Posts tagged privacy
Friday (ish) links – January 15th 2010
Jan 16th
A few random selections from this week’s reading.
Discussions of online privacy continue to rumble on. ReadWriteWeb had a piece about (facebook’s) Mark Zuckerberg repeating the adage that “the age of privacy is over.” Zuckerberg’s comments would appear to continue the confusion around facebook and privacy. Facebook’s popularity is at least in part due to peoples’ perceptions that there is some privacy (or at least control) inherent in it, but they keep eroding that. I deleted my facebook account a few weeks ago, partly because I was tired of negotiating its plethora of options. Twitter’s “always public” or “private” are really so much easier to handle.
Jeremy Gould pointed out O2’s SIM only iPhone plan on twitter the other day. I really wish I could find an equivalent in the US. On our last trip I was carrying two iPhones and a Palm Pre, but ended up buying a $10 virgin mobile phone from Best Buy.
Perhaps the biggest news in web development this week was the release of jQuery 1.4. The full announcement is here. I’m particularly pleased about all events now supporting live(), the improved support for contexts for actions, and the performance speedups, but many of the API changes look very nice. It’s been great to see several meaty blog posts about how some of the new features/improvements were achieved, such as this one on how the live() support works and Ben Nadel’s piece on handling problems with mouseover/mouseout.
In a similar vein I continue to enjoy Yehuda Katz’ coverage of Rails 3, including this piece on ActiveModel. It’s great to finally have a simple way to use AR’s validations, callbacks, etc. outside of ActiveRecord without resorting to nasty tricks. Gabe de Silveira also deserves some credit, not only for his very useful looking validation_scopes gem, but also for a dissection of its writing.
I missed this month’s LRUG but have been reading up on Dragonfly, a ruby library to handle image uploads and produce resized versions on the fly based on directives in a view. Putting that logic in the view makes a lot of sense and I really like the rails integration being handled by inserting rack middleware. I’ll definitely be looking for a project to try it out on.
Ajaxian continues to be the best source for impressive efforts with javascript. This week I was especially taken by efforts to implement audio sampling in firefox.
Fresh from Silicon Roundabout’s appearance in the latest issue of Wired UK, Ben Terrett of RIG has been working on some merchandise. I guess this joke’s just going to keep going.
TinyMCE is now on github. Chances are it’ll remain a pain to use (as are all editors of its ilk) but at least it can be checked out more quickly now.
And of course it’s been impossible to miss the tragedy in Haiti. The past few years have seen really impressive efforts to harness open source tools and techniques for use in disasters. Andrew Turner’s blog is a good stopping off point to find out what the mapping community has been up to.
Don’t imply privacy
Jun 6th
Conversations about privacy are an increasingly vital part of any planning process for a membership-driven website. Having been engaged in such a conversation for a new project and fielding support emails for an existing one, it’s been on my mind quite a bit lately.
We’re all managing a lot of personal data, whether we’re running sites that might be described as “social networks” or simply a blog that provides a way to connect up a commenters contributions. On any new project questions inevitably come up about whether or not users should be able to hide their profiles or specific pieces of information, often influenced by the way facebook’s closed walls give a sense of privacy by not letting google index profile data. I’m given to thinking that facebook’s approach has actually hurt such discussions, by implying a level of privacy they don’t really offer.
The problem is that approaches like facebook’s are far more about an illusion of privacy than any actual protection. The artifacts of our online presence, our comments, our photos, etc. and perhaps more importantly our friends’ comments and photos, are never going to be entirely shielded just because we can hide our profiles, but hiding profiles can make us think that protection is there. Similarly attempts by some sites to hide profiles from users who aren’t logged in offers an illusion. Because there’s a hurdle to see your profile it’s tempting to think that it’s protected, but that’s simply not the case.
Our designs need to guide people to be careful about what they’re putting in their profiles rather than having those profiles hidden, and to remember that their online artifacts will last even if the attention given to them dips from its initial high. Unless we’re providing something much more secure than a “hidden” profile, we should avoid the implication that our tools (rather than their behaviour) are what will offer privacy.
[Obviously there are some cases where our architecture needs to work harder to offer privacy, but that's far from the general case]
Following up on Facebook’s social ads debacle
Dec 3rd
Facebook appear to have given in to pressure over the debacle I wrote about a few days ago. According to their announcement:
Users must click on “OK” in a new initial notification on their Facebook home page before the first Beacon story is published to their friends from each participating site. We recognize that users need to clearly understand Beacon before they first have a story published, and we will continue to refine this approach to give users choice.
That’s definitely progress and will assuage the fears of many users. Unfortunately, as the unofficial facebook blog points out they are still storing data on your shopping preferences, even if they’re not displaying them. You can get around that by changing various settings in your web browser, but there’s no easy way to opt out.
Reactions around the web have been mixed: Some are advocating quitting facebook entirely (or as close to entirely as is possible, you cannot completely delete your account), while others continue to question whether most facebook users are concerned.
I quite like the idea that if facebook are going to use advertising they should target it based on what I’ve told them are my interests and who I’ve identified as my friends. So far, they’re doing a pretty poor job of that as I’ve yet to see an advert on there that interests me, but that’s data I’ve consciously given to them, and it’s my responsibility to moderate that if necessary. The problem is when I may be giving them more data than I realise because of who their partners are. That’s not an entirely new situation for the web —think of all the sites operated by yahoo or google — but so far it’s at least been limited to sites within specific networks.
For those who use facebook socially, it’s well worth considering how much you want facebook (and their investors) to know about you and what measures you can take to limit that if necessary. For those using facebook for promotion it’s well worth considering what your audience’s reaction is likely to be to this situation, to be clear about how you’re using data gathered from facebook, and to think very carefully about these issues before touching the social ads system.
The “Facebook Stole Christmas” debacle
Nov 27th
Having blogged in a way that might have been interpreted as enthusiastic (it came out less cautious than I had intended) about facebook’s social ads system when it was first announced it seems only appropriate to wade into the furore surrounding the actual implementation.
It seems facebook have caused a considerable amount of upset with the way they implemented their system. Technically it’s very interesting, using some clever javascript tricks (as I link blogged last night) to report your activity on various sites back to facebook. But practically it’s far less impressive as you’ll have to really keep on your toes to even notice what is being reported, and there’s no easy way to opt out of having your activity on participating websites reported to your facebook network.
As covered over at Read/Write Web, that’s upset some people so much that headlines like “Facebook Ruined Christmas” have been doing the rounds and MoveOn.org have launched a petition calling for facebook to change the behaviour. I very much support MoveOn’s action; it’s remarkable that facebook and participating sites aren’t offering users a simple and impossible to miss opt-out, and really each and every notification should require your explicit consent. Facebook’s own privacy page (only accessible with a facebook login) states:
Show your friends what you like and what you’re up to outside of Facebook. When you take actions on the sites listed below, you can choose to have those actions sent to your profile.
Please note that these settings only affect notifications on Facebook. You will still be notified on affiliate websites when they send stories to Facebook. You will be able to decline individual stories at that time.
That sounds good, if poorly worded, but not much like the user experience so many are reporting.
I don’t want to go so far as many have and utterly rule out the possibility that this system could be a good thing. I don’t want my wife to see what I’ve bought her for Christmas, but at some future time it might be useful to see that a friend has bought a tool we could occasionally do with use of, or for them to see that I’ve bought a DVD they wanted to see. Or on a more commercial level, I may want my friends to see that I’ve bought a certain CD (or package of MP3s) as I think they should go and buy it too.
The thing that facebook—like any company—must remember is that privacy should always be the default. It’s never an added extra, and certainly shouldn’t be a workaround only available to the technically inclined. As it is, facebook are lucky that this one started up as slowly as it did, and had better fix it before they start alienating that vast audience of theirs.