Why Online Privacy Is Broken

Trailrunner7 writes "One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it. Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects. A quick search of recent news on the privacy front reveals that just about all of it is bad. Facebook is exposing users' live chat sessions and other data to third parties. Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well. But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."

User generated content belongs to the user...

[alexandre]

If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...

Re:User generated content belongs to the user...

[BuR4N]

No, we would be in IT support hell, maintaining our dads and moms P2P servers......

Re:User generated content belongs to the user...

[betterunixthanunix]

Just like right now, we have IT support hell, maintaining our parents' web browsers and operating systems.

Seriously, you think that there is something special about P2P that makes it particularly harder to maintain?

Re:User generated content belongs to the user...

[TerranFury]

A big problem is simply NAT. Non-technical people are not going to set up port forwarding. This basically broke the Internet, and pushed its development in undemocratic directions.

UPnP partially fixes this, but opens up a whole bunch of other problems, which are even worse.

IPv6 is supposed to fix this for real, but I don't count on it because IPv4 is "good enough," and I bet that it'll be easier for people to keep throwing NAT and subdomains at the problem. E.g., companies don't need to bother maintaining their own webservers and having their own public IPs; the way things are going they'll just point people to "facebook.com/companyName" (I heard an ad do this on the radio yesterday, in fact).

Re:User generated content belongs to the user...

[betterunixthanunix]

It is fairly trivial to connect to Gnutella through a NAT without any port forwarding -- so I do not see this being a significant problem.

Re:User generated content belongs to the user...

[Ephemeriis]

No, we would be in IT support hell, maintaining our dads and moms P2P servers......

I do maintain computers/routers for my family members. I've done it for years. The lack(?) of P2P hasn't changed that at all.

But, supposing that P2P was some kind of nightmare to deal with... Why couldn't we make it work better? Build protocols that played nicer with NAT tables... Or build UPnP that works better... Or just throw out the whole IPv4 thing and go to v6?

Re:User generated content belongs to the user...

[TerranFury]

This wasn't a user page though; it was literally "facebook.com/companyName," and the company was actually a big one -- something like "Verizon" or the like. I sensed it was less a "we're too poor to have a website" move and more a "all the cool kids are on facebook so we should be there" move.

Re:User generated content belongs to the user...

[paxcoder]

Yeah, you just have to know where to connect. Similarly with searching: You have to know whom to ask, so you ask the one who'll know whom to ask and that's the server.

However, I don't think the original poster isn't talking about random file sharing - such as BitTorrent. He is perhaps talking about decentralized (social) networks with peers/users/friends having their own servers (see SheevaPlug), and controlling both data and software on it (see http://ur1.ca/lch5 and http://groups.fsf.org/wiki/Group:GNU_Social/Project_Comparison - the right part of this page).

Ignorance, not indifference.

[Striek]

I would think (and hope) that customers aren't asking for it because they're not aware of the risks, not because they don't care. Like when people stop using debit cards everywhere only after their card gets duplicated.

Re:Ignorance, not indifference.

[Endo13]

With a credit card, they're spending the creditor's money. With a debit card, they're spending your money. Even if all the protections are identical, which do you think will inconvenience you more?

Re:Ignorance, not indifference.

[mcgrew]

Apathy is blamed for a lot of things that people really aren't apathetic about at all. One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.

As TFA notes, security is another one. People complain about their virus-infested computers so they aren't apathetic, they're simply ignorant; they don't know HOW to not get viruses, and they bitch loudly because they bought NcAffee and Norton and turned Windows firewall on and STILL get viruses because they DLed Metallica-FreeSpeechForTheDumb.MP3.exe and played it by clicking the file. They have no clue that the file is an executable, because Microsoft hides the file extension by default.

The same goes for privacy. As TFA (again) mentions, most users want both privacy AND social networking. As the article summarises: "Blame the user? Here's a better idea: Listen to the user."

Fat chance of that happening though. The user isn't the customer.

Re:Ignorance, not indifference.

[betterunixthanunix]

The problem is that social networking websites make their money by undermining user privacy; there is simply no incentive to actually listen to the users' complaints about privacy, and for a company that must answer to its investors, there is actually a disincentive to listen to the users. Users want privacy and social networking and social networking websites, and they do not want to pay for those websites -- it is just not possible to meet all of those demands at the same time. Privacy is the easiest thing to drop from the list of user demands you actually meet, since it is not the first thing most people will notice.

Re:Ignorance, not indifference.

[kevinmenzel]

In Canada, or at least with TD, I've had fraudulent purchases made with a copy of my Debit Card someone made. They had the PIN and everything apparently. So I contacted the fraud department, and every fraudulent charge was reversed. It took less than a month, and it wasn't even that much, because I noticed it quickly (it was less than $40 at that point). Additionally, fraudulent transactions made with my web banking are also covered. Of course debit is, I suppose, different in Canada than in most places, given the Interac network...

Re:Ignorance, not indifference.

You overestimate how much the average person cares -- yes, some people skip voting, as a (seriously misguided, IMO) protest boycott. Most of the people who don't vote, however,do so out of apathy, not principle. There's always a third party candidate (at least in the presidential race, and surprisingly often in lesser races) so you can make your voice heard as being in opposition to those parties, and if there were _really_ anything like 50% of people so disgusted with the two parties we currently have, and (more importantly) the voting system that keeps control limited to two parties at a time, you'd think it'd be damned easy to organize a range-vote or approval-vote party whose sole purpose is electoral reform, and consistently get, if not an outright win, a vastly greater popular vote than third-parties normally get.

With computers, you're not half wrong, but it's not like they don't have a browser in front of them -- if they really aren't apathetic, you'd think they'd seek to inform themselves...

Re:Ignorance, not indifference.

[vlm]

my check card (debit card that allows you to run it as a credit card anyplace that accepts mastercard, but takes the money from your account with 0% interest owed instead of racking up money you owe to faceless megacorp with 18% interest) has the exact same protections as a credit card.

So, your check card is stolen, your account is zero'd. Now all your legit paid bills bounce. Each individual merchant wants $25 and up, directly from you, for bouncing a check. How does your check card protect you from that? My theory is, it does no such thing.

Also I owe 0% interest on my CC. Simply pay your bill each month, no big deal.

Re:Ignorance, not indifference.

[Smauler]

Here in the UK they're both chip and pin - few retailers will take signed for cards AFAIK. My credit card has had the bit where your signature goes rubbed off for the past couple of years (revealing void void void), and I doubt very much it'll swipe through any magnetic card readers now. I still use it regularly though (I know it's pretty insecure, but if I lose it I'll just phone up and get it cancelled).

In the UK if there are charges which are made to your debit card which you claim are not from negligent acts on your part (like your example), they have to reimburse your account basically immediately, then do the investigations. They are liable for fraudulent access to your account, as long as you've not been negligent. If you voluntarily agreed to the full transaction though, you're out of luck (ie. a business who went bust, or a scammer who didn't fulfil their side of the bargain) - it's just like giving cash to them. Credit cards have more protection though - any transaction over 100ukp you can get back, for almost any reasonable reason, ie. paid and did not get the goods, etc. Transactions under 100ukp are covered in the same way debit transactions are I think.

Re:Ignorance, not indifference.

[phantomfive]

One example is voter turnout: they say 50% of voters stay home because they don't care, when the real reason they stay home is they don't see much if any difference between candidate A and candidate B. It isn't apathy, it's a conscious decision to boycott the system.

You're doing it wrong. If you actually care, but don't want to vote for any of the candidates, then you should vote for a third party candidate, write in a vote, or leave the response blank. That shows you are actually willing to do something. Not to mention, a boycott of the voting system doesn't do anything but give more power to the remaining few who do actually vote. Those people aren't going to feel very motivated to push you to vote.

Otherwise you just get lumped in with the people who are apathetic. And there are a lot of them. Including me at times in the past.

Re:Ignorance, not indifference.

[innocent_white_lamb]

The problem is that social networking websites make their money by undermining user privacy;
 
Since the only exposure that I have had to Facebook and the like is comments on Slashdot and I have never knowingly visited the Facebook website, your comment here strikes me as very odd.
 
Isn't the POINT of Facebook to get yourself "out there" and be-your-own-celebrity? If so, isn't it contradictory to say "OMG they are stealingj/invading my privacy!" since that's the point of the website in the first place. After all, the only information that they have to "make public" is information that you have voluntarily provided to them for that exact purpose.
 
What am I failing to understand about this issue?

Re:Ignorance, not indifference.

[Mashiki]

Bitter mods aside this weekend, there's not much of a difference between the two. One you believe what you're told because you enjoy that pov and refuse to look outside your safety box. The other you believe what you're told because you don't know any better, and refuse to examine the data yourself.

Re:Ignorance, not indifference.

[Darinbob]

Another silly analogy. Imagine that these people made houses. They could say "we're focused on features and functionality that customers are asking for in houses. They inquire about square footage, number of bathrooms and bedrooms, proximity to schools, and so forth. None of them have ever asked about what types of doors or locks they houses have. We will start including doors when customers start asking for them."

Of course, the very first customer will say "what the hell, where's the door?" Or if they have a door but a shoddy lock that can be opened by any persistent neighborhood cat, then it may take some time before a house is broken into and something stolen, then they'll say "what the hell is this cheap lock doing on my luxury condo?" And then the manufacturer could say "most customers have had no complaints about people wandering into their houses and are happy with the products we delivered."

The problem is that many people who visit online sites implicitly assume there is security, and so they don't explicitly ask for it. You have to essentially be a pessimist and/or cynic to worry about this stuff, when it should be built in by default.

We just need legislation

[MobyDisk]

The actions made by these companies, right or wrong, are legal. You can't expect companies (or governments... or individuals) to stop doing this if it is convenient, profitable, and legal. We need some legislation that basically says that they can't publish, transmit, or sell personal information without prior consent. And that any such release - intentional or accidental - must be reported to the individual.

In the US, we have such legislation but it only applies to medical information. That is silly - there's just no reason for companies to be giving this stuff out.

Actually, let me go a step further -- they shouldn't even store this information. I walked into Target and returned some merchandise. It was really simple -- because they kept my credit card on file. I never told them they could do that. As I walked away, they said "Thank you [my name]" so they knew that too. Why is it okay for a store clerk to have this? Why did my credit card company give out the credit card number and name? They don't need that. They need to know "User 81234756897 authorized purchase for $57.34 to vendor 9234857 on 2010/05/23 17:24 with authorization #239485768934." That's it. It should have been illegal for my credit card company to even give the information. Then for Target to store it. As a nice side-benefit, this also prevents fraud since no one in the chain can use my credit card.

Re:We just need legislation

[selven]

Has it ever occurred to you that some customers actually like that kind of customer service? That's why you can't just ban everything and make everyone happy - some infringements of privacy have good uses, and some people actually prefer convenience to privacy. Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.

Re:We just need legislation

[Todd+Knarr]

Actually they probably didn't record your credit-card number. What they probably recorded was the sale number (basically a receipt serial number), the receipt information (what was bought), and the type of credit card and the authorization number. They knew your name because it was recorded off your credit card at the time of sale. To handle the refund they just use the authorization number, which the credit-card company can match to your card (but they won't tell the store the card number, they'll just give out another authorization number for the refund).

Now, the store probably doesn't need to store your name at the time of sale. But if you're paying with a credit card, you know you're leaving a connection between you and that sale anyway so IMO it's not a major thing. If you really want no connection, pay in cash and don't give them any identifying information, not even a phone number.

Re:We just need legislation

[clarkkent09]

I agree, if online privacy was really as important to the majority of people as it is to some /. posters there would be companies advertising "guaranteed" privacy the same way they advertise lower prices or whatever other advantage they claim over their competitors. The reason companies don't care is that their customers don't care. Those of us who do just need to be more careful about who we do business with but IMHO it's a losing battle as long as the public awareness of the importance of privacy is nonexistent.

Re:We just need legislation

[Anon-Admin]

The problem is that all the companies are data gorging. The CC Merchants are the worst. They insist that you send them not only the total but a list of what the person is buying. They also monitor your advertising and who links to you on the internet. I use to run a lab supply company. We had a affiliate link when we first went online. The merchant account found two sites that linked to us, these sites were in other countries and were drug related. Well drug related in the US but they appeared to be legal in there country. They killed our account with no warning. $3000 a day in sales through the web site gone. They would not turn it back on and added us to a black list. We were unable to continue selling online. We still have the brick and mortar but the online store it gone. We broke no laws and there was no published list of what not to do.

All in all, not only do they collect all the information on every one and there sales, they spend a lot of time monitoring and collecting information on the stores. They need to be dinged on this, some Merchant accounts go as far as to tell you what products you can and can not carry. The second one we had would not let us carry or sell any pipettes, agar-agar or 10cc syringes that had 1.5" 18 gauge needles on them. They considered them "Drug paraphernalia"

Re:We just need legislation

[xednieht]

No we don't. We need the government to get involved like Andy Rooney needs another eyebrow!!!

Let innovation take it's course.

Re:We just need legislation

[LandruBek]

"Making everyone happy" was never on my to-do list. "Not get reamed by the corporatocracy" is on my list and remains there. As much as others might enjoy the familiarity of having complete strangers call them by name, and the convenience of having merchandise instantly charged to their accounts, *I* am selfish enough to sacrifice all those pleasures just so that I might exert a little bit of control over what others know about me.

This is a job for government regulation. We don't trust the free market with important things like ensuring food safety, protecting the environment, or verifying whether pharmaceuticals are effective. Why should we trust the free market with personal privacy?

Re:We just need legislation

[MobyDisk]

Has it ever occurred to you that some customers actually like that kind of customer service?

Nothing I've said decreases the level of customer service. The return could have been done without them saving the credit card number.

Letting the free market sort it out, with some companies offering convenience and others dedicated to privacy, is in my mind the best solution.

I always prefer free market solutions, but I don't see how to make one work here. The free market only works when the buyer is aware. Companies don't tell me what information they disclose about me. I only find out when I suddenly get charges on my credit card because the store clerk got all my credit information, or because some hacker broke into the stores and took it. I would be open to laws that require them to disclose it to me, but I don't want to read a 25-page legal document to buy something from a store. Since there is no benefit to me from them keeping the information (see the first paragraph for the explanation of why) the restrictive solution is the best one.

Re:We just need legislation

[AthleteMusicianNerd]

That's what OPT IN is for.

Re:We just need legislation

[clarkkent09]

Well take slashdot. It is owned by a for-profit publicly traded corporation. True we don't give our names and addresses but many of do give our personal readily identifiable email address and of course IP and probably 1000s of us can be identified if somebody choose to do so and linked to quite detailed overview of our political and other opinions - valuable data for advertisers, political parties, potential employers and who knows who else. This data will still be there years from now and who knows what can happen with it, the financial incentive is certainly there to sell it. Now, I tend to trust slashdot (famous last words?) but I am just trying to illustrate how difficult it is to truly guard your online privacy unless you are a kind of person who only ever communicates through encrypted messages or something like that.

Re:We just need legislation

[MobyDisk]

They insist that you send them not only the total but a list of what the person is buying.

Part of that is for their fraud detection algorithm. (Which would not be as necessary if they didn't give out the information).

As for the other stuff - sounds like you should have sued them.

Re:We just need legislation

[palegray.net]

It should have been illegal for my credit card company to even give the information.

You know, I've got a story on this topic. A couple of months ago I bought a piece of furniture (Ikea, got a nice dresser for a nice price). Upon unpacking it, I discovered it was broken. Given that the store is 60 miles away, I waited awhile before taking it back for an exchange. My wife and I finally made it out to Philadelphia with the broken item in tow, only to realize that while my wife thought she had the receipt on her, she didn't.

Their official return/exchange policy requires a receipt, but they were able to look up the transaction by credit card number. Thus, I received a replacement dresser 15 minutes later, and has happily on my way. I'm perfectly fine with them having my credit card information.

If fraudulent transactions occur on one of my accounts (and I have been though that, three times in fact), I simply dispute the charges and submit an affidavit on the matter. Boom, I get my money back. To be perfectly frank, I don't see any value whatsoever in what you're proposing, and it seems to ring all too much of "sky is falling" cries over something that is a solved problem.

Re:We just need legislation

[MobyDisk]

and the Track-9 data from your card is the only real proof that you were there for the transaction.

I can see how the number was needed before the systems were electronic. But now, they get an authorization number right away. The Auth# and signature should be sufficient for them to go back and prove the transaction was valid.

I agree with your definition of "private data" and I think that is where we need to go. Private, unless otherwise stated.

Also, food for thought:

Actually, your name and credit card number are both encoded on the mag stripe on your card.

Several people pointed this out to me. I think people assumed that I didn't know because I said that the credit card company gave it to the merchant. In my opinion, they did. I never told the merchant my name. And the cashier never looked at my card to read it. So the fact that the credit card company encoded it onto a magnetic stripe, and then I scanned the card into the machine, should not mean that *I* gave the information. That would allow a big loophole.

Now, if it was printed on the card and they physically saw my card then one could argue that I knew it was on there and I gave it to the merchant. But I think the definition needs to be such that the companies can't do an end-run around me by putting my marital status on the card, then making me scan the card, and thus concluding that I told the cashier my marital status. (Or replace "marital status" with "address" or "purchasing history" or whatever other information should be protected).

Re:We just need legislation

[Sir_Lewk]

That use to be how grammar worked, but now nobody gives a shit.

Online privacy never existed

[h4rr4r]

There is no online privacy, anything you do online is public. If you would not say it in public do not say it online.

let 'em fight in the courts

[jkinney3]

Use the same arguments as Intellectual Property proponents. Everything I say and write belongs to me. You have to ask permission to hear it.

Odd and Misleading Summary

[eldavojohn]

One of the more trite and oft-repeated maxims in the software industry goes something like this: We're not focusing on security because our customers aren't asking for it. They want features and functionality. When they ask for security, then we'll worry about it.

Let me counter that with one the more trie and oft-repeated maxims from businessmen in the 80s: Don't you worry about security, let me worry about blank.

Not only is this philosophy doomed to failure, it's now being repeated in the realm of privacy, with potentially disastrous effects.

And yet Facebook thrives and not until last week did Google offer secure searching and they're a giant. Sounds to me like companies that don't worry about privacy are doing pretty well -- maybe even the industry leaders. Maybe they're on to something about it being unimportant to the consumer?

A quick search of recent news on the privacy front reveals that just about all of it is bad.

Oh give me a break. Ninety percent of news stories are negative. Because it sells eyeballs. Really, do you expect a news article about the really great privacy that Slashdot offers Anonymous Cowards to appear? When privacy works, it's not news. Hell, when privacy is kept intact people don't even know. Your reasoning here is severely flawed.

Facebook is exposing users' live chat sessions and other data to third parties.

Yep, marketing's a bitch, ain't it? But then again, we're getting Facebook for free and I don't think there's been any case of someone suffering serious harm from Facebook dumping a chat to marketing. Certainly unsettling but has there been any sort of actual case of abuse and harm to the user? I use Facebook and I don't care much. I'm putting my data on their servers and they had me agree to some BS impossible to read ToS so I just mitigate that by keeping anything sensitive off it. If Diaspora takes off -- hey, great -- but until I can communicate with all my friends and family on it who are half a continent away no thanks.

Google is caught recording not only MAC address and SSID information from public Wi-Fi hotspots, but storing data from the networks as well.

"Caught?" That's funny. If you don't want to "catch" people "recording" your shit, stop broadcasting it and put some encryption on it and use a hidden SSID. You know, like the hundred or so Slashdot posts have pointed out.

But the prevailing attitude among corporate executives in these cases seems to be summed up by Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.'

"Prevailing?" So prevailing that you need to reference a half a year old quote that is about all we have of that attitude. That's the predominant force out there? Care to come up with more companies using that sentiment? Care to put that quote into context for me? Put the pressure on them and the companies will change. Fact is that nobody's putting any pressure on them so why should they stop doing something which allows them to better market to you with ads and make more money?

If you look beyond the patent absurdity of Schmidt's statement for a minute, you'll find another old maxim hiding underneath: Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that.

[citation needed] Prosecutor is leading the witness. Seriously, you're putting words into their mouths. Evil, yes they are. Saying that they claim your data is now theirs by way of their actions is ridiculous. Then from there y

anyone vs everyone

[xs650]

Google CEO Eric Schmidt, who famously said this not too long ago: 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.

There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.

Re:anyone vs everyone

[starglider29a]

There are very few things that I don't want anyone to know

Gimme a 'fer instance'..

Re:anyone vs everyone

There are very few things that I don't want anyone to know, there are a host of things that I don't want everyone to know.

Takes a single trusted 'someone' to disclose your info to everyone. It's a sad, losing battle. People can say 'happy birthday' or 'sorry that your wife died', 'sorry you got fired,' etc and the damage would be done before you could delete the comment and have a chat about what is too sensitive to disclose freely to your other friends.

I call TROLL

[Gorimek]

Both the Facebook chat bug and the Google recordings are unintentional mistakes. If they show anything, it's that completely bug free engineering is hard to do. I think we knew that already.

The Schmidt quote is just a statement about how this flawed world is, not how it should be.

The concept of privacy in these times and the future is a very interesting topic, but this post is just a whiny mini rant, not a serious attempt to understand the real issues.

They said the same about cars

[mbone]

I can remember very vividly GM and Ford (and Chrysler and even Packard) saying basically the same things about cars - they could put in safety features, but they didn't because there was no customer demand for it. This was, mind, when cars had metal dashboards and spear-your-heart driving wheels. This went on until the Federal Government started forcing changes, and until Volvo and other foreign manufacturers started making sales touting safety. I expect to see a similar story arc about piracy on-line.

Re:They said the same about cars

[Bigjeff5]

Federal safety standards are pitiful compared to insurance company standards.

Federal standards mandate airbags, but only for the driver, not the passenger or side airbags they've been putting in. All of that is coming from the insurance industry - and except for the fact that all drivers must have insurance, it's completely free market. Things like better crumple zones and such are all designed to boost their ratings with insurance companies, because people look at how much the insurance is going to cost them when they think about buying a car.

When ads are more important than users

[dominion]

The whole idea of "if you don't want it public, don't put it on the internet" always reminds me of this Onion video:

Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village
http://www.theonion.com/video/google-opt-out-feature-lets-users-protect-privacy,14358/

There's no reason that we can't have a reasonable expectation of privacy, even in our online lives. Especially from a technical standpoint. If I share some photos with 10 people, and one of those people decides to copy that photo into an email and send it off to 100 people, then that's a social failure, not a technical one. People I trusted betrayed my trust, on a social level.

But on a technical level, I should be able to share videos or photos or journal posts with a small group of trusted people, and be reasonably secure in the idea that only they will see them. That advertisers won't have access to that photo, that an api won't be able to pull the data without permission, etc. There's nothing extraordinary about that requirement, and that it's treated as absurd and unreasonable shows how far we've fallen from a basic perspective on internet privacy.

Open source can fill the gap. Our incentive, as open source software developers, is to provide the best software possible, and to not skimp on important features like privacy and security. We aren't trying to cater to advertisers, or to build empires based on fads and hype. I've been working on an open source, distributed social networking alternative to Facebook (and Myspace and other "walled gardens") that called Appleseed that focuses on strong privacy.

http://opensource.appleseedproject.org/

But most of all, by distributing these services, and allowing users to cancel their profile on one site, sign up for another site, and plug right back into the network they lost, it creates a level of competition so that social networking sites *have* to listen to the concerns of their users. They can't take them for granted. Not just in social networking, if we can continue push for open standards, open protocols, open platforms, etc., it means we have some leverage when a popular service decides to privilege it's revenue stream over the privacy of it's users.

Privacy is your own responsibility.

[Hatta]

There's no identifiable information in your MAC or SSID. So big deal there. If you don't want your packets sniffed, it's easy enough to enable encryption. If you don't want your emails shared with marketers, no one is forcing you to use GMail. No one is forcing you to use Facebook for that matter either. These companies provide a service that's free to you, but in exchange for your privacy. If you don't know that's the deal, you have no one to complain to but yourself.

It's really quite trivial to maintain your privacy on the internet. Use encryption whenever possible, and don't use services from companies who's business model is selling your information. Problem solved.

When?

[WillyWanker]

When are we going to start taking responsibility for our own privacy? If it's a concern to you then do what's necessary to protect yourself.

I just don't get why this is suddenly such a big deal. What exactly did Google do that other's couldn't have? If you leave your wi-fi unencrypted and someone accesses it it's somehow THEIR fault???

If you don't want people to know your business start by not announcing everything you do in a public forum.

The blame game

[masterwit]

Finger-pointing should be reserved to politics while those not necessary to blame mitigate and/or find a solution to the problem.

Blame the user. You want privacy? Don't use our search engine/photo software/email application/maps. That's our data now, thank you very much. Oh, you don't want your private chats exposed to the world? Sorry, you never told us that."

I am all for the world deserves more privacy, privacy laws should exist, etc..."trust" me! But jokes aside, there will always be entities that operate outside what we consider the ideal privacy as long as they are allowed to do so. The problem is not that of each company's policy: since when did we decide that each respective business should and would always hold itself to a higher standard?
In the corporate world these days, one of the common phrases to encompass a moral code is: "if you wouldn't want your mother reading it on the front page of the newspaper, you probably should not be doing it." That is all fine and dandy as they say for a corporate environment and ethics, but this does not necessarily apply to my personal browsing. The problem therefore, as I argue, is that of a conflict of interests:
---We want transparency with privacy. Security and privacy in a corporate viewpoint need to be high. Certified public accountants are held liable for transactions, and audits happen...very often. If the security system itself does not allow tracing of fraud, or even a way to raise a "red flag" of sorts, well then the security system is flawed in the eyes of the auditor.
---We want privacy on personal matters. This fact alone can contradict not in implementation or even feasibility, but perhaps in theory - which is enough to cause problems. As a hypothetical CEO of a corporation, I do not have much understanding of personal privacy of internet actions...I have to deal with lawyers (yes those people...), auditors, and general liability. When I am told that I need to up user privacy and not record any data, etc... this may go against what I fundamentally see my company doing!
I mean to say here that there is a bridge of "thought" between privacy and liability...even though this should not apply to the end user: us.

We assume that big companies are playing fast and loose with our personal information and that there's little we can do about it.

On another front, many Americans are complacent...we know this to be a fact! I don't care about Republican this, Democrat that, Ron Paul, whatever...the world will always have ignorant individuals. Individuals will except a sacrifice of privacy and that overused term liberty in exchange for a bit of "piece-of-mind", and in many cases they just don't care.

A quick search of recent news on the privacy front reveals that just about all of it is bad.

Lastly, I'd like to say, outside of the fact that bad news means more audience, that this all is bad philosophy might not be what is needed. Sure the breaches on my personal privacy and what I like to coin as my "personal liberty" are disturbing...but in a general sense unless the actual source of the problem, a complete lack of laws protecting our privacy, is brought to light, I do not expect any real change.
I agree with this posting in the fact I want privacy and I have little patience...but I just wanted to play the devil's advocate on Slashdot for a bit...
My question to you all: How can we balance security and corporate liability today? && How could the general public be informed the "real" issues, not just the latest privacy breach?

You ARE to blame

[ADRA]

Sorry, but please take some responsibility for yourself. If in fact there is something so important that you don't want anyone to know, then don't do it online, PERIOD. This is nothing new and there are very few if any technological measures that can ever be deployed that will guarantee that your privacy / security will ever be secure. The level of hassle involved with making really improbable-to-break security is really hard and requires diligence on the part of the individual. If Vista taught us anything, it is that users do NOT want real security. They want to do what they want and not worry about how the system does it. Well guess what? The system isn't perfect and neither is the security. We live with the imperfection for the sake of simplicity.

"Facebook is exposing users' live chat sessions"
This was a defect in their IM system. This could happen in EVERY SINGLE store and forward based messaging system (AKA basically all of them).
If you expect each facebook user to generate their own Public/Private key then you're diluted (plus it breaks the online chat thing unless you're sharing your private key with facebook which would defeat the purpose).
If you expect software to be perfect then you're an idiot.

"and other data to third parties"
You agree to this when you clicked through their EULA (which is your fault).

"MAC address and SSID information from public Wi-Fi hotspots ..."
Data was wide open (which is your fault) and the company erroneously captured it.

Re:You ARE to blame

[Kaeso]

If you expect each facebook user to generate their own Public/Private key then you're diluted.

So what's the solution?

Re:You ARE to blame

[ACS+Solver]

"and other data to third parties"
You agree to this when you clicked through their EULA (which is your fault).

This is something I've been wondering about for a while, I'd love if anyone can enlighten me.

My country has a constitutional provision saying everyone has the right to know their rights. I don't believe the US constitution has such a provision but I'm sure there's something similar in the legal system. Anyway, I'm wondering about the highly complex legal language used in EULAs and the like. Does that not, essentially, violate one's right to know your rights? Understanding such texts is pretty much impossible without legal training because of how certain words have meanings that differ from their meanings in daily life, and how certain phrases actually refer to something that's defined in another law, etc. Why is it legal to give people agreements they can't reasonably understand?

To use an analogy. Let's say I have a shop and for an item that costs 50$, I choose to post a visible price tag that doesn't say 50$ but says integral(0, 10) xdx. It's the same thing largely. People who have taken calculus will recognize that as amounting to 50, people who haven't will recognize the numbers and letters but won't understand what it means, similar to how people without legal training sort of understand the words in the contract but not actually their meaning.

I suppose my question also applies to the language laws are written in. Over here, they're written (largely due to the country' short history, I assume) in fairly simple language. Of course you need to be a lawyer to understand all the details, but a simple understanding of the language is enough to understand most provisions. This is unlike US law - I've read a few sections from the US Code and the language there definitely seems unlike everyday English, with very complex and unnatural sentences, to the point where understanding the law is really hard.

Re:Online privacy never existed BUT...

[starglider29a]

...Statements of Privacy Policy do. When a site gives explicit guidelines, to which you agree, and THEN they erode or drop the wall that THEY TOLD YOU was there, THAT is evil.

I'm looking at you, Facebook.

Been saying it all along--now will you believe me?

[erroneus]

Google is an advertising/marketing company. Their motives and actions are consistent with advertising/marketing companies. They seem to be more "generous" than many other advertising/marketing companies in that they give away better "swag" but they are still an advertising/marketing company... and a very successful one at that.

Within their motives you can determine your expectations of them... and altruism isn't one of them.

How Precisely Could P2P Solve This?

[eldavojohn]

If we had continued improving on P2P instead of giving in to centralized servers we wouldn't be there...

Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this. Peer to peer implies that by owning my own personal data, it is on my home computer or laptop. Some people only have a laptop and some people like to power down their machines when they're away. So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline. On top of that if you're disseminating photos or videos, this could get crazy for upload speed. So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff. Can you trust their node anymore than Facebook? Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force. So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.

So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.

Re:How Precisely Could P2P Solve This?

[betterunixthanunix]

There are a few ways P2P would solve the problem. The first that comes to mind is that it would reduce the incentive to undermine privacy, since the social network would not be funded by the sale of personal data (or data derived from personal data). It would also increase the cost of undermining privacy, since people would not just be throwing their data at a single centralized datacenter.

As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

Re:How Precisely Could P2P Solve This?

[eldavojohn]

As for distributing the data across the network, it is very easy to solve that problem cryptographically. You encrypt your data, and the decryption key is distributed as part of the "friending" process. In theory, if your friends are out to get you and want your privacy to be undermined, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

The difference there is that your relatively small key holds the potential for everything on your page. If someone copies and mails a few pics of me, big deal. But that key could be easily copied and sent covertly with the copier taking their sweet time to look at all my stuff -- and for how long before I catch on? And how long before key collecting viruses run rampant and phone home to a black market provider's server where all Diaspora data is cached? The killer there is that you'd never even know and two if you had to change your key then you need to refriend everyone to get the key out. I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends? Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.

And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...

I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ... there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage. My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening. People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.

Re:How Precisely Could P2P Solve This?

[alexandre]

Alright, I know that a few projects like Diaspora are supposed to utilize this but I am still largely confused by this.

Among other projects wit different aims like I2P, FreeNet, bittorent, aMule, OpenID and many more that could interact together in very interesting ways:

http://groups.fsf.org/wiki/Group:GNU_Social/Project_Comparison

So this seems to imply that you need to either have this disseminated to other peers in order for people to access it while you're offline.

Yep, and you could have close friend in your circle mirror your files / profiles and share them as needed... Or an encrypted fast repository (think, maybe, Firefox weave?) to which you lend a key to those you want to read it.

On top of that if you're disseminating photos or videos, this could get crazy for upload speed.

Well, Bittorent totally solved that issue and with friend mirroring you it'd be awesome.
Also, this would help weed out asymmetrical connection in the long run, giving back citizens the expressive voice they deserve.
(Fiber to the home is the only viable way forward...)

So then your stuff is on another person's machine and who knows if they didn't just take and modified the Diaspora code to record all your stuff.

They have what you allowed them to have, you won't backup your sex life on your ex's computer if you don't want to... ;-)
They can hack all they want, a well thought out system with crypto will solve any such issue.

Can you trust their node anymore than Facebook?

Definitively, why would you trust the middle man more than the person with whom you want to share your data?
Who are you afraid is going to spy on you, the person who you are sending the data to anyway or the middle man?

Sure, it might be encrypted but it's hard to believe that it wouldn't be susceptible to a man in the middle attack or eventually crack the encryption by brute force.

As discussed, don't share what you don't want where you don't want it and use proper encryption.

So you're kind of at that point back to the same problem as you are with entrusting Google or Facebook with your data. Otherwise you need to pay for a dedicated hosting server and they're not going to be cheap if you're miss popular with thousands of photos and that's not really P2P.

see above ...

So how was P2P supposed to fix this problem? Especially for people with just a laptop or even like my parents who have a dial up connection out on a farm house with very tiny upload bandwidth. I'm just not getting a clear picture of how the average person would handle this.

dial up are really on the way out but even with that, their initial upload is akin to sharing it with someone else that might help afterward with spreading the file to whoever else you'd want it shared.

Also, at some point, you can't control the information you release to someone, trying to build a social-DRM system is not going to work anymore than it did for bluray, DVD, music and whatnot ...

Re:How Precisely Could P2P Solve This?

[Naturalis+Philosopho]

In theory, if your friends are about as technologically inclined as most people, they could distribute the key further, but this is not much different than the current situation, where they could just copy your data from a website and hand it out to people.

FTFY

Re:How Precisely Could P2P Solve This?

[alexandre]

The difference there is that your relatively small key holds the potential for everything on your page.

Why does it have to be a global key?

I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends?

Why not, it's cheap? You don't have 1M friend either...

Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.

It's not so much about encryption solution (that could be worked out anyway) as it is about access control.

The main question is actually how are update going to be disseminated and validated chronologically... beyond that it's already an improvement on the current situation.

And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...

FreeNet integration?
Popular files get spread more...

I don't know, my imagination just takes off sometimes but it's not like your proposed method is a silver bullet for Social Networking ...

Nothing is, just much better socially than what we currently have, let's talk about its weaknesses and improve on them :-)

there's gotta be a lot of storage donated from people getting absolutely nothing in return from using that storage.

Oh, like everyone's hard drive is not on average 70% empty or such?

My gigs of pictures need to be hosted by dogooders who have no access to them when I'm offline and my friends want to see them. I just don't see that sort of mentality happening.

The concept of being offline is not really trendy these days and is going away very rapidly in any case, you should really think about running a small home server like Eben Moglen suggested in that case to solve the issue.

People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.

Some people also don't upload on Bittorrent cause they are selfish fools. If we want this to work, just like FOSS, we need to have enough people willing to share bandwidth for the model to work.

And it seems like P2P and FOSS has proven to work up till now quiet well in that respect despite the morons... And in a social case you'd be dealing with your friends who are much more willing to share with/for you.

Re:How Precisely Could P2P Solve This?

[mrogers]

The difference there is that your relatively small key holds the potential for everything on your page.

Yes, that's intentional. In cryptography it's known as Kerchoff's principle: only the key should be secret, everything else (the encrypted data, the system design, the source code) should be assumed to be known to an attacker. That approach leads to strong designs because the designers can't rely on handwavy arguments like "Oh, nobody's likely to hack the Facebook servers" and "Facebook's thousands of employees are all trustworthy".

And how long before key collecting viruses run rampant and phone home to a black market provider's server where all Diaspora data is cached?

The same argument applies to Facebook passwords, except that with Facebook, the black market provider doesn't even need a server. Viruses are a problem, but they're just as relevant to client-server systems as P2P systems.

I understand how asymmetric key encryption works in PGP but that requires that you have a single person you are sending the message to ... do you need to build a PGP public/private key for each of your friends?

No; you only need to generate one public/private keypair, regardless of how many people you want to communicate with. But PGP's probably not the best model for a P2P social network - something like Tahoe is a lot closer (I hope the Diaspora guys have the sense to use it rather than reinventing it).

Then I guess my next question is where does this decryption take place? Obviously it has to take place on your friend's box otherwise the people in the middle would have your key and your unencrypted data. So your friend logs on to check out your picture on Facebook ... but he's on his netbook so he has to wait to get the encrypted data then decrypt the data on a possibly low CPU intensive device.

Encryption is cheap. Seriously, it's cheaper than water. Once you've established a shared key with your friend, which only has to happen once when you first friend each other, all the rest of the encryption is symmetric. Again, PGP's not the best model here because it does asymmetric crypto for every message. Think about HTTPS web browsing or a GSM phone call instead; mobile devices have no trouble handling those.

And then when people start posting unlicensed songs and movies to their pages you'll have the MPAA and RIAA trying to sue the crap out of everyone ever connected to it and then they'll start caching as a Diaspora node ... and wait for legal action to get a potential file sharer's key by court order ...

That's still a lot more secure than Facebook, where copyright holders can get stuff pulled from your page by sending a DMCA takedown email with no court oversight at all, and you're subject to arbitrary censorship by Facebook itself.

People seed on bittorrent because they can use the files that they're seeding but they're not going to be able to use my encrypted files that people might want when I'm offline nor will I be able with a netbook to help them out with hosting their files.

Yup, downtime and mobility are major challenges for P2P networks. The most likely solution I see is a little fanless Linux device that sits beside your cable or ADSL modem and participates in the P2P network 24/7, trading some of its storage with other devices so your data stays available during its occasional periods of downtime. Another possibility is that if you can't run a node yourself, you rent or borrow a share of someone else's node, just like you do with email servers. That's more like a federation than true P2P, but, crucially, like email and unlike Facebook, there's no single party providing accounts to everyone, and you're always free to change providers.

Re:But he's right

[vlm]

If you don't want anyone knowing about something then you should not be doing it. Give me one example to the contrary.

Leaving your house empty at a specific time with a specific valuable object in it ready to be stolen.

Re:But he's right

[Overzeetop]

No he's not, at least not when taken out of context. There are a lot of things I don't want people to know. I color my hair, for example. I'd rather people just think I'm not quite as old as I am (or conversley, I'd rather people not think I'm older than I really am). Hair coloring isn't an illegal act, or even immoral for that matter.

Put into context:

If you shouldn't do something, or don't want people to know about something, you probably shouldn't do it in public.

Now, if you were to substitute "public web site" or "public places on the internet" or even "in a business establishment" for public, you'd be talking about the same thing. See, these are public places, and there's really no expectation of privacy except a wink and a nod.

Now, lets change that and make it a place you own. Your own bedroom. Your own living room. Your cabin in the mountains. Your own server. You can do just about anything you want. Clip that ugly toenail. Watch Glee. Revel in mounted animal heads. Store all your balloon porn. But if you're going to go do those things in the local pub, you probably shouldn't be thinking that they are private.

See, most of these sites are "free" (as in beer). Even if they didn't make money on selling your eyeballs and preferences for marketing, they still wouldn't be private places. There are places on the internet which are private. You can sign up and encrypt all your stuff, and keep the key. But they're not convenient for sharing. Just as drinking a fifth of Jack in your kitchen isn't nearly as much fun as drinking it in a bar with fifty friends.

Privacy isn't dead, it just needs a bit of explaining. Just remember - if you didn't pay for it, it's probably not a private place.

Stop spreading disinformation

[Aqualung812]

If you use it as a debit card--snip--you are fully on-the-hook when it comes to losses - if they steal $2000 from your account, you have lost $2000 - there is no disputing charges or limited liability like with a credit card.

I worked at a financial institution, this is completely incorrect. Your liability is limited by law to $50, and most small banks and credit unions just limit it to -0-. Just make sure you have email alerts on so you know your card is being abused & call your bank & police if so.

http://usa.visa.com/personal/security/visa_security_program/zero_liability.html

http://www.fdic.gov/regulations/laws/rules/6500-1350.html

It could be stronger than that

[PopeRatzo]

customers aren't asking for it

Why should they have to ask for it?

Why isn't our private information considered intellectual property? Corporations try to make every aspect of their business protected, why should consumers do the same? I guess it would require a Supreme Court that not only are corporations considered "people" but that people are considered people.

A corporation can distribute data on a DVD or CD and yet claim that it should be illegal for me to copy and pass that data along. Why shouldn't I be able to give my private information to companies that I want to do business with and expect the same sort of protections?

I'm proposing the People Are Almost As Important As Corporations Act of 2010. I wonder how many legislators I'd be able to get to sign on as co-sponsors.

Not Broken, Changing

[cjb110]

It's not online privacy that's broken. All that's changing is people's awareness (or more importantly lack of) of what privacy means in the digital connected world.

Street view is a good example, no one bothered to drive around the world taking 360 pictures of everything and logging the gps coords, so before Google did it, that information just wasn't accessible but more importantly it wasn't private either. By making it easily accesible to all, made people jump to outragous claims of privacy invasions. But afaik there isn't a single country where the roads aren't owned by the 'public'. So everyone has the right to go down a street and 'look' and so the drunks, cats in windows and people leaving sex stores with Black Mamba dongs where doing so in public and could have been seen by anybody. Just because Google 'looked' and stored what they saw, doesn't change this fact. If you don't want Google or anybody else to see what your doing, don't do it in a public or publicly visible space. You've never had the right to stop people looking through your windows, but you do have the right to block those windows, that's your choice.

The wifi mac/ssid issue is similar, you are publicly broadcasting those bits of information, anybody can retrieve them from the 'public' electromagnetic waves and store it. You decided to make those bits of data public when you chose to use WiFi tech, the fact you (and a lot of others) don't understand or care how WiFi works is irrelevant. Again you have the choice not to use WiFi.

Similar with FaceBook, you are choosing to publish information to a third-party. At the end of day it doesn't matter what privacy you thought you'd agreed to when you hit 'submit'. You've choosen to make it less private.

I think it boils down to: "People are slowly realising just because no-one gathered or analysed the information before, doesn't make that information private."