- Google CEO Schmidt is a douche. Schneier responds. "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place." This is the same guy who blacklisted CNET for publishing personal info about him that they found by googling.
Facebook changed their privacy policy, and largely screwed the pooch. Where by "the pooch" I mean "you" and by "screwed" I mean, if any of your friends ever posts a quiz result or installs any other app, the author of that quiz/app is able to get all of your Facebook details -- name, gender, city, friends, photos, pages, etc.
To be clear: installing an app doesn't just give away that information about you. It gives away that information about everyone who has friended you, and there is no way for them to opt out.
Privacy
Tags: big brother, doomed, firstperson, security
Current Music: Shirley Manson -- Samson & Delilah ♬
52 Responses:
I find it astonishing what an easy ride Schmidt has gotten on this. I know Goodle does a lot of cool stuff, just like Bell Labs back in the day, but is there any clearer evidence they're a bunch of shitbacks, just like Ma Bell back in the day?
(Bracing myself for phalanxes of Angry Google Apoligists incoming...)
All successful companies fail under their own inertia sooner or later. Some day Google may be remembered as well as AltaVista.
Schmidt's comment was specifically related to the Patriot Act. While it's important to question that claim even in the case of illegal activities, he wasn't proposing that all data should be public or that people are wrong to want privacy.
FB's implementation of their new privacy thing sucks because everything is set to default to "show everyone" when they ask you to make with the new tickys. But I thought that the "show all your shit and your friends' shit to the app maker" thing was a pre-existing condition?
Ah, I see that the amount of info it shares is what has changed. Fan-fucking-tastic. I already hated people sending me all those fake gifts and posting shit about their fake gang wars. Now my hatred is of nuclear proportions.
boy I'm glad I put fake info in. of course that leaves them with all my contacts anyway. sigh.
Even the 'keep old settings' option doesn't behave like it should in some cases. I had some things in my profile set to self-only, but the 'keep old' migration option changed them to something like Friends and Networks. You wind up having to go back and recustomize everything afterward anyway.
If it says "show everyone," it's because those were your previous settings. Mine were previously locked down pretty tightly and the settings did not change.
Hate to seem argumentative, but mine were as locked-down as they get, and the option that was pre-selected in the "transition tool" was "show everyone." I manually switched it all back to "previous settings" (which someone else has mentioned apparently doesn't even do that in some cases - possibly when one was only showing things to sub-groups?) but if I'd mis-clicked and skipped past the tool, suddenly my options would have been reset for me to "everyone."
Oh, and another thing. (sorry J)
Foucault had his way with the Panopticon sufficiently for me to feel confident in saying: Eric Schmidt, shove it up your arse.
ugh. fucking facebook.
thanks for those articles, highly informative
There is a way to opt out of some of the information sharing, as alluded to by a broken link in the ACLU's site (linked from EFF site).
Go to "Privacy Settings > Applications and Websites" and uncheck everything. This took awhile to find, even when I knew precisely what I was looking for. Here's what the text on the page says:
When your friend visits a Facebook-enhanced application or website, they may want to share certain information to make the experience more social. For example, a greeting card application may use your birthday information to prompt your friend to send a card.
If your friend uses an application that you do not use, you can control what types of information the application can access. Please note that applications will always be able to access your publicly available information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages) and information that is visible to Everyone.
Yeah, that's the one. I didn't even find it that hard to find. I'm not sure what this says about the EFF's claims about what you can't opt out of?
That said, the migration page that pops up to go from old to new Privacy settings was outrageously useless. The two columns made no sense, so I had to just tell it to fuck off and go into the (new) Privacy settings manually. I'm fairly confident I'm blocking most of my info from non-friends though.
There are actually two different issues here, and they're being confused.
The first is that some info which you used to be able to limit access to is now PAI. This includes your friends list and your home town. Frankly, I couldn't really care about this stuff. You can get half of it off of Google in twenty seconds, and it's not like I've friended Gary Glitter or anything.
The second is that there's all sorts of other, rather more personal information (basically anything else on your profile), which apps now seem to have access to by default even if you haven't authorised them yourself. This is the stuff that can be disabled with Privacy settings -> Applications and websites -> What your friends can share about you through applications and websites. That's the stuff which is really "private" as far as I'm concerned and I'm pretty sickened to discover that I have to manually disable this or anyone that I've friended can basically give it away to every app they've installed without me ever knowing.
The migration wizard was useless for me as well, largely because it didn't actually do anything to help me disable the latter even though I chose the most paranoid options I had previously thought available. But that's what happens when your business model is basically all about harvesting personal information from people I suppose.
- Chris
Yep.
Interestingly they ask for your password. Secured for my protection, yeah, right, sure...
Buh? How can something that's simpler give you more control?
"Any and all your information will be private. [X] Yes [ ] No [ ] Pick and choose"
Pretty easily.
Having control or not is more a function of good design than of complexity.
I just had to learn about the Google contact API tonight.
It's astounding how much information about my friends I can make available to any app I authorize. http://code.google.com/apis/contacts/docs/3.0/developers_guide_protocol.html#contacts_feed_url
Ok, not that facebook aren't dicks, but I don't understand this part of it, but maybe it's just a jargon problem.
Quote from that EFF page: now apps can get all of your "publicly available information" whenever a friend of yours adds an app
But also from that page, earlier: Under the new regime, Facebook treats that information - along with your name, profile picture, current city, gender, networks, and the pages that you are a "fan" of - as "publicly available information" or "PAI." [...] Facebook counters that some of this "publicly available information" was previously available to the public to some degree...
If the second text is complaining about the PAI being available to the public, then why would it matter if applications got access to the PAI, if it's already public?
Or is PAI some kind of jargon that doesn't mean 'accessible to the public', just 'accessible to some friends and to apps they add'? That would explain the complaint about apps, but not the quoted complaint about the PAI itself, nor would the quote about the information being 'previously available to the public'.
So are they just double-dipping the same complaint twice, or what?
My understanding on that last point is that some things (name, profile picture, etc) are now "publicly available information", whereas before you were able to restrict access to that information, if you wished, to a certain degree (perhaps with some holes via API shenanigans).
If you treat every email/web site/futuretec as essentially broadcasting information to your least-liked associate, you will be safe. I don't trust facebook, livejournal, google with info I'm not comfortable with getting exposed.
I suppose I learned this in the 90s after my first "reply-all" gaff.
If you have something that you don't want anyone to know, maybe you should keep it in the closet. Don't post it in public places.
You seriously have missed the point here. What's troublesome is that by posting a collection of seemingly innocuous things which you do not mind "sharing", it becomes possible to derive non-innocuous information which you may not have wanted to share at all.
See, for example, reports about one study mentioned on the EFF page
For people too lazy to click the link, MIT basically discovered that you can discover who is gay and closeted by examining their network of friends.
So, they kept it in the closet, but the internet still found out.
How can we (the user community) prevent this kind of smart data mining activity if there is someone who would really employ it?
Boycotting social networks that expose data that we want to keep private, and raising a stink, I guess.
You can't. If someone wants to find out stuff about you, then they will. That's the entire point of, for example, the criminal investigations department of your local police force. Everything we do leaves a trace, it's only a matter of whether someone wants to know badly enough.
You can make doing this illegal (but it will still happen, just now it'll only be criminals and secret government agencies who know your secrets).
We deliberately blind lots of data, but we know from experiment that a lot of it can be unblinded. The blinded raw data from a medical trial for example, can be unwound to produce information about individuals who took part in the trial even though in theory no "personally identifiable" facts about them were included in the data. You might think of such blinding as like using rot13 to obfuscate a plaintext password in a configuration file. It keeps honest people honest, by ensuring they don't accidentally learn the identity of the individuals. But anyone who really wants to know could figure it out with some work.
Here's a hideously contrived example: Suppose I have trial data for 40 patients which includes whether they attended each dated checkup. Most have 95+% attendance records. Eight of them did not attend the October checkup. A search reveals that it was scheduled for the 12th of October, and that on the 11th a storm destroyed the bridge connecting a settlement in the area where the trial was run. Guess whether most of those 8 people lived in that settlement. The settlement has a population of 300 people. Each patient's age & gender are recorded. I cross reference the 8 ages and genders against the ages and genders of the settlement's population. Soon enough, I am pretty sure that George Banks is 72 year old anonymous male patient #29. His doctors did everything reasonable to protect him, but I was determined and so now I know things only his close family and doctors "should" know.
A douchebag he may be, but Schmidt is right - if you don't want people to know you did X, the only reliable way is not to do X.
That's exactly the answer CEO Douchebag gave. Douchebag.
Isn't that your answer also? Is it that he said this thing you agree with while also being vain and petty about his press?
At the risk of getting publicly kicked in the nuts, I'm going to disagree with you on both points. As a john-q-random we can't assume Ataxiandiary has ever given these issues any serious thought at all. And he asks (albeit in the form of a statement) the first naive question everyone has. So "clueless" might be the best characterization. But then two clicks down the thread she starts asking the hard questions that eventually lead somewhere.
Schmidt on the other hand breathes this stuff day and night and knows exactly what he is saying. "Douchebag" does not seem to fully convey the sociopathic menace he presents.
Actually, I would be less alarmed if Eric Schmidt had said "If you have something that you don't want anyone to know, maybe you should keep it in the closet." What he actually said -- "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" -- seems much worse to me. The first sounds like "It's okay to want privacy, but we won't provide it for you"; the second is more like "You shouldn't even want privacy."
To be clear: installing an app doesn't just give away that information about you. It gives away that information about everyone who has friended you, and there is no way for them to opt out.
Privacy Settings -> Applications and Websites. Uncheck everything. Opt out successful.
Am I missing something here?
Now obviously it's totally douchey that by default my friends HAVE to opt-out because of apps that *I* use. This should absolutely be opt-in, not opt-out. But let's not confuse things by claiming that opting out is impossible when the page to do so isn't even hard to find.
You are missing the part where that very page says "Please note that applications will always be able to access your publicly available information (Name, Profile Picture, Gender, Current City, Networks, Friend List, and Pages)". So every app quiz result that gets posted can mine the entire social graph, which used to be (at least purportedly) private.
Ah, I did miss that yes. When I unchecked everything it didn't occur to me that there were things that should have had checkboxes but didn't.
Correct me if I'm wrong though... that's not an issue with app privacy specifically, it's that all of those things are now completely public, yes? Like I said, just trying to make sure I'm angry about the right thing.
They redefined "private". Things that used to be (allegedly) private with the proper settings no longer are.
Gotcha. Thank you for the clarification.
Ironically, these things aren't public in the traditional meaning of "Anyone on the Internet can view them." My brother clicked the "Share these photos with other users, even if they aren't on Facebook." That sends an email to me that takes me to a sign up page.
Looking at someone's profile page as a non-user, I can see name, profile picture, and some friends. Oddly, a Google search sometimes shows city in the title, but when I click on the user, the Facebook page doesn't show city in the title or elsewhere.
It's funny, I was rereading some of tim may's cyphernomicon the other day, and despite having freely available tools to accomplish all of the things critical to the vision outlined in the manifesto (e.g. http://www.activism.net/cypherpunk/crypto-anarchy.html ), we seem to be going ever in the opposite direction.
What's more interesting to me is that the view historically was that it would be the "State" looking to invade our privacy. But at least as far as what is brought to public light, it is increasingly the case that individuals volunteer information to corporate interests.
Maybe it's time to build a strongly encrypted social networking service as an onion routed hidden service?
You are missing the point.
The problem here is not it is technically do-able or not for facebook not to allow the app writer to be able to access every individual user's profile, it is that it is *alarming* that facebook executives haven't thought the privacy issue through ahead of the time. Obviously they haven't taken the privacy issue seriously.
Unless they have. My feeling is that they feel that they can get more money and make facebook more attractive to advertisers if they can increase the amount of information users 'willingly' give away. My guess is that it's not nearly as profitable to monetize privacy.
ding ding ding ding ding
Fries are done.
There's a difference between raising a *different* point, and "missing" one. I was trying to move the conversation in another direction, and maybe raise some new questions. Facebook/google/corpofthemoment not valuing user privacy as much as they value potential revenue is so obvious to me as to not be worth discussing and is anything but alarming. They take their revenue very seriously.
I'm confused: that's a usage of taking something "very seriously" that isn't clear to me. Companies routinely take my privacy, rights, and concerns "very seriously," and I think that means they're doing nothing, right?
Right: the state used to take information to serve its own purposes, but now people are trading their information for what they perceive as mutually beneficial arrangements.
People don't hand over their info to facebook and google for the heck of it; they do it because those services are offering them things they want in return.
And then facebook, google, att, etc hand that information over to the state. Much more efficient that way.
Cryptography tends to make user interfaces worse. You have to type a password more often. It's harder for a service to provide search, since they need unencrypted data to build a good index. Speed decreases if you have to decrypt every photo someone shares with another user.
I think cryptography is best use to distinguish secret from private. Distinguishing private from public is a matter of policy, trust, and design.
I spotted this on the links.org blog:
"Apparently, it is Facebook's considered opinion that the way to avoid sharing data you don't want shared is to not enter it
Barry Schnitt, a Facebook spokesman, said users could avoid revealing some information to non-friends by leaving gender and location fields blank.
I guess they'd agree, then, that the best option is to not use Facebook at all."
A similar fuckup by myspace led lots of people to change their age to 17 because myspace did not redistribute minors' info. I can't tell for sure from the docs if this will work at facebook but there are hints that it will.
HAHA at me! I tried it and facebook doesn't let you do this.