Schneier's Revised Taxonomy of Social Data

Jamie noted that over at Schneier's blog, he has a worthwhile entry on the data in the social networks. He writes "Lately I've been reading about user security and privacy — control, really — on social networking sites. The issues are hard and the solutions harder, but I'm seeing a lot of confusion in even forming the questions. Social networking sites deal with several different types of user data, and it's essential to separate them."

Unfortunately

[cosm]

The unfortunate thing is that Schneier's taxonomic breakdown of data is most likely known by the majority here, and the folks who really need that information conveyed to them (ie mom and pop, aunt velma and her pic's of fluffy, partying cheerleader squad, drunk frat, etc..) will probably never see it, and if they did, they wouldn't understand it, or take heed to its importance even if they did.

Not to mention large social sites are not really transparent with their collection and retention practices in the first place.

Cynical, yes. Realistic, perhaps.

Re:Unfortunately

[lapsed]

I hadn't heard about it until now, but I'm just one data point. Later in the post, Schneier writes that "there are other ways to look at user data," so it's not clear that his proposed taxonomy is the only way of classifying social networking data. What's weird about it is how it assumes and implies ownership. A user owns the page to which other users post, and as a result, the data posted by those other users is of a different type than the data posted by the page's 'owner'.
Empirically, these types don't exist. In this sense, it's more of a typology than a taxonomy (in the social sciences, conceptually-derived classification systems are called typologies and empirical classification systems are taxonomies). Control over data -- particularly social networking data -- is, to a much greater degree, a function of the underlying protocols, API's, and SLA's.
I get that the post is normative -- that Schneier is proposing a means of classifying data that will result in a social networking infrastructure that returns the control over data to its creators. But as you say, that change has to take place without the active participation of Facebook's 5 million indifferent users.

Selling to third parties

[whencanistop]

We often don't mind if a site uses it to target advertisements, but are less sanguine when it sells data to third parties.

Really this is the problem with the whole privacy thing that has caused so much issue in the past. The problem isn't that the company collects the data, it is that they then sell it to third parties to make a profit.

Similarly if you look at the in depth report that the WSJ published then the real issue isn't the use of cookies or even the collection of the behavioural data - it is that they have then sold out to third parties by either selling the data or allowing them to collect it in the first place (which they can then do whatever they want with).

Re:Selling to third parties

[Fnord666]

Really this is the problem with the whole privacy thing that has caused so much issue in the past. The problem isn't that the company collects the data, it is that they then sell it to third parties to make a profit.

One important thing to keep in mind is that the users of these sites are not the customer, they (or at least the data that they generate) are the merchandise.

social data vs pr0n?

[vlm]

Story about a fuzzy taxonomy of social data gets like 4 posts, whereas a taxonomy of Pr0n would probably have about 900 comments by now.

When did it stop trickling down?

[SomePoorSchmuck]

The funny thing about Facebook is that it is similar to television: You've been given the impression you're the customer, but you're actually the product being sold to the real customers - advertisers.

Facebook just takes it another step, because you're voluntarily giving them extensive data about who you are as an individual, as well as involuntarily (or unknowingly for most people) letting the technology create profiles of your browsing habits. If that weren't enough, there is the further twist - at least on TV there are professional artists and actors and creative types who are producing the content you enjoy. On Facebook, the content is created by you and your friends and given away for free to the website owners.

So all they have to do is create a database infrastructure, then you and your friends come along and do almost all the Data Entry, and while you're doing it they're watching you and adding meta-data to their private database, then they can turn around and sell all the aggregate data to their customers. Profit!

At the peak of the show "Friends", Jennifer Aniston was getting paid a million dollars for pretending to be Rachel whatsherface for each 30 minute episode. The million dollars ultimately came from advertisers who bought airtime from the network.

We are now self-creating global databases with billions of entries and in return are getting... the ability to "poke" someone from your 10th grade Health class. Meanwhile, how much money is Google, Facebook, BlackPlanet, etc. making from both the ads already on their sites, and the immediate/future revenue from the data we are giving them?

not just "selling"

[paramour]

The problem isn't that the company collects the data, it is that they then sell it to third parties to make a profit.

No, the problem isn't limited to selling. Data gets lost or stolen with alarming frequency: someone leaves a laptop on a train, with the data unencrypted; a web site permits SQL injection hacks; an employee walks away with with a flash drive; a National Security Letter arrives. You're lucky if you ever hear of any of these happening.

So even if the company has the best intentions and never sells or misuses the data, if they do not or can not secure it I'd rather they not have it.