Slashdot Mirror
Privacy Machiavellis
Chris Jay Hoofnagle has a piece up at SFGate.com on what he calls the "privacy Machiavellis," which are exemplified by Google and Facebook. (The article is adapted from a longer treatment published last year, called "Beyond Google and Evil.") Hoofnagle heads the privacy foundation set up with money collected from settlements of privacy lawsuits against Facebook. From SFGate: "... you have no way to ask Google to stop this tracking. Instead, you can merely opt out of the targeted advertising — the product recommendations. Exercising your privacy options creates a worst-case-scenario outcome: If you opt out, you are still tracked, but you do not receive the putative benefit of targeted ads. An illusory opt-out system is just one of the increasingly sophisticated sleights of hand in the privacy world. Consider Facebook's privacy options. ... Facebook can proudly proclaim that it offers ... more than 100 [choices]. Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all. Facebook benefits because poor choices or paralysis leads consumers to reveal more personal information. In any case, the fault is the consumer's, because, after all, they were given a choice. Reader Kilrah_il sends word that Google has just released a tool that could alleviate some of the above worries: it stops tracking by Google Analytics for users of IE7+, Firefox 3.5+, and Chrome 4+. Perhaps Hoofnagle will comment on it here or elsewhere.
An illusory opt-out system ... Therein lies the trick; by offering too many choices,
Of course, you can exercise the one opt-out system that works - don't use their services. Nobody is holding a gun to your head. It is like buying a car, but not wanting to pay the price. The price of working with Google and Facebook is not dollars, but your data.
Google's price/benefit is right for me, so I use it. Facebook's is not, so I don't.
There's a reason I have NoScript blocking Google Analytics.
Noscript stopped Google Analytics a long time ago!
Paranoids are people who think they are much more important than they really are.
I have no fear of my privacy being violated by Google because I don't see any reason why someone should be particularly interested about me. In Google's eyes I'm just a statistic. My personal data is no more important to anyone than the data about millions of other consumers.
I'm safe in the numbers, just like I'm anonymous when walking down a busy street. everyone can see me, but nobody cares.
Hoofnagle heads the privacy foundation set up with money collected from settlements of privacy lawsuits against Facebook.
Hoofnagle is clearly objective /sarcasm ... not that Facebook isn't evil, or that Google isn't building up one of the biggest data collections humankind will ever encounter ... but he is employed by a company that pays it's bills because of suing Facebook.
Facebook can proudly proclaim that it offers ... more than 100 [choices]. Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all.
First it's not enough privacy options. Now it's too many privacy options. Tomorrow when they get the unspoken mythical number correct, we'll bitch about the default settings. Then someone will come on Slashdot and say that his Linux servers were rooted and we'll say that it's because all the idiots of the world use out of the box settings and don't change the default passwords. Granted, your average facebooker shouldn't have to have the wherewithal to set up a Linux server but I think this Google/Facebook privacy complaining thing is getting a little old. Especially when both named parties are suddenly doing quite a bit to make users happy now that it's becoming important to consumers. To complain that they give us too many options now is just ... just ...
... little more ... little more ... little more ... too much, take it back.
Sherry Bobbins: Would you like some pepper on your food, Bart?
Bart Simpson: Sure
My work here is dung.
An illusory opt-out system . . . Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all.
So....is Facebook a better metaphor for capitalism or democracy?
Install our addon that tracks your browsing habits instead!
Didn't RTFA but what does this addon do that blocking Google Analytics with NoScript doesn't ?
Google has just released a tool that could alleviate some of the above worries: it stops tracking by Google Analytics
Sounds great, I've always wanted a way to block that "google-analytics" I keep seeing on my NoScript blocked list.
I can't complain much though- there's an important difference between going to a third party (NoScript) to block Google, and Google offering a solution themselves.
My webcomic
The term "machiavellian" is a cruel and unjust slander.
Niccolò Machiavelli was a profoundly moral man, well acquainted with -- and appalled by -- the amoral power politics of his age. When he wrote that a Prince should prefer to be feared, rather than loved, Machiavelli was not advancing a personal ideal: he was simply reporting how Princes actually behave in the real world.
-kgj
Firefox add on's, search for Ghostery.
If you don't like the way Google handles privacy DON'T USE IT.
If you don't like the way Facebook handles privacy DON'T USE IT.
These companies provide valuable services for free, in exchange for tracking data that allows them to make money. There is no free ride. If you don't like the terms, don't use the service. It's that simple.
Otherwise, just give up on this mythical creature called 'Privacy'.
http://wards-online.com/deleting-my-fb-account/
http://wards-online.com/apple-versus-google-megaliths-and-meagerliths/
But how do I get rid of the other. It is tracking my every move :-(
Use the NoScript add-on and mark google-analytics.com as Untrusted. Simple and done. Also works for any other tracking system that uses JavaScript.
My mind works like lightning. One brilliant flash and it is gone.
Instead of Privacy Machiavellis, we should have Privacy Goldilocks instead.
"This privacy options set is too big! This privacy options set is too small! This privacy options set is juuuuust right!"
Why not just post what you don't care about loosing and lie about everything else? On many social sites, I'm 60, 70, or more years old; I live in different cities, and ... yes ... I even lie about the music I like and why I'm on the site. I could give two shits about loosing my Facebook, MySpace, HI5, etc. My friends know it's all BS - but the main purpose is served - we communicate and share.
It's like what I learned about lending money: Only lend out as much as you can afford never to get back.
I don't know - maybe I'm missing the point (and I think I'm lucky that I'm not in a position to care)
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
I've been adding the following to my desktop computer host files for over a year to block google's tracking:
127.0.0.1 partner.googleadservices.com
127.0.0.1 google-analytics.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 googleadservices.com
127.0.0.1 googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 www.google-analytics.com
127.0.0.1 video-stats.video.google.com
127.0.0.1 wintricksbanner.googlepages.com
127.0.0.1 www-google-analytics.l.google.com
I trust that solution more than I do google's opt-out bs. If you want to get fancy, you can direct a lightweight web server like lighttpd to 404 the adservers to load your pages a bit faster (instead of letting them time out) and to keep logs of what adservers are trying to load.
Facebook's problem is that its "lots of options" are spread over about 5 different sections of your profile in various sub-categories and with a wide variety of titles ranging from obvious to cryptic - choice is no good if you can't figure out what you're choosing from.
I don't remember any substantial number of complaints about Facebook not having enough privacy options. I do remember complaints about them repeatedly changing settings related to privacy to expose more information more widely without advance notice and the opportunity to opt-out (or, better, the option to opt-in to the change) of the change in defaults for existing users.
Adding more settings after the fact does nothing to address the problem, and, insofar as it increases confusion and reduces the ability of the average users to understand and effectively manage how their information is exposed, is part of the same problem.
I don't care if the advertisers think it's a benefit. It doesn't benefit me, so why shouldn't I "opt out" of it? To help their system better target others? Sorry, how well their advertising reaches their intended markets isn't my problem, and I feel no obligation to help.
only works if youre actively seeking to consume. before freaking out over the various ads that might come across facebook or google ask yourself
do i need to buy?
what does it do?
how well does it do it?
google and facebook may "know" your personal preferences and interests, but in the end only you know whether you will buy something or not, and if you choose not to buy then the collected data amounts to wasted time.
another fact to take into consideration is the prevalence of noscript, which may prevent or restrict the pay-per-click functionality of some advertising. in other words: Tracking IE is fairly mundane; tracking a user concerned about their privacy proves rather difficult at the end of the day and is something these companies are constantly working to achieve.
how do you take a gun from a grammaton cleric?
you ask him for it.
Good people go to bed earlier.
Facebook's problem is that its "lots of options" are spread over about 5 different sections of your profile in various sub-categories and with a wide variety of titles ranging from obvious to cryptic - choice is no good if you can't figure out what you're choosing from.
Alright well, I actually have a Facebook account and I've actually set the privacy settings. They promise to make it simpler (how, I'll never know) but the way it currently works is that you have a menu of six categories. They are:
Control who can see your photos and videos, and who can post to your wall
Control who can contact you on Facebook and see your contact information and email
Control whether your friends, tags and connections display on your profile
Control who can see your search result on Facebook and in search engines
Control what information is available to Facebook-enhanced applications and websites
Control who can interact with you on Facebook
Now, if you click on any of them it breaks each of those down into sub categories. This is all explained fairly well, by the way. And on each of these sub categories they have drop downs to let you see who sees that sub category of items on your Facebook page:
Pretty straight forward but that last one lets you get into lists and some more complicated stuff.
So please tell me what is confusing about that, how it could be better and how that's "spread out"?
My work here is dung.
Google Analytics opt-out hurts site owners, they can't see what content is helping or hurting visitors in reaching their goals (let alone helping the site owner profit).
Google still gets the benefit of Search data. Thus, site owners information is weaker while Google's position as information owner becomes stronger.
Another illusory opt-out.
Unfortunately ignorance like that works in the favor of companies like Facebook. No, it's not enough to not put your own information into Facebook. You may choose not to use it, but others will, and they'll fill it up with your information that you don't want on there.
Because I use both, and do not care if I am tracked or targeted. Nor do I feel that being tracked and targeted is a serious violation of my privacy. So there.
Edith Keeler Must Die
there is a fake me out there, with a fake name, a fake birthday, a fake home address, a fake mother's maiden name, a fake birth city, fake likes and dislikes, etc. every time i am asked for this info online, i consistently and continually use the fake alter ego
this is the future of privacy: aliases
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
The guy who's in charge of money collected from a bunch of class-action suits is talking about Machiavelli?
Note to self, patent that business model.
I think getting served ads for a search term is a fair exchange. But anything else google does beyond the ad served is not. I mean, how do i benefit from having everything i do online collected by google? I don't go online just to look at ads. Everyone got to pay to get on the Internet,then we pay even more by loosing our privacy to do a search term,or go to web sites that also spy on us, but they don't need to save that information,it will have no bearing on what i will type in the search box the next time. I'm just saying that they are taking data mining just too far and not making it easy for anyone not to be spied apon. Oh i have had that google addon and download program installed for a while and my malware program is still removing googles doubleclick advertising cookies. so it doesnt work,Have screen shots as proof :}
Jack of all trades,master of none
How obtuse you are. I have tried to trick out my girlfriends facebook privacy settings, but it seems there is always another page somewhere that you have to hunt for. Also, there is no quick and easy way to opt out of everything. You have to go to every app, every website that has a facebook tie in, every picture gallery, etc and change them ALL manually to opt out of "sharing my information with anyone who asks" mode.
Its complete bullshit. sure, you can go into your filesystem ACLs and hand edit every file to have the correct permissions. No one does this however, and thats why you can apply permissions/acls RECURSIVELY from parent. What I would want for her is a big button that opts out of EVERYTHING. Add to that a nice concise privacy page. Note how i said PAGE, not pageS spread across the entirety on the site. Then I would say, add as many fiddily little options as you want. So long as the giant opt out button still works for them all, and when they add new features, they don't opt you in automatically, as is currently the case.
I have always hated facebook, but I didnt know the true hate till i went to ehow.com - or any number of a growing pool of "facebook connect" sites, and saw a picture of my girlfriend on there with the option to leave a comment about the site.
What the fucking fuck! i still havent been able to turn that "feature" off yet, because i cant find the damn option! Aparently, if you have logged onto facebook (that day?), you are automatically "connected" to a host of other sites. So now i have to go to facebook and make sure my gf is logged out, every time i use the computer.
Perhaps you could think of it as akin to a program which has zillions of undocumented commands. Amazingly powerful and yet completely useless at the same time. Sure some people have cracked the correct syntax to get facebook to perform the stop-auto-tie-in-to-all-garbage-sites option, but why the fuck should it be so hard?
There is only one answer and one alone - deliberate obscurification and mis direction. It is the same answer as to why everything is opt OUT instead of opt IN on facebook. They rely on people being too lazy, confused and stupid to care.
So stop apologizing for what is at best bad UI design, and at worst willful obscurification that leads too (surprise!), expanded profits for facebook.
As a potential lottery winner, I totally support tax cuts for the wealthy
I've been doing it for several years now, and it's invaluable. Something to keep in mind is that there is software that validates and cross-references zip codes, addresses, and phone numbers, which is intensely frustration. So, likewise, I've done a bit of research on my fake selves to fool that crap.
Adult Role Playing Forum
Supplying useful web services to a large number of people costs real money; it's not free. And there are no successful companies or corporations that give these services away for free - they get paid for them, and they're paid very well.
So when you see a great new free web service you need to stop and think - it's not free, someone is paying for it and that someone is almost always the users. If you don't see the price tag then you don't want to play their game. In most cases, this benevolent company giving you a free service is building up user profiles that they sell to marketing companies. If you're big like Facebook or Google, you've got millions of those profiles and they're very detailed and also very valuable. But nobody ever thinks about this when they happily give up all kinds of personal info as they register for their free account.
Google is pretty transparent about this stuff: they use the profile data to serve targeted ads and advertisers pay them a premium price for those ads. This wouldn't work without the information about you that Google has amassed but it's the source of all of their financial might. Who do you think pays Facebook's bills? That's right, and that's why their privacy options don't include any that would prevent them - and their "affiliates" - from collecting your personal data.
That personal information is valuable and it's yours - and you give it away. Those corporations thank you for your generosity! Here's a tip for further study: view the mandatory privacy policy at any major web site; they'll tell you (sort of) what kind of data they collect - then promise to keep it safe and only give it to the government upon request and to their affiliates and/or third parties that supply some kind of service to the company. So what is an affiliate? Could one of them be the marketing clearinghouse that buys your personal profile? Could one be an Indian call center that will resell the data to anyone with the price? Could one of them be the guy with the CC skimmer? You'll never know; you'll just look at the privacy policy and say "that's cool" and click OK.
You may have noticed that when ad blocking software is discussed it's the small websites that whine and cry about the loss of revenue. The big corporate sites only report what the small sites say because it serves to preserve the legend. Banner adds are small beans - but live and verified profiles are big money.
Some consider The Prince a political satire, although Wikipedia calls it a "political treatise"; my own feeling is that it is a serious study of power politics. Even as a satire, it's a very subtle satire when compared with Swift's Modest Proposal.
Speaking of satirical modest proposals, Joe Haldeman wrote a nice little short story in a somewhat Swiftian vein: To Howard Hughes: a Modest Proposal. I'll spare you the spoilers, other than to say it's a tongue-in-cheek solution to the threat of nuclear war.
-kgj
The way that you disable the eHow thing is to disable third-party cookies in your browser.
I don't believe in time. It's a grand conspiracy designed to sell watches.
...you have no way to ask Google to stop this tracking.
Ask? Real men (and women) don’t ask. We announce.
We don’t beg if someone could please stop raping us. We. don’t. let. him!
If you put yourself in the beggar position, you have already lost right from the beginning.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Opt-out of Analytics using AdBlock was the topic of a Slashdot comment saying "(I work at Google, hence posting as AC.)", which I posted on Reddit, asking if it was really necessary: http://www.reddit.com/r/google/comments/bl2jn/i_work_at_google_hence_posting_as_ac_was_posting/ http://www.reddit.com/r/AskReddit/comments/bk093/i_work_at_google_hence_posting_as_ac_really/
For the past several years Facebook and Google have been consistently criticized for their poor records on privacy. Yet, these sites are still two of the most popular sites on the Internet. Why is that? Are people not aware of the privacy concerns? Or do they just not care?
I think they don't care. I think they know that they're are giving up a measure of their privacy. They think that the services and convenience that they get in return are worth it.
Want to change things? You can criticize Google and Facebook all you want. As long as people are willing to give up privacy to use their services, G and FB aren't going to change. If you want to change things, there are several options. None of them are easy.
1. Convince people that their privacy is worth enough that they shouldn't give it up to use FB/Google.
2. Offer equivalent services with better privacy protection.
3. Convince the government to regulate FB/Google, forcing them to offer better privacy protections.
As a small government conservative, #3 deeply offends me. If people don't value their privacy, then it takes a high level of arrogance to use the machines of government to force private companies to protect privacy anyway.
I don't think people are stupid. They can make rational decisions about their own privacy. They've made those decisions, and that's why Google and Facebook are so popular. Don't like what the people decided? Try to change their minds. But don't use the government to shove something down their throats that they clearly do not want.
If you had super powers, would you use them for good, or for awesome?
Good point, thanks.
-kgj
"privacy Machiavellis," which are exemplified by Google and Facebook." :(
Apparently I am unloved by mods
Did you not read the art of war, and Machiavelli I thought they were required for any sort of .com/IT in the 90's early 00, contribute nothing or in facebooks case negative and it = profit lie if your big enough your to big to touch, didn't people talk to you in the 80' and 90's art of war, I will say that again art of war that attitude explains the .com it explains the recent crash it explains the market in the 80's with junk bonds it explains all those that seek power without responsibility, if you'll recall he never directly ruled that has not changed now
...and any other active content. Of course, cookies too.
Yes, I know that's not all. But the alternatives (tracking images, profiling browsers) are far less palatable for the Machiavelli (no, it's not "Machiavellis", like it's not "espressis", argh)
The ehow thing: rendering a pic of her in an iframe based on her facebook cookie doesn't expose your information to anyone.
Is the problem here just that the feature gives the impression of information leakage? (in the same way as contextual ads do)
Just like how TFA talks about illusory opt-out system, Google are up to it again:
Those that are concerned about their privacy can install an add-on and permanently disable the script. After installing the add-on, you'll notice that the browser still sends a request for this file: http://www.google-analytics.com/ga.js when visiting a page that uses Google Analytics, but it no longer sends information to Google Analytics.
So Google don't get all the info they want, but they still get a log entry from users of this extension every time their browser requests http://www.google-analytics.com/ga.js (with date/time, and of course the referrer). And if they have a cookie set for google-analytics.com (or accept 3rd party cookies), that'll be logged too. So the users still can potentially be tracked, even when they have taken steps to avoid it.
There isn't a search as effective as Google, so I'm not about to stop using it. It's just they are totally untrustworthy in my opinion, so I use protection when connecting to Google's ports. I use Scroogle SSL via TOR. Yeah, it's a little slow (about dial up speed, 15 years ago), but it is worth it: 100 results by default (without a cookie), no cruft, no corporations getting info that they will only use to try and convince me to give them time/money.
Car analogies break down.
I have always hated facebook, but I didnt know the true hate till i went to ehow.com - or any number of a growing pool of "facebook connect" sites, and saw a picture of my girlfriend on there with the option to leave a comment about the site.
What the fucking fuck! i still havent been able to turn that "feature" off yet, because i cant find the damn option!
Account drop down -> Privacy settings -> "Applications and websites" -> Click the "Edit setting" button for "Instant personalisation pilot programme" -> Uncheck the box.
Note though that the copy lists only three current partner sites, and eHow isn't one of them; of course, the copy may be out of date, or customised for my region (I'm in the UK). Note also the following small print:
(There's also a link to get more information about that)
It's official. Most of you are morons.
http://www.youtube.com/watch?v=zrVkICMF7ic
I block it because I am a user - and I don't want my occasional hits to my development content showing up in Googles results. It is annoying to see my development system skewing the results of my actual content.
I put an entry for www.google-analytics.com in my hosts file (to 127.0.0.1).
This insures that every browser I use (to validate my pages prior to publishing) ignores the analytics code and I don't need to manage settings on each (browser).
Perception is reality!
Let's say your ISP offers you search, document storage, E-mail etc. (they do some of that already). Or let's say you go with Mobile.Me. Now, why exactly do you have any more reason to trust them than Google or Yahoo or any of the other services? Do you seriously think Comcast or Apple are any more likely to keep your private data private than other companies?
Well, I don't know how to do 1, 2, or 3, even if I had superpowers. What exactly is it you want?
If you don't like the same company doing search, ads, mail, and docs, well, just use Google, Bing, Yahoo, and Zoho as separate services. If you're really concerned, use some of the privacy options or use desktop software.
Data retention is already limited in the EU by law. The US could do the same thing.
What else do you want? What else do you want to be protected from?
Sure, that's true. It's happened in the past so there are records of it that are easy to find.
But it's sure not common. The employee who was led out of my office (yes, I work for them ) in handcuffs last week could testify that IRS employees who look up ex-spouses get fired and prosecuted. Every access to the Integrated Data Retrieval System, the front-end to nearly all our master files, is logged and automatically checked against the employees dossier. If you look up a family member or yourself you get fired and prosecuted. If you look up a famous person without cause, same outcome. If you look up someone who just happens to live in your neighborhood (even though you had no idea you did so), an investigation is opened and it's never pleasant.
I firmly believe that of all "large" agencies the IRS is the most trustworthy. The stats on firings for such reasons are available to the public and I'd feel comfortable comparing them to any other agency.
Actually, you just explained why getting compromised by Google is opt-IN. By default, Google knows nothing about anyone, unless that person goes out of their way to give the information to Google.
Most Facvebook users (of all ages) fail to understand the consequences of posting their data on Facebook. They are not motivated to find out what privacy means at Facebook so are surprised that their data may have other uses - and more importantly be used - in ways they had not intended. Most people go to Facebook or Google for what those services offer the ones who leave do so because they discover that they are being abused. It is too easy to condemn those who fall into these companies traps as having two stark choices: the service or their privacy.
We desperately need alternatives like that proposed by Diaspora, people need to be shown that Facebook is a business that makes money harvesting their personal, and as they often believe private data. Most people only see social networking and it's fun and benefits, they are not aware that the cost is their privacy.
For the external site thing, I strongly recommend adBlock. Here's what I'm blocking:
This removes all the "integration" BS between facebook and all the external sites. Yes, they shouldn't be doing it at all, but in the meantime, you can shut it down.
Democracy would be the correct choice, but don't get on your high horse yet because the USA is NOT a democracy. The USA is a republic. There are no similarities.
I think that would be a great browser feature-- it collects all the google search strings you enter, looks them all up in a "contradictory site" or "contradictory search" database, and when the system is idle, it browses the contradictory sites for equal time. Thus, when you browse that pro-Obama site, the system will automatically browse some anti-Obama site when it's idle. They'll collect all the info on you they want, but it'll all be completely bogus-- they'll average you out to be totally middle-of-the-road.
Or, you could even have a "slanted" database, that would deliberately add searches that would bias you the way you would like to be percieved, regardless of what you actually do on the computer.