Strong opinions, weakly held

Tag: privacy (page 1 of 2)

Should apps have access to your phone’s address book?

The big online privacy scandal of the past couple of weeks has been the discovery that the social networking app Path uploads your entire iPhone address book to its servers without asking for your permission. People were not only surprised that Path does this, but also that Apple lets them do it. Shortly after this was discovered, we learned that lots of other companies upload your address book as well. The Verge has a rundown of which applications access your address book and whether they ask for permission first.

The discussion I’m interested in is what access applications should have to your address book. One possibility would be for Apple to put the same warning on address book access that they put on use of location services, but as Chris Dixon points out, the more often you ask users for permission, the less attention they pay. I don’t like that solution.

Another option is to simply block access to the address book for apps entirely. I would not be opposed to this approach. Yes, social networking apps desperately want to hook you in by making sure you’re connected to your friends, and they want you to invite your friends to the service to grow their user base. What value do users get out of it, though? Automatically connecting to your friends is a small benefit, and in many cases there are other ways to determine who you’re friends with without pillaging your address book. Apple should strongly consider just blocking address book access entirely.

Short of that, the policy solution is to allow access only to applications once a user has acted to grant access for that application without being prompted directly. So, for example, applications that ask users to upload everything in their address book as soon as they sign up would not be allowed, but applications that have a “Search for contacts in my address book” button would be allowed. Whether Apple could enforce that policy is another matter. As a matter of policy, though, applications should not try to access your address book unless you try to use a feature that requires it.

Update: And I managed to get this post in right before Apple announced a policy change that will require explicit permission before an application can access the address book.

The privacy risks of using Google Analytics

Did you know that there’s a reverse lookup for Google Analytics IDs? I didn’t. Andy Baio has the details.

Managing my mistrust of Facebook

Like a lot of people, I don’t trust Facebook. A lot of people deal with that by deleting their Facebook accounts, but I don’t want to do that. A lot of friends and family members post their photos to Facebook, so I need an account if I want to see them. It’s also the main way to keep in touch with certain people. That’s Facebook’s hook for the skeptical — they know you like other Facebook users more than you hate Facebook itself.

I have never liked it when you go to a page that’s not a Facebook page and it shows your picture and which friends have liked that page already. That provides no value to me as an end user, but it certainly provides value to Facebook. They track your activity using those buttons whether you click on them or not.

This weekend I learned that when you log out of Facebook, you don’t actually log out of Facebook. They still track wherever you go on the Web. That, for me, was the final straw. I logged out of Facebook and deleted all of my Facebook cookies manually.

From now on, when I want to visit Facebook, I’ll be using the private browser setting in whatever browser I’m using. For Google Chrome, that’s Incognito mode. For Firefox, you use Private Browsing. Safari supports Private Browsing as well. It seems like putting Facebook in jail is the only way to keep it from tracking you everywhere you go on the Web, so that’s what I’m going to do.

Update: Facebook has addressed the logout issue. You can decide whether it has been fixed to your satisfaction.

Pushing the boundaries of privacy

Tim O’Reilly argues that the nature of privacy is changing, and that it would be worse for companies not to experiment in that realm than it is for companies like Facebook to push those boundaries and occasionally run into trouble:

The world is changing. We give up more and more of our privacy online in exchange for undoubted benefits. We give up our location in order to get turn by turn directions on our phone; we give up our payment history in return for discounts or reward points; we give up our images to security cameras equipped with increasingly sophisticated machine learning technology. As medical records go online, we’ll increase both the potential and the risks of having private information used and misused.

We need to engage deeply with these changes, and we best do that in the open, with some high profile mis-steps to guide us. In an odd way, Facebook is doing us a favor by bringing these issues to the fore, especially if (as they have done in the past), they react by learning from their mistakes. It’s important to remember that there was a privacy brouhaha when Facebook first introduced the Newsfeed back in 2006!

It’s a well-considered post, but I think he lets Facebook off a little too easily. To me, Facebook has committed one cardinal sin: expanding access to information that has already been posted without getting permission from users. If I post a photo to Facebook and only my friends can see it, those are the only people who should ever be able to see it, unless I give Facebook permission to show it to more people. Any other course of action is hostile to users, and Facebook and other sites deserve to be pilloried for making those kinds of mistakes.

Why you have to keep an eye on Facebook

Matt McKeon has created an amazing infographic showing exactly how Facebook has come to open up information people post to a wider and wider audience over time. This is the reason why so many people are linking to Dan Yoder’s 10 Reasons to Delete Your Facebook Account. The problems with Facebook have been exacerbated by the fact that for many people, it’s their first read/write experience online.

I’ve been deciding what I do and don’t want to share with other people online for 25 years, since I started dialing up BBSes on a 300 baud modem. It shouldn’t be any surprise that I don’t post anything on Facebook, really. I do keep my account though, and I’ll explain why. A few months ago I got a message on Facebook from a guy who went to college with a high school friend of mine. He was trying to get in touch with my friend, and I guess had remembered my name, or came across my profile on Facebook, or something. I really don’t know. But if Facebook didn’t exist, or had I not been on it, maybe “Farmer Ted” and “Beaker” wouldn’t have gotten back in touch, and that would be sad. So I stick with my minimal Facebook presence, even though I don’t really care for the site.

The future of privacy

Bruce Schneier’s latest essay is about privacy:

To the older generation, privacy is about secrecy. And, as the Supreme Court said, once something is no longer secret, it’s no longer private. But that’s not how privacy works, and it’s not how the younger generation thinks about it. Privacy is about control. When your health records are sold to a pharmaceutical company without your permission; when a social networking site changes your privacy settings to make what used to be visible only to your friends visible to everyone; when the NSA eavesdrops on everyone’s e-mail conversations–your loss of control over that information is the issue. We may not mind sharing our personal lives and thoughts, but we want to control how, where and with whom. A privacy failure is a control failure.

He calls out the social networking sites for declaring privacy to be dead when, in fact, they are the ones who are continually working to kill it in order to make more money.

Links for September 1

  • Ars Technica: John Siracusa’s Snow Leopard review. 23 pages of goodness.
  • How the economics of strip malls differ from the economics of commercial blocks in cities.
  • Jonah Lehrer: The Just World Hypothesis. One of the great moral insights I had at a relatively early age is that the world generally operates with no regard for or propensity toward just outcomes.
  • Dan Gillmor: Time Pundit’s Rant and (Partly) Misguided Sense of Privacy. You can’t expect email sent to a mailing list to remain private.
  • WebMonkey: Opera 10 Arrives. Opera has never caught on with me, but they’re to be commended for driving innovation in the browser market and putting the bigger browser makers to shame on a regular bases.

Links from May 22nd

Today’s batch of links:

Google’s new ads

Nelson Minar has a short post explaining Google’s new interest-based ads and the privacy controls available to users associated with them.

Here’s the crux:

I’m usually quick to criticize Google on privacy issues. But not this time. Because along with this juicy new ad product, they’re giving users unprecedented control and visibility into the ads they are shown. We can opt out of tracking entirely. Or we can set our ad preferences, viewing and altering Google’s profile of ourselves. And Google has a detailed and readable page describing how their ad products works with personal user data. All of this privacy protection looks real, a user-focussed product, not just some sham to satisify lawyers.

When everything is recorded

Bruce Schneier’s essay on the fading future of ephemeral conversation is thought-provoking:

This has changed. We chat in e-mail, over SMS and IM, and on social networking websites like Facebook, MySpace, and LiveJournal. We blog and we Twitter. These conversations — with friends, lovers, colleagues, members of our cabinet — are not ephemeral; they leave their own electronic trails.

We know this intellectually, but we haven’t truly internalized it. We type on, engrossed in conversation, forgetting we’re being recorded and those recordings might come back to haunt us later.

I don’t think this is right. Some people haven’t internalized it, but many have. This is, in part, what I was getting at in my levels of candor post.

There are a huge number of things I would never say about a coworker in email. There’s a large number I wouldn’t say over instant messenger. The same goes for texting and voice mail. Some things are only worth saying on the phone or even face to face. I’ve been online in some fashion for over two decades, and I’m a fairly private person to start with, so I am very careful about not saying things that are going to turn up later.

Indeed, these days posting words, photos, and videos online is sort of like getting tattoos. Think ahead, because they’re going to be around forever whether you want them or not.

What I wonder, though, is whether we’re going to see some kind of crest in terms of how harshly people are punished for their previous online behavior. When there are embarrassing photos of everyone online, then by definition their existence will no longer be sensational.

Older posts

© 2024 rc3.org

Theme by Anders NorenUp ↑