Earlier this week, Technology Review ran a piece discussing the social networking site, Moli, which allows users to manage multiple identities through a common login, controlling who gets to see what aspect of their lives. I was quoted in the story (and blogged about it), expressing concern that Moli, while pitching themselves as privacy-friendly, might actually pose a greater threat to user privacy than sites like Facebook:
Given that I have less control over who can see my profile at Facebook, there is some information I’m simply not willing to share on that platform. But since Moli provides me a simple way to manage multiple personae, it is perhaps more likely that I would divulge more personal information. If I can create 4 different personae (say, one highlighting my professional life, one detailing my music and cultural interests, one focusing on my sexual fetishes, and one for my family members), I certainly will be disclosing much more personal information than my single Facebook profile. And while I can set the privacy levels for each profile, Moli gets to see it all….all linked to my single account with a common e-mail address, zip code, birthdate and gender.
Well, Moli was paying attention, and contacted me in order to address my concerns and discuss their platform and technologies in more detail. So, a few days ago, I had a wonderful phone call with Moli’s president, Judy Balint, and a few other of their technical and marketing people. They made it clear that they designed the technical infrastructure that Moli uses with concerns about privacy at the front of their mind. In fact, as many of the execs come from the financial industry, they took the approach of considering users’ social networking data like financial transaction data, and build in the kind of security and privacy measures that you’d expect to see at an online broker. Approaching the design of a social networking site as if you have a fiduciary duty (they didn’t use that term, but it seems apt) with respect to users’ data seems like the right way to go.
The folks at Moli also pointed out that the registration data collected from users (e-mail address, zip code, birthdate and gender) is stored in separate databases than their profile data. Also stored separately is any clickstream data they collect from users when using the site. They made it clear that these different sets of data are never combined for marketing purposes, and that any data analysis is done on aggregate numbers. While this is good practice, it doesn’t mean the three sets of data couldn’t be merged or queried against each other if necessary. If someone wanted the registration info for a certain profile, Moli certainly would be able to provide it. That’s the broader concern, and it isn’t just paranoia — remember that Brazilian officials requested Google provide user information based on activity on their social networking site Orkut. Of course, this isn’t a problem unique to Moli, but if my fears are correct that users might share more personal information with Moli that they might on other social networking sites, the potential harm is greater.
Again, I applaud Moli for understanding that privacy is contextual in nature, that I might share some personal information in one context and not another. Designing a system to allow me to manage my privacy between contexts is an important step forward. And ensuring that profile data is segregated from registration data also shows their commitment to protecting user privacy. Dangers still exists, but hopefully their focus on designing for privacy will exert pressure on other social networking services to build in more privacy protections as well.