Archive for the ‘Uncategorized’ Category

Bye, bye Facebook

Friday, May 14th, 2010

As mentioned in the previous post by Tristan, Facebook is facing all kinds of trouble at the moment. I’ve just deactivated my account, and will shift it to deleted in a few weeks (once I have the time to scrape off my contacts). As an early adopter of Facebook, this was a tough decision to make – it’s been a fantastic way to reconnect with old friends, make some new ones, and to share news, photos and ideas. But, recent events have made it obvious that the benefits no longer outweigh the costs. In particular, the shift to public ‘pages’ and the searchable status updates, alongside the recently announced ‘open social’ approach to sharing friends’ data with external web sites has made it almost impossible (in some cases actually impossible) to control the leakage of information across Internet sites that I as a user have not consented to give my information to.

As a user, there are a number of choices available to us when faced with these decisions. One is to just walk away, and leave a moribund account. The problem here is that information is still leaked. Option two is to delete information in the profile, and replace with either fake information or no information at all. This obviously has downsides for Facebook since much of their USP is the wealth of relatively accurate information available for marketing types. But, for users there’s a downside too – for us, the USP of Facebook was about connecting with people we had a connection to in ‘real life’ – so, once we attempt to achieve privacy through obfuscation or deception, the actual utility of the site is also reduced for us. So, it’s a loss-loss situation. That leave the final option – deletion or deactivation – the route I chose.

I’ve researched how people use Facebook (relatively) extensively (e.g. this paper) – and one of the core lessons from the more recent work is that it only works if people can protect their privacy via the site, rather than via their actions. When they don’t do it through the site (whether because it’s too complicated, or not possible, or they don’t trust the settings), then they’ll do it through their actions. In the cases I looked at, this was by engaging with the site in a more shallow way. But, if this isn’t feasible, then the only option left is to quit. The management of Facebook (in particular the CEO) seem to have forgotten that if our private spaces are made public, there’s really not much chance that we’ll ‘dance like there’s no-one looking’ – instead we’ll become self-conscious, awkward, and eventually sit down in a corner looking a little embarrassed. My version of that is retreating to a locked Twitter account…

Why the change of tune, Facebook?

Friday, May 14th, 2010

Today is “Kill your Facebook Page” day. Pundits across the blogosphere are loudly criticising the social network giant. What is going on?

Last year, Facebook, under pressure from its users, introduced a new set of principles that included all sorts of good things like equality, ownership and freedom. But these principles have been thrown out of the window as Facebook has gone “rogue”, making previously-private data public in an attempt to monetise its users’ social graphs and self-declared preferences.

What now? Will Facebook cave in to pressure once again? So far they are alternating between arrogance and silence.

Meanwhile, demand grows for an alternative. While big companies such as Google offer little comfort for privacy-aware social network users, a group of undergraduate students have raised over US$100,000 based on little more than a flashy web site with some nascent plans for a decentralised OSN. While these ideas are nothing new, hopefully they will use some of their funds to develop a system that is usable by “silver surfers” as well as holders of Computer Science PhDs.

So maybe the market will decide. Perhaps Facebook has underestimated the costs of their users’ privacy and will suffer a loss in market share and business as a result. Or perhaps their users would actually prefer more of their data to be public, and the privacy-aware competitors will fall by the wayside. Either way, these social network site builders would no doubt have benefited from a privacy value network framework to help understand the costs of privacy.

Gargoyling with Google Goggles

Tuesday, December 15th, 2009

Google has just saved you from being a “technonerd”, unable to chat with a stranger without being creepy and stalker like.  Google has literally saved your social life.  By banning one of it’s own products.  But why?

It all had so much promise.  Google Goggles seemed like an incredible way to support human activity, to multiply our ability to understand and make use of the world, to grease the social wheels and bring us closer together.  Instead of shining a light however, it was taking us to a very dark place.

The ‘goggles’ are so simple: snap something with your camera phone, and get search results about it.  It’s a fantastic idea; an amazing achievement.  Sounds great doesn’t it – how could there possibly be any problems with this?  PVNets Principle Investigator Angela Sasse tells us in interview by The Independent – it all goes wrong when you start Goggling people.

“People manage their relationships by selective disclosure,” but Goggles shreds this delicate and nuanced practice.  “You might go somewhere on the assumption that you won’t be recognised. But if people find out who you are they can see where you have been.”  It’s true Goggles can only provide information about you that’s already floating about the internet – already in the public domain.  But, this is worse than it sounds.  You may not know what’s available about you on the internet.  Before people had to already know things about you before they could find out more – they needed your name or other personal information in order to find out more.  Now they just have to be nearby.  “Increased Accessibility” is a privacy challenge that changes the game entirely.  You may not know what information is out there on the internet about you, or you may know but not expect the information to be available to people.  You may not understand or be able to predict what happens when diverse information about you is combined, or used for purposes you didn’t expect when you put the information out there on the internet.  It may have been other people who put the information up there, without your consent.  Goggles is a hornet’s nest for Privacy.  That’s why Google has suspended it’s person recognition.

It’s hard to predict what effects Goggle’s “increased availability” technology would have.  Camera phones are pervasive, so it’s likely it’s effects would be too.  One likely impact is on social interactions, and it too could be negative.  Neal Stephenson’s novel “Snow Crash” describes “Gargoyles” – people strewn with sensing technology – cameras, mics, IR, radar, feeding everything around them into the internet to be catalogued and cross referenced.  The flow is two way – they live in augmented reality, and everything they see and sense is tagged and annotated – every one they meet is accompanied by a flood of information.  They know too much, “Gargoyles are no fun to talk to. They never finish a sentence. They are adrift in a laser-drawn world, scanning retinas in all directions, doing background checks on everyone within a thousand yards”.  They tell you about yourself before you have a chance to tell them.  Selective disclosure, and the joys of getting to know you go out of the window.  Gargoyles are universally regarded as saddos, and avoided if whenever possible.

By suspending Goggle’s person recognition, the risks of privacy invasion against us have been averted.  Google has saved you from being dossier-ed in the street, your intimate details known by any Tom, Dick or Harry you unassumingly pass by.  The lure of invading others privacy has been withdrawn from us too – Google has saved us from ourselves, and it’s going to do our social lives no end of good.

Do social network users care about privacy?

Wednesday, August 12th, 2009

This is an important question. Indeed it is one of the main questions that we are exploring in the PVNets project. Last week we heard a very interesting talk from Sören Preibusch presenting the business case for social network site (SNS) operators to care about privacy. In particular he showed some results that indicate that the more successful SNSes (in terms of subscribers) tend to have less visible privacy policies.

What then, to make of WeOurFamily, a new privacy-oriented SNS? Privacy is truly at the forefront here: the front page says “Designed to provide the control and privacy needed for real relationships.” Will users want to sign up for such a privacy-oriented SNS? And will they be willing to pay $21.99 a year for such privacy? I am very interested to see what will happen.

Have I signed up for WeOurFamily? That would be telling…

Researcher, heal thyself

Sunday, August 2nd, 2009

Becoming a Privacy researcher for the first time starts you noticing some things that you always took for granted, including flaws in your own and you’re institution’s practice. One example is how Universities are not as set up for privacy protection as you’d expect. Privacy and personal data is taken seriously – mostly every study with human participants has to be registered with the departmental and central data protection officers, with the procedure used to protect the confidentiality of the data obtained. There is one very obvious crack in the system.

It’s not in all Universities, but it’s in enough. Many researchers (including current and past colleagues) will have run into it. It is the participants’ receipt of payment form – an example is given below.


Participants in research projects are usually thanked for their time by being given a small amount of money – often it’s a fixed amount less than £10, but the amount can depend on the participants’ performance in the experiment too. You are told that the form above is so you as a researcher can claim back this money from your project after you’ve paid it to the participants (it may be coming out of your own pocket initially, for administrative convenience), and also so the University’s finance department can validate that the project money has been spent properly. Typically, as a researcher I have been supplied with something like these forms from my department’s administrators – so they’re ‘official’ forms from the institution. Lets have a look at what’s in them.

The image is a bit small to read, so I’ll tell you what it says. After receiving the money, participants are instructed to give:

  • -Name
  • -Home address
  • -Date
  • -Amount received
  • -Signature

Each participant will see the preceding participants’ name and home addresses. They will also see other participants’ signatures, and possibly be able to infer their performance on the experiment.

These people will frequently be strangers, but it’s quite probable that some will know each other. For example, a study here at UCL recently recruited a lot of university library staff – so many of the participants worked in the same office as each other. It’s quite possible that many people would not mind their colleagues or others knowing they’d done the experiment or where they live, and it might not matter that other people can see their address – the information is probably in phone book after all. But these participants might mind, and it might matter.

And in fact some of them do mind – I’ve had people ask why their home address was required, and did they really have to give it. Instead, some participants from the University have only given their Department.

As the person conducting the study, this puts you in a difficult position – you want protect your participant’s rights, but you fear not being reimbursed all the money you’ve paid out, or being hauled up for improper financial practices.

Before participants take part in a study, they always have to sign a consent form that informs them about what it is they’re letting themselves in for – but in my experience it never mentions they’ll be giving away their home address. Nor has it ever been suggested to me that it should.

When you think about it with your privacy hat on, it’s pretty bad. There are two things going on here:

  • -Collection of personal information
  • -Exposure of personal information

The first may or may not be necessary. The second definitely isn’t.
When you think about it a bit further – it strikes you that:

  • -Some systematic privacy violations are painfully obvious… only after you’ve noticed them.
  • -They can be carried out by people of the highest probity, committed to guarding the sensitive information entrusted to them.
  • -From good people acting in good faith can emerge a bad system
  • -We’re all vulnerable to perpetuating privacy violations, even with the best intentions.
  • -Sometimes, only a small simple tweak can make a big positive difference to privacy.

Thankfully the last point was true here. Folding over the paper after each participant works without having to change the form, but one should have a more permanent and professional looking solution. Having one form per person, rather than one form per ten people makes participants’ receipt of payment details confidential again, and the administration at my institution is happy to accept these privacy-enhanced forms.

Privacy is good for business

Wednesday, April 8th, 2009

Thanks to Pete B for passing on a story about a new ACLU primer, Privacy & Free Speech: It’s Good for Business:

This Guide will help you make smart, proactive decisions about privacy and free speech so you can protect your customers’ rights while bolstering the bottom line. Failing to take privacy and free speech into proper account can easily lead to negative press, government investigations and fines, costly lawsuits, and loss of customers and business partners. By making privacy and free speech a priority when developing a new product or business plan, your company can save time and money while enhancing its reputation and building customer loyalty and trust.

This is exactly the kind of thinking that’s behind Privacy Value Networks and its sister projects, EnCoRe and VOME. Let’s hope the ACLU make a big splash of this in the US.

Let’s get scientific

Wednesday, December 17th, 2008

[Dave Birch] A recent issue of Scientific American had a special section about privacy (there’s a podcast with the editor here) and it made for a diverting read for me, because I tend to see privacy through the digital identity prism rather than from a wider (albeit still technological) perspective. Partly because of our involvement in both PVNets and VOME, I’ve been trying hard to stop thinking about privacy in “mechanical” terms — ie, from a wholly technology perspective, looking at situations where digital identities are allowed to validate the credentials of which other digital identities and under what circumstances — and I’ve been trying hard to start thinking about privacy in social terms. Will this different perspective lead to different conclusions about the way forward? I’m in no position to say right now, but I’m always keen to pick up new ideas.