Apparently consumers do care about privacy

I often get into discussions about whether people really do care about privacy, given that they give away personal information regularly when they share with friends via Facebook or other services. A recent report suggests that people do care, at least when it comes to banking and shopping:

The Edelman study released in February 2012 shows that consumer concerns about data privacy and security are actively diminishing their trust in organizations. For instance, 92% listed data security and privacy as important considerations for financial institutions, but only 69% actually trusted financial institutions to adequately protect their personal information. An even sharper disconnect can be seen with online retailers, with 84% naming security of personal information as a priority but only 33% trusting online retailers to protect it.

The blog of the Office of the Canadian Privacy Commissioner (from which I drew this quote) sums it up in the title: Privacy: Not just good business, but good for business.

But I have to wonder, do these numbers indicate that privacy-preserving businesses will be winning customers, or will we simply see claims of privacy that aren't backed up by carefully constructed systems? Do consumers really care about privacy or do they just say they care? How will consumers evaluate potentially spurious privacy claims? In Canada we at least have the privacy commissioner who brings issues to light, and worldwide we have the Electronic Frontier Foundation, but while both organizations are astute and do their best, privacy claims are something that will need to be evaluated by organizations like Consumer Reports that are used by consumers when making decisions about where they spend and keep their money. Right now, by and large, we only hear about the relative privacy of an organization when a breach occurs.

I attended a talk on Internet voting yesterday and the speaker quoted an official in DC who claimed that, "voters like internet voting, so it must be secure," which is really quite a terrifying quote if you think about it. The speaker joked, "does this mean that because my kid likes cake, it must be healthy?" It really clearly demonstrates first that users of the system have very little understanding of its safety (despite strides in the area, internet voting as currently implemented is rarely secure) but also that officials who roll out such systems have little understanding of the flaws of the system and are much too willing to overlook them for convenience sake. If this is the case with voting, it's hard to believe that business would avoid such cognitive mistakes.

On the Subject of Privacy and Pants...

I was proofreading a privacy paper this afternoon and came across the funniest typo. I feel it is funnier if I illustrate it so that you too can see what popped into my head when I read it:

(Photo by cnewtoncom. For geek points, guess whose famous pants those are without clicking the link!)

Privacy breeches are much funnier than privacy breaches.

I'm not going to be able to get dressed tomorrow without laughing at my privacy-preserving pants. One could argue, perhaps, that the function of many pants is to provide basic privacy... but I leave the finding of non privacy-preserving pants as an exercise to the reader. And though it is a bit tempting to run a contest for the best illustration of a privacy breech breach, I imagine it would get not safe for work very quickly!

News: Experts recommend stronger protections for "Geodata"

Interesting article: Personal 'Geo Data' as Sensitive as Private Genetic Information, Experts Argue

Currently, no consensus exists for the definition of "sensitive data" in data protection and privacy law either in the EU or the USA. However, given the status of both regions as major trading partners it is essential in the digital age that such consensus is formed soon while legislation is in a transitional period. Consistent legislation would not only protect consumers and sellers, but also improve confidence across the whole of e-commerce and mobile computing.

That's perfectly true and reasonable. But I'm less thrilled about the example of why it might be sensitive:

Jessen points out in what particular situation geo-tracking might be most sensitive. "The intrusion and loss of integrity related to the processing of geographic location data are apparent when customers are subject to constant monitoring or when geographic location data are combined with other sensitive or demographic data, such as the location of bars, casinos, red-light districts," she says. She adds that "Personal profiles are established for behavioural advertising purposes on this basis." Even anonymised location data might compromise and individual's privacy, so it too must be subsumed in new privacy legislation.

Red light districts? Once again, privacy is not just for people who have something to hide, news writers and legislators. Surely, someone can come up with some other convincing reasons for geodata to be sensitive that don't make it sound like you're protecting only compulsive gamblers, alcoholics, and others who could be conceived of as doing something not entirely socially appealing? Especially if you're then going to try to convince the US to provide consistent legislation, it seems some other examples could be helpful in making the case.

Comprehensive Guide to Twitter Privacy: Where are you?

Comprehensive Guide to Twitter Privacy

I've become fascinated with how Twitter has such simple settings, and yet Twitter privacy is in many ways quite complex, so I'm starting to put all of this information together. This is part 2 of... a bunch.

[Part 1: Who hears what you say?]
[Part 2: Where are you?] <-- you are here!

Now read on to learn How your iPhone may be letting people know where you live and what being responsible about sharing your location really entails!

Part 2: Where are you?

A year ago, I talked about How Foursquare can help people steal your stuff. Someone had set up a handy site called PleaseRobMe.com which let you search to find out who in a given area wasn't at home based on their Foursquare checkins. (The site now says the the authors have made their point about oversharing and have disabled the search.)

The point being that while sharing your location can be a neat way to meet up with friends, it can also be used in dangerous ways. So whether it's Foursquare, Yelp, Facebook Places, Google Latitude, or Twitter, you need to think about what you're sharing and why.

Twitter's built-in location settings

At the time I wrote about PleaseRobMe.com, I don't think location was built into Twitter, but it's since been made an option for any Twitter post. I have to say, that I really love how twitter has done to make this option clear... including doing their best to make it possible to recover from an "oops" moment where you realise you've been sharing waaay too much information and want to delete all the location data to be safe:

They've also done a nice job with the "Learn more" help document, which includes the following message:

Be cautious and careful about the amount of information you share online. There may be some updates where you want to share your location ("The parade is starting now." or "A truck just spilled delicious candy all over the roadway!"), and some updates where you want to keep your location private. Just like you might not want to tweet your home address, please be cautious in tweeting coordinates you don't want others to see.

That pretty much sums up the advice any security/privacy expert would give you, although the complete document also explains how to turn things on and off, when one might prefer a precise location and when one might prefer just the city, etc.

But just like with the tweet privacy settings we talked about in part 1, this isn't the only way your location can be shared. Only this time, we're not going to blame your followers... we're going to blame your camera.

How your iPhone may be telling everyone where you live

Many modern smartphones and cameras, including the iPhone, have a GPS built-in such that you can store location data with every photo. That's pretty cool when it comes to sorting photos later, but because this information is stored with a photo, each picture you share could potentially tell someone exactly where you are (or were when you took the photo).

In Cybercasing the Joint: On the Privacy Implications of Geo-Tagging, Friedland and Sommer started looking at how many people share location data, whether they did so in unsafe ways, and whether they were aware of what information they were sharing. I highly recommend you flip through their HotSec presentation to look at the examples. (Even better if you can catch them presenting -- I really enjoyed seeing that presentation in person! -- but the slides are pretty informative on their own.)

My favourite one involves William Shatner accidentally revealing a "secret" studio location when he posted about recording there! And perhaps more relevant to "cybercasing the joint" are the craigslist posts that show expensive items, their exact geolocation, and the list of times when someone will be at home to take a phone call from an interested buyer.

The issue here is that geodata is often recorded by default. And it can even be dangerous to share this information. As a parent, how would you feel if you realized your teenage daughter had been taking photos of herself in her bedroom and it turned out that any predator could figure out where she lived? How do you feel about the fact that your friends' photos from your last party may have told everyone on the internet where you live?

Many photo services, such as Twitpic and Flickr, allow you to generalize your data so that it shows up as being in a city without showing precisely where within that city. But if you choose to have it visible (or just don't hide the data), you can often get a nice map where you can zoom in:

On Flickr you can view the exif data (Exchangeable image file format -- basically extended meta-information for pictures of the photo) and get the coordinates there...

All ready for someone's stalking pleasure!

The moral of this story

Sharing your location can be scary, and protecting your location privacy doesn't stop at turning off location on Twitter or refusing to sign in to Foursquare/Facebook places/Yelp. If you don't want everyone to know exactly where you are, you also have to make sure your camera and your friends' cameras aren't giving the game away.

Stay tuned for more Twitter privacy posts in April! And in case you missed it, here's [Part 1: Who hears what you say?] which talks about tweet privacy.

Comprehensive Guide to Twitter Privacy: Who hears what you say?

Comprehensive Guide to Twitter Privacy

I've become fascinated with how Twitter has such simple settings, and yet Twitter privacy is in many ways quite complex, so I'm starting to put all of this information together. This is part 1 of... many.

[Part 1: Who hears what you say?] <-- you are here! [Part 2: Where are you?]

Note that many of the things I'm saying here are true of other social networks or any place you might share information online, but I decided this would be most readable with examples from one site, so I've decided to use Twitter, which I like and use regularly.

Part 1: Who hears what you say?

On the surface, Twitter has perhaps the simplest privacy policy of any social network:

Either everyone can read your tweets (everything you say on twitter is public) or you can make your feed private (and then maintain a list of people who are allowed to see it).

You also, regardless of which option you choose, have the option of blocking individuals from following you. Blocking someone isn't hugely effective if they can then log out and read your public feed anyhow, but it can cut down on spam.

Retweeting

Blocking everyone you don't know is not necessarily the end of the story. Just like gossip, anyone who can read what you've said can also share it. It's fairly common in twitter parlance to "retweet" a message: that is, repeat the message verbatim or sometimes with small edits for length or the addition of commentary.

When you have a public account, retweeting is pretty much harmless behaviour. Anyone could see that funny thing you said if they looked, so if one of your followers retweets it, you're really just winding up with a few more strangers seeing it than you might otherwise. But they could have looked at that tweet at any time if they so chose. Often it's a really positive thing: more people get to hear about a cause you believe in or something cool you've done.

However, the story can be quite different if you have a private account. Perhaps you have chosen to keep your account private because you and your boss don't share political views. That "funny" thing you said could become seriously awkward if she winds up seeing it retweeted. Probably you chose to make your account private for a reason, and retweets can violate your expectation of privacy.

Violating privacy with retweets?

There's actual a whole paper on this subject that appeared in Web 2.0 Security and Privacy 2010. It has the cheesy-cute title RT @IWantPrivacy: Widespread Violation of Privacy Settings in the Twitter Social Network. They found that while some clients did block users from retweeting private feeds, many didn't and of course users could always just type RT and repeat the whole message anyhow. The researchers collected 4.42 million tweets that were exposing private information in this manner, and they expect that the numbers will continue to climb.

It's hard to tell, however, whether those millions of exposed tweets were really problematic for the people who wound up exposed, however. Perhaps millions of people asked before retweeting (something you should always do before sharing private information, but I know even I forget to do this sometimes when telling a good story I heard, so I suspect retweeting is no different). Perhaps most of the tweets were cute pictures of cats that no one really minded sharing. But either way, you should be aware of what you retweet and aware of what you say that could be retweeted.

Retweeting lies

It's also worth noting that even though researchers assumed that most of those tweets were actual privacy exposures, it's equally possible that many of them were made up. If someone can type RT and your name and cut and paste in the message, there's no reason that it has to be your message that they post in. Often edits are minor, but there's nothing stopping one from going RT @twitter we hate kittens or something significantly more damaging to someone's reputation. Without a public feed, it's hard to refute since no one can check what you said, and even with a public feed people may expect that you deleted the offending message. A recent defamation lawsuit in the US may serve as a reminder that what you say and what you seem to say on twitter could have real implications.

So that little checkbox? It's clearly not the end of the story.

Stay tuned for Part 2 next week!

[Part 1: Who hears what you say?] <-- you are here! [Part 2: Where are you?]

News: Facebook still going to share your address/phone # with external sites

Old Facebook home page
by Terriko.

Over a month ago, I wrote Facebook now enabling annoying phone calls and paper junk mail? and shortly thereafter they pulled the plan.

But it sounds like it's back on the table, along with an updated privacy policy format.

Given that anyone can buy a targeted Facebook advertisement, is this going to lead to new levels of stalking and general harassment from "adveritisers" who think it's totally worth a few bucks to get the phone #s of all the women who they might find attractive in their metro area? Awkward.

As usual, I recommend not having private contact information available in Facebook for your own safety.

To whom are you confessing?

Many people have been abuzz over the iPhone Confession App which even received approval from the church.

The Office of the Privacy Commissioner of Canada isn't ready to give the app their blessing, though:

Confessions
by jess.g..

One of the selling points of the app appears to be the password-protection feature, enabling you to lock out anyone who may try to find out about your sinnin’ ways. But what seems to be missing is what Little iApps, the developer of Confession, will do with the data they collect. According to reports, the app asks users to also provide information on their age, sex and marital status – paired with detailed information on the user’s transgressions, that’s a potentially detailed profile that would be quite attractive to marketers and others.

Details on the collection and use of the user-provided data wasn’t available on Little iApps’ site…so if the developer is collecting and using information without the user knowing, does that mean they’ve broken one of the commandments themselves – “Thou shalt not steal”?

Read their entire blog post entitled ‘Fess up – where does my data go?

"My account got hacked"

Some bite-sized wisdom from Jeremiah Grossman:

Funny how people, "my account got hacked," rather than "someone hacked into my account", like they think getting hacked is an act of nature.

I had a good laugh, but it's got me wondering... given how frequently attacks occur online, maybe it really does make sense for people to conceptualize attacks as something that just happens as opposed to something more akin to "that guy robbed me." Makes it easier to deal with somehow, or perhaps easier to accept that there will likely be no retribution?

And more disturbingly, does this "act of nature" approach to hacking explain the general public's sometimes apathetic response to routine privacy violations, both online and offline?

Facebook now enabling annoying phone calls and paper junk mail?

Drowning in Verizon junk mail
by Night-thing.

Sophos points out that Facebook has made yet another change to the way it handles your information: this time, allowing third-party developers access to contact information on Facebook.

Now, part of me wants to just shrug: it's always been technically possible for third party developers to get access to this information because of the current state of web security. It's long been true that anyone who can execute JavaScript in your browser on a site (e.g. every facebook app) can gain access to anything you can see. So if your friend installed FarmVille and you've allowed your friend to see your phone number, FarmVille can see your phone number (and the pictures of you in that horrible halloween costume, and that drunken post you made on your ex's wall...). And if you install FarmVille, they can even more easily glean your phone number and anything else on your profile. What Facebook's doing is in some ways good: they're helping to make this clear to users, and maybe even helping to track who is actually looking at and using that info.

But of course, most people aren't aware that this has always been possible, so they're suddenly envisioning FarmVille sending them paper brochures filled with new crop info, or phoning all their friends to ask why they haven't helped out on the farm lately. Maybe an automated call would help convince you to join the game and seek out that lost kitten?

And maybe those third party apps didn't realize they could do it either, and they're salivating over the extended marketing possibilities. Technically possible doesn't imply endorsed by Facebook the way putting the ability into the API does, so while getting this information might have been in the realm of sketchy scams before, now it's going to be considered a legitimate asset by more companies. After all, you consented when you installed the app. And remember, corporate assets do tend to be about making money, so don't assume they won't sell those lists.

So, while it was technically feasible before, maybe now is a good time to reconsider what data you keep within Facebook. And it's always a good time to re-evaluate which applications you have installed or will install. As always, I recommend that you don't leave anything on facebook you wouldn't want shared with the world, so now's a great time to delete your phone number and address from your facebook profile. And if you don't? Well, don't be too surprised when you start getting texts saying that someone needs help with their FarmVille crops.

A bit late: Santa's privacy policy

A bit late, but sent to me by a few folk as a fun follow up to A brutally honest privacy policy, here's a gem of a privacy policy from... Santa Claus.

Santa Claus requires your information in order to compile his annual list of Who is Naughty and Who is Nice, and to ensure accuracy when he checks it twice. Your information is also used in connection with delivering the kinds of goods and services you've come to expect from Santa, including but not limited to toys, games, good cheer, merriment, Christmas spirit, seasonal joy, and holly jollyness.

Read the rest here: "Santa's Privacy Policy" and leave those christmas decorations up just one more day before getting back to regular old January.

A brutally honest privacy policy

Dan Tynan has decided to cut through the legalease and confusion inherent in many privacy policies and produced a "real" privacy policy which is open-sourced for anyone to adopt. What results is hilarious and sad at once because it reflects a lot of how "private" data may be used. Here's an excerpt:

"At COMPANY _______ we value your privacy a great deal. Almost as much as we value the ability to take the data you give us and slice, dice, julienne, mash, puree and serve it to our business partners, which may include third-party advertising networks, data brokers, networks of affiliate sites, parent companies, subsidiaries, and other entities, none of which we’ll bother to list here because they can change from week to week and, besides, we know you’re not really paying attention.

We’ll also share all of this information with the government. We’re just suckers for guys with crew cuts carrying subpoenas.

Remember, when you visit our Web site, our Web site is also visiting you. And we’ve brought a dozen or more friends with us, depending on how many ad networks and third-party data services we use. We’re not going to tell which ones, though you could probably figure this out by carefully watching the different URLs that flash across the bottom of your browser as each page loads or when you mouse over various bits. It’s not like you’ve got better things to do.

...

So just to recap: Your information is extremely valuable to us. Our business model would totally collapse without it. No IPO, no stock options; all those 80-hour weeks and bupkis to show for it. So we’ll do our very best to use it in as many potentially profitable ways as we can conjure, over and over, while attempting to convince you there’s nothing to worry about.

Read the rest along with commentary on Dan's blog. He notes that it’s 5,085 words shorter than Facebook’s policy, just for comparison.

Security Costs vs Benefits: Should companies deploy SSL to deal with Firesheep?

SSL
by jeff_golden.

Yesterday, I talked about why end-users don't care about security and how that actually makes a certain amount of sense for them since the cost of behaving more securely can overwhelm the cost of an actual breach.

However, what I didn't talk about is whether this is true for companies. A single security breach in a single user account maybe doesn't cost a company much, but if breaches get common enough that they start losing users, it could be a problem with a much higher cost.

While users trying to protect themselves from curious folk with firesheep are counseled to use a VPN, website owners can choose to do encryption right from their end using SSL. But it was thought that SSL was computationally costly and even environmentally costly due to the supposed need for extra electricity and machines.

But who's been looking at what those costs actually are? A blog post entitled Overclocking SSL looked at the severity of these costs as they deployed SSL, and made a pretty clear statement:

If there's one point that we want to communicate to the world, it's that SSL/TLS is not computationally expensive any more. Ten years ago it might have been true, but it's just not the case any more. You too can afford to enable HTTPS for your users.

So there you have it: the people who should be protecting users from firesheep attacks are probably the companies who run the websites, since SSL isn't likely to be as costly to them as numerous complaints and support requests would be from their users. The cost equation might not be the same for all organizations, since the cost of certificates and labour can be non-trivial if you don't already have expertise on hand. But sure enough, Google has decided to provide https access by default to all gmail users, so they clearly believe it's worth it.

This leads to an interesting question: Does the burden of security always fall heavily on corporations and large organizations rather than on end-users? Many would argue that this is naive and that users must bear some responsibility, others would argue that only corporations have the resources necessary to make an impact on security. This is a much larger discussion that I expect we'll see occurring over and over again for a very long time.

Apathy or sensible risk evaluation: why don't people care about security?

Starbucks' Christmas Bokeh
by pierofix.

Engineer Gary LosHuertos decided to try Herding Firesheep in New York City: He sat down in a Starbucks, opened up his laptop and started gathering profiles, then sent messages to people whose facebook accounts he could access warning them of the security flaws. Some people closed up and left, but some just ignored his message and went on with their day. Confused, he sent another message, but they just didn't seem to care and continued using their accounts.

This is the most shocking thing about Internet security: not that we are all on a worldwide system held together with duct tape that has appalling security vulnerabilities; not that a freely available tool could collect authentication cookies; and certainly not that there are people unaware of either. What's absolutely incomprehensible is that after someone has been alerted to the danger (from their own account!) that they would casually ignore the warning, and continue about their day.

But is this shocking? To someone who cares about security, maybe. To someone who knows people? Less so.

Cormac Herley has an absolutely great paper entitled "So Long, And No Thanks for the Externalities: The Rational Rejection of Security Advice by Users"

It is often suggested that users are hopelessly lazy and unmotivated on security questions. They chose weak passwords, ignore security warnings, and are oblivious to certificates errors. We argue that users’ rejection of the security advice they receive is entirely rational from an economic perspective. The advice offers to shield them from the direct costs of attacks, but burdens them with far greater indirect costs in the form of effort.

So let's think a little bit about cookies and firesheep. One of the ways to be most safe is to browse using a VPN. For someone who already has one set up, this is pretty much a matter of toggling something on your computer: pretty low difficulty and less trouble than having your accounts hacked. You can see why many geeks think it's ridiculous that people wouldn't just secure their sites: even if you include time setting up the VPN, for many folk that's a task that falls under the heading of "something I meant to do anyhow" and isn't really perceived as costly.

But if you're not a computer-savvy person who has a server online to host a VPN, setting up a VPN can be stupidly costly. Maybe you'd have to replace your router with one that can handle it. Maybe you'd have to pay for hosting. Maybe you'd have to spend hours figuring out how to generate keys, or pay someone else to do that. Maybe just figuring out what you need to do at all is going to take hours. Quickly, the hours required seem worth more than the cost of having some stranger send you messages from your own facebook account, or maybe set your status message to something embarrassing.

Perhaps what we need to raise the costs of a security mishap is a little evil. It's actually easy to craft a firesheep-based attack that would raise the cost high enough to make VPN hunting (or just not using the Starbucks wireless) seem worthwhile to most people: Log into someone's account, delete all their status messages, notes and photos, defriend all their friends. Since there's no easy way to back up your facebook profile, the results would be devastating and partially unrecoverable: worth more than the pain of setting up a VPN or going without FB while in a coffee shop. It might be easier to litigate for theft/unauthorized access than it is to restore that profile, so I don't recommend any security vigilantes start doing this!

So I guess the take-home message here is that while it's worth trying to educate users so they can make smarter decisions, they're not necessarily being delusional or foolish when they just say "meh" and go on with their lives. If we want to make a really huge impact, we need security solutions that are so low-pain that there's no longer any rational reason to reject them.

Apparently Facebook hates privacy so much that they pay lobbyists to stop privacy laws

Privacy is not a crime
by sunside.

This maybe shouldn't surprise anyone, but Mashable is reporting that Facebook Lobbied to Kill Social Networking Privacy Act in the USA.

It's one thing to believe that privacy isn't important, or to make mistakes that expose users, but paying people to lobby against privacy legislation that might protect your users seems like a big step further. It makes me concerned as a user of the service.

Incidentally, Facebook has already broken Canadian privacy law (they're not the only ones), and likely the laws of several other countries, so I guess it makes sense that they wouldn't want to run afoul of further laws... but I really wish they'd do this by handling privacy issues better rather than paying people to make sure the laws don't come into effect. Maybe the law was simply ill-conceived (I haven't read it) but this really doesn't sound like the actions of a socially-responsible company. Very disappointing.

Quick Hit: Firesheep

Mountain view with sheep
by Jule_Berlin.

By now, probably everyone's already heard of firesheep, the nice user-friendly way to use cookies to do session hijacking. Want to be logged in as someone else on Facebook? No problem.

It's nothing spectacular on a technical level, since it's been easy enough to use other people's cookies for quite some time, but it's a pretty impressive social hacking tool. It's making it clear to a lot of people (and media) that this is a real problem, and that it's an exploit anyone can do now.

I'm actually sort of surprised that I haven't seen this earlier: it used to be a bit of a game in the undergrad lounge to see what one could sniff off the network, with people using some tool whose name I've forgotten to show any images that came up from users surfing on the wireless. Hacking session cookies would have been a fun addition to our childish games -- and I'll bet plenty of college kids are using it for just that. Or for checking out their ex-boyfriends/girlfriends...

Privacy and Twitter lists

I think twitter may have among the simplest privacy settings of any social network. Your choices are either everything you post is public, or everything you post is private.

But simple does not mean that things will stay private. Just like everything on the internet, the minute you post something someone else might choose to share it. Some researchers have actually studied how often people retweet private content on Twitter.

Something I haven't seen studied, however, is how private information can leak out through twitter lists.

Twitter allows you to make lists of people who you'd like to have grouped together. For example, I have a list of technical women who I follow. These are women in technology who I've met in person or interacted with extensively online, and I really made it for my own personal use but since it's a public list others can (and do) follow it. Presumably they're looking for more cool women to expand their social networks.

Twitter allows you to see what lists a person has been added to, and this is where it gets interesting. Let's take a look at the lists of which I am a member and see what we can learn about me.

Here's a few things you can get a glance:

• I have a lot of real-life friends on twitter (and now you know many of them are)
• I'm a musician
• I work in security, technology and on open source software
• I'm speaking at an upcoming conference and have attended a variety of events
• My friend Leigh is stalking me ;)
• I live in Ottawa

Wait... what? Despite the fact that I explicitly chose to say a more generic "Canada" in my profile information, my current city can be determined by the fact that it shows up in several of the lists I'm on. There's of course no way to be sure that any of this is true, but when more than one person lists me as being in Ottawa it seems fairly reasonable to guess.

I'm not personally concerned (obviously, since I'm talking about all this information in a public blog post!) but some folk are much more private than I am.

So what are your options if you want to hide this information? Well, if I don't like the lists I'm on, I can... uh... There's no apparent way to leave a twitter list. I suspect one could block the list curator, but the people revealing your location are most likely to be actual real life friends: people you wouldn't want to block. So you'd have to resort to asking nicely, but that's assuming you even notice: while you can get notifications of new followers, you do not get notified when you're added to a list. I've been asked about exactly two of the lists I've been put on (thanks @ghc!) so obviously it's not the social norm to ask (I certainly have never asked anyone I've listed!)

A quick check says I can usually get the current (and sometimes some former) cities for many of my friends, as well as information related to their occupations, interests, and events they've attended. For most of these people, I know this isn't information they consider private either. But it's obviously possible that this could be a problem... I wonder how many people it affects in a negative way?

Maybe this is a potential little workshop paper if I have time to analyse a whole bunch of twitter lists. Anyone want to lend me a student who's interested in social media privacy?

Edit: A note for those concerned about not being that privacy-violating friend. You can make twitter lists private if you want (it's just not the default), so just do that for the lists you think are sensitive and you're good to go!

Privacy: Not just for people who are doing bad things

I'm happy to see that Gizmodo is already recommending that people disable Facebook Places in as much as you really can.  And the article has a nice step-by-step on how to limit the amount your friends can (accidentally or intentionally) violate your privacy.

But I take issue with the fact that their examples were "you're lying to your girlfriend" and "you're cheating on your wife."  Seriously?  I know they were trying to be funny, but the implication you get from the article is that privacy should only matter in this way if you've got something to hide.  But that's not the case:

What about a parent who doesn't want to advertise to strangers the exact geo-location of the parks his kids play in every day?

What about a woman who has received threats from unpleasant people who feel that women should not be involved in open source software?  (I wish I were kidding, but this happened to me, and other people receive threats from disturbed individuals online.)

What about someone shopping for an engagement ring who meets a friend at the mall?

There's plenty of reasons one might prefer privacy.   I think maybe we would do well to include this sort of example in articles, so that even those living utterly honest lives will realize that privacy is important to them and people they care about.

A crash course in the social media equivalent of defensive driving

How can you stay safe and keep things private while still taking part in online life? I'm a web security researcher, so I get asked this fairly frequently.  And it's easy to see how people get overwhelmed by all the news stories, the marketing blurbs, and the constantly changing policies.

Why I'm not telling you to quit Facebook

Let's say you're worried about your risk of getting into a car accident.  Do you sell your car and refuse to get into any moving vehicle?  No.  Refusing to use a car might make you safer, but it would be quite isolating and, depending on where and how you live, very difficult.  Just like many people live without cars, you can live without social networking, but it there are some significant costs to refusing to participate.  Many people's need or desire to participate is much stronger that the risks they face.

If you're worried about car accidents, you've got other options to manage your risks than giving up your car.  You can learn to drive defensively.  You can make sure you wear your seatbelt.  You can learn about the safety ratings and use cars that perform better in safety tests.  You can refuse to drive places that are dangerous.

So what I'm hoping to do here is give you a crash course in the social media equivalent of defensive driving.

The web is not a safe place

When I learned to drive, my driving instructor often reminded me that I had to treat every car on the road as if it were being driven by a moron who might swerve into my lane at any time.   It might seem like a very negative point of view, but it's a very practical one that's helped me avoid accidents on numerous occasions simply because I was expecting it.

My blog is called Web Insecurity for a reason.  Nearly 2/3 of web pages currently have a serious vulnerability.  So that means no matter what the policy is, how careful you are, or how careful your friends are... there's a good chance you are going to view some code controlled by a bad guy, and they could get information about you that you don't want them to have.  It's often very easy to exploit these vulnerable parts of a website.  75% of websites with malicious code are legitimate sites.   

You may be thinking, "sure, but no one's going to care about my data."  And you may be right.  But if a bad guy is trying to make a company look terrible, one way to do so is to expose information about all of their users.  You can definitely wind up as collateral damage.

Learn your legal protections

Learning about legal stuff can be time-consuming and confusing, and frankly companies may violate laws anyhow.  But it's still worth learning a bit about your rights. The EFF has quite an impressive body of work covering free speech, privacy, intellectual property and other important issues, and they do a great job of translating legal speak into clear, comprehensible articles.   You might also consider reading bloggers like Michael Geist, and your country may have great resources like the Office of the Privacy Commissioner of Canada.

Remember that things that may seem similar often have very different legal protections.  For example, if my credit card number is stolen, there are laws that limit my liability to $50.   But that's not true about all money transactions online:  Debit/bank cards have no such legal protection.  Some modern credit cards that require a PIN have no such protection even though these cards aren't actually safe. You may have no legal protection from your bank if you don't follow their security procedure to the letter, and those security requirements of online banks can be pretty crazy: Do you reboot your computer every time you bank?  No?  You might be on the hook if someone compromises your account!

So yeah.  It's a bit of work, but it's worth it to at least learn about the issues that affect you.

Learn the controls

It may seem a bit silly, given that I've already told you that websites can easily be compromised, but if you're managing risks you should learn to use your privacy controls, choose good passwords and security questions, and keep those things private.  Again, it's about managing your risks: even if these controls can't make you 100% safe, they might make you safer.


Companies are not your friends

For many companies online, you are not really their primary customer: your time and your personal information are assets the company sells to their advertisers.  You have to expect to be treated accordingly. You have to treat every company or organization you interact with online as potential hazards.   Many companies intentionally or unintentionally violate privacy laws and even violate their own privacy rules.  And privacy rules change, sometimes because the company itself changed them, sometimes because they get bought out by another company.  Your guarantee when you signed up for the site is unlikely to hold a year from now, but it may be nigh impossible to remove your data from the system when it changes.

And that's just the "legitimate" problems that could affect you: there's a good chance any company's sites could be attacked and your data exposed as a result -- it happens to fully legitimate companies all the time, no matter how good their intentions towards you and your data.

Choose your friends wisely

You wouldn't tell all your secrets to the office gossip, but online your friends may be "forced" to become gossips either through malicious software or through changing policies.  It sounds like some crazy super-spy movie: trust no one!  Your friends could be compromised!  But once again, just like I'm not telling you to delete your facebook account, I'm not going to tell you not to share, just to be defensive.

For example, I have a couple of friends who really enjoy Facebook games.  They seem to install every new thing that comes along and invite me to join.  Nothing wrong with that, right?  I mean, if I don't want to join, I just don't, and that's the end of it.  Except that it's not: my friends have all these games and thus all these extra ways that someone might break in to their accounts.  And indeed, these are the folk who wind up with compromised accounts more often than most.   So while these are great people who I'd be happy to share job concerns or relationship woes with in real life... It's too risky for me to share private stuff with them online.  They are the office gossips, whether they mean to be or not.  They're not the only ones who put me at risk (any friend can end up on the wrong end of a broken website) but they're the riskiest.

Choose what you want to share

The biggest part of managing your risk is choosing what you want to share online.  Here's a few questions you might want to ask yourself:

1. Will this embarrass me if it gets out?
2. Will this affect my safety?
3. Will this affect my employment?
4. Will this affect my family/friends?

If your job requires you to be a role model, you may have to be a role model even in your off-hours. Maybe it shouldn't be that way, but let's be pragmatic: you have to assume that it is that way.  

You have to assume that anything you share online could become public knowledge.  You can't trust the companies, you can't assume their sites are safe, and you can't even trust your friends because of unsafe websites.  

Think before you share.

Using a pen name

One other way to manage risk is to use a pen name or pseudonym.  Lots of people do this to give them a layer of privacy, especially when trying out something new like starting a silly blog, or when engaging in discussion that could be sensitive such as online political debate.  Sometimes it's even an open secret that so-and-so goes by a nickname online, and the only reason they do is to make it harder for potential employers to come up with a list of everything they do online when searching their legal name and given email address.

This is a great tool if you want some more freedom to speak, but people sometimes will do the legwork necessary to figure out who you are, especially if you're high-profile or saying something unpopular.  So pen names are great, but do remember that they're not 100% guaranteed to keep you safe.  Again, it's another way to manage risks.

No matter what you do, everything may become public

I've said this a bunch of different ways, but this is the real take-home message here: No matter how careful you are, anything you do online can become public knowledge.   It's up to you to manage your risks accordingly.

But don't despair -- it may sound stupidly hard, but you're already handling issues of trust and privacy every time you choose to tell a story to a friend or complain about work at a party.  You might have to pretend you're in a spy movie and trust no one, or you might decide some things are perfectly fine to share with the world.  Just try to make an informed decision.

Will privacy issues herald the end for Facebook?

escape!
by dev null.

I've been seeing a lot of people talking about deleting their facebook accounts over the privacy issues. At first, I chalked it up to my twitter contacts being more aware of security issues than average (I do follow a lot of security folk), but I'm starting to see retweets from outside my own network that imply a lot of people are jumping ship:

@tonyakay: "I deleted my Facebook" is the new "I don't own a TV"

Which really probably sums it up. It's a bit pretentious and holier than thou to announce your lack of Facebook, and it's kind of a techno-elite status marker. When Wired called for an open alternative to Facebook I figured I was right on the money, and it was just a thing for tech nerds to do.

But then I started seeing things like this:

@thesixthbaron Was told by a student this morning that not having a Facebook account is now cool. #abouttime

The Great Escape
by Hryck..

Facebook's biggest strength is in the network effect. The more people you know who use Facebook, the more useful it becomes. Everyone says, "Oh, I have to keep my account because $some_friend_or_family_group still uses it to communicate." But if Facebook is starting to be uncool the way myspace became less cool, then there aren't going to be as many people worth keeping an account for.

It's not just the people that keep users on Facebook. No one says, "I'm too addicted to FarmVille to leave." But I'm guessing that's an issue for some. However, it turns out the games may be jumping ship too. (And if you don't want to admit you're leaving because of the games, you're probably going to say the problem was privacy, because that's what the cool kids are saying.)

So now you have fewer friends on Facebook, and you have fewer new games... will you stay, or will you find you're spending most of your time elsewhere and encouraging your friends to do the same? People will keep their accounts in case Joe from highschool wants to chat, but they'll use them less and less.

We're starting to see suggestions that the facebook ecosystem actually could collapse, not just that some tech people wish it would.

Escape
by just.Luc.

Privacy is a big deal and countries are starting to care. Those are big players, but a mass exodus of actual users now shows that it's more than a few policy-makers and the techno-elite who care: privacy may actually be a selling point for future social networks because it seems that the market is demanding it.

The question for Facebook is "at what point will enough people leave?" and the answer right now may be, "when they have somewhere else to go." And that next big thing may have to provide some pretty strong privacy guarantees to woo over enough audience. Is it possible? Yes. Will it happen? That remains to be seen.

The advertising social contract vs malvertisements: how can online advertisers earn your eyes?

I'd like to draw three related things to your attention.

First: Avast released a study on malicious advertisements in February, and the media's had some fun reporting on "malvertising" while seasoned professionals tried not to roll their eyes at yet another buzzword. (Tired of malvertising? Try "badvertisements!") Malvertising is one way legit sites get hosed: estimates say 75% of sites with malicious code are legit sites that got compromised.

Second: Back in March, Ars Technica posted a rant, "Why Ad Blocking is devastating to the sites you love." That they felt ad blocking was impacting revenue and asked people not to do it. (Note that this argument spawned rebuttals.)

Third: I went to a talk by Terry O'Reilly and Mike Tennant, as part of their book tour for The Age of Persuasion: How Marketing Ate Our Culture. (I recommend their radio show.) Among the things they talked about the advertising social contract: In exchange for your attention, advertisers give you something in return. TV advertisements subsidize programming, so they're honouring the contract. Billboards don't really give anything back to the consumer, so they're breaking it.

----

So here's where we put it all together:

Using ad blockers breaks a social contract with advertisers: namely, you get free stuff (content) in exchange for those eyes. If you're taking without exposure to the advertisements, you're "stealing."

But advertisers are breaking the contract in even worse ways with malvertising. They're basically stealing from viewers. It might not be intentional, but it's probably the equivalent of having advertisements on the TV that blare so loud that they cause hearing damage. Could you blame people for turning those off?

Ad blockers do more than keep you from seeing advertisements: they may actually make you safer.

So what to do? The advertisers can try to woo people away from ad blockers by giving more. Terry O'Reilly and Mike Tennant talked about how they like to make their ads funny: so you're giving more in terms of entertainment. What can advertisers do to give back when it comes to security and privacy?

One answer I've seen on that front comes from a surprising source: Facebook. Although Facebook isn't known for getting privacy right at all, but they are doing their darnedest to put a nice spin on their privacy violations. Sure, maybe you didn't want to share with those Facebook connect apps... but isn't is awfully convenient how other sites already know your preferences?

Unfortunately, I (and many others) don't WANT creepy customization. So in the end what they're trying to do doesn't really help with their end of the social contract at all. It may even hurt for many people. Let's just hope that later attempts are a little more generous on their side of the bargain.

You know who did it better? Burger King. Their Whopper Sacrifice where you defriended 10 people for a whopper was quite the hit. In exchange for ditching your friends and giving up some privacy, you could get a free burger. And lots of people did.

I'm not sure I'd give up more privacy and security for a burger, but I'm curious to see how the more creative advertising folk handle this challenge. If users become more aware of malicious advertising, will it even be possible to overcome this challenge and still use banner advertisements, or will we be seeing advertising in new ways?