Putting Online Privacy in Perspective

When I wrote last week about the Facebook privacy flap, I was speaking out of the frustration that many technologists with a sense of perspective feel when we see uninformed media hysteria about the impact of new technology. (How many of you remember all the scare stories about the risks of using a credit card online from back in the mid-1990s, all of them ignoring the risks that consumers blithely took for granted in the offline world?)

Search engine expert Danny Sullivan vented some of this frustration on a private mailing list the other day. He gave me permission to reprint his remarks here. Danny was responding to a discussion of a Washington Post story about online privacy that started out with concerns about how information posted online is routinely being discovered and used against people in legal cases. (But even then, as you’ll see, they left out a crucial part of the story.)

But then, the story goes on to link these cases with the general idea of data collection online.

In the 15 years since the World Wide Web brought the Internet to the masses, the most successful companies have been those that collect information about users and use it to sell things. Google, for instance, has confirmed that it keeps track of search queries sent from a particular IP address. (A spokesman said the company anonymizes IP addresses associated with search queries after nine months and cookies after 18 months.)

Companies are loath to talk about what information they track, but internal compliance manuals for law enforcement for Facebook, Yahoo and Microsoft reviewed by The Washington Post show that their data collection is much more extensive than users might believe based on what they themselves can access.

For example: Microsoft tracks the Xbox LIVE start and end dates and times for game-playing and notes the game played, such as “SW: Jedi Academy.” Yahoo keeps chat and instant messenger logs for 45 to 60 days and notes the time/date and IP address for when content is added or deleted to someone’s profile or to its Flickr photo service.

Facebook’s data collection is among the most detailed.

For every user id, Facebook keeps a log of the IP address that accessed the account, the date and time, and what exactly the user did — clicking on an advertisement, looking at someone else’s profile, posting a photo or sending a message to a friend, etc.

The problem with linking these two ideas is that the kind of data in the examples above is exactly the kind of data online companies need to collect in order to manage and improve their services. They are a lot like the data collected by your car – some of which, like your speed, is reported to you, and much of which is only reported to a mechanic via a diagnostic computer. That this kind of data is collected is not only no surprise to computer professionals, it’s taught as basic practice!

Danny was particularly put off by the hysteria about well-known facts, and by the scrutiny given to trivial pieces of online data collection while ignoring far more massive collection of data by more familiar means. He wrote:

Heh. Google has confirmed it tracks queries to a particular IP address. Like
this wasn’t something we knew for any search engine back in say, 1995. Or as
if Google ever made a secret of it. Or more to the point, like tracking to
an IP address is the issue versus the bigger issue of people having search
histories (if people opt in) linked to real, personally identifiable
accounts.

Heaven help us, though — let’s keep talking IP addresses and cookies. And
let’s ignore the fact that in virtually every court case where search
queries have been notable as evidence, those queries were obtained … wait
for it … off the person’s own computer. Dude, when you’re searching for
ways to kill your wife, clear your browser history. Seriously, sad but true
story
.

I think the internet companies are indeed going to face more scrutiny,
because they are big fat targets for lazy legislators who are loathe to
provide some real security over, I dunno, my credit card purchases?

I mean, can you imagine if when using Google and Yahoo and Bing, they
reported all your searches to a “search bureau” that was pretty easy for
anyone to access? Oh, and if you disagreed with something listed, well, good
luck with getting that removed. But we tolerate that bull from our credit
card companies.

My credit card company knows everything I’ve purchased, which is a pretty
personal trail. That doesn’t get “anonymized” after 9 months or 18 months. I
have no idea at all what happens to it. I can’t, like at Google, push a
button and make it go poof, either. I don’t think I have any rights over it
at all.

My grocery store knows all the things I’ve purchased using my store discount
card — no idea who they hand that out to.

My telephone company keeps my phone records for I don’t know how long.
Imagine that. They know who I called and for how long.

But yeah, thank you Washington Post for focusing on the fact that Xbox Live
keeps track of when I began and ended my game playing. Yeah, thanks for
spending time talking about IP addresses. Could they have shoved even one
paragraph of perspective in there? Could we get one of the privacy groups to
maybe call for some better national standards protecting user information on
and OFFline? If they are, I never hear the offline part.

Rant over. I’ve just seen this same obsession with IP addresses over years.
Years and years, rather than focusing on the bigger and more important
privacy issues on a broader perspective.

There are real privacy issues to be faced in the data collected by web companies. But they are part of a far bigger picture of how the world is changing. We need thoughtful understanding of what the real risks are, not finger pointing by the media (and even more frighteningly, by members of Congress) at companies that are easy targets because they make good political theater.

tags: , ,
  • Michal Migurski

    I’m just paraphrasing Danah Boyd’s recent essay on utilities and regulation here, but seriously: the difference between Phone Company/Credit Provider and Facebook/Google is that generally speaking, the former know that they are in the toxic data collection and handling business with all the social oversight that entails. The latter are just starting to figure it out, much to their chagrin. Can you fund the collection and long-term management of toxic data on freemium or ad sales business models? I doubt it.

  • Alexander van Elsas

    Privacy isn’t about the information that is stored or tracked. It is about the ability and freedom of a person to choose what can and what cannot be shared/stored/tracked.

    Just because offline things are stored doesn’t make it right online. Its a silly comparison anyways as the possibilities of tracking and using tracked data online is huge compared to offline data.

    There is no way a person can be in control of this decision online. Not even the decision not to participate will keep you anonymous online (just think of a friend posting and tagging you in a photo he took).

    The game is not in balance, too much power lies in the hands of these companies. If Facebook/Google/name any other online company would provide a pref that keeps user data save/untracked by those companies (obviously at the cost of something, e.g. a less personalized service) then there would be a fair playing ground. Even better would be a decentralized, user-driven privacy implementation that puts responsibility where it belongs, with the user.

    If you mean that the bigger picture is about restoring that balance between user and company then I’m all for it. Privacy simply isn’t something to be left to others. It’s something we need to (be able to) take responsibility for ourselves.

  • Dick Ross

    The lack of perspective that Danny has the knowledge to critique correctly reveals, in my opinion, a much more profound issue. Such lack of perspective and I would add a lack of history is unfortunately the common culture of our media. And in misrepresenting the problem, misleads the citizens, and makes nearly impossible arriving at the correct solution.

  • Michael R. Bernstein

    We should also point out that, for the most part, the large-scale data breaches we know about have all been from old-school companies such as large retailers and banks, rather than the new kids on the block.

    But, by all means, lets demonize Google and FB rather than requiring mandatory disclosure of security breaches. Argh.

    Personally, Tim, I thought your piece was very astute and balanced. By all means let us hold FB’s feet to the fire with legitimate criticism (of which you linked to several good examples), but demonizing them will only play into the hands of self-serving People Who Are Not Our Friends.

  • Brian Gonsalves

    Alexander, nothing is offline. Think of credit card database breaches for one example.

    As an aside, I wonder why those restaurants that have wireless terminals for people who wish to pay by debit still take your credit card away when you use that payment option? I’m sure those machines can handle a credit card swipe as well.

  • Alexander van Elsas

    Brian,

    I was thinking more of the vast opportunities to combine online data elements from many different sources. The web and web services made that possible. That’s different (especially in scale) compared to offline (isolated) databases.

  • Christina Brentwood

    Let’s put this privacy issue in it’s proper perspective. Facebook gives you privacy controls to control who sees your data. Is this really a threat to people or are a handful of alpha nerds just sperging out? My bet is on the latter. 

    There are worse things for privacy. The government forces you to fill out personal family information in their censuses and the amount of money you make every year. To me that’s much worse. DirtyPhoneBook gives out your phone number and other personal information and that to me is even worse. Googles hard drives save everything ever said about somebody forever….isn’t that more of a threat to people? 

    I think the media is hyperventilating over facebook because they’re an easy target. Mistakes were made, but they aren’t the biggest privacy threat to people.  

  • Alexander van Elsas

    @Christina, where is the privacy control that protects you from Facebook itself. I bet you can’t find it anywhere in their service. They see your data, all of it, and they’ll use it commercially in ways you cannot imagine. If that ‘s not a (potential) threat, then I wonder what is?

  • Andrew Noyes

    Tim, I wanted to follow up on your post, particularly the reference to the Washington Post story.  There were a number of factual inaccuracies in the Post story and we have approached the Post and requested a correction.  Facebook has been a leader in protecting user data from legal requests in discovery and has been recognized by privacy groups for these efforts — indeed, we offer more protections than exist in the offline world.  In fact, the very case highlighted in the Post story makes the point.  The article falsely suggests that Facebook provided personal data in a court proceeding without the user’s permission,.  In fact, this information was only provided after  (i) Facebook notified the user that the legal request had been made and (ii) the user and her legal counsel specifically requested (via a notarized affadavit) that we deliver it.  These steps are recognized as offering greater protections than are provided by law.

    - Andrew Noyes, Facebook

  • Pete

    Don’t all these problems point to one solution: Vendor Relationship Management (VRM)? http://cyber.law.harvard.edu/projectvrm/Main_Page

    Aren’t there some kids at NYU working up a solution right now?
    http://www.joindiaspora.com/2010/04/21/a-little-more-about-the-project.html

  • Tim O'Reilly

    Michal -

    I think that while phone companies and cc companies do recognize their responsibilities (and have some regulatory oversight), it’s far looser than you seem to think. That was Danny’s point about credit reporting agencies. They get all that CC data, and anyone can get it very easily.

    There’s a broader point, which I tried to make in the previous post, namely that there is so much opportunity to create value *for the user* (not just for the vendor) in collecting this data that we need to figure out how to handle it going forward, not scare ourselves out of doing the hard work of making it safe.

    The real problem with Facebook is that they changed the terms after the fact. And that’s never good.

  • Tim O'Reilly

    Andrew Noyes -

    Good to hear that Facebook offered more protection than the law, with regard specifically to discovery by courts.

    But I think that a lot of the backlash is not based on legal discovery, but on inadvertent disclosure. And I do think Facebook made a misstep by changing the rules after the fact for data that had already been stored under a more restrictive set of rules.

    It’s tough though. As I wrote in my earlier piece, a lot of people thought the newsfeed was a privacy breach, before they figured out just how useful it was. and you did that after the fact.

    So I understand your dilemma. The best thing to do is what I think you’re trying to do: namely, push the envelope sometimes, but back off quickly when you learn you got it wrong.

    But above all, be very disclosive, and make it easier for people to undo what you’ve done.

    For example, consider Flickr. My daughter used to make all her photos public. Then Valleywag got hold of one and used it in a story. She then made them all private – with one click. It’s not easy to do that on Facebook.

  • Gubatron

    Tim, I don’t mind them tracking usage for whatever biz reasons they might have, I understand they need to run a business, I just mind the fact that every 6 months all my personal stuff is out in the open. Facebook for me was a place to keep in touch with the people I know, a place where I felt I could keep all my family pics, a place to connect with old friends, and to keep strangers and curious stalkers out.

    If you live in a country where kidnappings and crime are the scoup of the day it’s very dangerous to be on facebook.

    Whenever they reset your content visibility, criminals only need to browse your profile (or a cached copy of it), see where you live, who are your friends, when you’re not home, where your kids go to school, where you go to work, where you hang out and make a complete picture of your life without having to follow you. In the United States this probably doesn’t make sense at all because crime rates are very low, but that’s only there on that beautiful bubble America is, the rest of the world is not a friendly place and there’s plenty of bad people out there looking to screw you over.

    Those are the kind of privacy issues that are scary with facebook.

  • Fred McDougal

    Uh, maybe the real problem is that the guy who “founded” Facebook at Harvard is notorious for ripping people off (like the idea for the site) and also for actually putting his knowledge of their data to devious, possibly illegal, use.

    You may be overthinking this one, dude.

  • Charmaine

    Technology cannot protect all information.

  • Adam Saltiel

    This post also connects very much with the Diaspora project.
    Joindiaspora

    Which is hosted on kickstart and gained far more interest than the project creators anticipated.
    I should add I have no connection with it.

    I think that all of the points raised in Tim’s post and in the comments have been covered in my own write up that can be found here:-

    SemanticC: Joindiaspora Post – Notification of Blog Entries

    While I am interested in the technology of such a solution as Diaspora I also look carefully at other aspects, such as are mentioned in this post.

    I slightly disagree with the emphasis on technologists not being understood though. I think it is true that there may be solutions that make it easier for people to express their privacy preferences. And solutions that hold data more locally. My blog post explores this and I am exploring the area.
    But I don’t think that technology really is an answer. People need also to reflect on what the issues are for them. That is, what they want for themselves and what they expect of their friends. This is one of the most fascinating aspects of social media that over time should give rise to much thought and debate.

  • Not Danny Sullivan

    Rubbish. There never was a need for Google to keep the search queries per IP address.

    Companies do not collect data to enhance their service, they do it to enhance their profit earned from us.

    As to whether search history comes from a PC or Google, again rubbish, they do provide exactly the sort of information they are not supposed to keep.

    Google tracks searches by IP address. It made a tool to pull all the searches made from a single IP address. Every time you comment on a blog, in Blogger, you are giving away your IP address. If you run a blog, your identity if linked to your IP.

    If you have a Google smartphone, your identity, your geolocation, everything you are doing or have done is linked all together.

    Danny is a nutter if he makes distinctions that are not made in the data. If it can be linked then it is as private as the most private data it is linked to!

  • Tim O'Reilly

    Fred,

    The mark of a complex intellect is the ability to hold two conflicting thoughts at the same time without rejecting one of them out of hand. Even if what you say about Mark Zuckerberg’s business ethics is entirely true, it doesn’t invalidate the idea that privacy is changing, that value comes when we give up certain kinds of privacy, and that the real issue is informed consent.

    The kind of backlash that is happening due to Facebook’s missteps, perceived arrogance, and suspected motives, is harmful to the industry, which is why I’m trying to temper it, and create a pause to reflect.

    Complex issues are just that: complex.

  • Amos Satterlee

    Good perspective overall. But for me, the issue with FB was the about-face they pulled with their own messaging. The initial narrative was that FB was a place that supported private communities. FB’s actions were the opposite. I felt screwed because FB appeared to be monetizing my data (making everything public by default, “personalization” with other sites by default) and thereby providing me less service than I expected. If the narrative from the beginning had been about everything being public, like Twitter’s narrative, then I doubt there would have been such an outcry — and I doubt there would have been such an uptake.

  • Neil Mansilla

    User usage data is not political theater. Yes, Danny, there is a search history and cache on your browser. The data, in that context, is at a single point of access and the user does have the ability to wipe that data. The concern that I think we should all share is obfuscation between what users WANT to be public/shared, and what users do NOT want to be public/shared.

    To get to the point, there exists a sacred ground, an ultimate trust, that each Web service we utilize must *NOT* violate. For e-mail, it’s obviously, our address book and e-mail content. For search engines and services that provide search functionality, it’s our search queries and click streams.

    For social networks, there are varying levels of sacred ground depending on the intent of the user. For Twitter, it’s public by default and there is no sacred ground, other than direct messages and private accounts. For Facebook, it includes member-to-member messages, updates/photos within an access group (friends within a set/list).

    It is the social network “sharing” paradigm that has allowed companies to introduce obfuscation in the realm of user data privacy and control. The idea that if you’re willing to participate in this new social paradigm, that you give up certain rights, and that you adopt new beliefs based on a company’s ToS (terms of service) is wrong, wrong, wrong.

    There are TWO scenarios that users should find horrifying, and one of those scenarios has already taken place.

    The first scenario is for a user to surrender ALL CONTROL of their data to a company or organization. Meaning that, even if a technical means for a user to control that data exists (modify/delete), it is taken away from the user. The first case of this happening is the Twitter/Library of Congress deal. All tweets being archived in perpetuity is *NOT* an appealing proposition in the context of the user. The fact is that Twitter CAN and SHOULD offer an opt-out feature in its user settings. Until then, technologists have to build their own solutions to fix this — see http://noLOC.org to keep your tweets OUT of the Library of Congress (and read about WHY you should). If Google’s real-time/updates search index respects tweet deletions

    That is just the tip of the iceberg. Imagine all of your social media updates, including photos, comments, etc. being preserved forever by the root companies or government organizations. Think about how this information can be used to your disadvantage. Information being taken out of context, including the content uploaded, the date/time stamp, IP address, and geolocation.

    The second scenario that users should find horrifying is: access data logs being made public. So, yes, Google is very specific about how they will not share your search/IP data with the public, and even give us detailed information about when they destroy it. However, what if Facebook decides to add your Facebook browsing statistics to the open graph. So now, all of the photos you VIEW, wall updates your READ, and games you PLAY, are all date/time stamped activities for everyone to read. I blogged about this scenario here: http://bit.ly/9XDky4

    That’s very valuable data to market researchers, ad companies, and even small/medium business owners. It would increase CPA/CPM to a level that we’ve never seen, and all companies involved would realize incredible commercial gains. But, wait, you might be thinking that Facebook would NEVER betray that trust, right? I mean, there are laws against that, right?

    Again, wrong, and wrong. They have violated user trust already by changing privacy policies and defaults in order to increase member connectivity and network activity in the interest business. Modifying the privacy policy and ToS to make user access data public would be the epitome of OPEN.

    This isn’t about being alarmist. This isn’t about political theater. This is about USERS, and what we expect. This is about USERS, and treating us with decency and respect. This is about USERS, the asset that these companies are built on.

    So fellow user: do not lower your expectations when it comes to your data privacy and long term control. When you do, the horrifying scenarios will just become part of the terms of service.

    Take care,
    Neil

  • Matt Schneider

    Tim, I am the owner of ThreadThat.com, a relatively new secure messaging site that makes end-to-end encryption so easy, you don’t even have to think about it. While developing the site we made a conscious decision not to store full IP addresses in our database. We obscure the first 2 parts of the IP address so that they appear as *.*.999.999 in our database. This prevents activity on our site from being tracked to a specific individual. We are serious about providing the ability for users to remain anonymous.

    I don’t have a problem with FB. I think it does an incredible job at allowing people to find each other and keep in touch. But I also believe that everyone at times has sensitive information they want to share and don’t want to risk having that information on FB’s servers – unencrypted. That’s where we come in.

    We believe there is a need for sites like ours that make it easy for people to communicate online with the confidence that what they share will never appear in Google search results and will only be accessed by those they authorize (that means even site owners and hackers cannot get to their data).

    I see so many comments online that state it is impossible to fully protect what you share on the Internet. I say that is rubbish. We hired professional hackers to have a go at our site. They failed to access anything that was not intended for their eyes. We cannot help you find your friends, but we can help you keep them by protecting their privacy.

    Matt Schneider
    Owner, ThreadThat.com

  • Tim O'Reilly

    Amos -

    I totally agree that the about face is the biggest issue, and the retroactive change to the terms of service.

    Neil -

    I totally agree that there are minefields here in privacy. But making privacy a third rail issue doesn’t solve them.

    We definitely don’t want to just roll over and accept whatever companies throw at us. But we also need to make sure that we don’t get technophobic legislation that keeps interesting futures from happening.

    I think you focus way too narrowly on the potential for advertising (which, yes, benefits companies way more than users) and don’t spend enough time thinking about the value to users in having services that use data they provide, in everything from navigation, to speech recognition, to augmented reality apps that will transform our ability to overlay information on the physical world. Not to mention the kinds of improvements in search, relevance, etc. that come from companies keeping information about us.

    As I said before, these are complex issues. We need to think about them in a complex way.

  • Neil Mansilla

    Tim, I do not take issue with ad targeting. Nor am I suggesting legislation. I often think about robots.txt, the Robot Exclusion Standard. Search engine spiders are not required by law to obey the convention. They do because it is polite, decent and respectful of the authors. That is all that I wish users to continue expecting from these companies — to be treated with respect in regards to their profile, activity and content.

    Tim, I wish all of these companies well. They do provide wonderful services that create unique opportunities to connect with others. There is a way to achieve balance between building a successful marketing/business platform and respecting basic user requirements in the realm of user privacy, data control and retention.

    Take care,
    Neil

  • Tim O'Reilly

    Neil -

    Amen.

    There’s a great quote from Lao Tzu that everyone should remember:

    “Fail to honor people, they fail to honor you.”

  • Opensource Obscure

    This perspective about privacy isn’t shared the same way in other countries or continents.

    Companies that work in IT at global scale should pay more attention to the fact.

    In Europe we have more concerns, laws and a different cultural attitude about these topics and situations.

    Not to say here that’s a “better” vision, but if you want to deal with people from all over the world you definitively want to get informed about this. It’s necessary in order to acquire a complete view of your customers behaviour and possible reactions.

  • Susannah Fox

    Facebook is hogging the spotlight these days (whether they like it or not) but these issues are also being discussed in the health arena, particularly PatientsLikeMe’s recent action to block a scraper from their Mood forum.

    Are consumers competent to make the decision to openly share their observations of daily living? Is it OK that a private company can leverage that data for profit (as long as they are open about it)? If you agree to join a community based on the trust built up by one company, do you hand over decision-making about the best use of your data to that company? Or should you be able to maintain some control over it?

    Here are two perspectives (and ensuing discussions):

    E-patients.net: A New Conversation About Health Privacy: Who’s In?
    http://bit.ly/daBwJX

    Pharma Marketing Blog: Data Mining in the Deep, Dark Social Networks of Patients. Word to Pharma: Caveat Emptor
    http://bit.ly/97lKa6

  • John A Arkansawyer

    Danny was particularly put off by the hysteria about well-known facts

    In that half a sentence is encapsulated everything that is wrong with Sullivan’s shot at apologia.

  • Tim O'Reilly

    Susannah,

    Thanks for the really insightful links. You do a great job turning this into a substantial discussion about the issues, rather than a scare story.

    Like you, I really like how PatientsLikeMe handled the issue.

  • Andrew

    From the Washington Post, June 1, 2010

    Corrections

    – A May 29 Page One article about Internet companies and privacy incorrectly suggested that Facebook provided information about a user for a civil court case without that user’s consent. While the user disagreed with and fought the subpoena in question, she complied with a court order and authorized Facebook to release the information. Facebook officials say that they do not release user-generated content in civil cases without the authorization of the user and that they routinely oppose efforts to obtain user information without users’ consent. The article also incorrectly said that companies own data posted to their sites. Companies have the right to share data according to their privacy policies and terms of use.

  • bowerbird

    well, yes, there are lots of bad actors in the privacy sphere.
    but the finger-pointing them out draws attention to _you_.

    so, i’m trying to figure out why tim is on this (anti) piracy kick,
    and it struck me that i seem to recall having heard that “o’reilly”
    — in what capacity i’m not sure — is an investor in foursquare.

    could someone tell me if that is indeed accurate information?
    it could’ve just been a bad nightmare i had. but if it _is_ true…

    -bowerbird

  • Tim O'Reilly

    bowerbird -

    You’re right that (via O’Reilly AlphaTech Ventures, or OATV) I’m an investor in FourSquare, and also in location-based marketing firm Path Intelligence. I also run the Where 2.0 Conference, which focuses in location based services (which do require giving up a certain amount of privacy.)

    But you put these facts in the wrong order. I am not asking people to think more deeply about the tradeoffs of giving up certain kinds of privacy because I’m an investor in FourSquare. I’m an investor in FourSquare because I believe in the power of location-based services.

    I’m also an investor in Instructables.com while touting the benefits of DIY culture; an investor in AMEE while talking about the need to instrument the planet better in the face of global warming; an investor in collab.net because I believe in the power of online collaborative software development; an investor in GetSatisfaction because I believe in collaborative customer service; an investor in Acquia because I believe in the power of Drupal to democratize content creation on the web; an investor in LocalDirt because I believe that technology can support the local food movement. Don’t have time for the complete list…

    In each case, I’m an investor because I believe in the space. I don’t talk about the space and the issues in it because I’m an investor.

  • Tim O'Reilly

    bowerbird -

    You’re right that (via O’Reilly AlphaTech Ventures, or OATV) I’m an investor in FourSquare, and also in location-based marketing firm Path Intelligence. I also run the Where 2.0 Conference, which focuses in location based services (which do require giving up a certain amount of privacy.)

    But you put these facts in the wrong order. I am not asking people to think more deeply about the tradeoffs of giving up certain kinds of privacy because I’m an investor in FourSquare. I’m an investor in FourSquare because I believe in the power of location-based services.

    I’m also an investor in Instructables.com while touting the benefits of DIY culture; an investor in AMEE while talking about the need to instrument the planet better in the face of global warming; an investor in collab.net because I believe in the power of online collaborative software development; an investor in GetSatisfaction because I believe in collaborative customer service; an investor in Acquia because I believe in the power of Drupal to democratize content creation on the web; an investor in LocalDirt because I believe that technology can support the local food movement. Don’t have time for the complete list…

    In each case, I’m an investor because I believe in the space. I don’t talk about the space and the issues in it because I’m an investor.

  • bowerbird

    tim-

    i’m not impugning you, or your motives, or your investment.

    i’m only saying that you seem to be far too forgiving about
    the transgressions against privacy that facebook has made.

    so i’m trying to figure out why.

    now i think i know.

    and i suggest that it might be you who has “the facts” in
    “the wrong order”. if you believe in this particular arena,
    you’d better make sure entities like facebook (and google,
    and the phone companies, and everybody else out there)
    stop screwing it up, and start acting with responsibility,
    or you might find that we decide to shut down all of you,
    including foursquare.

    because trying to convince us people out here that we
    shouldn’t care about privacy is gonna be a non-winner.

    -bowerbird

  • Tim O'Reilly

    bowerbird -

    You’re totally right that that’s the risk. That’s why I wrote the post. Yes, there have been screwups – some worse than others. But they are also bringing the issues to light and companies are responding. The amount of hysteria needs to be toned down. I’m not saying to let companies off the hook.

    I do think that there are tradeoffs that users will want to make. And a lot of the hype about privacy is just that, with net companies held to a far higher standard than offline companies. (Do a little research on Voter Vault for instance.)

    No one gets a free pass. But neither should we back off from experiments about how to get this right.

  • JEV

    I willfully allow many Microsoft and Google programs the use and collection of my application use. I know they use this information to make more money (it’s a business right?), but that is because I know that in order to make more money they need to make a better a product and that information will be vital in making a better product. What I don’t like is using Facebook and having the company change privacy settings without your consent (youtube also has done this to me but there is less personal stuff on their). I also know that no-matter what you set as your privacy setting they(any company that you give your information to) will sell your information to advertisers. But when you get a relatively new company, such as Facebook, that has quickly become the largest company at what it does (social networking in their case), they will do whatever they can to attract investors, advertisers, and information-collecting governments and marketing departments so as to continue increasing their ‘income’.Yes, virtually every business you interact with collects your information and obviously uses it, and gives it away slyly to third-parties, but it is better to have many different companies collecting different ‘parts’ of your personal information than feeding it all to the ‘fresh big fish’. Online companies will always be the victims over breaching privacy (at least in the short term), due to the numerous buzzwords journalists can (& like to use) to make a quick-and-easy story. However, like I previously stated, It’s not a good idea to give all your information to one party, especially Facebook.

  • BLOGBloke

    RADAR Alert! There’s a helluva difference between an internet company making my private info available to the world vs. my telephone company stuffing it in their office file cabinet.

  • haary

    hi, this is very best thought and i will reply that that is the best idea I wish all of these companies well. They do provide wonderful services that create unique opportunities to connect with others. There is a way to achieve balance between building a successful marketing/business platform and respecting basic user requirements in the realm of user privacy. from company

  • Tim O'Reilly

    BLOGbloke -

    You assume that the phone company just stuffs it in a file cabinet. Do you know that?

  • BLOGBloke

    Tim … the possibility of them passing it along to every tom dick or harry on the net like Facebook does is far less likely because they aren’t in the same business.

  • BLOGBloke

    By the way that’s a red herring argument and you have no proof brick and mortar businesses are doing the same thing. It still doesn’t justify Facebook’s crimes and misdemeanors.

  • G. Boyd

    Facebook is exploiting your privacy because it is essential to maintain open data systems in order to gain control over ones decision structure by placing ones critical object and orient data in the cloud where algorithms can be employed to access your OODA loop faster than the individual. See Theory of Constraints Thinking Process tools.

    http://www.dbrmfg.co.nz/Thinking%20Process%20Cloud%20OODA.htm

    The good news is that this ridiculously over ambitious Military Industrial Complex project will fail. That bad news is that the tech community is not exposed the full agenda on display here, which is being deliberately hidden by surface buzz that does not put in context the need to exploit ones privacy across the network centric system.

  • G. Boyd

    BLOGbloke & Tim,

    BLOGbloke is correct here, for the telephone can’t intercept and usurp an individual’s decision structure, even if they try to make use of one’s private data. One needs an a close-loop network-centric system, with feedback AND controls, to make tangible use of the data.

    It’s all about control folks. And these systems are deliberately designed to give others control over you and your decision making. That’s what is being hidden from you in all of these discussions.

    If O’Reilly wants to debate me on this topic, then go for it. I welcome the opportunity to bring DoD think tank strategy into the open, so people can understand what is driving this system’s design.

  • G. Boyd

    Oh, and here is what control over the Social OODA looks like in graphical terms, as presented by this blogger who focuses on 5GW (5th Gradient of Warfare).

    http://www.dreaming5gw.com/images/Social%20OODA%20Overlapping%20Abstracts.jpg

    It should not be lost on the observer that the center of this Social OODA is the Pentagon.

  • Ferd Reilly

    No need to worry about privacy when the Government can just shut down the internet. This is what happens when you advocate government as a platform you jackasses.

    http://www.prisonplanet.com/new-bill-gives-obama-kill-switch-to-shut-down-the-internet.html

  • Antone Johnson

    As long as there is even one viable alternative to Google for web search, in my view, virtually all criticisms of its privacy practices are misplaced. It’s free, it’s optional, and if you don’t like it, don’t use it. The same can be said for Gmail, Google Apps, Reader, just about everything Google offers.

    If stricter privacy practices were a point of competitive differentiation, search engines would be scoring points against each other on that basis — to the benefit of consumers. As one who drafts privacy policies for a living, I’m keenly aware of the reality that the vast majority of consumers never even glance at them. Unless and until we start seeing large numbers of users switch from Google to Bing, for example, based on concerns about Google’s data collection and retention policies, I think it’s fair to view the issue as a relatively minor one that receives vastly disproportionate coverage in media and political circles.

  • Antone Johnson

    The WaPo piece conflates three important but distinct issues, playing them for maximum dramatic effect to increase the level of FUD — to the detriment of the online industry and the millions of consumers who benefit from it.

    1. Discovery power in US civil litigation. The article leads with an example torn from the pages of sleazebag personal injury litigation, designed to tug at the heartstrings (“newborn baby pictures!”). Trouble is, there’s nothing about the story that’s really unique to Facebook, or online. A box of paper documents subpoenaed by the defense could have uncovered similar information. The discovery power in US civil litigation is absurdly broad; if the rules were made more restrictive (easier said than done), courts would disallow the request or introduction of most such evidence as irrelevant to the case.

    2. Required disclosure under ECPA, the archaic law that the article itself notes even Google is seeking to reform. Why? Because as a former lawyer and executive at a series of major consumer Internet companies, my experience has been that they lean steeply in the direction of resisting disclosure compelled by legal process. These requests impose costs and administrative burdens on the online service provider (usually operating a free service) and undermine public confidence in its privacy practices. Truth be told, a given site’s Privacy Policy is nearly irrelevant when it comes to responding to a subpoena, search warrant or court order; the law says what it says, and most companies won’t risk being held in contempt of court for disobeying a valid request. As they say, “If you don’t like it, write your Congressman.”

    3. Nature of data collected, retained and shared by the sites. Others have commented on this piece already. Trying to limit the type of data sites can collect and use internally would be both futile and counterproductive. The real opportunity lies in regulating — in a nuanced, deliberate, thoughtful fashion — how long site operators can retain certain types of data, when and how they can share it, and the nature and extent of disclosure and opt-out offered to users. The industry has rightly tried to keep this in the realm of self-regulation, fearing the blunt instrument of legislation — but if sites like Facebook continue to make highly publicized missteps as a result of their tone-deaf approach, I fear that politics will trump good policy and common sense, to the detriment of companies and consumers alike.

  • Danny Sullivan

    @Not Danny Sullivan, pick virtually ANY place that allows you to do searches, including some privacy sites. They’ll almost certainly log your IP address with your search queries because that’s what web servers do by default. They log page requests (which include search terms embedded in the URL) along with the IP address of those making them.

    As for a single tool that links all searches by IP. No. They don’t have that, to my knowledge. And it would a stupid tool, if they did.

    My IP address constantly changes. My ISP assigns a different one to me all the time. When I’m traveling, my mobile provider assigns a different one to me. If I’m on my cell phone, that has a completely different IP as well. You can’t link “me” to one single IP address.

    That’s also exactly the point I raised in my email. The focus on IP addresses, which still continues from government bodies and privacy groups, is absurd. There are search histories assembled to cookies – but they suffer some of the same mixing issues. The real concern is about search histories linked to user accounts. What protects those and so on? But that’s not what gets discussed. Instead, energy is largely wasted on IP address concern.

    FYI, Google does let you delete those search histories. Facebook does let you delete your entire account, if you want that. But if you disagree with something in your credit file – assembled without your knowledge, your permission or your cooperation – tough. That haunts you for ages, is tough to correct and has a far bigger impact on people’s lives than their search histories.

    I don’t think I’m a nutter in saying we could use a little more perspective about privacy protection overall, across-the-board.

    @Neil, I agree entirely that there’s a compact about what we expect from services that we use. But you know, if you share a photo to the world on Facebook, it doesn’t matter if Facebook later allows you to delete it if you change your mind. That’s nice – but that photo might move outside Facebook and into a variety of other places because you yourself put it out there.

    I agree, there are also things Facebook might share that you aren’t thinking they’ll share. I have real concerns about that myself, because people can do so many different things on Facebook that can be tracked. At the same time, your ISP knows EVERYTHING you’re doing online. But count the number of articles on ensuring that ISPs give users the ability to wipe ISP logs versus the Facebook nightmare scenario stories. It’s not even close. Not at all. And some of those ISPs are selling aggregate data to web measurement companies.

    Make no mistake. I’ve been very critical of Facebook’s privacy moves. I’ve been critical of Google’s screw-ups as with Buzz. But I’ve long said that we need better privacy protections about what companies do with our data on and OFF line. I suspect we’re going to see the internet companies get singled out. I don’t think the credit bureaus or groceries stories or anyone else who has our personal information should get a free ride.

    I’m most definitely not saying excuse Facebook or Google because ah heck, others do the same or worse. I’m saying let’s use the concerns over Facebook and Google and be broader thinking to ensure that, as BLOGbloke suggests, those phone records really do stay in a filing cabinet. If that’s where they really are, because we don’t know.

  • Guillaume Leroy

    Hi Tim and eveybody, I have posted an article yesterday regarding clean separation of Identity, Data and Services. I think it may be of value to this discussion. I am very much concerned with privacy and freedom on Internet and this article propose something to solve the problem. I will not reproduce the whole article here, so here the link: http://guleroy.wordpress.com/2010/07/03/opensafe/

    The idea is to enable people to establish true contracts with service providers and keep control on data publication. For me, our capacity to bring change is only related to communities (clients I should say). We need to enable new competitors that bring new values to people; we need community leaders to put pressure on existing service providers to change. But for that, we should also define what we want! I think that is very difficult matter because each individual may have a different point of view. That is why I propose something agnostic, something that enable you to leave when you want and that’s all. Each community could then apply the principles to their concerns because each kind of services will bring different problems. Defining what is good or false is also a question of maturity and culture so it will change constantly over time and location…

  • Leopold Bloom

    MY 2-MINUTE READING vs. SCREENING VIDEO:
    http://www.youtube.com/watch?v=9xpN78-cJP0