Michael Zimmer.org

A few days ago I blogged about how I was able to check my wife into a local liquor store using Facebook Places without her permission, despite Facebook’s insistence that “No one can be checked in to a location without their explicit permission”. This check-in has remained visible in my news feed, and depending on my privacy settings, may be viewable by any logged in Facebook user. Presumably there also is a database at Facebook that contains a record of my checking-in my wife into this location. Again, all without my wife’s explicit consent to participating in this new “feature”. Now, four days later, my wife had a chance to react to the notification she received from Facebook regarding my tagging her, and I thought I’d share a few more reactions to her attempt to opt-out of Places altogether.

It was confirmed last week that Google is acquiring Like.com, a visual search engine that focuses on helping people shop for clothing and accessories online. While most stories are spinning this as Google’s attempt to improve its product search engine and make inroads into the e-commerce marketplace, I see this acquisition differently.
It is important to realize that before Like.com was helping people find shoes and watches online, its technology was the core of Riya, a photo sharing and search site that allowed users to upload, tag and search images based …

Facebook has finally launched its location-based service: Places. Places allows Facebook users to “check in” wherever they are using a mobile device, and let’s their friends know where they are at the moment.

Facebook has tried to do a better job addressing privacy with Places compared to previous launches of new “features”. Particularly, Facebook brags that “no location information is associated with a person unless he or she explicitly chooses to become part of location sharing. No one can be checked in to a location without their explicit permission.”

But as I’ve played around with the service, I’ve uncovered a problem with Facebook’s assertion that “no one can be checked in to a location without their explicit permission.”

On Wednesday, July 21, 2010, I will be presenting in front of the Secretary’s Advisory Committee on Human Research Protections (SACHRP), part of the Office for Human Research Protections in the United States Department of Health and Human Services (HHS). My presentation will focus on how Web 2.0 tools, environments, and experiences are creating new conceptual gaps in our understanding of privacy, anonymity/identifiability, consent, and harm.

In response to recent Facebook privacy fiascoes — the privacy upgrade downgrade and inevitable backtracking, Zuckerberg’s (and other exec’s) various ill-informed remarks, etc, etc — I’ve co-authored an op-ed with Chris Hoofnagle, the director of information privacy programs at the UC Berkeley School of Law’s Center for Law & Technology, where we criticize Facebook’s “perfection of privacy public relations.”

The piece appears in The Huffington Post, and is titled “How to Win Friends and Manipulate People”. Here’s an excerpt:

These events represent the perfection of privacy public relations. Guided by earlier battles fought by tobacco and drug companies, information-intensive firms have learned how to use rhetoric to distract the public while successfully implementing new programs. They are the Machiavellis of privacy.

GigaOm highlights an interview with Nancy Baym, associate professor of Communication Studies at the University of Kansas and author of Personal Connections in the Digital Age, on the limitations in Facebook’s approach to privacy.
The interview covers various important issues, but Baym’s main concern is that Facebook has a “fundamentally naive and Utopian” view of what privacy means online, stemming  from the fact that the company is run by “a bunch of computer science and engineering undergrads who don’t know anything about human relationships.”
I agree. I …

By now, this series of events is very familiar:

Facebook launches new “feature” with little or no warning
Feature is automatically activated for millions of users
Users get confused and angry
Backlash and criticism occurs; users threaten to leave
Zuckerberg blogs that he has listened, tells you everyone really wants to share everything, but in the end backtracks a bit

This happened with NewsFeed, Beacon, changes to Facebook’s terms of service, and so on. And it happened again today.
Amid the rising criticism about recent changes, Facebook announced new privacy settings and practices, promising users more, …

On Sunday, Facebook’s Mark Zuckerberg finally broke his silence regarding the most recent spate of privacy problems with his social networking service, and published an op-ed in the Washington Post titled, “From Facebook, answering privacy concerns with new settings.”

I finally got around to giving it a close reading today, and my initial reaction was visceral — it pissed me off. In just over 500 words, Zuckerberg succeeded in sounding condescending, bragging about things Facebook can’t really brag about, and over-simplifying the core issues at hand. But in the end this doesn’t matter, because I don’t even think Facebook’s 400 million users were the intended audience.

Last Friday (May 21, 2010), I had the great pleasure of being a guest on Science Friday, the weekly science and technology show hosted by Ira Flatow, airing live each Friday on NPR’s popular Talk of the Nation radio show. The show’s topic was Protecting Your Privacy On Social Networking Sites, and I was joined by Rich Mogull of Securosis, and Kevin Underhill, a lawyer and author of the “Lowering The Bar” blog.
You can listen to the entire show, and read the transcript, here. (Apologies for any …

The May 31st Time magazine cover story is on Facebook and privacy. It is pretty much a straight recap of recent privacy issues and debacles surrounding the social networking company. Nothing all that new.
But one passage caught my eye (emphasis added):
Zuckerberg believes that most people want to share more about themselves online. He’s almost paternalistic in describing the trend. “The way that people think about privacy is changing a bit,” he says. “What people want isn’t complete privacy. It isn’t that they want secrecy. It’s …

In Facebook’s vice president for public policy Elliot Schrage’s infamous Q&A session with the New York Times readers, he made this statement:
The privacy implications of our ads, unfortunately, appear to be widely misunderstood. People assume we’re sharing or even selling data to advertisers. We’re not. We have no intention of doing so. If an advertiser targets someone interested in boats, we’ll serve ad impressions to people with ‘boats’ on their profile somewhere. However, we don’t provide the advertiser any names or other personal …

Recently we learned that Google’s Street View vehicles gathered people’s private communications on their home WiFi networks as they drove by snapping photos. Initially, Google denied it was collecting or storing any payload data, but later admitted that it had, in fact, collected private information that it should not have, information clearly beyond what any reasonable person who expect a street mapping service to collect.
Google’s explanation was that this privacy invasion was a mistake, and happened because some code inadvertently made its way into the Street View …

(Updated to include LinkedIn)
Given the recent focus on increasing numbers of users deleting their Facebook accounts due to the recent privacy disaster, and some of the past barriers that made it hard to accomplish at all, I decided to perform a comparison of the relative ease/difficulty of deleting one’s account on some popular websites: Amazon, Facebook, Google, LinkedIn, MSN, MySpace, Twitter, and Yahoo.
While you shouldn’t expect closing an account to be an easy task (they don’t want to encourage it), it shouldn’t be painfully difficult, either. In the end, closing …

Facebook’s Mark Zuckerberg has a history of speaking his mind on privacy, and what he speaks is often fraught with problems, ignorance, and arrogance. But, today, I found a new statement that brings Zuckerberg’s hubris to a new level: “Having two identities for yourself is an example of a lack of integrity.”

According to Zuckerberg, the person responsible for the world’s most popular website for sharing information about oneself, wanting to manage your flows of information in such a way that might present a different version of your “complete” self to your friends, family, co-workers, and more distant friends shows a lack of integrity.

Zuckerberg must have skipped that class where Jung and Goffman were discussed…

In an attempt to stem the rising outrage over its most recent round of privacy failures — Instant Personalization & Connections — Facebook’s vice president for public policy, Elliot Schrage, answered readers questions at The New York Times’s Bits blog. As with other corporate expressions of Facebook’s approach to privacy, his answers reveal a gross misunderstanding of the nature of privacy in our (social) networked world.