Can I Have a Word in Private?

Privacy Switch
Photo credit: Rob Pongsajapan.

Last week I had the pleasure of attending the Lift conference and helping to run a workshop on user privacy. This was a workshop with a difference. My colleague Franco Papeschi came up with the idea of a privacy “game” (“Denopticon“) which would help participants explore the issues around privacy, personal information and data sharing. The game started with participants filling out an ID card with personal information about themselves. Participants earned points for finding out and recording personal information from others and additional points for fulfilling various secret missions. It was enormously fun and I hope to help run it again at other events. But besides being fun, it helped the participants, and the moderators, think about the key issues around user privacy.

This was against the backdrop of enormous upheaval in the area of user privacy on the Web. I remember when privacy on the Web used to boil down to “turning off cookies.” Now-a-days if you turn off cookies, you might as well use your computer as a doorstop, and anyway the privacy conversation has so moved on. In a world where more and more of our communication is happening through social networks and socially connected applications, the whole concept of privacy is being turned on its head, to the extent that some (such as Christian Heller) are claiming that we are now living in a “post-privacy” world. And, of course, Google’s Eric Schmidt is on record saying “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” which (if he truly believes this) I think betrays an almost pathological misapprehension about the human condition.

The truth is, we need privacy, as a society. Anyone who claims we don’t is (forgive me) either terribly naïve, stupid, or a sociopath. Privacy, and a reasonable expectation that some of our actions and communications are and will remain private, is a social lubricant that allows for healthy exercise of denial and other mechanisms that keep us sane. Anti-privacy pundits are quick to reply that “the kids” don’t care about privacy – but this notion doesn’t bear up under the facts. (For evidence, an article from today’s NY Times reporting on the increasing awareness of youth to privacy issues.) In fact, there seems to be a backlash against the “private is public” mentality which has led to over-sharing and social networking fatigue. (Do I really care that you’ve won the medal of the badge of being the mayor of the Duncan Donuts at 33rd and 8th? Maybe that’s something better kept private.)

Over-sharing as promoted by servers like Foursquare may be annoying but it’s basically harmless. You may be opening yourself up to stalking or having your house burgled but that’s a choice you’re willing to make for the benefits that social sharing bring, right? OK, but what happens when you’re not just making that decision for yourself? What happens when your sharing impacts your family, your sexual partner, your children? Emerging usages of  social networks will require more trustable, private environments. With their ability to share structured data, social networks could be a great environment to interact with your stock broker or financial advisor. What about health service communications – such as your blood sugar levels or the results of your AIDS test? What about parent-teacher communications? The list goes on – all of these intrinsically private types of communication could benefit from the rich communication mechanisms that social networks bring to bear. But people would (rightly) be reluctant to use Facebook or other existing social networks in these ways.

Unfortunately, although social platforms like Facebook are adding richer privacy controls, there remain problems both with the implementation of these controls and in making them understandable to regular users. I think Facebook has actually made a lot of progress in making privacy options visible and usabile – at least on their Web site. In fact, my personal trust level of Facebook’s privacy mechanisms has increased enough that I’ve begun sharing family photos and other information with family members on the platform. I’ve been very frustrated by the lack of privacy controls on their mobile clients and mobile web site, but it seems to me they are on the right track. There are challenges on the horizon, though.

One challenge will emerge from the wealth of availability of data that is opening up to Web developers. With a few lines of JavaScript code, a Web application or widget can access your location (via the Geolocation API). Soon, that information will expand to capturing your camera image or digging into your address book. Although browser and web runtime makers are building in privacy controls, are they working and are they the right ones? These are the issues we’ll be exploring at an upcoming W3C workshop I’ll be co-chairing on privacy and device APIs.

Another challenge is going to be implementing trustable privacy in the post-Facebook world. How would my family photos use-case work if my family members were not all on Facebook  but were members of a series of federated social networks? These are some of the problem spaces we’ve been exploring in the W3C Social Web Incubator. The OneSocialWeb project is building an open source platform that uses XMPP to bring some of these ideas to life.

One thing is clear: privacy is becoming a key industry topic and a flashpoint in the intersection between mobile, social and  the Web. The common wisdom is shifting away from the idea that “people don’t care about online privacy” which is good, but it throws a spotlight on the mess that privacy on the Web has become. Cleaning up that mess is going to take some effort.

Liked this post? Follow this blog to get more. 

4 Comments on “Can I Have a Word in Private?

  1. Whilst kids and teens have be pretty well briefed on the danger online encounters, there’s a lot of work to be done on the privacy side. Not only, they don’t realize the -present and future- consequences of sharing private information but they will never spend the time and effort to go and change their privacy settings on the different services they use (which providers know perfectly well).
    I am lucky enough to work in that space so I am very careful with my teens (age 12 and 14). For instance,
    – I allowed them to open a Facebook account provided they added me as a Friend and agreed with them I will check their account from time to time (I am not spying and I don’t add message on their wall #mymomsonfacebook);
    – I set up their privacy preferences with them and update them everytime Facebook changes the damn thing;
    – I explained what type of info could be shared and what couldn’t for privacy and ethical reasons.
    – I warned them about the indirect effects of social networks like being (tagged) on a photo that everybody can see because it’s on a friend open wall
    Last but not least, they can use their laptop only one or two hours a day, for homework first, with their door open and I installed a good parental control (I worked for AOL, so I know the stuff).
    My objective is to find a good trade-off between freedom and controls, because I truly believe that social media is an improvment for the society and help our kids to develop.

  2. Thanks Laurence! I think your kids are very lucky to have such a media-savvy parent. This kind of media-coaching by parents is the modern equivalent of “don’t sit so close to the TV!” My own kids aren’t there yet, but when they get there I anticipate taking a lot of the same steps.

  3. Privacy for our children online is mandatory, but we need to be very clear about what we mean by “privacy”. Our kids will say that they would never post their address, or their phone number etc. online on any social media site, but then they post where they go to school, where they work, where their parents work, etc. A stalker doesn’t have to put much effort in to find them. There needs to be much further conversation around this topic.

    Great post.

Leave a Reply

Your email address will not be published. Required fields are marked *

*

This site uses Akismet to reduce spam. Learn how your comment data is processed.