Archive

Archive for the ‘Social Networking’ Category

Privacy, not yours, other people’s….

January 30th, 2011 No comments
Screenshot of Facebook's Friend Finder Feature

Sure, give Facebook your email password, good plan!

This call to action periodically appears on Facebook as an inducement to provide them information to help you locate people you know on Facebook. It’s wrong, deeply wrong in so many ways. You don’t even need to factor Facebook’s already very checkered history with security and privacy. You don’t even need to decide for yourself to be more cautious than you are. All you need do is take a moment to consider that others might be offended, or worse, by your actions.

Don’t do it. Ever.

It’s wrong because it encourages you to decide on behalf of others what their level of privacy concern should be and to compromise their privacy without their consent.

Think about what you risk doing to others by using this feature:

  • If you use your employer’s email you have almost certainly violated their internet usage policy by granting a third party access to your account. Unless you own the company yourself, your work email account doesn’t belong to you. Your work contacts list doesn’t belong to you. Unless you’re the I.T. top dog, you’re not allowed to decide who can access password protected company resources. If you do what Facebook suggests you do with your employer’s email account without explicit permission, you should be fired. Period.
  • If you use your own email address, you have decided that you are both qualified to decide and entrusted by everyone on your contact list to share their personal information with Facebook. Believe it or not, lots of people want nothing to do with Facebook. Now they’re part of Facebook’s data pool. If you upload their contact info, Facebook has that but they also now know those email addresses are connected to you and, to a degree, to each other. Connected to you and whatever you felt like sharing with your Facebook community. Perhaps your friends aren’t too keen on being associated in a database with somebody who’s into knitting? Perhaps they’d prefer to keep their membership in the Free Masons on the down-low?

Sure, this is an extreme case. The hubris on Facebook’s part in actually asking you for log-in credentials for an account is unusual and, I hope, obviously excessive. The problem is, many sites ask you to compromise others under the pretext of doing you, or them, a service. Decide only for yourself who to trust.

Unless you’ve established a prior agreement with your friends that it’s OK….

  • Don’t use ‘send to a friend’ buttons on a web site. Copy the URL and write an email. Let them decide for themselves.
  • Don’t use evites or other  similar services to plan events by giving the service the email addresses of your friends.
  • Don’t send them ‘gifts’, real or virtual, by giving a web site their email address.

If you can’t refrain from doing these things, don’t be surprised to discover who ‘un-friends you’.

Post to Twitter Post to Facebook

Apple Aperture Places and Privacy

October 2nd, 2010 No comments

Aperture has a useful feature called “Places”. Places lets you access GPS metadata stored in your photos or assign location metadata to your photos. With this location metadata, you are able to browse, catalog and re-contextualize your photos using a map-driven interface. It’s very cool.

Aperture will automatically look up the location of an image and drop a pin on a map for you if your camera supports GPS metadata  (iPhone for example but many other cameras do this or support optional accessories to automate it.). You can also, if you choose to, use the map UI to assign location meta data to your photos. This allows you to browse your photos by location. Want to see every picture you took at<insert politically incorrect location here>? You need only locate that place with a handy dandy pushpin on the map. Want to see the path you took cross country stopping at each cool looking diner along the way for a black and white milkshake while hauling <insert politically incorrect cargo here>? Want to know where exactly took that photo of that bald eagle you accidentally shot while duck hunting? All these things are easy and convenient with Aperture’s ‘Places’.

The two options for using places are “Never” and “Automatically”. If “Automatically” is not enabled, Places is entirely disabled. The preference isn’t labeled “Look up places online from Apple and Google”. Hell, it doesn’t even say “Look Up Places Online” it just says “Look Up Places”.

All well and good. Handy. The problem is: Places, if you allow it to will connect to, at least, these severs:

  • ssl.apple.com,
  • www.google.com
  • place.apple.pushpin.com
  • mt1.google.com

Clearly, there is enormous value to the vast amount of GIS data and services available online but a simple GPS to rudimentary map functionality could and should be available using only local map and coordinate data installed with Aperture.

There is no option to look up places in an ‘on demand’ and per-image basis. No option to hide the UI elements that refer to places. No readily available documentation of exactly what information is sent to Google or Apple when you use the feature. No warning about what information you are licensing implicitly to Apple or Google when you choose to use this feature.

Now, there are a lot of good reasons you may not want to allow even the when and where of your photos to be stored by Apple or Google  no matter how legal, upright and upstanding a person you are. Let’s say you have a gmail address you use anonymously, for example, to post in a political discussion forum when you are the editor of a news program. It’s part of your private life. You don’t use your position with this news program to back up the opinions you discuss. You simply prefer not to have your personal political opinions be fodder for evaluating the validity and objectivity of your reporting. You write about Google or Apple, they look up your records, it leaks, your career is over. This is just one example. If you use Aperture on your laptop, expose your home in Manhattan to burglary while the time stamps and GPS data in the photos shows your in Bora Bora. Leaks of this data could compromise a woman fleeing an abuser. Leaks of this data could eroneously expose you as a person of interest in a data-mining fishing expedition. “Yes, Inspector Gadget, slap the old Patriot Act notice on Google. I want to know the names of everybody at 5th and Main between noon and one on the 25th.”

It is, simply, too easy to potentially give Apple and Google a a record of every place you have ever taken a photograph. It’s simply none of their damned business unless I choose to make it their business and I should damned well be informed about what data is sent and stored on their servers.

Apple should:

  • Clearly document precisely what data is sent to Apple and Google. (Apple now owns Pushpin)
  • Ensure all data sent to Apple/Google is anonymized and contains no image data.
  • Enable more granular control of online lookups.
  • Allow you to hide the UI for the feature if you choose not to use it.
  • Offer rudimentary location functionality using locally stored map data installed with the program.

You should, think a little more about how convenience and your use of ‘The Cloud’ may compromise your privacy and be a more informed and deliberate consumer of those services.

Post to Twitter Post to Facebook

The 7 Deadly Sins of Social Media – Fast Company

September 17th, 2010 Comments off

The 7 Deadly Sins of Social Media – Fast Company

I followed a link from a marketing VP whose profile showed up as a feed I should subscribe to on Twitter.  That made me think it would be an opportunity for amusing mockery here so I followed the link. Seeing it was a Fast Company story, I got myself set to have a good rant.

Shocked and amazed I say to you;  It’s a pretty good article. Go read it!

Post to Twitter Post to Facebook