Howdy, Stranger!
It looks like you're new here. If you want to get involved, click one of these buttons!
This forum is in permanent archive mode. Our new active community can be found here.
Facebook and Privacy
I just wrote a blog post which I think could be a good topic of discussion on the forum. Who uses Facebook, and who has problems with privacy and trust? I know I do, but I'll probably keep using it until something better comes along.
Many people are talking about privacy issues on Facebook, and I agree with most of their points. I'm not unhappy with Facebook or any privacy issues, because I've always considered everything I do or say or put online to be 100% public immediately. I've always used my own name when signing up to any internet service, so whatever I do can alway be tied back to me.
But then again, I don't have a real job, so have no work colleges or employers to find out about my strange hobbies. Nor do I have children, so I don't have any worries in that direction.
Anyway, there's been a lot talk about controlling the privacy of each update, photo or comment someone posts on Facebook. Controlling who can or may or will see that post is impossible, and Facebook switched the default from "Only friends can see this" to "Everyone can see this." No wonder it is confusing.
There have been various discussions about alternatives to Facebook, including the crowd-funded Diaspora. On TWiT, a pundit talked about controlling who sees what in a hypothetical social website by using ever widening circles of trust. On one extreme there is "everyone" and at the other extreme is "Just my closest friends." In between would be "other friends", "work people," and maybe "stranger I met in a bar, made my friend, but can't work out how to unfired them."
While this is a simple idea, I think it is slightly too simple to be useful. What I'd like to see is "Social Venn."
The idea is that each time you click a "Submit" or "Post" button, a window opens with a colorful Venn Diagram. Who can see the post depends on where you click the diagram.
The above image is what my Social Venn would look like based on the groups I put my contacts into on Facebook. To be clear, those not in the Friends segment aren't people who I don't consider friends, but if I wanted to send out a message about something personal, I'm not sure if the listeners to my podcast are the right target.
So, you see this diagram, and click the parts of the graph who you want to see what post. Not just one part, but two or three or four parts.
Alternatively, you can "Select All" and then (maybe) right click to pick which sections of your Social Venn will not, nor ever, see what you post. A post might go to all of your closest friends, but even if one of your work colleges is your closest friend, if you say "Not for work people" they'll never see that post, even if it goes to all your other friends and they are discussing it among themselves like mad.
That's my idea.
Making and displaying the Social Venn would be a fun and simple coding project, though not one I'm particularly interested in doing myself. The idea is actually one Facebook could implement, as it uses tagging and not folders to organize friends. If Facebook or Diaspora want to pay me to consult on their platforms, I'd be happy to take your money.
Or maybe this could be tied into a third party program or service, and aggregate your posts out to Twitter, Facebook, FriendFeed, etc. I'd love to have this kind of control over my social internetting. If you are working on something like this, I'd be happy to take your money too.
Many people are talking about privacy issues on Facebook, and I agree with most of their points. I'm not unhappy with Facebook or any privacy issues, because I've always considered everything I do or say or put online to be 100% public immediately. I've always used my own name when signing up to any internet service, so whatever I do can alway be tied back to me.
But then again, I don't have a real job, so have no work colleges or employers to find out about my strange hobbies. Nor do I have children, so I don't have any worries in that direction.
Anyway, there's been a lot talk about controlling the privacy of each update, photo or comment someone posts on Facebook. Controlling who can or may or will see that post is impossible, and Facebook switched the default from "Only friends can see this" to "Everyone can see this." No wonder it is confusing.
There have been various discussions about alternatives to Facebook, including the crowd-funded Diaspora. On TWiT, a pundit talked about controlling who sees what in a hypothetical social website by using ever widening circles of trust. On one extreme there is "everyone" and at the other extreme is "Just my closest friends." In between would be "other friends", "work people," and maybe "stranger I met in a bar, made my friend, but can't work out how to unfired them."
While this is a simple idea, I think it is slightly too simple to be useful. What I'd like to see is "Social Venn."
The idea is that each time you click a "Submit" or "Post" button, a window opens with a colorful Venn Diagram. Who can see the post depends on where you click the diagram.
The above image is what my Social Venn would look like based on the groups I put my contacts into on Facebook. To be clear, those not in the Friends segment aren't people who I don't consider friends, but if I wanted to send out a message about something personal, I'm not sure if the listeners to my podcast are the right target.
So, you see this diagram, and click the parts of the graph who you want to see what post. Not just one part, but two or three or four parts.
Alternatively, you can "Select All" and then (maybe) right click to pick which sections of your Social Venn will not, nor ever, see what you post. A post might go to all of your closest friends, but even if one of your work colleges is your closest friend, if you say "Not for work people" they'll never see that post, even if it goes to all your other friends and they are discussing it among themselves like mad.
That's my idea.
Making and displaying the Social Venn would be a fun and simple coding project, though not one I'm particularly interested in doing myself. The idea is actually one Facebook could implement, as it uses tagging and not folders to organize friends. If Facebook or Diaspora want to pay me to consult on their platforms, I'd be happy to take your money.
Or maybe this could be tied into a third party program or service, and aggregate your posts out to Twitter, Facebook, FriendFeed, etc. I'd love to have this kind of control over my social internetting. If you are working on something like this, I'd be happy to take your money too.
Comments
Privacy controls are DRM.
Anything that can be digitized can be shared, transmitted, and copied infinitely. Think of that as the Internet law of physics. It's a law that is as undefeated as the laws of thermodynamics.
DRM is an attempt to beat this law. They tried to create a technology that would allow information to be copied and shared to just a few people, but not copied or shared to anyone else. We know for a fact that this technology does not, and can not, work. If nothing else the information can be captured from the analog hole, digitized, and put back into the system.
Privacy controls are the exact same thing. You are attempting to give some people information about yourself, but not have that information copied to everyone in the universe. It can not be done. Anything you type into the computer can, and will, be copied infinitely. The only way you can prevent this from happening is if you do not type it in at all.
The thing is, if you recognize this law, privacy controls on the web become very easy. How do they become easy? Because you no longer need complicated privacy controls at all. Every site on the Internet will have a simple global control that does not change. There will basically be three kinds of web sites out there.
Blog/Facebook type - absolutely everything you type in will be seen by the entire world whether you are the blog poster, the commenter, or whoever. If you don't like it, don't type in anything.
Private Account type - I have an account at Linode which is our hosting provider. Everything in there is 100% private. My information can only be seen by me, and Linode employees who are financially obligated not to screw it up. Nobody can log into my account, so nobody can see my stuff. Amazon and Newegg are also is the same thing, excepting the product reviews and wish lists.
4Chan type - Everything is 100% public, but also 100% anonymous.
Privacy controls and DRM are the exact same thing. They are the free energy machine of information. They can not ever, and will not ever, work.
The only reason this causes a problem for us is because the security mechanisms put in place by our government and corporations are dependent on secrecy and also sharing of the same information. The same credit card number you tell others when you purchase things is also the one you need to keep secret. You have to tell people your SSN to get some services. If we moved everything to private/public key pair systems, you would never tell anyone your private key. You would only offer your public key and a verifiable digital signature to confirm your identity. Thus, the lack of privacy would no longer be a security issue. Your Amazon account being hacked wouldn't result in any of your money being spent, or someone getting a loan in your name, or any other BS.
Other than that, the only problem is people with regrets and shame. Well, the era of regrets and shame is over. The fortunes of the Internet favor the bold. Don't want a picture of you getting totally wasted/high being seen by employers, relatives, etc.? Don't get high, don't get wasted, or at least don't let anyone take a picture of you while high or wasted. Once the picture is taken, it's basically game over. That was your chance. You missed it. Don't complain to Facebook later on. You had your chance.
I think the reality of the situation can be boiled down to three simple axoims - uncontrollable realities of the modern world. If you take issue with any of these three items, you basically cannot use the Internet as anything but a consumer of other people's content, and will have to spend the rest of your life in fear of those around you with always-on HD cameras. Part of being integrated into the modern world is understanding that there is nothing you can do about these.
Rym's Three Axioms of Information Privacy
1. Anything you ever publish to any other person can be republished by them at negligible cost.
2. Anything you ever do in a public setting can be republished by anyone who has witnessed it.
3. Any information about you that is already publicly available can never be made unavailable.
All information that can be digitized can and will be copied and transmitted infinitely.
If something is not publicly available, it cannot be infinitely retransmitted until someone in the circle of trust does it themselves, either actively (republishing) or passively (bad security). Furthermore, to be sure, the average person doesn't think of situations like "picking their nose in an alley" as a privacy concern, and would probably be angry if the security camera footage from said alley showed up on youtube. I constructed the three axioms specifically to show non-technical average people the true scale of what privacy truly means. I also intend to use them to illustrate what information security needs to fix before our society can accept these axioms. Each one has an obligatory component social change.
You do realize that DRM is the ability to control information after you have published it, right? That's all it is. Nothing more. What you choose to do with that power is a different matter, but DRM does nothing more than give you this ability.
So, if you publish to Facebook, and you use Facebook's controls to restrict your publication to certain people, you're trying to keep it within a circle of trust and prevent republication. If you didn't care about republication, why did you restrict it in the first place? That's DRM.
I would especially be open to this if these super-effective ads via internet data collection caused all of the advertising dollars to flow away from outdated constructs such as cable TV, and into internet advertising, bringing the content with it. Take my data, mine my data, and give me better, cheaper services in return. If that happens I'll call it a fair trade.
So take this example to Facebook. If you share this information with your friends there, you're relying on two factors:
1. Your friends won't themselves republish this information (which is protected by Facebook's minimal DRM)
2. Facebook won't fuck up and republish it themselves
If you really didn't want that info out there, you either have to trust your friends AND Facebook, or not publish it to Facebook.
Now, there's a second set of issues, much further beyond your control. So, you decide not to publish this information anywhere. Fine. But the fact that the door is unlocked is still publicly accessible information. If someone decides to walk down the street, and touches every door to see if it's unlocked, and posts this information online, there's nothing you can do about that. The door's state is public information: it's just obscure. But you can't stop anyone from collecting this extant information if they so desire. And you can't stop still other people from aggregating it. Because the state of the door is able to be determined by the public, it can be known by anyone with a will to know it. Your preferences have nothing to do with it. I may choose, upon finding the unlocked status of the door, to not republish, but I can't fault anyone else who decides differently.
Right now our shit is fucked up. If someone gets my bank account info they can spend my money. But if I want to do business with someone, I have to trust them with that very same piece of information. If we had real security, I would give them my public key, and I would answer a challenge response with my private key. I would never share my private key with anyone ever under any circumstance, and I wouldn't need to. My identity would be un-stealable.
Your address has the same problem. Because your shit is insecure, you are relying on keeping your address secret. Clearly you aren't any good at that because you just told the world that your lobby door has no lock! It's impossible to keep your address a secret. The UPS man knows it. Amazon knows it. The whole world knows it. What you need is some actual security.
Long ago our society gave up on real security because it is inconvenient. We put on security theater in certain places to alleviate fear. We keep secrets to make up for our lack of real security. Now secrets are impossible to keep, and people are panicking. The solution is not to continue to protect secrets, but to bring in real security. Real security is inconvenient, yes. Get used to it. It's the wild west.
What I'd like is a simple one click way to share things with one set but not another. The original post is not actually about privacy or security, not in my mind, it's more to do with not wanting to bother non-jugglers with my latest video, and not wanting to impose person problems on people who aren't my close friends. At the moment that isn't easy. With a social venn to click it would be far more simple.
You have a good point about real security, but that's not the world we live in. We have security through obscurity or we have nothing at all. If you know where I live, then you know my building has no lobby, anyone can walk up to any apartment. So the only thing I can do is keep people guessing about when I'll be around and hope the deadbolt puts up a fight.
Speaking of this whole security in banking thing, my bank has really been pushing the online bill pay lately and I'm starting to see why. Rather than continuing to use the current model which is effectively "here's my wallet, take what you need" they're encouraging us to pay our bills. So we send the money rather than let it be debited from our account.
I don't put anything on Facebook that I don't want people to know. However, there is certain information that I prefer to remain easily accessible to friends only. (I say easily accessible because most of the info that is gathered on Facebook is also available online, including address and phone number info on certain stalker directories.) I also do not want Facebook trumpeting all of my details to the websites I visit without asking me; not because of privacy concerns, but rather because it is not what I signed up for when I joined the site. When they change the ToS, you should get notice. If I want the websites I visit to have access to my Facebook profile, I am perfectly capable of affirmatively giving them that ability.
The issue with Facebook is the stealth element of adding new features that are active by default and then not telling you.
If they added the feature and didn't automatically activate it, there would be no problem with the lack of notice. The problem is when they force it on you.
Also, what constitutes adding a feature? Due to the very nature of software development and running a large site like that, code is constantly in flux. They are making changes constantly, most of which nobody notices. If they notified users of every single change, everyone would quit because of constant bothering messages that they would just ignore. They also couldn't really notify you of everything without going completely opening all their code and data, which sort of defeats the purpose of having any privacy to begin with. How much has to change before they tell you? How much do they have to tell you? What happens when they want to add a new feature, and it's not technically feasible to let people individually opt out? They'll just be out-competed because they won't be allowed to change.
I think the source of fury is just people who don't like change, of any kind. If Facebook 1.0 was the Facebook of today, and they "upgraded" to the Facebook of yesterday, you would see the same complaining. The fact is they changed Facebook a fuck ton, and the people against it are a small vocal minority. Most people are just happy playing their Farmville, sharing photos, and they don't give a shit. Those people make Facebook money, and the changes aren't making them leave or complain. Other web sites have all your info, or even more than Facebook does, and they change their shit constantly, and nobody complains or cares.
As far as I'm concerned Facebook has done nothing wrong. All the complainers are just people who are still, even though it's been almost two decades, still can't deal with the reality of the Internet. I say to them the same things I've been saying over and over.
Welcome to the Internets.
Tough Shit.
Learn to deal with it.
Howdy time traveler. I see you've just arrived from the year 1991. How were things in the stone age?
EDIT: The "where do you draw the line" argument is bullshit. There are all kinds of places where we draw lines. Courts determine what is a "material" change and what is not all the time. Just because something is not absolute does not make it immune from rules.