Posts Tagged ‘privacy’
A tweet from @benjamindyer alerted me to a trial being run in Portsmouth where “behavioural analytics” are being deployed on the city’s CCTV footage in order to “alert a CCTV operator to a potential crime in the making” (Portsmouth gets crime-predicting CCTV).
I have to say this reminded me a little, in equal measures, of Phillip Kerr’s A Philosophical Investigation, and the film Minority Report, both of which explore, in different ways, the idea of “precrime”, or at least, the likelihood of a crime occurring, although I suspect the behavioural video analysis still has some way to go before it is reliable…!
When I chased the “crime predicting CCTV” story a little, it took me to Smart CCTV, the company behind the system being used in Portsmouth.
And seeing those screenshots, I wondered – wouldn’t this make for a brilliant bit of digital storytelling, in which the story is a machine interpretation of life going on, presented via a series of automatically generated, behavioural analysis subtitles, as we follow an unlikely suspect via the CCTV network?
PS if you live in Portsmouth, you might as well give up on the idea of privacy. For example, add in a bit of Path Intelligence, “the only automated measurement technology that can continuously monitor the path that your shoppers or passengers take” which is (or at least, was) running in Portsmouth’s Gunwharf Quays shopping area (Shops track customers via mobile phone), and, err, erm… who knows?!
PPS it’s just so easy to feed paranoia, isn’t it? Gullible Twitter users hand over their usernames and passwords – did you get your Twitterank yet?! ;-)
So it seems as if Facebook is trying to encourage everyone to open up a little, and just share… Ah, bless… I suppose it is getting near to Christmas, after all…
So if you don’t want the world and Google to know everything you’re posting about on Facebook, and you are quite happy with privacy settings as they currently are, thank you very much, here’s what I (think) you need to do… Continue to the next step and change the settings from Everyone:
to Old Settings:
When you hover over the Old Settings radio button, a tooltip should pop up telling you what your current settings are. If anything looks odd, make a note of it so that you can change the setting later.
If you think you’d like to make things available to Everyone, bear in mind these important things to remember:
Information you choose to share with Everyone is available to everyone on the internet.
And when you install an application:
When you visit a Facebook-enhanced application, it will be able to access your publicly available information, which includes Name, Profile Photo, Gender, Current City, Networks, Friend List, and Pages. This information is considered visible to Everyone.
To save the settings, click to do exactly what it says on the button:
If, whilst changing the settings, you noticed that an Old Setting tooltip suggested that your current privacy settings were different to what you thought they were, you’ll need to go in to the Privacy Settings panel, which you can find from the Settings on the toolbar at the top of each Facebook page:
Looking at the actual privacy settings page, there are several menu options that lead to yet more menu options and then screenfuls of different settings…
When I have a spare 2-3 hours, I’ll try to post a summary of them… (unless anyone already knows of a good tutorial on “managing your Facebook privacy settings”?) For now, though, I’m afraid you’re own trying to track down the setting you disagreed with so that you can change it to a setting you do want to have…
[A story a few days ago (March 2012) brought this post to mind... Here's the recent story - Walmart buys a Facebook-based calendar app to get a look at customers' dates: "The Social Calendar app and its file of 110 million birthdays and other events, acquired from Newput Corp., will give Walmart the ability to expand its efforts to dig deeper into the lives of customers—allowing customers to make purchases on Walmart.com directly from event reminders from the Web or their mobile device." It's time I started brushing up on my legal understanding, I think: in the UK, would data protection legislation prevent one company from buying another for its data, and then using that data for a different reason to the reason for which it was collected? And if so, how is different defined? Could the data be used to annotate/be annotated by other data to create a derived product? Hmm... And how will #midata fit in with all this? eg We Can Haz Our Personal Data Back from Corporates?]
A long time ago, I wrote:
A couple of weeks ago [err, that'll be years now;-)], I was telling a colleague about a podcast I’d heard earlier that day: Future Proofing Your Privacy. At the start of the talk, the speaker, Mark Hedland, tells of how he posted to an online group a post that said…
For those of you who haven’t followed the links, here’s a recap. Something that was posted over 10 years ago to a part of the web that wasn’t supposed to be being archived, was – and now Mark Hedland can show how foolish he was then in thinking that [what] he was saying then would disappear.
As we talked, my colleague ["Sam Smith"] mentioned how 5 or so years ago they had posted a request to a news group asking for a translation of a traditional, Canadian French folk song, a translation they have since lost, along with the name of the song. (Actually, it wasn’t a song, French or Canadian, but it was to do with translation; I have changed the specific details to protect my colleague’s privacy!)
Two minutes after leaving their office (or maybe it was three, certainly no longer than that) I mailed my colleague a link to a Google Groups search page containing their long lost post. The query used the equivalent of these search terms: translation song “sam smith”. The post being searched for was the third item in the list of search results.
And so, as Google continues to roll out its social circle search facilities and use the people you know (and the people they know) to inform what search results you see, [and as Google buys up other social search companies, such as Aardvark (e.g. Google Buys Human-driven Search Engine Aardvark: Will It Make It to the Main SERPS?)], it’s worth bearing in mind a few things:
1) Just because you haven’t given Google your Twitter details, Google may know you’re my friend becuase I have given Google my twitter details and my friends and followers lists are public (an ‘asymmetric disclosure’? So for example, for a symmetric disclosure, Google might only use the belief that we’re friends if I follow you AND you have given Google your Twitter credentials AND you follow me. But if it you uses you to inform my results simply because I follow you, that would be asymmetric?)
2) Just because you haven’t given Google any personal info, Google might buy a company you have disclosed personal information to and then assimilate it into their growing total information awareness… (You do know Google owns Youtube, don’t you, and so has a pretty good idea of everything you’ve watched on it?;-)
3) Your mum may be influencing your search results… And you might be influencing your kids’ results… ;-)
PS a not evil thing to do would be to give users of an acquired service a guaranteed period of grace between the announcement that company has been acquired and the time when Google first has access to personal data, with the guarantee that users can withdraw from the service within that period and have their records permanently deleted.
PPS what does Google know about you? Here are two things to try: if you have a Google account, see who’s in your social circle; and whether or not you have a Google account, see what Google’s social graph API can turn up about you… .
PPPS if you’re on Facebook, Twitter and LinkedIn, Mashed In provides a widget based tool for letting other people on those networks see how closely linked they are to you… The asymmetries might arise here from all over the place, depending on what Mashed In is actually doing (I’ll try to do some digging…). For example, you might log on to my site and see that you are connected to someone on Facebook who is connected to someone on Twitter who I’m connect to on Linked In. Those intermediaries, who maybe are trying to maintain privacy of a sort by having separate social circles on different networks, are suddenly exposed. Like weddings where guests from different parts of the happy couple’s life collide, your connections may b your undoing. (Hmmm, so I wonder, are all these social tools going to start being deployed on prospective MPs I wonder? Prospctiv Parliamentary Candidate X is only two steps away from both a member of an dodgy looking group on Facebook and an ex porn star, for example… MPs expenses could be as if nothing compared to the sorts of selective storytelling you might be abl to turn up as a result of friend of a friend connections. Think Twiangulate, but working over multiple servics (as Mashed In might do?), court records, local news searches, gossip sites, company directorships, etc etc… Nightmare…
PPPPS Not to self – do a post on this… Reidentification Using Social Networks (i.e. deanonymisation); for sample History attack code, see SocialHistory.js: See Which Sites Your Users Visit]
Although on a day to day basis I’m a Mac user, every so often I need to dip into the Windows virtual machine on my laptop. This generally fills me with fear and trepidation, because as an infrequent Windows user, whenever I do go over to the dark side I know my internet connection will grind to a halt and I will get regular requests to restart the machine as Windows goes into update mode. In a similar vein, on a day to day basis it’s Twitter that meets my social web needs. But on the rare occasions I go into Facebook, I’m also filled with dread. Why? Because there is frequently a new privacy minefield to negotiate (e.g. Keeping Your Facebook Updates Private).
Over the last few days, there’s been a Facebook developers conference, so I thought it worth checking in to see what new horrors have been released; and here’s what I saw today:
So Facebook makes it easy for website owners to help you “tweet” a link to your Facebook stream… (I wonder, does this also work as a social bookmarking service? Can I browse through the links I’ve Liked?
Ah – according to Deceiving Users with the Facebook Like Button, it appears that “Removing the feed item from your newsfeed does not remove your like — it stays in your profile. You have to click the button again to remove the ‘Like’ relationship.” So it could be used as a social bookmarking service, of a sort. Or at least a Facebook equivalent to “favorited” websites in your browser.
As you might have guessed from the previously linked to post, all may not (yet) be well with the Liked implementation though – because it seems that it’s possible to add a “Like” link on one page that actually Likes a page on another website. Which reminds me a little of phishing…
So, what other goodness (?!) does Facebook have in store for us?
Instant personalisation, hmm…? So if I go to Pandora, say, it can trawl my Facebook profile, decide from my Likes and updates that I’m a goth hippy groover, and generate a personalised radio station for me jus’ like that? The oo’s have it… (ooh…, cool… or spooky…?;-)
And guess what, Facebook have thoughtfully opted me in to that service, without me having to do anything, and without even forcing me to notice (I didn’t have to follow the link on the home page to read the new service announcement; and for mobile users, I wonder if any of the Facebook apps tell the users that they’ve been opted in to this new way of giving their personal data to third parties…?)
I think I’ll click here:
I think I’ll untick…
Am I sure…? Err, yes… Confirm.
But what does this mean…?
Please keep in mind that if you opt out, your friends may still share public Facebook information about you to personalize their experience on these partner sites unless you block the application.
Hmmm, I think I’ll Learn More… (do you ever get the feeling you’ve ended up in one of those Create Your Own Adventure style games, only for real… Is this Brazil, or a Trial?
I guess this is the one:
What data is shared with instantly personalized partner sites?
When you and your friends visit an instantly personalized site, the partner can use your public Facebook information, which includes your name, profile picture, gender, and connections. To access any non-public information, the website is required to ask for you or your friend’s explicit permission.
Or is that “When you or your friends visit…”? That is, if my friend visits Pandora and goes for instant personalisation, can Pandora use my friend as a vector to grab my public information? A question that now follows is – can Pandora identify my Facebook identity through some mechanism or other (e.g. Facebook set cookies?) and reconcile that with what it has learned about me from my friends who have opted in to personlisation features. And if so, could it then offer me personalisation services anyway, even though I opted out on Facebook…?
I’m still unticking… because as Facebook adds partners, I probably won’t pick up on it…
So, do I dare walk up the Facebook Privacy tree…? Let’s go up to the Privacy Setting page:
So here’s the Profile Settings control panel:
Hmmm… there’s a link there to Application Settings, which I don’t think appears on the Privacy settings page. Where does it go?
I’m not sure I understand everything in that drop down menu…?
How about the Contact settings?
Sheesh.. So here are the tabs that I have to work through:
Many of the pages only require setting a simple drop down box (though thinking through the implications, and what relates to what may be comples); but there are also quite a few that offer “Edit Settings…” links, and I suspect that some of those open up into rather more involved dialogues…
I reckon you could easily spend at least 1 week/10 hours of a 10 point short course just looking at Facebook privacy settings, and trying to think through what the implications are…
Which brings to mind the Facebook network visulisation I started working on with Gephi… Could we use visualisation tools to highlight who in your Facebook network can see what given your current privacy settings? Methinks there’s an app in that…
PS popping back in to Facebook just now to delete most of the apps I’m signed up to, I noticed on the “click here” page linked to above the option:
What your friends can share about you
Control what your friends can share about you when using applications and websites
Clicking through to Edit Settings, here’s what I see:
[Since grabbing that screenshot, I've unchecked all those boxes...]
I’ll spell out the text for you:
What your friends can share about you through applications and websites
When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card
If your friend uses an application that you do not use, you can control what types of information the application can access. Please note that applications will always be able to access your publicly available information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages) and information that is visible to Everyone
So… if i don’t take steps to protect my information, then my friends can give access to my presence, videos, links, photos, videos and photos and tagged in, my birthday, hometown etc etc to third party applications? Does that mean if I have various privacy settings set to share with friends only, they can still share the information on to third parties I did not anticipate seeing the data?
In the following set up, who can see photos and videos of me?
Answers in the comments please… If anyone’s done the experiments to see just how the various previous setting inter-relate, I’d love to see a write-up. I’m also thinking: maybe Facebook should be required to publish a logical model of what’s going on? (Are there logics of privacy? You could probably get somewhere close using epistemic logic?)
(It’s all a bit like writing legislation that says that as yet unspecified powers will be given to a Minister, who may then devolve those powers to others…;-)
PPS a page I didn’t link to/show a screengrab of but should have included is the Applications page (this is not under the privacy settings. You can find it here: http://www.facebook.com/#!/editapps.php?v=allowed
If you don’t use an app, particularly an external one, I suggest you delete it…
Whilst playing with some Google maps last night, I noticed a new control:
Click it, and the browser throws up a request:
For those of you who haven’t seen this sort of thing before, the latest browsers come complete with location aware browsing. In the case of my browser, “Firefox gathers information about nearby wireless access points and your computer’s IP address. Then Firefox sends this information to the default geolocation service provider, Google Location Services, to get an estimate of your location.”
If you’re using a mobile phone, additional cues ares available, such as a GPS fix if your phone is GPS enabled, and cell tower triangulation, where the phone’s location can be detected not only from the current cell the phone is registered with, but also from the signal strength of surrounding cells.
If you accept the location finding, the new Google map control turns out to be a blue dot control…
You can revoke the location aware privilege by going to the site you granted access to, selecting “Page Info” from the Firefox tools menu, and then tweaking the Location Awareness setting:
Anyway, in order for wifi network detection to be usable, a service is required that can map a network identifier onto a location. Skyhook Wireless is one provider of this service (I don’t think Google has acquired it – yet…), but Google also appears to be building its own…
There are several ways for Google to do this, of course…. If you have an Android phone, then it’s in principle possible for the phone to reconcile GPS data with cell tower and wifi network identifers and signal strengths. And the Google Streetview car? Well it appears that it doesn’t just collect imagery… On Google Street View Car Logging Wifi Networks: “Google’s roving Street View spycam may blur your face, but it’s got your number. The Street View service is under fire in Germany for scanning private WLAN networks, and recording users’ unique Mac (Media Access Control) addresses, as the car trundles along.” In the past, of course, there have also been privacy concerns about Google Street View capturing faces and car number plates. (See also: Large-scale Privacy Protection in Google Street View [PDF]).
Ever one to take an idea and run too far with it, I had a little think around what other sorts of “assist” information Google might be able to capture from Street View. So for example, in December last year (2009) it was announced that Google takes another stab at QR codes. Will it work this time?: “Google announced a broad plan to introduce QR code stickers in the windows of over 100,000 local businesses nationwide.” Hmm…so that means if Street View captures the QR code, it can then reconcile that location with your business…
(Street View captured QR-codes also provides a launchpad for augmented reality ads in Google Maps and Google Earth, e.g. by using the QR-code as the augmented reality registration image. See for example Real-Time Ads Coming to Google Street View?.)
Something else that was announced this week – Google Cloud Print, in which printers become accessible, and fax machines can be laid to rest…
Our goal is to build a printing experience that enables any app (web, desktop, or mobile) on any device to print to any printer anywhere in the world.
The Goog will quickly work out where in the world those printers are, of course… (I can’t wait to see a “Printers near me” option appearing in context menus… Err…;-)
(Just in passing, this also caught my eye this week: Digital Photocopiers Loaded With Secrets. In short, digital photocopiers are scanners, with hard drives. So assuming that you know all those stories about sensitive information leaking from organisations via hard drives on scrapped PCs, well, err..? What happened to your last workplace photocopier?)
Okay, enough loose threads there for you to weave into your own nightmare scenario… @andysc suggested this was all getting a bit like Halting State, so I’m going to track that book (which is new to me) down right now…
So – if you’re on Facebook, here’s a link you should all follow and take action about:
It should look like this:
But WordPress saves it like this:
The WordPress saved version isn’t properly resolved by Facebook, it just goes to:
It should go to a page that looks like this:
Here’s a shortened link that does work: http://bit.ly/bwG9Xe
Follow it, and decide whether you like what you see. You do know who your friends are, don’t you, and you do know who they know? And where they go? And what applications they have installed? Becuase my reading of the above is that they can share information you shared with them to all those people, whether you approve or not? Or maybe I just misunderstand the permissions granted by the above form in the weird and wacky game of Top Trumps that is the Facebook privacy environment. Maybe the permissions you set to only share photos and videos with friends trumps the settings that let friends share your photos and videos with applications and sites they visit. Or maybe they don’t? Does anyone know for certain…?!
This is what mine looks like now:
For more on this, see: Keeping Up with Facebook Privacy Changes (Again)
PS You should probably also consider unchecking this ( http://www.facebook.com/settings/?tab=privacy§ion=applications#!/settings/?tab=privacy§ion=applications&field=instant_personalization ):
If you leave it set on Allow, when you visit a site that Facebook is friendly with it might share you data with that partner site for you… bless…
PPS Because Facebook is geting increasingly cavalier with what it lets applications do with you data, I suggest you take a look at the applications you have installed from the Applications page at:
This page is not easy to find from the under the privacy settings, but can be reached from the Facebook Account menu, under Application Settings.
If you don’t use an app, particularly an external one, I suggest you delete it…
Whenever Facebook rolls out a major change, there’s a backlash… Here’s why I posted recently about how to opt out of Facebook’s new services…
Firstly, I’m quite happy to admit that it might be that you will be benefit from opting in to the Facebook personaliation and behavioural targeting services. If you take the line that better targeted ads are content, and behavioural advertising is one way to achieve that, all well and good. Just bear in mind that your purchasing decisions will be even more directedly influenced ;-)
What does concern me is that part of the attraction of Facebook for many people are its privacy controls. But when they’re too confusing to understand, and potentially misleading, it’s a Bad Thing… (I suppose you could argue that Facebook is innovating in terms of privacy, openness, and data sharing on behalf of its users, but is that a Good Thing?)
If folk think they have set their privacy setting one way, but they operate in another through the myriad interactions of the different settings, users may find that the images and updates they think they are posting into a closed garden, are in fact being made public in other ways, whether by the actions of their friends, applications they have installed, pages they have connected to, or websites they visit.
The Facebook privacy settings also seem to me to suggest various asymmetries. For example, if think I am only sharing videos with friends, then if those friends can also share on content because of the way I have set/not changed the default on another setting, I may be publishing content in a way that was not intended. It seems to me that Facebook is set up to devolve trust to the edge of my network – I publish to the edge of the my network, for example, but the people or pages on the edge of my network can then push the content out further.
So for example, in the case of connecting to pages, Facebook says: “Keep in mind that Facebook Pages you connect to are public. You can control which friends are able to see connections listed on your profile, but you may still show up on Pages you’re connected to. If you don’t want to show up on those Pages, simply disconnect from them by clicking the “Unlike” link in the bottom left column of the Page.”
The privacy settings around how friends can share on content I have shared with them is also confusing – do their privacy settings override mine on content I have published to them?
I’m starting to think (and maybe I’m wrong on this) that the best way of thinking about Facebook is to assume that everything you publish to your Facebook network can be republished by the members of your network under the terms of their privacy conditions. So if I publish a photo that you can see, then I have to assume that you can also publish it under your privacy settings. And so on…
This contrasts with a view of each object having a privacy setting, and that by publishing an object, the publisher controls that setting. So for example, I could publish an object and say it could only be seen by friends of me, and that setting would stick with the object. If you treid to republish it, it could only be repulshed to your friends who are also my friends. My privacy settings would set the scope, or maximum reach, of your republication of it.
Regular readers will know I’ve started looking at ways of visualising Facebook networks using Gephi. What I’m starting to think is that Facebook should offer a visualisation of the furthest reach of a person’s data, videos, images, updates, etc, given their current privacy settings (or preview changes to that reach if they want to test out new privacy settings.
PS re the visualisation thing – something like this, generated from your current settings, would do the job nicely:
More at The Evolution of Privacy on Facebook, including a view of just how open things are now…
This made me think…:
[I]f your every utterance, regardless of the privacy of the setting, is potentially subject to external scrutiny, you are living if not in a surveillance state, then in a state of surveillance.
Via @wilm, I notice that it’s time again for someone (this time at the Wall Street Journal) to have written about the scariness that is your Google personal web history (the sort of thing you probably have to opt out of if you sign up for a new Google account, if other recent opt-in by defaults are to go by…)
It may not sound like much, but if you do have a Google account, and your web history collection is not disabled, you may find your emotional response to seeing months of years of your web/search history archived in one place surprising… Your Google web history.
Not mentioned in the WSJ article was some of the games that the Chrome browser gets up. @tim_hunt tipped me off to a nice (if technically detailed, in places) review by Ilya Grigorik of some the design features of the Chrome browser, and some of the tools built in to it: High Performance Networking in Chrome. I’ve got various pre-fetching tools switched off in my version of Chrome (tools that allow Chrome to pre-emptively look up web addresses and even download pages pre-emptively*) so those tools didn’t work for me… but looking at chrome://predictors/ was interesting to see what keystrokes I type are good predictors of web pages I visit…
* By the by, I started to wonder whether webstats get messed up to any significant effect by Chrome pre-emptively prefetching pages that folk never actually look at…?
In further relation to the tracking of traffic we generate from our browsing habits, as we access more and more web/internet services through satellite TV boxes, smart TVs, and catchup TV boxes such as Roku or NowTV, have you ever wondered about how that activity is tracked? LG Smart TVs logging USB filenames and viewing info to LG servers describes not only how LG TVs appear to log the things you do view, but also the personal media you might view, and in principle can phone that information home (because the home for your data is a database run by whatever service you happen to be using – your data is midata is their data).
there is an option in the system settings called “Collection of watching info:” which is set ON by default. This setting requires the user to scroll down to see it and, unlike most other settings, contains no “balloon help” to describe what it does.
At this point, I decided to do some traffic analysis to see what was being sent. It turns out that viewing information appears to be being sent regardless of whether this option is set to On or Off.
you can clearly see that a unique device ID is transmitted, along with the Channel name … and a unique device ID.
This information appears to be sent back unencrypted and in the clear to LG every time you change channel, even if you have gone to the trouble of changing the setting above to switch collection of viewing information off.
It was at this point, I made an even more disturbing find within the packet data dumps. I noticed filenames were being posted to LG’s servers and that these filenames were ones stored on my external USB hard drive.
Hmmm… maybe it’s time I switched out my BT homehub for a proper hardware firewalled router with a good set of logging tools…?
PS FWIW, I can’t really get my head round how evil on the one hand, or damp squib on the other, the whole midata thing is turning out to be in the short term, and what sorts of involvement – and data – the partners have with the project. I did notice that a midata innovation lab report has just become available, though to you and me it’ll cost 1500 squidlly diddlies so I haven’t read it: The midata Innovation Opportunity. Note to self: has anyone got any good stories to say about TSB supporting innovation in micro-businesses…?
PPS And finally, something else from the Ilya Grigorik article:
The HTTP Archive project tracks how the web is built, and it can help us answer this question. Instead of crawling the web for the content, it periodically crawls the most popular sites to record and aggregate analytics on the number of used resources, content types, headers, and other metadata for each individual destination. The stats, as of January 2013, may surprise you. An average page, amongst the top 300,000 destinations on the web is:
- 1280 KB in size
- composed of 88 resources
- connects to 15+ distinct hosts
Is it any wonder that pages take so long to load on a mobile phone off the 3G netwrok, and that you can soon eat up your monthly bandwidth allowance!