Slashdot Mirror
Privacy Machiavellis
Chris Jay Hoofnagle has a piece up at SFGate.com on what he calls the "privacy Machiavellis," which are exemplified by Google and Facebook. (The article is adapted from a longer treatment published last year, called "Beyond Google and Evil.") Hoofnagle heads the privacy foundation set up with money collected from settlements of privacy lawsuits against Facebook. From SFGate: "... you have no way to ask Google to stop this tracking. Instead, you can merely opt out of the targeted advertising — the product recommendations. Exercising your privacy options creates a worst-case-scenario outcome: If you opt out, you are still tracked, but you do not receive the putative benefit of targeted ads. An illusory opt-out system is just one of the increasingly sophisticated sleights of hand in the privacy world. Consider Facebook's privacy options. ... Facebook can proudly proclaim that it offers ... more than 100 [choices]. Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all. Facebook benefits because poor choices or paralysis leads consumers to reveal more personal information. In any case, the fault is the consumer's, because, after all, they were given a choice. Reader Kilrah_il sends word that Google has just released a tool that could alleviate some of the above worries: it stops tracking by Google Analytics for users of IE7+, Firefox 3.5+, and Chrome 4+. Perhaps Hoofnagle will comment on it here or elsewhere.
An illusory opt-out system ... Therein lies the trick; by offering too many choices,
Of course, you can exercise the one opt-out system that works - don't use their services. Nobody is holding a gun to your head. It is like buying a car, but not wanting to pay the price. The price of working with Google and Facebook is not dollars, but your data.
Google's price/benefit is right for me, so I use it. Facebook's is not, so I don't.
Noscript stopped Google Analytics a long time ago!
Paranoids are people who think they are much more important than they really are.
I have no fear of my privacy being violated by Google because I don't see any reason why someone should be particularly interested about me. In Google's eyes I'm just a statistic. My personal data is no more important to anyone than the data about millions of other consumers.
I'm safe in the numbers, just like I'm anonymous when walking down a busy street. everyone can see me, but nobody cares.
Hoofnagle heads the privacy foundation set up with money collected from settlements of privacy lawsuits against Facebook.
Hoofnagle is clearly objective /sarcasm ... not that Facebook isn't evil, or that Google isn't building up one of the biggest data collections humankind will ever encounter ... but he is employed by a company that pays it's bills because of suing Facebook.
Facebook can proudly proclaim that it offers ... more than 100 [choices]. Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all.
First it's not enough privacy options. Now it's too many privacy options. Tomorrow when they get the unspoken mythical number correct, we'll bitch about the default settings. Then someone will come on Slashdot and say that his Linux servers were rooted and we'll say that it's because all the idiots of the world use out of the box settings and don't change the default passwords. Granted, your average facebooker shouldn't have to have the wherewithal to set up a Linux server but I think this Google/Facebook privacy complaining thing is getting a little old. Especially when both named parties are suddenly doing quite a bit to make users happy now that it's becoming important to consumers. To complain that they give us too many options now is just ... just ...
... little more ... little more ... little more ... too much, take it back.
Sherry Bobbins: Would you like some pepper on your food, Bart?
Bart Simpson: Sure
My work here is dung.
An illusory opt-out system . . . Therein lies the trick; by offering too many choices, individuals are likely to choose poorly, or not at all.
So....is Facebook a better metaphor for capitalism or democracy?
Google has just released a tool that could alleviate some of the above worries: it stops tracking by Google Analytics
Sounds great, I've always wanted a way to block that "google-analytics" I keep seeing on my NoScript blocked list.
I can't complain much though- there's an important difference between going to a third party (NoScript) to block Google, and Google offering a solution themselves.
My webcomic
The term "machiavellian" is a cruel and unjust slander.
Niccolò Machiavelli was a profoundly moral man, well acquainted with -- and appalled by -- the amoral power politics of his age. When he wrote that a Prince should prefer to be feared, rather than loved, Machiavelli was not advancing a personal ideal: he was simply reporting how Princes actually behave in the real world.
-kgj
Simple perhaps, but is it actually a practical suggestion? Do you have a list of every website that partners with any behavioral tracking / targeted advertising providers? That could be a handy list for some kind of a browser extension that would say "Woah there! You're about to opt-in to web based behavioral tracking! Would you like to continue?" Of course, as an alternative, someone could just use something like NoScript or AdBlock, but then you would probably object to that as "stealing." Suggestions?
Use the NoScript add-on and mark google-analytics.com as Untrusted. Simple and done. Also works for any other tracking system that uses JavaScript.
My mind works like lightning. One brilliant flash and it is gone.
IS THAT YOU ZUCK?
'Political power grows out of the barrel of a gun.' - Mao Tse-tung
Instead of Privacy Machiavellis, we should have Privacy Goldilocks instead.
"This privacy options set is too big! This privacy options set is too small! This privacy options set is juuuuust right!"
Why not just post what you don't care about loosing and lie about everything else? On many social sites, I'm 60, 70, or more years old; I live in different cities, and ... yes ... I even lie about the music I like and why I'm on the site. I could give two shits about loosing my Facebook, MySpace, HI5, etc. My friends know it's all BS - but the main purpose is served - we communicate and share.
It's like what I learned about lending money: Only lend out as much as you can afford never to get back.
I don't know - maybe I'm missing the point (and I think I'm lucky that I'm not in a position to care)
L'esperienza de questa dolce vita (The experience of this sweet life) - Dante Alighieri, The Divine Comedy
I've been adding the following to my desktop computer host files for over a year to block google's tracking:
127.0.0.1 partner.googleadservices.com
127.0.0.1 google-analytics.com
127.0.0.1 ssl.google-analytics.com
127.0.0.1 googleadservices.com
127.0.0.1 googlesyndication.com
127.0.0.1 pagead2.googlesyndication.com
127.0.0.1 www.google-analytics.com
127.0.0.1 video-stats.video.google.com
127.0.0.1 wintricksbanner.googlepages.com
127.0.0.1 www-google-analytics.l.google.com
I trust that solution more than I do google's opt-out bs. If you want to get fancy, you can direct a lightweight web server like lighttpd to 404 the adservers to load your pages a bit faster (instead of letting them time out) and to keep logs of what adservers are trying to load.
When Google literally drives down private streets to photograph people's houses -- how do you hide from them?
Ted Kaczynski may have been a murderous thug, but maybe he wasn't crazy.
Facebook's problem is that its "lots of options" are spread over about 5 different sections of your profile in various sub-categories and with a wide variety of titles ranging from obvious to cryptic - choice is no good if you can't figure out what you're choosing from.
If you're someone who is so paranoid about your privacy I'm betting your going to do your homework. Me, I don't care in the least. If someone really wants to snoop around in my browsing habits they're not going to find anything of value.
Let's face, 99.9% of us simply aren't that interesting.
So you're admitting that it's impractical and suggesting apathy as a solution?
I don't remember any substantial number of complaints about Facebook not having enough privacy options. I do remember complaints about them repeatedly changing settings related to privacy to expose more information more widely without advance notice and the opportunity to opt-out (or, better, the option to opt-in to the change) of the change in defaults for existing users.
Adding more settings after the fact does nothing to address the problem, and, insofar as it increases confusion and reduces the ability of the average users to understand and effectively manage how their information is exposed, is part of the same problem.
Exactly. Nothing says "logical" like trusting a company to protect you from a company you don't trust, when it's the same company!
Attention zealots and haters: 00100 00100
If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.
-- Eric Schmidt. CEO, Google Inc.
I don't care if the advertisers think it's a benefit. It doesn't benefit me, so why shouldn't I "opt out" of it? To help their system better target others? Sorry, how well their advertising reaches their intended markets isn't my problem, and I feel no obligation to help.
Not at all. I'm just saying this is the way these companies make money. They have a right to do that, and if you don't like the "invasion of your privacy" then you shouldn't use them. It would be like complaining about how TV wastes your valuable time and ruins the viewing experience by showing advertising.
Use a proxy so your IP address can't be traced. Run your browser in a sandbox or some other "privacy" mode. I dunno, I'm certainly no expert because I don't care. It's not apathy. It's a lack of concern.
only works if youre actively seeking to consume. before freaking out over the various ads that might come across facebook or google ask yourself
do i need to buy?
what does it do?
how well does it do it?
google and facebook may "know" your personal preferences and interests, but in the end only you know whether you will buy something or not, and if you choose not to buy then the collected data amounts to wasted time.
another fact to take into consideration is the prevalence of noscript, which may prevent or restrict the pay-per-click functionality of some advertising. in other words: Tracking IE is fairly mundane; tracking a user concerned about their privacy proves rather difficult at the end of the day and is something these companies are constantly working to achieve.
how do you take a gun from a grammaton cleric?
you ask him for it.
Good people go to bed earlier.
Facebook's problem is that its "lots of options" are spread over about 5 different sections of your profile in various sub-categories and with a wide variety of titles ranging from obvious to cryptic - choice is no good if you can't figure out what you're choosing from.
Alright well, I actually have a Facebook account and I've actually set the privacy settings. They promise to make it simpler (how, I'll never know) but the way it currently works is that you have a menu of six categories. They are:
Control who can see your photos and videos, and who can post to your wall
Control who can contact you on Facebook and see your contact information and email
Control whether your friends, tags and connections display on your profile
Control who can see your search result on Facebook and in search engines
Control what information is available to Facebook-enhanced applications and websites
Control who can interact with you on Facebook
Now, if you click on any of them it breaks each of those down into sub categories. This is all explained fairly well, by the way. And on each of these sub categories they have drop downs to let you see who sees that sub category of items on your Facebook page:
Pretty straight forward but that last one lets you get into lists and some more complicated stuff.
So please tell me what is confusing about that, how it could be better and how that's "spread out"?
My work here is dung.
Sorry, but the "if you don't like it don't use it" idea is just ignorant of reality.
A huge share (if not 100%) of the websites you visit embed Google Analytics or some other tracker, and they don't notify you much less ask for your permission. You never even get to make the choice not to be tracked. And technical jiujitsu like this FF addon only half-@ss solves the problem some of the time.
Oh, and the "I don't care if I'm tracked so you shouldn't care either" argument is even sadder.
I don't care. It's not apathy. It's a lack of concern.
That is apathy last time I checked. ;) But no, more seriously, I agree with you but you're making a flippant suggestion as though it is a decision that people could make freely and easily. That just may not be the case! It's like suggesting that you don't have to be recorded on surveillance cameras if you simply avoid places where the cameras are installed. It makes sense, but only on the surface. When you dig deeper you quickly realize that you don't know where the cameras are to avoid them, and can't easily discover them without exposing yourself.
Unfortunately ignorance like that works in the favor of companies like Facebook. No, it's not enough to not put your own information into Facebook. You may choose not to use it, but others will, and they'll fill it up with your information that you don't want on there.
Yet what else is one to do? You either accept the reality that your usage will be tracked in one form or another or you spend a lot of time and energy fighting a losing battle to prevent it. What other options are there?
And about your surveillance cameras analogy. It's very accurate. So what's the answer? The cameras aren't going away. Their use as a measure of public safety greatly outweighs any minor invasion of privacy they might pose. So what is a tinfoil hat wearing, batshit crazy loon supposed to do when they don't want to be seen entering the local WalMart? It's a pickle, I'll give you that.
I do if they said they would protect my privacy. Or unilaterally change the terms of the agreement retroactively. Allowing an opt out does not fix it. "Yes those changing room videos are now public. But you can opt out! Simply send us a notarized letter with the a copy of your birth certificate, the signatures of your mother, father and attending doctor and we will promptly re-hide it. Hurry before one of our partners decides they could make money with a 'Best of' anthology."
Given Zuck's previous business decisions I have my doubts if they even respect your attempts to protect yourself by deleting items when you ask - or simply hide it in their databases for their own potential personal use later. Thats certainly the methodology of a 'normal' account closure.
there is a fake me out there, with a fake name, a fake birthday, a fake home address, a fake mother's maiden name, a fake birth city, fake likes and dislikes, etc. every time i am asked for this info online, i consistently and continually use the fake alter ego
this is the future of privacy: aliases
intellectual property law is philosophically incoherent. it is your moral duty to ignore it or sabotage it
I think getting served ads for a search term is a fair exchange. But anything else google does beyond the ad served is not. I mean, how do i benefit from having everything i do online collected by google? I don't go online just to look at ads. Everyone got to pay to get on the Internet,then we pay even more by loosing our privacy to do a search term,or go to web sites that also spy on us, but they don't need to save that information,it will have no bearing on what i will type in the search box the next time. I'm just saying that they are taking data mining just too far and not making it easy for anyone not to be spied apon. Oh i have had that google addon and download program installed for a while and my malware program is still removing googles doubleclick advertising cookies. so it doesnt work,Have screen shots as proof :}
Jack of all trades,master of none
How obtuse you are. I have tried to trick out my girlfriends facebook privacy settings, but it seems there is always another page somewhere that you have to hunt for. Also, there is no quick and easy way to opt out of everything. You have to go to every app, every website that has a facebook tie in, every picture gallery, etc and change them ALL manually to opt out of "sharing my information with anyone who asks" mode.
Its complete bullshit. sure, you can go into your filesystem ACLs and hand edit every file to have the correct permissions. No one does this however, and thats why you can apply permissions/acls RECURSIVELY from parent. What I would want for her is a big button that opts out of EVERYTHING. Add to that a nice concise privacy page. Note how i said PAGE, not pageS spread across the entirety on the site. Then I would say, add as many fiddily little options as you want. So long as the giant opt out button still works for them all, and when they add new features, they don't opt you in automatically, as is currently the case.
I have always hated facebook, but I didnt know the true hate till i went to ehow.com - or any number of a growing pool of "facebook connect" sites, and saw a picture of my girlfriend on there with the option to leave a comment about the site.
What the fucking fuck! i still havent been able to turn that "feature" off yet, because i cant find the damn option! Aparently, if you have logged onto facebook (that day?), you are automatically "connected" to a host of other sites. So now i have to go to facebook and make sure my gf is logged out, every time i use the computer.
Perhaps you could think of it as akin to a program which has zillions of undocumented commands. Amazingly powerful and yet completely useless at the same time. Sure some people have cracked the correct syntax to get facebook to perform the stop-auto-tie-in-to-all-garbage-sites option, but why the fuck should it be so hard?
There is only one answer and one alone - deliberate obscurification and mis direction. It is the same answer as to why everything is opt OUT instead of opt IN on facebook. They rely on people being too lazy, confused and stupid to care.
So stop apologizing for what is at best bad UI design, and at worst willful obscurification that leads too (surprise!), expanded profits for facebook.
As a potential lottery winner, I totally support tax cuts for the wealthy
I've been doing it for several years now, and it's invaluable. Something to keep in mind is that there is software that validates and cross-references zip codes, addresses, and phone numbers, which is intensely frustration. So, likewise, I've done a bit of research on my fake selves to fool that crap.
Adult Role Playing Forum
Supplying useful web services to a large number of people costs real money; it's not free. And there are no successful companies or corporations that give these services away for free - they get paid for them, and they're paid very well.
So when you see a great new free web service you need to stop and think - it's not free, someone is paying for it and that someone is almost always the users. If you don't see the price tag then you don't want to play their game. In most cases, this benevolent company giving you a free service is building up user profiles that they sell to marketing companies. If you're big like Facebook or Google, you've got millions of those profiles and they're very detailed and also very valuable. But nobody ever thinks about this when they happily give up all kinds of personal info as they register for their free account.
Google is pretty transparent about this stuff: they use the profile data to serve targeted ads and advertisers pay them a premium price for those ads. This wouldn't work without the information about you that Google has amassed but it's the source of all of their financial might. Who do you think pays Facebook's bills? That's right, and that's why their privacy options don't include any that would prevent them - and their "affiliates" - from collecting your personal data.
That personal information is valuable and it's yours - and you give it away. Those corporations thank you for your generosity! Here's a tip for further study: view the mandatory privacy policy at any major web site; they'll tell you (sort of) what kind of data they collect - then promise to keep it safe and only give it to the government upon request and to their affiliates and/or third parties that supply some kind of service to the company. So what is an affiliate? Could one of them be the marketing clearinghouse that buys your personal profile? Could one be an Indian call center that will resell the data to anyone with the price? Could one of them be the guy with the CC skimmer? You'll never know; you'll just look at the privacy policy and say "that's cool" and click OK.
You may have noticed that when ad blocking software is discussed it's the small websites that whine and cry about the loss of revenue. The big corporate sites only report what the small sites say because it serves to preserve the legend. Banner adds are small beans - but live and verified profiles are big money.
Some consider The Prince a political satire, although Wikipedia calls it a "political treatise"; my own feeling is that it is a serious study of power politics. Even as a satire, it's a very subtle satire when compared with Swift's Modest Proposal.
Speaking of satirical modest proposals, Joe Haldeman wrote a nice little short story in a somewhat Swiftian vein: To Howard Hughes: a Modest Proposal. I'll spare you the spoilers, other than to say it's a tongue-in-cheek solution to the threat of nuclear war.
-kgj
The way that you disable the eHow thing is to disable third-party cookies in your browser.
I don't believe in time. It's a grand conspiracy designed to sell watches.
...you have no way to ask Google to stop this tracking.
Ask? Real men (and women) don’t ask. We announce.
We don’t beg if someone could please stop raping us. We. don’t. let. him!
If you put yourself in the beggar position, you have already lost right from the beginning.
Any sufficiently advanced intelligence is indistinguishable from stupidity.
Evidence, please!
Opt-out of Analytics using AdBlock was the topic of a Slashdot comment saying "(I work at Google, hence posting as AC.)", which I posted on Reddit, asking if it was really necessary: http://www.reddit.com/r/google/comments/bl2jn/i_work_at_google_hence_posting_as_ac_was_posting/ http://www.reddit.com/r/AskReddit/comments/bk093/i_work_at_google_hence_posting_as_ac_really/
For the past several years Facebook and Google have been consistently criticized for their poor records on privacy. Yet, these sites are still two of the most popular sites on the Internet. Why is that? Are people not aware of the privacy concerns? Or do they just not care?
I think they don't care. I think they know that they're are giving up a measure of their privacy. They think that the services and convenience that they get in return are worth it.
Want to change things? You can criticize Google and Facebook all you want. As long as people are willing to give up privacy to use their services, G and FB aren't going to change. If you want to change things, there are several options. None of them are easy.
1. Convince people that their privacy is worth enough that they shouldn't give it up to use FB/Google.
2. Offer equivalent services with better privacy protection.
3. Convince the government to regulate FB/Google, forcing them to offer better privacy protections.
As a small government conservative, #3 deeply offends me. If people don't value their privacy, then it takes a high level of arrogance to use the machines of government to force private companies to protect privacy anyway.
I don't think people are stupid. They can make rational decisions about their own privacy. They've made those decisions, and that's why Google and Facebook are so popular. Don't like what the people decided? Try to change their minds. But don't use the government to shove something down their throats that they clearly do not want.
If you had super powers, would you use them for good, or for awesome?
Good point, thanks.
-kgj
Just like how TFA talks about illusory opt-out system, Google are up to it again:
Those that are concerned about their privacy can install an add-on and permanently disable the script. After installing the add-on, you'll notice that the browser still sends a request for this file: http://www.google-analytics.com/ga.js when visiting a page that uses Google Analytics, but it no longer sends information to Google Analytics.
So Google don't get all the info they want, but they still get a log entry from users of this extension every time their browser requests http://www.google-analytics.com/ga.js (with date/time, and of course the referrer). And if they have a cookie set for google-analytics.com (or accept 3rd party cookies), that'll be logged too. So the users still can potentially be tracked, even when they have taken steps to avoid it.
There isn't a search as effective as Google, so I'm not about to stop using it. It's just they are totally untrustworthy in my opinion, so I use protection when connecting to Google's ports. I use Scroogle SSL via TOR. Yeah, it's a little slow (about dial up speed, 15 years ago), but it is worth it: 100 results by default (without a cookie), no cruft, no corporations getting info that they will only use to try and convince me to give them time/money.
Car analogies break down.
I have always hated facebook, but I didnt know the true hate till i went to ehow.com - or any number of a growing pool of "facebook connect" sites, and saw a picture of my girlfriend on there with the option to leave a comment about the site.
What the fucking fuck! i still havent been able to turn that "feature" off yet, because i cant find the damn option!
Account drop down -> Privacy settings -> "Applications and websites" -> Click the "Edit setting" button for "Instant personalisation pilot programme" -> Uncheck the box.
Note though that the copy lists only three current partner sites, and eHow isn't one of them; of course, the copy may be out of date, or customised for my region (I'm in the UK). Note also the following small print:
(There's also a link to get more information about that)
It's official. Most of you are morons.
Let's say your ISP offers you search, document storage, E-mail etc. (they do some of that already). Or let's say you go with Mobile.Me. Now, why exactly do you have any more reason to trust them than Google or Yahoo or any of the other services? Do you seriously think Comcast or Apple are any more likely to keep your private data private than other companies?
Well, I don't know how to do 1, 2, or 3, even if I had superpowers. What exactly is it you want?
If you don't like the same company doing search, ads, mail, and docs, well, just use Google, Bing, Yahoo, and Zoho as separate services. If you're really concerned, use some of the privacy options or use desktop software.
Data retention is already limited in the EU by law. The US could do the same thing.
What else do you want? What else do you want to be protected from?
Sure, that's true. It's happened in the past so there are records of it that are easy to find.
But it's sure not common. The employee who was led out of my office (yes, I work for them ) in handcuffs last week could testify that IRS employees who look up ex-spouses get fired and prosecuted. Every access to the Integrated Data Retrieval System, the front-end to nearly all our master files, is logged and automatically checked against the employees dossier. If you look up a family member or yourself you get fired and prosecuted. If you look up a famous person without cause, same outcome. If you look up someone who just happens to live in your neighborhood (even though you had no idea you did so), an investigation is opened and it's never pleasant.
I firmly believe that of all "large" agencies the IRS is the most trustworthy. The stats on firings for such reasons are available to the public and I'd feel comfortable comparing them to any other agency.
For the external site thing, I strongly recommend adBlock. Here's what I'm blocking:
This removes all the "integration" BS between facebook and all the external sites. Yes, they shouldn't be doing it at all, but in the meantime, you can shut it down.
Google drives down public streets to photograph people's houses. I'm all for privacy protection, but what Google does is what any stranger has been able to do for about a hundred years: take a picture of the street. The alternative is to give police the power to accost anyone with a camera on a public street. Personally I would prefer a world in which I have freedom to take pictures in public places.
Build a man a fire, he's warm for one night. Set him on fire, and he's warm for the rest of his life.
I think that would be a great browser feature-- it collects all the google search strings you enter, looks them all up in a "contradictory site" or "contradictory search" database, and when the system is idle, it browses the contradictory sites for equal time. Thus, when you browse that pro-Obama site, the system will automatically browse some anti-Obama site when it's idle. They'll collect all the info on you they want, but it'll all be completely bogus-- they'll average you out to be totally middle-of-the-road.
Or, you could even have a "slanted" database, that would deliberately add searches that would bias you the way you would like to be percieved, regardless of what you actually do on the computer.