Tagged: privacy

Words, actions, privacy.

Ember

Image: My medieval public identity…

It used to be when users kicked up a fuss, social networks quaked and gave way to their demands.

Then Facebook began a kind of two-steps-forward / user outcry / one-step-back dance with privacy and user data.

These days, as the market has matured and the incumbents feel a little more settled, their networks seem a little too hard to opt out of for users.

In a recent New York Times article about Google+, Google’s Bradley Horowitz said: “We are attuned to both what people say and what people do.”

How I read that: sure, we hear a lot of complaining, but no one’s voting with their virtual feet.

Users complain about the forcing upon them of a Google+ identity, but they don’t do much about it. They don’t close down their Gmail, start using other search engines, give YouTube a swerve. Not many of them. Not enough of them to worry about.

To data driven Google, an outcry on Twitter and in opinion articles is largely noise. People stopping using their services would be a strong signal – and they just aren’t seeing that.

I can think of a couple of people who have opted out of Facebook (a couple out of the few hundred people I’m connected to there).

As for Google, I have only met one refusenik so far – and heard tell of others in the online activist community.

Two questions come to mind:

  1. Will governments and brands begin to follow this logic? Petitions and online slacktivism, as one-click protests are derisively labelled by some, aren’t always going to signal real behaviour changes – boycotts, votes, spending money elsewhere.
  2. Are people who are opting out of Google and Facebook the start of a movement toward “de-clouding”, rejecting handing their personal data over to large corporations? It’s too early to tell whether this will remain fringe dissent or whether it will begin to spread. Google, Facebook, Microsoft and, to some extent, Apple and Amazon (the “stacks“) will be aiming to make sure the massive utility value of their services outweighs fear and suspicion of their stewardship of our data.

Online security expert Bruce Schneier calls entrusting our data to the stacks “feudal security”, a theme picked up by Aral Balkan recently in his TEDxBrighton talk.

Feaudalism works, you could argue. It worked for thousands of years. Quite apart from inequality and fairness though, feudalism kills progress – it causes stagnation, homegeneity, stasis.

I guess what Schneier and Balkan are pointing out with the feudalism metaphor is that this is a kind of opt-in feudalism – it doesn’t have to be that way. Actually, as I sit here typing into a Chrome Browser, on an iMac, before turning to my Gmail etc. – you realise that it’s no opt-in, it’s something you have to put a great deal of effort and time into opting out of…

: : As an aside, I’d be a lot more likely to use Google+ more often if I didn’t have two identities there. Reflecting on the “forcing users to have a single Google+ identity” strand in this post as I edited it, I realise – I’d love a single identity. Can I have one, please?

My work and personal email are both on Gmail, so I have two lots of circles, etc. Reminds me of this tweet I favorited [sic] the other day:

 

 

 

Who can see what you are doing on the internet right now?

Yesterday’s cryptoparty was fascinating in so many ways. A two hour-ish session took us through online privacy issues, behaviours and tools.

Particularly useful was an interactive diagram from the Electronic Frontier Foundation, which campaigns for internet freedom, showing who can see what you are doing with your web browser – from a hacker sitting in the same coffee shop, to your ISP, the hosts of the website you are using and government agencies tapping into the internet backbone (as the NSA and GCHQ in the UK have been doing) or contacting the ISP or website for their records. 

Click on the image below to try it for yourself.

ZZ55706B45

 

I knew some of this previously, but this diagram is really helpful in clarifying the situation. You can see who see how of your online activity is blocked by using a secure plug in (the HTTPS Everywhere extension for Chrome and Firefox browsers will do this) or a super-secure browser like TOR (which encrypts and hides users’ location, identity and web use). Fro the most part, the former blocks people seeing who you are and your data, the latter almost everything except your location and the fact that you are using TOR.

On the last point, using TOR presents what my colleague Jason Ryan calls “the cryptographer’s dilemma”. While it means you have a huge amount of privacy online, it also holds up a metaphorical sign saying “I am doing secret things! Over here, mass surveillance agency – me! Me!”.

Recommendations for using TOR for people like activists or journalists who need to keep their online activity away from prying eyes include:

  • Don’t use it too often
  • Don’t use it at home
  • Don’t upload files on it
  • Don’t log in to your email

There are more in an exhaustive – and, frankly, exhausting – list called Want TOR to really work?.

Online privacy and mass surveillance are very complex issues, as are the solutions. I’m very grateful to Chris Pinchen and his cryptoparty friends for helping me to begin to think these issues and ideas through.

Against mass surveillance – what will you do today?

ZZ6D612BDC

Today is a day of action and protest against mass surveillance by our governments: The Day We Fight Back.

Aptly, the first thing in my Twitter stream when I opened my laptop this morning  was the inventor of the Web re-tweeting the Electronic Frontier Foundation’s message…

ZZ52E6FBD6

Things move quickly, our lives are busy. Today, though, take the opportunity of The Day We Fight Back to stop and ask – what kind of a world do you want to live in? What future do we want to choose? What kind of Web do we want to live with around us?

Then do one thing – or a few things – to mark your intent, to take small steps toward the future you want.

Here’s what I’m doing:

  • Adding my voice to the chorus of dissent –  by signing the EFF petition and adding their banner to my website.
  • Supporting those who are fighting for our online freedom every day – by  re-joining the Open Rights Group in the UK, that campaigns for internet freedom and making a donation.
  • Learning more about how to take control of my data and security personally – by attending a Cryptoparty this evening where people will be learning how to lock down their devices and manage their online data. I’m hoping to help hold more of these for friends, colleagues and clients in the future.

Spread the word. Tell others what today means and what you are doing to support it…

Getting an Autographer

ZZ121F4985

We’ve ordered an Autographer for the Brilliant Noise office. I’m really looking forward to trying it out.

Three main things I’m interested in…

  1. A new kind of camera: It will be great to experiment with the Autographer in situations where taking photos is difficult. I think especially of running – there are so many interesting scenes you come across when distance training (I’m about to start my 2014 marathon training) and stopping and using your phone can really disrupt your run. I think that it will be interesting to use it when speaking at conferences and capturing other moments where I’m usually focused on something else.
  2. Creating new kinds of stories: Documentally’s* inspired me a bit with his Autographer films earlier this year – like this one about a Storymaking event at the Guardian. It strikes me that there are all kinds of behind-the-scenes, day-in-the-life stories waiting to be told like this.
  3. Seeing how it works socially: In Documentally’s review of the Autographer he talks about both forgetting he was wearing the device and having to consciously make decision to turn the camera off…

I found myself suddenly and understandably concerned by the privacy of those around me. Another time was when I thought other peoples kids were identifiable in a playground.

What might happen when I walk through airport security and inadvertently break the law? What does all this mean for privacy in general?

Like every other piece of social technology we will need to invent the rules and behaviours for devices like this one. I’m curious about how it will feel and the questions it will prompt me to ask myself.

I’ll let you know how I get on…

* He’s actually called Christian Payne, but I always think of him as Documentally. 

Google Glass and privacy

ZZ1EAEAF1D

Jan Chipchase blows away the froth around the Google Glass/privacy conversation: 

As a product that is both on-your-face and in-your-face, Glass is set to become a lightning rod for a wider discussion around what constitutes acceptable behavior in public and private spaces. The Glass debate has already started, but these are early days; each new iteration of hardware and functionality will trigger fresh convulsions. In the short term, Glass will trigger anger, name-calling, ridicule and the occasional bucket of thrown water (whether it’s ice water, I don’t know). In the medium term, as societal interaction with the product broadens, signs will appear in public spaces guiding mis/use1 and lawsuits will fly, while over the longer term, legislation will create boundaries that reflect some form of im/balance between individual, corporate and societal wants, needs and concerns.

In Kevin Kelly’s What Technology Wants thesis, Google Glass is an inevitability – we could see it coming a mile off. Ban it if you like, ignore it if you like, but you can’t un-invent it or the technologies it bundles together. 

We are surrounded by thousands of cameras and microphones everyday in the hands of our fellow citizens. Some even play with surveillance drones at the weekend. 

All of this technology will only get more common, cheaper, smaller. 

What are we going to do about it? 

Privacy sells?

NewImage

This advertising billboard in Clerkenwell stopped me in my tracks (and by tracks I mean the sedate progress of my Boris Bike) on Monday.

BlackBerry’s encryption of emails is good enough that it upsets those of an authoritarian, prying-into-your-citizens’-communications-persuasion and now they are making a selling point of it.

Privacy gets in the way of advertising business models as well as the secret police, which is why managing your privacy settings on services from your browser to Facebook is often unnecessarily complicated. It may not be a conspiracy to stop you from guarding your data, but there isn’t a perceived incentive to make this stuff really useful for the networks.

Or for anyone else. Apart from Ad Blocker web browser extensions and a clutch of very geeky tools used by activists and cautious geeks, there aren’t mass market tools and services to help people control how their data is used, how their personal becomes public…

Google’s recognised this, sort of… At least Paul Adams did in his masterpiece of a research paper on social networks - The Real Life Social Network – at Google (I note he is now at Facebook). Then we thought we’d see Google Circles, an social network designed to help with this managing of your content and conversations. But then we didn’t.

Thing is, privacy – what we want from it, what we actually mean by it, etc. – is complicated. As I discussed at Local Social Summit last year, privacy can mean all sorts of things. Privacy is proxy issue for fears and doubts about life with the web and with technology more broadly.

Anyway, back to the BlackBerry ad. I wonder if this sells phones. I wonder if privacy will sell other stuff too. I wonder if – as Alan Patrick – privacy itself is something that will be sold (as a service, a premium package, whatever…).

Mining the where: CIA-funded start-up says 80% of online content contains location information

201011251323.jpg

Last week at Local Social Summit I talked about some of the issues around location and privacy. Especially problematic is people’s inadvertent tagging of their photos with location information – something potentially of interest to crooks, stalkers and others you might not want to know everything about you.

Open-source spying is a term which has been around for a while, reflecting the fact that when it comes to gathering information, the web is often as good a place as going into the field. In-Q-Tel’s investments reflect a justified fascination with the social web by intelligence agencies.

Well it turns out the CIA is also interested in this kind of information. In a post about the CIA’s Silicon Valley VC firm, In-Q-Tel, the Not So Private Parts blog on Forbes found the firm…

…likes companies coming up with better ways to mine social networking sites and geospatial location data. One of its investments, Geosemble, a private spin-off from USC, estimates that “80% of online content has location information.”

80%? Wow.

“Our mission is to shine a torchlight on geographic unknowns and help organizations neutralize threats and capitalize on opportunities in their areas of geographic interest,” says its website. Another of IQT’s geospatial investments, FortiusOne, promises instant maps based on Tweets and photo uploads, for mapping election-day threats in Afghanistan, for example.

The idealist in me is attracted to the data mining stories of humanitarian efforts of platforms like Ushahidi, but we should remember that governments and their agencies are interested in our geo-location information as well.

Bonus link : : Really interesting presentation from FortiusOne on analysing geo-data for business.

Publish first, police second… is that how it works?

201011221946.jpg

The other evening I watched some of the Channel 4 documentary Coppers, in which UK police officers were sharing their disquiet about how people they deal with seem to phone the police rather than deal with their problems themselves.

Could it be that there is another contradictory trend, for people to take evidence of crimes to their social networks first, when the police might be more appropriate?

Two cases spring to mind. One, which was a tabloid cause celebré this morning, is the ten-year-old boy who took a picture of a mugger leaving the scene of a crime.

According to Th Sun, he…

He snapped Royal as he fled on a bike then posted the pic online. Cops identified and nicked Royal who was fined in Darlington, Co Durham.

Why not call the police? And the police “praised Alex’s ‘quick thinking’”. Really?

The other was the cat-in-the-wheelie-bin lady, who was caught on someone’s private CCTV committing an act of animal cruelty. The footage was posted to YouTube and then a web community took up the cause of identifying the woman (something they did very quickly).

It may be that the socially acceptable behaviours that emerges, that becomes a norm, is that we post everything to the web and then direct the police to it. At some point this is likely to incite real-world vigilantism, at some point this is likely to compromise evidence in a case, or the ability of a court to hold an impartial jury trial.

: : Lastly, a ten-year-old on Twitter – really? I hear parents wondering whether to let their kids use Facebook when they are 13 (the legal limit), but Twitter? Never… There’s a few things about this story which see odd.

Thoughts on privacy and location: nosey neighbours and norming

This post is the extended version of the notes and research I made to prepare for a talk I gave at Local Social Summit 2010. Hence the length and odd format – if you’re thinking about or researching privacy, location and social media hopefully there’s some useful things here. Have a look at my Delicious bookmarks tagged privacy and location if you want to see the raw links…

Privacy is a complicated issue, to say the least. Giants like Facebook and Google regularly trip over it and look uncertain if not clumsy in their approach to it. Individuals are often either surprised to learn that this is an issue for them, or overly cautious about how they use the web.

Even as I started the talk and begin to write this post, I’m thinking of another post I need to write on the subject, along the lines of “designing for privacy”. It’s an issue everyone from developers to media and brand owners need to consider when thinking about the social web.

This is where I got to…

Privacy is a complex issue: Complex, but we keep trying to over-simplify it. Some talk about it as invioable right, without going into detail about what it entails. Web companies try to wish it away as an issue – I find it amazing that people as smart as Google CEO Eric Schmidt can use the“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place” argument or Mark Zuckerberg can try to insist that the argument has finished and publicness-as-the-default has won.

Privacy is a proxy issue for people’s hope and fears about the web

In discussions I hear or read “Privacy!” thrown in like a rheotorical grenade. Bang! Stop everything! Privacy is under threat, and like motherhood and apple pie it is too precious to put at risk.

I sense that “privacy” is sometimes a catch-all term to encompass things that make people uncomfortable, their unease with social and cultural change that growing numbers of them realise is happening as a result of the web.

Privacy makes good headlines

Since I started researching for Me and My Web Shadow a couple of years ago, the number of stories about Facebook, Google and privacy in the mainstream media has grown. Last summer saw useful initiatives like Pleaserobme.com make the headlines and then be hi-jacked by insurance aggregators as a PR story, while the Daily Mail criticised BT “spies” who “trawl internet” conversations to find people having problems with the firm.

These stories are worrying because they raise fears about privacy without looking closely at the issues or giving practical advice.

ZZ52993CB0.jpg

People are often unaware of what they are revealing about themselves

Geo-tagging your photos can give away a lot of information about you, but many people don’t realise they are doing it. A project by a interesting bunch of security experts called I Can Stalk U is trying to raise awareness about this by using a crawler to gather information about where people are when they post photos to Twitter and then Tweeting an @ message to let them know (see the post about Educational stalking for a related initiative by a secondary school English teacher).

Even the very digitally literate get the odd scare, as Shea Sylvia’s story The Night I Was Cyberstalked on Foursquare shows.

The privacy debate in society may take place at a local level

It could well be that it is at a local levels that people face the implications and consequences of online publicness and start to work out where they draw the line between public and private, how the new social norms will work.

If local authorities are happy to abuse laws designed to combat terrorism to investigate and surveil their citizens for petty offences, it is likely that sooner or later we’ll hear of some bright spark trying to use geo-tagged photos and Tweets to prove parents are lying about the school catchment area they live in or not recycling their plastics in the appropriate way.

Privacy is not a personal matter

Writing Me and My Web Shadow coincided with my less geeky friends (“Hotmail friends” as Danah Boyd, once put it) really committing to Facebook, going past the addiction and over-enthusiastic social games phases and starting to use it as part of their everyday lives.

It became clear to me that what I did with my Facebook privacy settings and vice versa affected us all. If I post photos of people online, I make some decisions about their web shadow for them.

Discussion and social norming are required for us to work out how privacy works within our actual social networks. This is something we can and will all take part in…

Privacy is a fluid concept

Bill Thompson puts it really well in a talk he gave to the Lift Conference. Privacy as we understand, or understood it, is a new concept and one which may disappear or change radically.

The notion of people being happy to trade away their privacy is wishful thinking

Many people want to be in control of what appears about them in the public domain. Witness the “whitewalling” trend among young people spotted by (again) Danah Boyd. They want and need access to Facebook, but in order to remain in control of what is on their wall, who tags them where, they close down their accounts completely (temporarily) while they are not online.

Innovation can solve privacy issues

Sharing my location is useful, but sharing it permanently with anyone in the world who knows how to look for it is an unattractive proposition. Services like Glympse set a precedent for handling privacy differently from presuming openness is what people want – you can use it to send your location to people or broadcast it but after a period of time you choose – say a couple of hours – that information is deleted. In a similar vein Whapee is a photo-sharing service that lets you geo-tag photos anonymously.

Maybe “personal data management” is a better description than “privacy”

Obviously it is not – it is not very pithy for a start – but you catch my drift. What we talking about with privacy in the context of the social web is not “the state or condition of being free from being observed or disturbed by other people” (as my computer’s dictionary puts it), but being in control to some degree or other of what others observe or how they are able to disturb you.

We need to stay close to users’ perceptions of privacy

Point is, privacy, what privacy is, how people understand it and what they want from it is changing all the time. Different users will have different points of view, different personal policies. If you commissioning or building services and spaces in the social web you need to understand where they are at right now.

Privacy is a design issue

Perhaps I mean an innovation issue, and we’ve covered that above, but I suspect that applying design thinking to how users data, their privacy/publicness will be affected by a service would be useful. It is certainly something to be borne in mind from the outset in the development process.

Whitewalling: Teens create their own Facebook super log-off

201011161717.jpg

Here’s an interesting approach that Microsoft researcher Danah Boyd found a young person using to manage their Facebook privacy and presence:

Mikalah uses Facebook but when she goes to log out, she deactivates her Facebook account. She knows that this doesn’t delete the account – that’s the point. She knows that when she logs back in, she’ll be able to reactivate the account and have all of her friend connections back. But when she’s not logged in, no one can post messages on her wall or send her messages privately or browse her content. But when she’s logged in, they can do all of that. And she can delete anything that she doesn’t like. Michael Ducker calls this practice “super-logoff” when he noticed a group of gay male adults doing the exact same thing.

Mikalah is not trying to get rid of her data or piss of her friends. And she’s not. What she’s trying to do is minimize risk when she’s not present to actually address it.

It goes to show that despite a platform’s desire to push people into disclosure by default, users will find ways to make their own choices about how publicness works. Because for many young people not being on Facebook just isn’t an option.

I asked Shamika why she bothered with Facebook in the first place, given that she sent over 1200 text messages a day. Once again, she looked at me incredulously, pointing out that there’s no way that she’d give just anyone her cell phone number. Texting was for close friends that respected her while Facebook was necessary to be a part of her school social life. And besides, she liked being able to touch base with people from her former schools or reach out to someone from school that she didn’t know well. Facebook is a lighter touch communication structure and that’s really important to her. But it doesn’t need to be persistent to be useful.

In the comments and related Tweets to this post, we can see that this hacking of the way Facebook works to suit personal reputation / presence management is common. One Tweet from @Tremblebot says their students call it “Whitewalling” or “Whitewashing”, and that the practice requires an investment up front and then makes it easy to stay on top of what people are posting about in the way of comments, tags and photos.

Perhaps this is something I should add the second edition of Me and My Web Shadow in the workflow for managing reputation. Certainly, if Facebook were to take a leaf out of Twitter’s playbook it would think about adding this as an easier to use or more prevalent feature.

“Whitewalling” also looks like evidence for the notion that people, yes even digital natives, want to retain some control over their privacy and what the world sees and hears about them.