Tag Archives: privacy

Google+ name policy: three seven fatuous arguments

Following the discussion of Google’s profile name policy, I see some ridiculous arguments crop up with tedious regularity.

“It’s to stop spam.”

Looking at my spam folder, it’s full of mail from spammers with autogenerated fake names that would pass Google’s smell test: “Denese Mozelle”, “Adrien Lavona”, “Mohammad Alitahir”, “Letisha Lorri”, “Kelli Thomas”, and so on. If you don’t understand how trivially easy it is to bulk generate plausible WASPy names for spamming Google+, ask any programmer. If all else fails, spammers are quite willing to hack and steal account credentials of legitimate accounts in order to spam social networks.

If you haven’t had fake profiles with plausible looking female names try to friend you on Twitter and Facebook so they can invite you to visit their sexy web sites, you can’t have been using those services much. Spammers will even set up networks of web sites to try and push their spam through. Thinking up a plausible e-mail won’t hold them back for more than a few seconds.

There’s also the problem that spammers need to get you to follow them, for their ongoing spam to be effective on Google Plus. Conclusion: The anti-spam argument is bogus. The policy does nothing to stop spam.

“It’s to stop trolls.”

Trolls too have no problem inventing plausible names. If you play online video games, you’ll quickly discover plenty of trolls and griefers, even on services where you have to have a credit card number to get access.

In addition, some of the most famous/infamous trolls have used their real names — ROGER DAVID CARASSO, Richard Sexton, Jason Fortuny, John Dvorak, and so on. (I should note that these examples aren’t all full-time trolls, and some of them have retired from trolling at this point.) Those are just a few examples where I know the names are real; there are endless examples of trolls with names that would pass the Google Plus “smell test”, but which I don’t know are real — Adrian Chen, David Thorne, Joel Johnson of Gizmodo, and so on.

And again, the trolls need to get you to follow them and respond to them. Conclusion: The anti-troll argument is bogus, there are plenty of trolls with real or real-sounding names.

What really discourages trolls and spammers is giving users the tools to block them permanently, and recommend similar blocking to friends.

“It’s to stop people from being rude.”

Facebook has the same policy regarding real names. Have you seen any lack of rudeness on Facebook? Every now and again a page will fill up with bile and death threats, and there are entire web sites dedicated to cataloging everyday Facebook rudeness.

There’s also scientific research on online disinhibition that suggests that people flame more when they know each other’s identities.

“It’s not a problem for me personally.”

“TV censorship isn’t a problem for me, I don’t watch TV.”
“E coli contamination of meat isn’t a problem for me, I’m a vegetarian.”
“Sexism isn’t a problem for me, I’m male.”
“Anti-semitism isn’t a problem for me, I’m not Jewish.”
“The unemployment rate isn’t a problem for me, I have a job.”

See how none of these statements contribute anything positive to discussion of the appropriate topics, and would tend to offend those for whom the issue is a problem?

Conclusion: It’s a good idea to pause and think before ever saying “It’s not a problem for me” when discussing any contentious issue. Maybe there’s a case where it actually contributes useful information to say it, but off the top of my head I can’t think of one.

There are plenty of legitimate real-world situations where someone has a valid reason for wishing to use a pseudonym online, or wishing to use a name that doesn’t fit Google’s restrictions of “firstname and lastname in that order”. Here are a few:

  • Women who are suffering stalking or harrassment online.
  • People who are from foreign countries where names are handled differently, such as Korea. (And even if you have a western-style name on your driver’s license, that doesn’t mean you want that used as your name in a social context.)
  • People who live somewhere where your real name is whatever you say it is, like the UK.

So that’s tens of millions of people right there. So just because you have no valid reason or excuse to use a name other than the one on your driver’s license, doesn’t even begin to mean that nobody else does.

“Well, don’t use it then.”

Like the “It’s not a problem for me” argument, this one adds nothing to the discussion.

“Fox news is biased? Don’t watch it then.”
“Driving while texting is dangerous? Don’t do it then.”
“Cigarette smoke causes cancer? So don’t go places that allow smoking.”

The policies set by Google and Facebook determine many details of our social interactions on the Internet. If Google were to decide to block your personal web site, you would effectively be invisible on the Internet, and saying “Well, people should use a different search engine then” wouldn’t be any help to you.

In addition, the mere existence of personal choice does not mean we should refrain from criticism of corporations and their products.

“It’s so people can find you.”

If most of your friends call you by your nickname in real life, and almost all your Internet contacts know you by your nickname, then that’s going to be the name people will use to search for you in Google+. People aren’t going to search for Stefani Germanotta.

Yet there are plenty of examples where Google have suspended people’s profiles and tried to force them to use a name hardly anyone knows them by, because the name someone is most commonly known by is not necessarily at all similar to their legal name.

“Just use your real name and there’s no problem.”

First of all, there are hundreds of millions of people around the world whose names do not obey the rules “must be written as firstname lastname in plain ASCII”.

Secondly, there are many people who are harmed by being forced to use a “real name”.

Thirdly, the rules presented by Google are ambiguous if the name you are most commonly known by is not your legal name. It’s quite possible in many countries to have credit cards and other everyday identification with names other than the name by which you are known to the government.

Google +, circles, and privacy

With people moving to Google Plus, I’ve seen some confusion about friends, circles and access.

On Facebook, if someone lists you as a friend, you get a request asking you to confirm it. On Google Plus, someone can add you to one of their circles without your permission. This is not, however, a privacy issue. The reason is that the things you post on Google Plus only go to people in your circles by default, not to people who list you in their circles.

Some creepy guy you don’t like added you to his circles? Ignore it. Unless you add him to one of your circles, he won’t see anything extra about you by adding you to his circles, unless one of the following things happens:

  1. You explicitly choose the “Public” option when posting.
  2. You explicitly choose the “Extended circles” option when posting, and one of your friends has put Mr Creepy Guy in one of their circles.

Both options show up in a different color from the circles of friends you define:

Don’t pick either of those two green options, and Mr Creepy will never see anything you post unless you put him in one of your circles. The fact that he’s told g+ that he wants to see your updates does not mean that he will.

(As an aside, this is an interesting example of how using red and green colors in UI design is often problematic. Green means “go” and “no restrictions”, but it also means “safe”. In this case, the two meanings are at odds.)

OK, you say, but couldn’t Google give me a way to block him from adding me to his circles? Well, if he wasn’t allowed to add you to his circles, he could still stalk you just as effectively by going to your profile page and hitting refresh every hour or so. So preventing people from being able to add you to their circles would not actually give you any more real privacy or security; just the illusion of safety.

If you’re offended by his ability to even say that he wants to see your updates, well, I suggest that you get over it. He could communicate a lot worse on his web site.

Circles are an access control mechanism when you post to them, and an interest list when you read from them. That is, when you post to a circle the circle defines who sees the post; but when you put someone in a circle and read the circle, that’s a completely different operation, and doesn’t change any access to posts. I think that’s why people get confused. It might have been better if they were separate things, but the “people who I’m interested in” and “people I don’t mind seeing what I write” lists are probably very similar for most people.

Also, a couple of quick tips about circles:

  • If you click on a circle name in the left navigator, you get a page of updates just from people in that circle. If you then go to post an update, it defaults to going to just that circle.
  • If you start posting an update from the main “Stream” page (which shows updates from people in all your circles), by default you get whatever set of circles you selected last time you posted from the Stream page. You do not get “Public” by default.

Also, the fact that the set of circles a post will go to is always visible, is a big win over Facebook’s “lists of friends” functionality. It means it’s much harder to make something public by accident.

If you want to post to everyone you’ve trusted enough to put in a circle, you don’t need to have a circle for that. Instead, you can click the link for adding people or circles:

The drop-down menu has an entry “Your circles”, which automatically contains everyone in all your circles, but not Mr Creepy:

Once you select “Your circles”, it shows up as a special blue pseudo-circle:

You can also type people’s names into the “Add circles or people” box, rather than using the menu. Google Plus will autocomplete them from your list of people in your circles. If you explicitly add someone by name in this way, they get notified of the post by default, even if they’re also in one of the circles — just like if you used ‘@’ or ‘+’ and their name in the post itself.

Facebook privacy drama

On TechCrunch, Paul Carr pretty much nails the Facebook situation.

Yes, Facebook’s privacy “promise” has been steadily eroding. However, the problem isn’t that Facebook has given up on offering privacy. Rather, the problem is that Facebook initially sold people on the myth that they could fill the Internet with personal information and magically expect that it would stay personal. I don’t know whether that was a deliberate bait and switch, or simply naïvety on the part of its founder.

I use Facebook as a dumping ground for interesting links, and for random chatter with friends. I also re-post content there that’s posted publically on other sites: postings like this from my own web sites, photos from Flickr, videos from YouTube, and status updates from Twitter. I have my phone number and address on Facebook, because those are public information; I don’t go out of my way to show them to people I don’t know, but it wouldn’t be a disaster if Facebook did so.

That’s the way I’ve used the site from the start. It’s a handy aggregator of content and place to chat with friends. I’ve never seen it as a secure, trusted place to put sensitive information. Free web sites are never places to trust with confidential personal information. If you don’t own the web site, you don’t own the data and you don’t decide the policy. That’s a simple fact, and a principle so old that it has an ancient saying associated with it: He who pays the piper, calls the tune. Or in today’s terms, he who pays the bandwidth bills sets the terms of service.

I’ve seen people say that it’s time to abandon Facebook for some kind of alternative. What, exactly, would that look like? One person mentioned an old-fashioned unarchived mailing list, but everyone has so much storage these days, who bothers to delete mailing list traffic to prevent it being archived? Chances are, one or more people on the list will use Gmail, and all the content will be available to Google, indexed and ready for leakage.

I know I plug this book way too often, but everyone who lives a lot of their life online should read The Transparent Society by David Brin. Facebook may be the most visible agent of transparency this week, but what we’re really seeing is a fundamental shift driven by technological change in general, not by any specific organization. Participating fully in society is pushing people to be more and more transparent, whether they like it or not. Putting on a tinfoil hat and refusing to put any information on the Internet is no solution either–all it means is that the only picture of you that searchers will get is the picture everyone else projects–like your enemies, for example.

If you don’t like Facebook’s market dominance, that’s a fine reason to move your content elsewhere. I don’t particularly like that Facebook has such a horrible API and offers no useful Atom feeds; it’s basically a giant box you can put stuff in to but can’t get it out of. I’d move to an open alternative, and I wish Google had done a better job with theirs. In their ham-fisted way, Google were more honest with Buzz: they gave you no privacy to start with. The problem was, users weren’t ready for that, and Google shoved Buzz into a place where people expected privacy and had some reason to do so–their e-mail accounts.

So I don’t think privacy concerns are a good reason to ditch Facebook; rather, they’re an indication that you’re probably viewing free social web services inappropriately to start with. But if someone puts together an open alternative with a sensible UI, I’m ready to move. How about it, Google?

Facebook privacy settings: a checklist

Facebook has recently changed its sharing permissions. A lot of people have discovered that they’ve been sharing rather more information than they intended.

Some of the permissions screens for information sharing are quite well hidden in Facebook’s array of prefence pages and tabs. There doesn’t seem to be a single place listing all the privacy-related settings pages.

I’ve attempted to assemble a list, so you can work through them one by one and make sure your Facebook sharing is set up the way you want.

  • Notifications: Choose when you get e-mail or SMS from Facebook.
  • Facebook Ads: Select whether ads can show your information to other people.
  • Contact information: Decide who can see your various addresses and phone numbers.
  • Profile information: Set who can see the miscellaneous information you put in your profile (birthday, workplaces, photos, etc.) Don’t forget to check that your religious and political views are being shared appropriately. In addition, the “Posts by me” button is important, as it determines who (by default) can see whatever you post to Facebook. This can (following a recent change) be altered per post, using the padlock icon underneath the posting box.
  • Applications – friends: Facebook allows your friends to share information about you via applications. This page lets you turn that off.
  • Ignored invites: Got a friend who keeps inviting you to join Scam Wars or Spamville? Add them to this list to pre-ignore their invites.
  • Search: Choose whether you can be found via public search on Facebook, and/or public search engines such as Google.
  • Block list: The place to name your ex-boyfriends, stalkers, and other enemies.
  • Application settings: Specific settings for all applications you’ve authorized to access your Facebook account. Use the X boxes to delete ones you’re no longer using.
  • Application settings – Groups: A specific application you will want to visit is Groups; I can’t link directly to the edit page, but you should find it on the application settings list. The settings for Groups determine who can see which groups you’re a member of.
  • Application settings – Photos: Another one to visit, allows you to hide the photos tab from non-friends so people can’t easily find all the photos people post of you. The “publish to streams” option adjusts whether people posting photos of you results in story entries on your profile page, whether or not there’s a photos tab.
  • Applications and Web sites: Includes the checkbox to turn off the new “Instant personalization” option, on by default, in which Facebook shares your information with other web sites.

There’s one other setting that isn’t on a settings page. On your profile page, the box showing your friends has an icon of a pencil top right. Click that, and a menu pops up. Hidden in that menu is the checkbox that controls whether your friends list is public to the world.

Google Health has launched

From the contract you have to agree to:

When you provide your information through Google Health, you give Google a license to use and distribute it in connection with Google Health and other Google services. However, Google may only use health information you provide as permitted by the Google Health Privacy Policy, your Sharing Authorization, and applicable law. Google is not a "covered entity" under the Health Insurance Portability and Accountability Act of 1996 and the regulations promulgated thereunder ("HIPAA"). As a result, HIPAA does not apply to the transmission of health information by Google to any third party.

And it’s still solving the wrong problem.

This SF Life

It’s been a bumper month for Transparent Society demonstrations.

  • Michael Richards went into a racist tirade. He played Kramer on Seinfeld, but I’m guessing he won’t be doing any NAACP benefits now. Perhaps they could invite him to the Comedy Central Roast of Whoopi Goldberg.

    Allegedly he had ranted about Jews previously, but nobody had heard about it because nobody had had a camera handy.

  • A Muslim student was repeatedly tasered by a campus cop with a history of police brutality and suspensions. The interesting thing about this one was how many assholes on the net tried to defend the cop.

    The facts, according to the dozen or more witnesses, are: The kid had the legal right to be in the library, he just didn’t have his student ID card with him. He was asked to leave, and had packed up his stuff and was already leaving when the cops showed up. He didn’t yell anything at them until one of them grabbed him as he was trying to leave. At that point, they tasered him. He hadn’t attempted to attack anyone, hadn’t threatened anyone, and was totally unarmed.

    Now, I think it’s pretty hard to justify that first tasering, but let’s for a moment entertain the remote possibility that the cops were in the right there. The problem is that as he was lying screaming on the floor, they tasered him again. They ordered him to get up, and (perhaps because all his muscles were in spasm) he didn’t get up, so they tasered him some more, and so on.

  • Some US troops in Iraq videoed themselves tormenting Iraqi kids by making them chase their truck in the hope of getting some fresh water. Inevitably, the video hit YouTube.

  • UK police are to get helmet-mounted video cameras which record up to 12 hours of video. This is a great idea, the only caveat I have is that the police should be required to keep the camera on when they’re working.

Of course, not so positive is the news that the UK police are setting up a precrime department called the Homicide Prevention Unit. I’m not sure whether precognitive mutants are involved.

Jason Fortuny update

Ironic quote:

You are sending me direct contact information that is sensitive. I protect your privacy in the following ways: (1) I will never sell, rent, or give away your address to any outside party, ever; (2) I will never send you any unrequested e-mail, besides e-mail in the regular course of business; and (3) Your information is stored behind network address translation and a software firewall.

That’s Jason Fortuny’s privacy policy, as stated on his web site before his prank.

At least one marriage has been ruined by the prank. I’m not going to name or link to the victim, for obvious reasons. Again, if you really want to know, read Fortuny’s web pages; he seems delighted, as it turns out it was someone who had thrown him out of an online community for previous anti-social behavior.

Lots of people seem to be focusing on a few of the victims who were married and cheating on their wives, like that justifies humiliating all the others.

Meanwhile, Fortuny has started scrubbing his contact details from his web site, removing references to past clients and employers, and deleting his résumé from the web. Perhaps he’s worked out that a reputation for hoaxing people and posting private e-mail to the web isn’t the best career move for a system administrator.

It also seems to me that Fortuny’s posting of sexually explicit photographs on the web places him squarely under 18 USC 2257 record-keeping requirements. Clearly he hasn’t complied with the law and obtained 100+ model release forms, and that could result in up to 5 years of jail time if the authorities choose to make an example of him.

I’ll end with another nice quote from his LiveJournal:

“I’m just going to quickly and quietly say that the refugees in New Orleans are human trash who don’t deserve to live.”

—Jason Fortuny

It’s nice to know the TrollJournal abuse team are so relaxed about the whole thing. Publishing public information may be grounds for dismissal, but linking to illegally published private information from your journal is just fine, apparently. If only I’d known, eh?

The asshole bar is raised again

A few days ago a web developer in Seattle called Jason Fortuny posted a personal ad to the Seattle Craigslist. He apparently lifted the text from a personal posted to another city’s Craigslist.

The ad was a sexually explicit one, from a submissive woman seeking BDSM sex. Fortuny posted it using the Craigslist e-mail anonymizing option. He then collected the responses—178 or more, with at least 145 photos.

Then he published everything on the web. Every single response, unedited, including all the personal information and photographs that people had sent him.

You’ll find threads about it all over the place if you do a few searches. I’m not going to link to any of it, and I’m not going to give any clues to where the personal information was posted. Go search if you really feel you must know; I don’t feel the need to make the victims’ problems even worse by increasing Fortuny’s pagerank scores.

There are a few things I find interesting about the reaction I’ve seen.

Continue reading

[Friends only]

Now here’s a funny thing: state agencies are now using the “PATRIOT” Act to obtain private profiles from web sites such as facebook.com, for people applying for any state-related job.

[Redacted]

In other words: don’t count on your “friends only” or “private” postings not ending up in the hands of any government organization that takes an interest in you.

While this example involved Facebook, I’d put money on other social networking sites doing the same and handing over your data with no questions asked—including LiveJournal, Yahoo, Orkut, MySpace and so on.

Social Security Numbers: A Modest Proposal

Yet again, a business has been cavalier with tens of thousands of people’s personal data . If your W-2 was processed by PayMaxx in the last few years, any number of people might have read it. There could be thousands of identity thefts as a result.

Yet it’s not really PayMaxx who will be at fault if identity theft occurs. The real problem is that too many businesses use Social Security Numbers (SSNs) for authentication.

SSNs aren’t unique, they aren’t secret, and they were never intended to be used as universal identifiers, let alone authentication tokens. However, the relative obscurity of SSNs has led many businesses to misuse them to verify identity, even though they are completely unsuitable for the purpose.

The simple and obvious solution would be for the US government to legislate prohibiting use of SSNs for any purpose other than identifying taxpayers and social security recipients to the federal government. The legislation would be set to take effect some time at least 12 months in the future, to give companies plenty of time to issue new identity numbers to their customers.

It seems obvious to me that that will never happen, however. Too many corporations with a vested interest in cross-referencing their databases with everyone else’s, and no motivation to spend money on real security.

But I contend that we don’t need to wait for government to act. As I’ve already mentioned, SSNs aren’t actually secret. It’s apparently pretty easy for any random company to get a database of SSNs, and it seems clear that hackers can obtain such databases too. So let’s try a thought experiment…

Suppose a secretive band of hackers obtains a large database of SSNs, ideally the SSNs of the majority of people in the USA. They take out prominent ads in the major national newspapers, announcing that as of January 2007, the database of SSNs will be made available to anyone who wants it, via the Internet.

Companies misusing SSNs would have a simple choice: either stop doing so, or face massive fraud against them in 2007. Shareholders wouldn’t give them much choice.

On January 2007, the database of SSNs is published anonymously to the Internet.

Of course, the perpetrators of this civic act would need to be careful to remain anonymous, lest they suffer a hailstorm of lawsuits, possibly even spurious claims of ‘terrorism’. But in the end, we would live in a better world–one where SSNs were clearly only useful for identification.