
In keeping these sorts of things private, are we hiding something?
More significantly, what has the rise of Facebook done to this list?
How much do we care about this "general background" information as
opposed to the kind of information that leaks out of Facebook: who we
partied with last night, what we drank, who we partied with five years
ago, where we were last night given that we said we would be volunteering at the soup kitchen?
Sometimes we want to keep things private simply to avoid having someone
else misinterpret them.
Is this list what is really important to us in terms of privacy? Or are
we really only concerned with more intangible attributes?
Why do we care about privacy? Is it true that we wouldn't care if
we had nothing to hide? What about those "minor transgressions"
on the list? Are they really minor?
Or is is true that "we live 'in a nation whose reams of regulations
make almost everyone guilty of some violation at some point'" [Baase p
69]
Once upon a time (in the 1970's) there was some social (and judicial)
consensus that
private recreational drug use was reasonably well protected: police had
to have some specific evidence that you were lighting up, before they
could investigate. Now, police are much more free to use aggressive
tactics (eg drug-sniffing dogs without a warrant, though they can't use
thermal imaging without a warrant).
Is this a privacy issue?
On page 47, Baase quotes Edward J Bloustein as saying that a person who
is deprived of privacy is "deprived of his individuality and human
dignity". Dignity? maybe. But what about individuality? Is there some
truth here? Or is
this overblown?
On page 67, Baase quotes Justice William O. Douglas as saying, in 1968,
In a sense a person is defined by the
checks he writes. By examining them agents get to know his doctors,
lawyers, creditors, political allies, social connections, religious
affiliation, educational interests, the papers and magazines he reads,
and so on ad infinitum.
Nowadays we would add credit-card records. Is Douglas's position true?
Privacy from the government
This tends not to be quite as much
a COMPUTING issue, though facial recognition might be an exception.
"Matching" was an exception once upon a time.
Interception of electronic communications generally fits into this
category; the government has tried hard to make sure that new modes of
communication do not receive the same protections as older modes. They
have not been entirely successful.
To large extent, we'll deal with this one later.
One of the biggest issues with government data collection is whether
the government can collect data on everyone, or whether they must have
some degree of "probable cause" to begin data collection. On p 73 of
Baase there is a paragraph about how the California Department of
Transportation photographed vehicles in a certain area and then looked
up the registered owners and asked them to participate in a survey on
highway development in that area. Why might that be a problem?
Canadian position: government must have a "demonstrable need for each
piece of personal information collected".
Commercial data, based on transaction history
Primary use is some sort of marketing
Other data
legal, workplace, medical, etc
Traditional "paper" data;
The computerization issue is easy/universal access to such data
personal
facebook, etc
Some data collection that we might not even be aware of:
- browser-search data from google
- ISPs and browser-search data
- web cookies
- automobile event recorders
Event data recorders in cars: lots of cars have them. - fresh-values
/ preferred card
LOTS of people are uneasy about privacy issues here, but specific
issues are hard to point to.
My local Jewel never asks for Preferred cards for alcohol sales - street-level
car cameras
- street-level pedestrian cameras
- bookstore
purchases
- library records
- RFID data
- browser location data
Google Buzz
Google Buzz was google's first attempt at a
social-networking site, back in ~2009[?]. When it was first
introduced, your top gmail/gchat contacts were made public as
"friends", even though the existence of your correspondence may have
been very private. For many, the issue isn't so much that yet another
social-networking site made a privacy-related goof, but that it was google,
which has so much private information already. Google has the entire
email history for many people, and the entire search history for many
others. The Google Buzz incident can be interpreted as an indication
that, despite having so much personal information, Google is "clueless"
about privacy. At the very least, Google used personal data without
authorization.
For many people, though, the biggest issue isn't privacy per se, but
the fact that their "google profile" overnight became their buzz page,
without so much as notification.
See http://www.nytimes.com/2010/02/15/technology/internet/15google.html.
Or http://searchengineland.com/how-google-buzz-hijacks-your-google-profile-36693.
Tyler Clementi
On September 19, 2010, Rutgers University Tyler Clementi asked his
roommate to be out of the room for the evening. Clementi then had a
sexual encounter with another male. The roommate, meanwhile, turned on
his webcam remotely from a friend's room, watched the encounter, and
streamed it live over the internet.
(More at http://news.yahoo.com/s/ap/20101001/ap_on_re_us/us_student_taped_sex.)
Three days later Clemente leapt to his death from the George Washington bridge, presumably because he felt "outed".
How much is this about harassment of homosexuals?
How much is this about bullying?
How much is this about invasion of privacy?
Would the situation be seen differently if Clemente's tryst had been with a woman?
Is this at all about "cyber harassment"?
Is it about abuse of "social media"?
What about "outing" that was once relatively common within the gay community?
What about Erin Andrews, the ESPN reporter who was videoed while
undressed in her New York hotel room, allegedly by Michael Barrett,
apparently now convicted? This video too was circulated on the
internet; the case made headlines in July 2009 (though when the videos
were actually taken is unclear). Barrett got Andrews' room number from
the hotel, reserved a room next to hers, and either modified the door
peephole somehow, or drilled a hole through the wall and added a new
peephole.
Is Andrews' situation any different from Clementi's? (Aside from the part about damages to hotel property).
What should the law say here?
Is it wrong to place security cameras on your business property? Is it
wrong to place "nannycams" inside your house? What sort of notice do
you have to give people?
When we record the ACM lectures at Loyola, what sort of notice do we have to give the audience? The speakers?
Note that in Illinois it is a felony to record conversations
without the consent of all parties, even in a public place. But there
is a downside to this: you also cannot record the police if they stop
or harass you, and you cannot record others who harass you (eg in the
workplace). More at http://www.chicagobreakingnews.com/2010/08/aclu-challenges-illinois-eavesdropping-act.html. For a stronger slant on the recording-police issue, see http://gizmodo.com/5553765/are-cameras-the-new-guns (there is at least some evidence that the Illinois law in question was intended to disallow recording of police).
Note:
Under New Jersey’s invasion-of-privacy statutes, it is a fourth degree
crime to collect or view images depicting nudity or sexual contact
involving another individual without that person’s consent, and it is a
third degree crime to transmit or distribute such images. The penalty
for conviction of a third degree offense can include a prison term of
up to five years.
New Jersey lists "nudity" and "sexual contact" as entitled to privacy; some other states list "expectation of privacy".
One final note: if Clementi killed himself simply because he had been "outed", then any sex partner could have outed him legally.
Sex partners could not legally have filmed him without his consent, but (like
the Paris Hilton sex tape) a lover could later release a tape that had been made with consent, or simply release a textual narrative.
AOL search leak, 2006
Baase p 48: search-query data: Google case, AOL leak.
In August
2006, AOL leaked (actually, released) 20,000,000 queries from ~650,000 people. MANY of the
people involved could be individually identified, because they:
- searched for their own name
- searched for their car, town,
neighborhood, etc
Many people searched for medical issues.
Wikipedia: "AOL_search_data_scandal"
Thelma Arnold
Mirror site: http://gregsadetsky.com/aol-data/
An article:
http://www.techcrunch.com/2006/08/06/aol-proudly-releases-massive-amounts-of-user-search-data
Google strongly resisted releasing "anonymized" search data to the
government.
What would make search data sufficiently anonymous?
Question: Is it ethical to use the
actual AOL data in research? What guidelines should be in place?
Are there other ways to get legitimate search data for sociological
research?
Where is google-search-history stored on your computer?
What constitutes "consent" to a privacy policy?
Are these binding? (Probably yes, legally, though that is still being
debated)
Have we in any way consented to having our search data released?
Pennsylvania school laptops
In the Lower Merion school district in Ardmore PA, school-owned laptops
were sent home with students. School officials have now been accused of
spying on students by turning on the laptops' cameras remotely, while
the laptops were in the students' homes.
The school's position is that remote camera activation was only done
when the laptop was reported lost or stolen, as part of the LANRev
software package (see also the open-source preyproject.com site). Note that the
current owners of LANRev now state:
We
discourage any customer from taking theft recovery into their own
hands," said Stephen Midgley, the company's head of marketing, in an
interview Monday. "That's best left in the hands of professionals."
However, the AP
article on the incident states the following:
The Robbinses said they learned of the
alleged webcam images when Lindy
Matsko, an assistant principal at Harriton High School, told their son
that school officials thought he had engaged in improper behavior at
home. The behavior was not specified in the suit.
"(Matsko) cited as evidence a photograph from the webcam embedded in
minor plaintiff's personal laptop issued by the school district," the
suit states.
Supposedly the camera was activated because the laptop was reported
as missing, but that in the case in question the laptop was declared
missing by the school because insurance fees were not paid. Matsko saw
the student ingesting something that looked to her like drug capsules;
the student in question claimed it was Mike-and-Ike
candy and there was considerable corroborating evidence that that was
the case.
Some technical details, including statements made by Mike Perbix of the
school's IS department, are available at
http://strydehax.blogspot.com/2010/02/spy-at-harrington-high.html. The
stryde.hax article also makes the following claims:
- Possession of a monitored Macbook was required for classes
- Possession
of an unmonitored personal computer was forbidden and
would be confiscated
- Disabling the camera was impossible
- Jailbreaking
a school laptop in order to secure it or monitor it
against intrusion was an offense which merited expulsion
The first, if true, would seem odd; the other points are fairly
standard (though black electrical tape is wonderfully effective at disabling what the camera can see).
Note that public schools are part of the government, and, as such, must
abide by the Fourth Amendment (though schools may be able to search
lockers on school property).
(Loyola, as a private institution, is
not so bound, though there are also several Federal statutes that
appear to apply.)
Students and parents do sign an Acceptable Use policy. However, a
signature is required for the student to be issued a laptop. Also,
students are minors, and it appears to be the case that parents are not authorized to sign away the
rights of minors.
In April 2010 the school's attorneys issued a report claiming there was
no "wrongdoing", but nonetheless documenting rather appalling privacy
practices. Some information from the report is at http://www.physorg.com/news192193693.html.
The most common problem was that eavesdropping was not terminated even
after the equipment was found.
Another school-laptop case
(Will these ever stop?)
Susan Clements-Jeffrey, 52-year-old long-term substitute teacher at
Keifer Alternative School (K-12) in Springfield OH, bought a used
laptop from one of her students in 2008. She paid $60 for it. That's
cheap for a laptop, but the non-free application software had been
removed and, well, the case sort of hinges on whether it was preposterously cheap. The lowest prices I could find for used laptops were ~$75, on eBay.
The laptop in fact had been stolen from Clark County School District in
Ohio, and on it was LoJack-for-Laptops software to allow tracking. Once
it was reported missing, the tracking company, Absolute Software,
began tracking it. Normal practice would have been to track it by IP
address (the software "phones home" whenever the computer is
online, and then turn that information over to the police so they could
find out where it was located, but Absolute investigator Kyle Magnus
went further: he also recorded much communication via the laptop
(including audio and video).
Clements-Jeffrey used the laptop for intimate (that is, sexually
explicit) conversation with her boyfriend. Absolute recorded all this,
including at least one nude image of Clements-Jeffrey from the webcam.
Police eventually did come and retrieve the laptop; theft charges were
quickly dropped.
Clements-Jeffrey, however, is now suing Absolute for violation of
privacy, under the Electronic Communications Privacy Act that forbids
interception of electronic communication. Absolute's defense has been
that Clements-Jeffrey knew or should have known the laptop was stolen,
and if she had in fact known this then her suit would likely fail.
However, it seems likely at this point that she did not know this.
Absolute has also claimed that they were only acting as agent of the
government (ie the school district). The school district denies any
awareness that eavesdropping might have been done. And claiming that
actions on behalf of a school district are automatically "under color
of law" seems farfetched to me.
In August 2011, US District Judge Walter Rice ruled that Clements-Jeffrey's lawsuit against Absolute could go forwards.
More at http://www.wired.com/threatlevel/2011/08/absolute-sued-for-spying.
Event data recorders in automobiles
Who owns the data? Should you know it is there?
What if it's explained on page 286 of the owners manual?
Should it be possible for the police or the vehicle manufacturer to use it AGAINST you at a trial?
See wikipedia: "Event_data_recorder"
Facebook and privacy
When did Facebook stop being "closed", ie access was limited to your
"network" (eg Loyola)?
Did anyone care?
Facebook privacy issues are getting hard to keep up with!
Facebook know a lot about you.
It knows
- who your friends are
- what you are writing to whom (using facebook)
- your age
- your education
- your job (probably)
- your hobbies
- what you "like"
- whether you are outgoing (extraverted?) or not
In May 2010 Facebook made perhaps their most dramatic change in privacy policy, when they introduced changes requiring
that some of your information be visible to everyone: your name, your
schools, your interests, your picture, your friends list, and the pages
you are a "fan" of. Allegedly your "like" clicks also became
world-readable. Here's an article by Vadim Lavrusik spelling out why
this can be a problem: http://mashable.com/2010/01/12/facebook-privacy-detrimental.
Lavrusik's specific concern is that he sometimes joins Facebook groups
as part of journalistic investigation, not out of any sense of shared
interest.
Here's a timeline of the progressive privacy erosion at facebook: eff.org/deeplinks/2010/04/facebook-timeline
Around the same time Facebook also proposed "sharing" agreements with some other sites,
and made data-sharing with those sites the default. Some of the sites (from
readwriteweb.com) are:
- yelp.com: a restaurant/shopping/etc
rating site
- docs.com: a googledocs competitor
owned by Microsoft
- pandora.com (a web-radio site in
which you say what music you "like" and you get similar music)
Eventually Facebook has again stepped back from a full
roll-out of the sharing feature.
Facebook has long tinkered with plans for allowing a wide range of
third-party sites to have access to your facebook identity. Back in
2007, this project was code-named Beacon.
Supposedly the Beacon project has been dropped, but it seems the idea
behind it has not.
Ironically, third-party sites might not
need Facebook's cooperation to get at least some information about
their visitors (such as whether they are even members of Facebook).
Your browser itself may be giving this away. See
http://www.azarask.in/blog/post/socialhistoryjs.
(Note that this technique, involving the third party's setting up
invisible links to facebook.com, myspace.com, etc, and then checking
the "link color" (doable even though the link is invisible!) to see if
the link has been visited recently, cannot reveal your username.)
After resisting the May 2010 uproar for a couple weeks, Facebook once
again changed. However, they did not
apologize, or admit that they had broken their own past rules.
Here's an essay from the EFF, http://www.eff.org/deeplinks/2010/05/facebook-should-follow,
entitled Facebook Should Follow Its
Own Principles, in which they point out that Facebook's 2009
principles (announced after a similar uproar) state
People should have the freedom to decide
with whom they will share their
information, and to set privacy controls to protect those choices.
But Facebook's initial stance in 2010 was that users always had the freedom to quit facebook if they
didn't like it. Here's part of Elliot Schrage, FB VP for Public Policy,
as quoted in a May 11, 2010 article at http://bits.blogs.nytimes.com/2010/05/11/facebook-executive-answers-reader-questions:
Joining
Facebook is a conscious choice by vast numbers of people who
have stepped forward deliberately and intentionally to connect and
share. We study user activity. We’ve found that a few fields of
information need to be shared to facilitate the kind of experience
people come to Facebook to have. That’s why we require the following
fields to be public: name, profile photo (if people choose to have one),
gender, connections (again, if people choose to make them), and user ID
number.
Later, when asked why "opt-in" (ie initially private) was not the
default, Schrage said
Everything is opt-in on Facebook.
Participating in the service is a
choice. We want people to continue to choose Facebook every day. Adding
information — uploading photos or posting status updates or “like” a
Page — are also all opt-in. Please don’t share if you’re not
comfortable.
That said, much of your information is still public by default.
Two weeks after Schrage's claim that users would always be free not to
use Facebook if they didn't like it, Facebook CEO Mark Zuckerberg
weighed in, with a May 24, 2010 article in the Washington Post: http://www.msnbc.msn.com/id/37314726/ns/technology_and_science-washington_post/?ns=technology_and_science-washington_post.
In the article, Zuckerberg does not seem to acknowledge that any
mistakes were made. He does, however, give some Facebook "principles":
- You have control over how your information
is shared.
- We do not share your
personal information with people or services you don't want.
- We do not give advertisers access to your
personal information.
- We do not and
never will sell any of your information to anyone.
- We will always keep Facebook a free service for
everyone.
The first principle is a step back from the corresponding 2009
principle.
Facebook vigorously claims that your information is not shared with
advertisers, by which they mean that your name is not shared. However,
your age, interests, and general location (eg town) are shared, leading to rather creepy
advertisements at best, and cases where your identity can be inferred at
worst.
Recall that advertisers are Facebook's real customers. They are the ones
who pay the bills. The users are just users.
Deja News, once at deja.com (now run by google): where is it now? It
still lets you search archives of old usenet posts, though the social
significance of that is reduced in direct proportion to the reduced
interest in Usenet. Think of being able to search for someone's
years-old facebook posts, though (and note that there's no reason
Facebook can't just enable this).
Facebook mini-feeds, Baase p 55
Allowed active notification to your friends whenever you change your
page. Why was this considered to be a privacy issue?
I note that lots of people have left these enabled.
The mini-feed issue originally came up in 2006. However, modifications
of the feature still occasionally reopen the privacy issue. The latest
issue is that you can get "realtime" minifeed updates, and also
somewhat fine-tune which updates you receive about whom; you can thus
"eavesdrop" on someone by subscribing to everything they do on FB, and
then monitoring the feed. See http://www.infoworld.com/t/social-networking/facebook-makes-it-easier-ever-eavesdrop-173657
for more detail. (Note on 9/29/2011: I could not get the realtime feeds
shown in the infoworld article, now over a week old. Maybe FB has
dropped this feature? Maybe the feature was timed to coincide with the
public opening of google+?)
Is this a privacy issue or not?
Whatever one says about Facebook as a source of privacy lost, it is
pretty clear to everyone that posting material to Facebook is under our control, though perhaps only in the sense that we participate in Facebook voluntarily. Thus, the Facebook
privacy question is really all about whether we can control
who knows what about us, and continue to use Facebook.
Facebook reapers
How about this site: Social Intelligence Corp, www.socialintel.com.
What they do is employee background screening. They claim to take some
of the risk out of do-it-yourself google searches, because they don't
include any information in their report that you are not supposed to
ask for. What they do is gather all the public Facebook information
about you (and also from other sources, such as LinkedIn), and store
it. They look, in particular, for
- racially insensitive remarks, such as that English should be the primary language in the US
- membership in the FB group "I shouldn’t have to press 1 for English. We are in the United States. Learn the language."
- sexually insensitive remarks or jokes or links
- displays of weaponry, such as your Remington .257 hunting rifle or your antique Japanese katana sword
While they do not offer this upfront, one suspects they also keep track
of an unusually large number (more than four?) of drunken party
pictures.
Think you have no public Facebook information? Look again: the
information does not have to have been posted by you. If a friend posts
a picture of you at a party, and makes the album world-viewable, there
went your chance for that job at IBM.
To be fair, Social Intelligence is still fine-tuning their rules; the
latest version appears to be that they keep the information for seven
years, but don't release it in a report unless it's still online at the
time the report is requested. Unless things change, and they need to go back to the old way to make more money.
In June 2011 the FTC ruled that Social Intelligence's procedure was in compliance with the Fair Credit Reporting Act.
See:
Is this a privacy issue?
Facebook and other sites
Facebook now shows up on unrelated sites. Sites are encouraged to
enable the Facebook "like" button, and here's an example of
theonion.com displaying my (edited) friends and their likes: http://cs.luc.edu/pld/ethics/theonionplusFB.html. How much of this is an invasion of privacy?
While Facebook does seem interested in data-sharing agreements with
non-FB sites, it is often not at all clear when such sharing is going
on. The two examples here, for example, do not necessarily involve any
sharing. An embedded "like" button, when clicked, sends your
information to Facebook, which can retrieve your credentials by using
cookies. However, those credentials are hopefully not
shared with the original site; the original site may not even know you
clicked "like". As for the box at theonion.com listing what my friends
like, this is again an example of "leased page space": Facebook leases
a box on theonion.com and, when you visit the site, it retrieves your
FB credentials via cookie and then fills in the box with your friends'
"likes" of Onion articles. The box is like a mini FB page; neither the
likes nor your credentials are shared with The Onion.
One concern with such pseudo-sharing sites is that they make it look
like sharing is in fact taking place, defusing objections to such
sharing. If someone does object, the fact that no sharing was in fact
invoved can be trotted out; if there are not many objections, Facebook
can pursue "real" sharing agreements with confidence. They also make it
harder to tell when objectionable sharing is occurring.
An example of a true data-sharing agreement would be if a restaurant-review site let you log into their site using your Facebook cookies, and then allowed you to post updates about various restaurants.
Facebook "connections": http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook
Your connections are not communications with other users, but are links
to your school, employer, and interests. It is these that Facebook
decided to make "public" in May 2010; these they did back off from.
Finally, here is a lengthy essay by Eben Moglen, author of the GPL, on
"Freedom in the Cloud: Software Freedom, Privacy, and Security for Web
2.0 and Cloud Computing": http://www.softwarefreedom.org/events/2010/isoc-ny/FreedomInTheCloud-transcript.html.
Mr Moglen adds some additional things that can be inferred from
Facebook-type data:
- Do I have a date this Saturday?
- Who do I have a crush on (whose page am I obsessively reloading)?
You get free email, free websites, and free spying too!
Mr. Zuckerberg has
attained an unenviable record: he has done more harm to the human
race than anybody else his age.
Because he harnessed Friday night. That
is, everybody needs to
get laid and he turned it into a structure for degenerating the
integrity of human personality and he has to a remarkable extent
succeeded with a very poor deal. Namely, “I will give you
free web hosting and some PHP doodads and you get spying for free
all the time”. And it works.
Later:
I’m not suggesting it should be illegal.
It should be
obsolete. We’re technologists, we should fix it.
Did Google+ fix anything? Does anyone trust google more than Facebook?
Here are some of the June 2010 Facebook privacy settings (that is, a month after the May 2010 shift), taken from privacy
settings => view settings (basic directory information). Note that
there is by this point a clear Facebook-provided explanation for why some things are best left visible
to "everyone".
Your name, profile picture, gender and
networks are always open to everyone. We suggest leaving the other
basic settings below open to everyone to make it easier for real world
friends to find and connect with you.
* Search for me on Facebook
This lets friends find you on Facebook. If you're visible to fewer
people, it may prevent you from connecting with your real-world friends.
Everyone
* Send me friend requests
This lets real-world friends send you friend requests. If not set to
everyone, it could prevent you from connecting with your friends.
Everyone
* Send me messages
This lets friends you haven't connected with yet send you a message
before adding you as a friend.
Everyone
* See my friend list
This helps real-world friends identify you by friends you have in
common. Your friend list is always available to applications and your
connections to friends may be visible elsewhere.
Everyone
* See my education and work
This helps classmates and coworkers find you.
Everyone
* See my current city and hometown
This helps friends you grew up with and friends near you confirm it's
really you.
Everyone
* See my interests and other Pages
This lets you connect with people with common interests based on things
you like on and off Facebook.
Everyone
Here are some more settings, from privacy settings => customize
settings (sharing on facebook)
* Things I share
o Posts by me
(Default setting for posts, including status updates and photos)
Friends Only
o Familyused to let you look up old
Friends of Friends
o Relationships
Friends Only
o Interested in and looking for
Friends Only
o Bio and favorite quotations
Friends of Friends
o Website
Everyone
o Religious and political views
Friends Only
o Birthday
Friends of Friends
.
* Things others share
o Photos and videos I'm tagged in
Friends of Friends
o Can comment on posts
Friends Only
o Friends can post on my Wall
Enable
o Can see Wall posts by friends
Friends Only
* Contact information
o Friends Only
The core problem here is not that these settings are hard to do, or
that the defaults are bad. The core problem is simply that you keep
having to make new settings, as things evolve. Examples:
- whether you can be tagged in other people's photos
- whether FB facial-recognition software is applied to other people's photos of you
- whether you appear in other people's mini-feeds on you
Another issue is whether the settings options are user-friendly.
Here's a technical analogue: are NTFS file permissions better than
Unix/Linux? Yes, in the sense that you can spell out who has access to
what. But NTFS permissions are very difficult to audit and to keep
track of; thus, in a practical sense, they have been a huge disappointment.