This forum is in permanent archive mode. Our new active community can be found here.

Facebook and Privacy

I just wrote a blog post which I think could be a good topic of discussion on the forum. Who uses Facebook, and who has problems with privacy and trust? I know I do, but I'll probably keep using it until something better comes along.


Luke's Social Venn

Many people are talking about privacy issues on Facebook, and I agree with most of their points. I'm not unhappy with Facebook or any privacy issues, because I've always considered everything I do or say or put online to be 100% public immediately. I've always used my own name when signing up to any internet service, so whatever I do can alway be tied back to me.

But then again, I don't have a real job, so have no work colleges or employers to find out about my strange hobbies. Nor do I have children, so I don't have any worries in that direction.

Anyway, there's been a lot talk about controlling the privacy of each update, photo or comment someone posts on Facebook. Controlling who can or may or will see that post is impossible, and Facebook switched the default from "Only friends can see this" to "Everyone can see this." No wonder it is confusing.

There have been various discussions about alternatives to Facebook, including the crowd-funded Diaspora. On TWiT, a pundit talked about controlling who sees what in a hypothetical social website by using ever widening circles of trust. On one extreme there is "everyone" and at the other extreme is "Just my closest friends." In between would be "other friends", "work people," and maybe "stranger I met in a bar, made my friend, but can't work out how to unfired them."

While this is a simple idea, I think it is slightly too simple to be useful. What I'd like to see is "Social Venn."

The idea is that each time you click a "Submit" or "Post" button, a window opens with a colorful Venn Diagram. Who can see the post depends on where you click the diagram.

The above image is what my Social Venn would look like based on the groups I put my contacts into on Facebook. To be clear, those not in the Friends segment aren't people who I don't consider friends, but if I wanted to send out a message about something personal, I'm not sure if the listeners to my podcast are the right target.

So, you see this diagram, and click the parts of the graph who you want to see what post. Not just one part, but two or three or four parts.

Alternatively, you can "Select All" and then (maybe) right click to pick which sections of your Social Venn will not, nor ever, see what you post. A post might go to all of your closest friends, but even if one of your work colleges is your closest friend, if you say "Not for work people" they'll never see that post, even if it goes to all your other friends and they are discussing it among themselves like mad.

That's my idea.

Making and displaying the Social Venn would be a fun and simple coding project, though not one I'm particularly interested in doing myself. The idea is actually one Facebook could implement, as it uses tagging and not folders to organize friends. If Facebook or Diaspora want to pay me to consult on their platforms, I'd be happy to take your money.

Or maybe this could be tied into a third party program or service, and aggregate your posts out to Twitter, Facebook, FriendFeed, etc. I'd love to have this kind of control over my social internetting. If you are working on something like this, I'd be happy to take your money too.
«13

Comments

  • I just set everything back to "friends only" and don't post things I don't want people to know about.
  • edited May 2010
    I find the whole thing laughable. Especially because you see the same exact people who are internet famous for fighting DRM (Doctorow, EFF, et al.) being the same who are fighting for privacy.

    Privacy controls are DRM.

    Anything that can be digitized can be shared, transmitted, and copied infinitely. Think of that as the Internet law of physics. It's a law that is as undefeated as the laws of thermodynamics.

    DRM is an attempt to beat this law. They tried to create a technology that would allow information to be copied and shared to just a few people, but not copied or shared to anyone else. We know for a fact that this technology does not, and can not, work. If nothing else the information can be captured from the analog hole, digitized, and put back into the system.

    Privacy controls are the exact same thing. You are attempting to give some people information about yourself, but not have that information copied to everyone in the universe. It can not be done. Anything you type into the computer can, and will, be copied infinitely. The only way you can prevent this from happening is if you do not type it in at all.

    The thing is, if you recognize this law, privacy controls on the web become very easy. How do they become easy? Because you no longer need complicated privacy controls at all. Every site on the Internet will have a simple global control that does not change. There will basically be three kinds of web sites out there.

    Blog/Facebook type - absolutely everything you type in will be seen by the entire world whether you are the blog poster, the commenter, or whoever. If you don't like it, don't type in anything.

    Private Account type - I have an account at Linode which is our hosting provider. Everything in there is 100% private. My information can only be seen by me, and Linode employees who are financially obligated not to screw it up. Nobody can log into my account, so nobody can see my stuff. Amazon and Newegg are also is the same thing, excepting the product reviews and wish lists.

    4Chan type - Everything is 100% public, but also 100% anonymous.

    Privacy controls and DRM are the exact same thing. They are the free energy machine of information. They can not ever, and will not ever, work.

    The only reason this causes a problem for us is because the security mechanisms put in place by our government and corporations are dependent on secrecy and also sharing of the same information. The same credit card number you tell others when you purchase things is also the one you need to keep secret. You have to tell people your SSN to get some services. If we moved everything to private/public key pair systems, you would never tell anyone your private key. You would only offer your public key and a verifiable digital signature to confirm your identity. Thus, the lack of privacy would no longer be a security issue. Your Amazon account being hacked wouldn't result in any of your money being spent, or someone getting a loan in your name, or any other BS.

    Other than that, the only problem is people with regrets and shame. Well, the era of regrets and shame is over. The fortunes of the Internet favor the bold. Don't want a picture of you getting totally wasted/high being seen by employers, relatives, etc.? Don't get high, don't get wasted, or at least don't let anyone take a picture of you while high or wasted. Once the picture is taken, it's basically game over. That was your chance. You missed it. Don't complain to Facebook later on. You had your chance.
    Post edited by Apreche on
  • RymRym
    edited May 2010
    Privacy controls are the exact same thing. You are attempting to give some people information about yourself, but not have that information copied to everyone in the universe. It can not be done. Anything you type into the computer can, and will, be copied infinitely. The only way you can prevent this from happening is if you do not type it in at all.
    Yeap. Although circles of trust work, but are only as trustworthy as the least trusted member. I publish a great deal of information to, say, emails or our private forum. But I also understand that any recipient of that information can record, collate, aggregate, and republish it to their heart's content.

    I think the reality of the situation can be boiled down to three simple axoims - uncontrollable realities of the modern world. If you take issue with any of these three items, you basically cannot use the Internet as anything but a consumer of other people's content, and will have to spend the rest of your life in fear of those around you with always-on HD cameras. Part of being integrated into the modern world is understanding that there is nothing you can do about these.

    Rym's Three Axioms of Information Privacy
    1. Anything you ever publish to any other person can be republished by them at negligible cost.
    2. Anything you ever do in a public setting can be republished by anyone who has witnessed it.
    3. Any information about you that is already publicly available can never be made unavailable.
    Post edited by Rym on

  • Rym's Three Axioms of Information Privacy
    1. Anything you ever publish to any other person can be republished by them at negligible cost.
    2. Anything you ever do in a public setting can be republished by anyone who has witnessed it.
    3. Any information about you that is already publicly available can never be made unavailable.
    Those are all just sub-truths of the general law I already discussed.

    All information that can be digitized can and will be copied and transmitted infinitely.
  • RymRym
    edited May 2010
    All information that can be digitized can and will be copied and transmitted infinitely.
    It doesn't even need to be digitized. You post that you smoked weed in your facebook, and I just tell everyone who isn't your friend there that I saw your post of you smoking weed. It could be digitized, but it wasn't in my context. Also, just because something is digitized doesn't mean it will be republished in the meaningful future. I can still rely to some degree on laziness on the part of, say, people to whom I send email.

    If something is not publicly available, it cannot be infinitely retransmitted until someone in the circle of trust does it themselves, either actively (republishing) or passively (bad security). Furthermore, to be sure, the average person doesn't think of situations like "picking their nose in an alley" as a privacy concern, and would probably be angry if the security camera footage from said alley showed up on youtube. I constructed the three axioms specifically to show non-technical average people the true scale of what privacy truly means. I also intend to use them to illustrate what information security needs to fix before our society can accept these axioms. Each one has an obligatory component social change.
    Post edited by Rym on
  • Privacy controls are DRM.
    You guys truly live in your own little world.
  • You guys truly live in your own little world.
    What would you define DRM as being? What is it?

    You do realize that DRM is the ability to control information after you have published it, right? That's all it is. Nothing more. What you choose to do with that power is a different matter, but DRM does nothing more than give you this ability.

    So, if you publish to Facebook, and you use Facebook's controls to restrict your publication to certain people, you're trying to keep it within a circle of trust and prevent republication. If you didn't care about republication, why did you restrict it in the first place? That's DRM.
  • Most people I speak with on this issue are super paranoid about corporations and marketers knowing too much about them. I try to take this one step further though. Why do they want to know more about you? It's so they can more effectively market to you. Personally, I welcome a world where if I when I am subject to advertising, it is advertising that I may actually be interested in.

    I would especially be open to this if these super-effective ads via internet data collection caused all of the advertising dollars to flow away from outdated constructs such as cable TV, and into internet advertising, bringing the content with it. Take my data, mine my data, and give me better, cheaper services in return. If that happens I'll call it a fair trade.
  • edited May 2010
    What would you define DRM as being? What is it?
    I'm not disputing that privacy controls equal DRM, it's an apt metaphor actually. What I'm disputing is your long standing beliefs that just because it can be shared, it should be shared. I could continue with this debate but it would just devolve into the many DRM debates we've had over the months. I frankly do not have time to rehash all of this. I will summarize my argument similarily to my DRM arguments. If you want to share everything you post with the world, you are more than welcome to. I am not you, I don't want random people knowing everything about my life. A simple example, I live on the first floor of an apartment complex with no locked lobby door. As such I do not want to broadcast to the world when I'm going away from the weekend. You guys with your locked lobby and second story or higher apartments do not have this concern.
    Post edited by George Patches on
  • RymRym
    edited May 2010
    What I'm disputing is your long standing beliefs that just because it can be shared, it should be shared.
    I didn't say it should, I said it can. I often choose not to republish information that is given to me for various personal reasons. There's nothing wrong with that. But if someone else chooses to go find this information and republish it, there's nothing I can do to stop them. If I publish it, and then want to unpublish it, I'm screwed.
    I don't want random people knowing everything about my life. A simple example, I live on the first floor of an apartment complex with no locked lobby door. As such I do not want to broadcast to the world when I'm going away from the weekend.
    That's fine. You don't publish that information, and it doesn't get out. No moral quandary: you chose not to broadcast the fact that the door is unlocked.

    So take this example to Facebook. If you share this information with your friends there, you're relying on two factors:
    1. Your friends won't themselves republish this information (which is protected by Facebook's minimal DRM)
    2. Facebook won't fuck up and republish it themselves

    If you really didn't want that info out there, you either have to trust your friends AND Facebook, or not publish it to Facebook.

    Now, there's a second set of issues, much further beyond your control. So, you decide not to publish this information anywhere. Fine. But the fact that the door is unlocked is still publicly accessible information. If someone decides to walk down the street, and touches every door to see if it's unlocked, and posts this information online, there's nothing you can do about that. The door's state is public information: it's just obscure. But you can't stop anyone from collecting this extant information if they so desire. And you can't stop still other people from aggregating it. Because the state of the door is able to be determined by the public, it can be known by anyone with a will to know it. Your preferences have nothing to do with it. I may choose, upon finding the unlocked status of the door, to not republish, but I can't fault anyone else who decides differently.
    Post edited by Rym on
  • What I'm disputing is your long standing beliefs that just because it can be shared, it should be shared.
    Clearly you aren't reading carefully enough. You absolutely will get nowhere trying to play board games or tabletop RPGs if you don't take very careful notice of the difference between words like can, should, will, must, and may. You were the first person to use the word "should" here. Read carefully.
    A simple example, I live on the first floor of an apartment complex with no locked lobby door. As such I do not want to broadcast to the world when I'm going away from the weekend. You guys with your locked lobby and second story or higher apartments do not have this concern.
    Clearly you also did not read what I said above about using public/private key encryption and identification. The problem in our society is that we don't have any real security. Instead, we have obscurity. Rather than making our money and belongings actually secure, we just keep it secret. As soon as someone malicious discovers the secret we are fucked.

    Right now our shit is fucked up. If someone gets my bank account info they can spend my money. But if I want to do business with someone, I have to trust them with that very same piece of information. If we had real security, I would give them my public key, and I would answer a challenge response with my private key. I would never share my private key with anyone ever under any circumstance, and I wouldn't need to. My identity would be un-stealable.

    Your address has the same problem. Because your shit is insecure, you are relying on keeping your address secret. Clearly you aren't any good at that because you just told the world that your lobby door has no lock! It's impossible to keep your address a secret. The UPS man knows it. Amazon knows it. The whole world knows it. What you need is some actual security.

    Long ago our society gave up on real security because it is inconvenient. We put on security theater in certain places to alleviate fear. We keep secrets to make up for our lack of real security. Now secrets are impossible to keep, and people are panicking. The solution is not to continue to protect secrets, but to bring in real security. Real security is inconvenient, yes. Get used to it. It's the wild west.
  • To be honest, the reason I came up with the social venn thing is mainly to stop me being overwhelmed by information. I don't look at what everyone is doing on facebook. It's too confusing. However, I do look at sets of people at a time, like Berlin Juggling Friends, or FRC people.

    What I'd like is a simple one click way to share things with one set but not another. The original post is not actually about privacy or security, not in my mind, it's more to do with not wanting to bother non-jugglers with my latest video, and not wanting to impose person problems on people who aren't my close friends. At the moment that isn't easy. With a social venn to click it would be far more simple.
  • What I'd like is a simple one click way to share things with one set but not another. The original post is not actually about privacy or security, not in my mind, it's more to do with not wanting to bother non-jugglers with my latest video, and not wanting to impose person problems on people who aren't my close friends. At the moment that isn't easy. With a social venn to click it would be far more simple.
    That's the problem from the reverse end. It's the aggregation problem. When you have a flood of information coming in, how do you filter and sort it so you only see what you want? We have been trying to solve this problem in the world of technology ever since they created the concept of folders in file systems, and now we have Digg, Twitter lists, and Google. We really haven't come all that far.
  • You absolutely will get nowhere trying to play board games or tabletop RPGs if you don't take very careful notice of the difference between words like can, should, will, must, and may.
    They aren't my cup of tea anyway.

    You have a good point about real security, but that's not the world we live in. We have security through obscurity or we have nothing at all. If you know where I live, then you know my building has no lobby, anyone can walk up to any apartment. So the only thing I can do is keep people guessing about when I'll be around and hope the deadbolt puts up a fight.
  • So the only thing I can do is keep people guessing about when I'll be around and hope the deadbolt puts up a fight.
    Bump key.
  • edited May 2010
    Bump key.
    And that is the root of the problem. I don't have an RSA public/private encoded lock for my door. Even if I did, what's to stop someone simply taking a boot to my door? Unless I live in a encrypted bank vault, my shit is going to be insecure.
    Post edited by George Patches on
  • Unless I live in a encrypted bank vault, my shit is going to be insecure.
    One way is retroactive security. You can't make a perfect door, but you can make an effectively perfect monitoring system. Bad guys can commit crimes, but they can't hide what they've done. Openness is more secure than closedness in the long run.
  • One way is retroactive security. You can't make a perfect door, but you can make an effectively perfect monitoring system. Bad guys can commit crimes, but they can't hide what they've done. Openness is more secure than closedness in the long run.
    Exactly. The whole world knows your address and that the door is unlocked. The whole world also knows if, when, and who took all your moneys.
  • One way is retroactive security. You can't make a perfect door, but you can make an effectively perfect monitoring system. Bad guys can commit crimes, but they can't hide what they've done. Openness is more secure than closedness in the long run.
    My solution so far has been renters insurance and not buying super nice things. Other than my computer, my apartment doesn't have much of value in it. My cash stays in the bank unless I need it.

    Speaking of this whole security in banking thing, my bank has really been pushing the online bill pay lately and I'm starting to see why. Rather than continuing to use the current model which is effectively "here's my wallet, take what you need" they're encouraging us to pay our bills. So we send the money rather than let it be debited from our account.
  • Speaking of this whole security in banking thing, my bank has really been pushing the online bill pay lately and I'm starting to see why. Rather than continuing to use the current model which is effectively "here's my wallet, take what you need" they're encouraging us to pay our bills. So we send the money rather than let it be debited from our account.
    Actually, that feature is really just supposed to be a convenience so you can pay bills to people who don't do automatic debit. For example, you can have a check automatically mailed to your old lady landlord every month for rent.
  • I find the whole thing laughable.
  • It irks me that I can't get an even tighter grip on what is available to which people, but really
    I find the whole thing laughable.
  • There is a difference between lacking passive privacy controls (no DRM) and affirmatively distributing your information (what Facebook is doing). People generally have more of a problem with Facebook stealthily adding features that distribute your info to other websites you visit without telling you than they do about letting people come to Facebook to get your info.

    I don't put anything on Facebook that I don't want people to know. However, there is certain information that I prefer to remain easily accessible to friends only. (I say easily accessible because most of the info that is gathered on Facebook is also available online, including address and phone number info on certain stalker directories.) I also do not want Facebook trumpeting all of my details to the websites I visit without asking me; not because of privacy concerns, but rather because it is not what I signed up for when I joined the site. When they change the ToS, you should get notice. If I want the websites I visit to have access to my Facebook profile, I am perfectly capable of affirmatively giving them that ability.

    The issue with Facebook is the stealth element of adding new features that are active by default and then not telling you.
  • Nuri, what you say about changing terms of service is true. However, there is the sub-problem where terms of service are incomprehensible to almost everybody, changed or not. Show me a blob of legalese when I sign up. Then show me another blob of legalese and say "here is new one! agree?" doesn't mean much. If they're going to have a policy, it needs to be in plain english.
  • It's not legalese when you have a set of features that are obvious and you add a new one without notice. Adding new functionality to a site is a change in the terms of use. It doesn't have to be legalese. I'm talking about the implied terms of use, not the official ToS.

    If they added the feature and didn't automatically activate it, there would be no problem with the lack of notice. The problem is when they force it on you.
  • A lot of people seem to be talking about Diaspora*. I'm curious to hear about your thoughts.
  • I'm talking about the implied terms of use, not the official ToS.

    If they added the feature and didn't automatically activate it, there would be no problem with the lack of notice. The problem is when they force it on you.
    How do you define what the implied terms of use are? What one person implies are completely different from what someone else implies. Especially in an age when so many of the users are technologically incompetent, there is no such thing as a common expectation.

    Also, what constitutes adding a feature? Due to the very nature of software development and running a large site like that, code is constantly in flux. They are making changes constantly, most of which nobody notices. If they notified users of every single change, everyone would quit because of constant bothering messages that they would just ignore. They also couldn't really notify you of everything without going completely opening all their code and data, which sort of defeats the purpose of having any privacy to begin with. How much has to change before they tell you? How much do they have to tell you? What happens when they want to add a new feature, and it's not technically feasible to let people individually opt out? They'll just be out-competed because they won't be allowed to change.

    I think the source of fury is just people who don't like change, of any kind. If Facebook 1.0 was the Facebook of today, and they "upgraded" to the Facebook of yesterday, you would see the same complaining. The fact is they changed Facebook a fuck ton, and the people against it are a small vocal minority. Most people are just happy playing their Farmville, sharing photos, and they don't give a shit. Those people make Facebook money, and the changes aren't making them leave or complain. Other web sites have all your info, or even more than Facebook does, and they change their shit constantly, and nobody complains or cares.

    As far as I'm concerned Facebook has done nothing wrong. All the complainers are just people who are still, even though it's been almost two decades, still can't deal with the reality of the Internet. I say to them the same things I've been saying over and over.

    Welcome to the Internets.

    Tough Shit.

    Learn to deal with it.

    Howdy time traveler. I see you've just arrived from the year 1991. How were things in the stone age?
  • A lot of people seem to be talking about Diaspora*. I'm curious to hear about your thoughts.
    It will be just like Laconica. Bucket of fail.
  • edited May 2010
    Actually Scott, you just don't understand the concept of implicit terms. When you start using a service, it is implied that the functionality will remain the same unless you get notice of some sort. For instance, if the price of a phone contract goes up, you get notice in the form of an increased bill. You then have an opportunity to cancel. It happens in contracts all the time. Here, Facebook was entitled to add the feature. They were not entitled to activate it and hide it from the users. The difference b/w this feature and most others is that the others don't affect how your info is distributed outside of the site. This was a substantial change, whereas the others were not. It doesn't fit in with your special Scott-only logic, so there's not much point in me attempting to explain it to you further.

    EDIT: The "where do you draw the line" argument is bullshit. There are all kinds of places where we draw lines. Courts determine what is a "material" change and what is not all the time. Just because something is not absolute does not make it immune from rules.
    Post edited by Nuri on
  • EDIT: The "where do you draw the line" argument is bullshit. There are all kinds of places where we draw lines. Courts determine what is a "material" change and what is not all the time. Just because something is not absolute does not make it immune from rules.
    This is true. The problem is that most judges and lawmakers are completely ignorant when it comes to technology, so their decisions are complete horseshit the overwhelming majority of the time.
Sign In or Register to comment.