Musings on Business and Tech

Category — privacy

Massive Electronic Surveillance

ECHELON is a code word for an automated global interception system operated by the intelligence agencies of the United States, the United Kingdom, Canada, Australia, and New Zealand, and led by the National Security Agency (NSA). I’ve seen estimates that ECHELON intercepts as 3 billion communications every day, including phone calls, e-mail messages, Internet downloads, satellite transmissions, and so on. The system gathers all of these transmissions indiscriminately, then sorts and distills the information through artificial intelligence programs.

Bruce Schneier, Secrets and Lies,2004, 2nd ed.

July 15, 2013   No Comments

My (Very Brief) Facebook Hiatus

With all the privacy missteps that Facebook has taken of late, I decided to deactivate my account just to see what it would be like. I took this step knowing full well that Facebook lets you reactivate your account as if you never left, simply by logging in again. (Is this a feature or another indication that Facebook is doing whatever it can to hold onto your data?)

Within just a few hours after I deactivated, an old friend from high school emailed me that he’d just uploaded lots of pictures from our teenage years and was sad that he couldn’t tag me on them. Another friend then saw these pictures, also noticed I’d gone missing, and proceed to start a public Facebook group called “Jamie quit Facebook??? WTF, that sucks!!! BOO!”

Over the course of the evening, 10 people joined the group and left various comments like, “Quitters never win,” “waah, i want pwivacy!,” and “It’s not like he didn’t give us all plenty of warning and reasons.” I enjoyed watching this and relishing in the irony that I could view this completely public page even though my account wasn’t active.

Several days later when I reactivated my account, I was glad to see that (a) all of the information in my profile had been wiped clean; (b) my friends list was still intact; and (c) all of my privacy settings were unchanged.

Some people would think that (a) would be an inconvenience but I welcomed it, because in reinstating my Facebook account I have come back with a new attitude. Instead of seeing Facebook as a protected space where I can share semi-private information with a self-selected group of friends, I now see it more like Twitter (and more like the Internet as a whole): a completely public space where you need to be careful about what you do and say and actively monitor and manage what others do and say about you.

Ultimately I reactivated because I need to. I work in technology and I have to keep abreast of what’s going on in that space. Facebook also drives a good amount of traffic to this blog, which I was sad to see disappear. Right here, right now, Facebook is just too powerful a force to opt-out of.

Related articles by Zemanta

Reblog this post [with Zemanta]

May 12, 2010   1 Comment

Why Your Twitter Profile is LESS Public Than Your Facebook Profile

Here is a pared down version of a recent conversation on the Facebook wall of a friend of mine:

Friend: “Anyone want to try out Orkut with me, as an alternative to the awfulness that Facebook is becoming?”

Me: “I want to leave Facebook, but I don’t know if Orkut is the answer. Is Friendster still around? Or maybe Twitter + Foursquare is enough.”

Friend: “One thing I do find funny about this whole Facebook dustup is that people are like, ‘Facebook is making all my stuff public without my permission! That is so lame! I am going to go use Twitter, which is 100% public.’”

Me: “Right, because at least Twitter doesn’t give me a million different privacy checkboxes and confusing howtos to deal with. Also Twitter DMs are not public.”

Thinking about it more, the whole Facebook privacy debacle actually makes my Twitter profile seem less public than my Facebook profile. Or, to clarify, it is much easier to figure out what is public and what is not on Twitter.

I know that every single status update I make on Twitter is public, so I know not to put anything there that I don’t want to be public. Or I can choose a setting in my account that locks all of my Tweets if I want, in which case only those I approve can follow me. As I said above, Twitter DMs are completely private. No room for grey area.

The problem with Facebook isn’t that some things are public and some are not. The problem is that, as far as I’m concerned, it is impossible for me to figure out what is and isn’t public. It’s also impossible for me to figure out whether the changes I’ve made to my privacy settings actually do what I’m expecting them to do.

That makes Facebook more dangerously public than Twitter. And that is increasingly making me want to deactivate my Facebook account. I just need to figure out how to properly alert friends on Facebook so they can contact me in other ways if necessary.

Reblog this post [with Zemanta]

May 6, 2010   1 Comment

Blippy Flies Too Close to the Sun

When I first read about Blippy on TechCrunch in December of last year, my first thought was “Oh God, this sharing thing has gone way too far.” My next thought was, “Note to self: stay far away from Blippy.”

For those who don’t know, Blippy is a “transaction sharing” site. You enter your credit card details and the site scrapes your account activity and posts it for your friends to see. Yay, my friend just bought a new toaster oven.

Apparently, they also, in a small number of cases, posted full credit card numbers on the Internets, which Google subsequently, dutifully, crawled.

This situation is utterly awful. Credit card theft is rampant (my wife just got notified yesterday of a fraudulent charge on her Visa card).  Those roughly sixteen numbers are sacrosanct.

I don’t know who is stupider in this situation:

  • Blippy, for creating a website that accesses user’s credit card accounts, scrapes their information, and broadcasts it for eternity (and does all of those things really badly, exposing sensitive data in the process)
  • Blippy users, for signing up for such a dumbass idea and willfully handing over their credit card data
  • Credit card companies, for creating a system where the only thing stopping someone from using my credit is not knowing the sixteen-digit number boldly printed on its face

Last night, Blippy issued an apology as well as a corrective plan of action. But this is too little too late. If you’re creating a website based on sharing my credit card transactions with my friends, isn’t your first and most important concern the security and privacy of the data? Or does that come down the road, after they’ve duped enough users into signing up?

An apology is simply not good enough. Nor is a corrective plan. Blippy needs to shut down their borked service and pack up the wax and feathers on which they’ve built their clusterfuck of a startup.

Reblog this post [with Zemanta]

April 27, 2010   No Comments

Facebook Will Fail in Their Quest for World Domination

A great observation from Albert Wenger of Union Square Ventures on why Facebook’s goal to be the “one [social] graph to rule them all” will fail:

Hats off to Mark Zuckerberg and the entire team at Facebook.  They are managing that most impressive feat of innovating at scale.  They are also incredibly ambitious in what they want to accomplish.  The goal seems nothing short of one identity and one graph to “rule them all.”  With over 400 million users worldwide and a sign on system that is being widely adopted this ambition doesn’t seem crazy…

But I see at least one flaw with this plan for domination.  I simply don’t believe that there is a single social graph that makes sense.  I may very well follow someone’s bookmarks on del.icio.us that I don’t want to have any other relationship with.  Or take the group of people that I feel comfortable sharing my foursquare checkins with — these are all people I trust and would enjoy if they showed up right there and then.  That group in turn is different from the people I work with on Google docs for various projects which is why I would be nervous about using the Microsoft docs connected to Facebook.  Trying to shoe-horn all of these into a single graph is unlikely to work well.

via Facebook and the Net – Continuations.

Reblog this post [with Zemanta]

April 23, 2010   No Comments

Why Facebook Will Never Get Privacy Right

When a restaurant reopens under the same management but with a different “concept,” you know it’s in trouble right from the start. For some reason, restaurant owners refuse to believe that the failure of their establishment has everything to do with them and nothing to do with whether it’s a “tapas bar” or a “gastropub” or an “organic new american bistro.”

It’s the same thing with Facebook and their privacy settings. Facebook, the problem is you.

Yesterday Facebook announced some changes to their privacy settings, including a section that TechCrunch singled out, called “Friends, Tags and Connections.”

First of all, I’m not even sure I’d know under what circumstances I’d need to click on this section. It sounds more like a place where I’d manage my list of friends. If I clicked at all it would be out of curiosity, not out of deliberate intention.

Secondly, as TechCrunch points out, Facebook’s own explanation of these settings actually makes them even more confusing:

Friends, Tags and Connections covers information and content that’s shared between you and others on Facebook. This includes relationships (shared between you and the person you’re in the relationship with), interests, and photos you’re tagged in. These settings let you control who sees this information on your actual profile. However, it may still be visible in other places unless you remove it from your profile itself.

If everyone I’ve ever known weren’t on Facebook I’d seriously think about deleting my profile. Between the annoying Farmville and Mafia Wars status updates, the creepy ads in the sidebar, the requests to join meaningless fan pages, the half-baked email application, the fact that they “own” all the photos I upload, and of course all their previous privacy missteps, the Facebook experience is just awful from start to finish. And there’s really nothing they can do to ever make me trust that they are approaching the issue of privacy with the seriousness and simplicity that it deserves.
Reblog this post [with Zemanta]

April 20, 2010   1 Comment

Location Privacy Goes to Washington

Nice roundup yesterday from ReadWriteWeb on the recent congressional hearing regarding location based services and end user privacy. Key takeaways:

  • Most location-based services have privacy controls that are too limited, and privacy policies are not readily accessible
  • Some are recommending that the Electronic Communications and Privacy Act be updated to include protections for location information
  • “There is as yet no data on teens’ mobile social mapping or LBS use,” but texting is huge among kids so it is likely that mobile location sharing will grow in that age group

Location Privacy Goes to Washington.

Reblog this post [with Zemanta]

March 9, 2010   No Comments

Twitter Will Support Places, Not Just Coordinates

According to the Twitter API Announcements list, Twitter is rolling out a whole new set of geotagging features that will be hugely important in the location-based services space:

our goal is to provide a few more options to API developers (and the users they are servicing) through this contextual information.  people, we find, inherently want to talk about a “place”.  a place, for a lot of people, has a name and is not a latitude and longitude pair.  (37.78215, -122.40060), for example, doesn’t mean a lot to a lot of people — but, “San Francisco, CA, USA” does.  we’re also trying to help users who aren’t comfortable annotating their tweets with their exact coordinates, but, instead, are really happy to say what city, or even neighborhood, they are in.  annotating your place with a name does that too.

Presumably these features are a direct result of Twitter’s acquisition of Mixer Labs late last year. In any case, this goes a long way to solving Twitter’s location privacy issues, as users will be a lot more likely to turn on location sharing if they can share their general location rather than a pinpointed latitude and longitude.

Read Developer Preview: upcoming geo features (a.k.a “A place is not just a latitude and a longitude – it has a name”) – Twitter API Announcements | Google Groups.

Reblog this post [with Zemanta]

March 2, 2010   No Comments

Where Did My Neighbor’s “Linksys” Go?

The reference to “Vista Basic” should’ve been a dead giveaway, but if I had stopped the video there I never would’ve gotten to the part about “but it was a Linksys, in my neighborhood!”

I’m a big fan of Leo Laporte’s podcasts This Week in Tech and Security Now, but I don’t usually listen to The Tech Guy. Maybe I should though because the way he handles this call is just so perfect. Not too condescending, very calm and reasonable, and, of course, just plain right.

Via Clueless Woman Calls Tech Show When Her Stolen Wi-FI Disappears [VIDEO].

Reblog this post [with Zemanta]

February 23, 2010   2 Comments

Please Rob Me

In case it wasn’t yet obvious, I’m quite interested in issues of location-sharing and privacy. Well it seems I’m not the only one. 22 year old Dutch computer science student Frank Groeneveld, along with a couple of friends, recently launched the site PleaseRobMe.com, which presents a cheeky take on the issue of location and privacy.

Essentially the site calls the Twitter and Foursquare APIs to publish people’s location updates from those services. And, true to the site’s name, it editorializes these updates by suggesting that, since the user is checking in on these services, they are clearly not home at the moment. Status updates on PleaseRobMe.com look like, “Jane Doe left home and checked in 10 minutes ago.”

While a would-be burglar would still need to know the user’s home address to take advantage of this information, I think Please Rob Me really hammers the point home: sharing your location publicly is not the same as sharing some photos on Facebook.

The solution to this, as I’ve said before, needs to be within these services themselves. There needs to be more granularity in the privacy settings, and defaults must be set such that users have to “opt-in” to public sharing.

Foursquare has posted a reasonable response to this brouhaha on their blog. I think for the most part Foursquare gets the privacy stuff right. And I give them credit for acting swiftly to publish their response.

Via Mashable, San Francisco Chronicle

Reblog this post [with Zemanta]

February 19, 2010   No Comments