23 Musings

Sir Tim Berners-Lee has come out as against the planned Phorm advert and tracking network today (more here from the BBC).

It was announced a couple of weeks ago that leading ISP's were planning to use Phorm as a platform to serve up targeted adverts to ISP registrants. It's been touted as a great way to provide more relevant ads to users and all the initial talk seemed like PR spin designed to mask any potential privacy issues.

Now at last the privacy issues are getting a good airing!

Personally I'm against my ISP using the data of my surfing habits for advertising purposes. I use my ISP for access to the internet, I do not expect them to share my data on surfing habits with anyone (unless asked to by the authorities...).

Other blogs are asking what the fuss is about this and comparing Phorm to behavioral targeting technologies in use on retail websites. I disagree with this completely as this is going to collect data at the ISP level and share it with any websites which serve adverts through Phorm, this makes it far more pervasive.

An interesting question has to be asked though; how does this differ to Google / Doubleclick? If Google starts to share behavioral search data with Doubleclicks ad serving platform isn't that going to be similarly invasive to users privacy? Potentially; although at least we expect that from Google as an ad revenue based business...

Interestingly, the BBC has just published a story that states that the Foundation for Information Policy Research has claimed that Phorm could well be illegal. They believe Phorm contravenes the Regulation of Investigatory Powers Act 2000 (RIPA), which protects users from unlawful interception of information.

This has the potential to get very interesting and could open up other networks and ad serving technologies to scrutiny.

An EU official has told a hearing of the European Parliament that IP addresses should be regarded as personal data as they can identify users addresses and locations. This was heard in regards to inquiries into search engines and data protection. Google have said that they only use the data to improve results and relevance for users.

This has larger implications for some metrics companies and users of methods to produce mosaic breakdowns of users based on IP address.

I've no problem with anyone knowing my IP address in order to provide me with more accuracy in their services. However some companies base their entire business models on making use of this data and any new laws on use of IP addresses could impact them greatly. Location based services are hugely important to the webs future (in my opinion) especially to mobile web.

One to watch...

The Guardian has a story about this topic that I've blogged about before here.

An admissions tutor from Cambridge Uni in the UK has admitted that he checks up on potential students Facebook profiles. Of course the uni's insist that a students success or failure to be admitted is purely down to their performance in interviews, academic record etc, not because of what their social network profile contains.

Many people feel this is really intrusive, but I believe it's a natural course for anyone to take when there is information out there. This again reinforces my belief that you should never post anything up on a social network that you wouldn't want your boss/tutor/Mum/priest to see!

This just in...

After my post earlier today about the murmurs that Google would get DoubleClick approval I can now inform you that it's happened!

That was quick! The FTC voted 4-1 in favour of the deal and concluded that the deal would not substantially lessen competition.

Well done Google! Look forward to seeing the first development come out of this partnership!

Bloomberg are reporting that Google may well get what it wants and secure the DoubleClick acquisition it's been looking for.

About time too! It's been going on for far too long now, it makes sense to just get it over with, there are far bigger threats to our online privacy than this merger. Every other major player has managed to buy an advertising network this year, so why not Google too?

This is coming too late for some though. Viacom have just signed a deal to move over to Microsoft, away from DoubleClick. Perhaps they would have stayed if Google had the reigns?

I've written previously abut a concept I've termed Self PR Online (here and here) but it seems my posts aren't getting to the right people.

Now CNN have jumped on the bandwagon and written a piece about a Facebook group called '30 Reasons Girls Should Call it a Night'. It's basically a Facebook group with over 170,000 members (mostly women) devoted to tales of drunken debauchery and lurid times (all good clean fun in my opinion).

However, it seems the women who are members of this group could really do with taking note of my blog posts as they're (apparently) posting all kinds of imagery that may not go down so well with employers or colleges.

Personally I find this quite amusing, as in my opinion any employer worth working for wouldn't care about a few drunken photos and any person who posts really bad photos is probably unemployable anyway ;-)

The advice I gave in previous posts still stands, don't post anything you wouldn't want an employer to see, these things have a habit of getting out and becoming public!

Even if you're not a member...

Beacon is raising privacy concerns left right and centre! It's becoming a bit of a thorn in the side of Facebook and could help increase the backlash that they will face through their continued advertisation (is that a word? Maybe it should be!). There are already reports of some advertisers pulling out of using the system, worries about how Beacon tracks users without them opting in and now it seems they may be receiving data on anyone whether a member of Facebook or not.

PC World is carrying a story about the results of investigations into the Beacon system by some security researchers. They've found that even if you don't have a Facebook account or your account is deactivated you will still be tracked on any Beacon third-party sites and your data sent back to Facebook. Quite what happens to that data we don't know, but one would imagine that it sits on their servers hoping you will sign up so they can identify your cookie and serve ads to you.

It's all getting a bit big brother. Facebook appear to have monetisation as their mantra now, where as they started off being useful they are gradually becoming surplus to requirements!

Unsurprisingly, concerns are now being raised about Googles planned GDrive storage application (which I posted about the other day).

Popular Mechanics has a good look into the issues here. The concerns are about the amount of personal data that Google could glean from such a service and the potential that could give their ad network.

When you think about this, the data they could get their hands on makes the DoubleClick deal seem insignificant by comparison!

However, one day we have to start trusting third-parties like Google. If we don't we will never get a really joined up solution for online productivity and the cloud computing theory will be hard to push forwards. What's the difference between Google and other companies who offer similar services of storage? Advertising. Google is seen as an ad network now and that is beginning to hinder their progress. They need to get public perception back to thinking of them as a provider of innovative services so they can do exactly that and make our lives easier!

The NY Times is reporting that Facebook has retreated on it's Beacon advertising idea. Instead of auto populating your news feed with information about your purchases on participating sites (unless you opt out on that retail site), they're providing a one-click way to opt out of Beacon altogether.

This is what the users have been looking for and should appease them. 50,000 people signed a petition against this.

Further to my recent post on how young people are overexposing themselves on social networks and my earlier post on self-PR online there are a couple of issues being discussed on this topic in the news today.

First up, the Guardian has a piece on the legality of using the internet to investigate job candidates. They're saying that it could actually prove to be illegal and an infringement of a candidates privacy if potential employers use the internet to look into their background. Academic institutions could also be at risk of infringement here as they too are apparently using the web and social networks to look into applicants backgrounds. Personally I cannot see how this could be the case. The information is freely available and has been posted with that knowledge (or at least the poster should be aware). It can't contravene data protection laws in that case. Of course, turning down a candidate because of their Facebook profile would be against HR laws but I'm sure no company would use that as the reason for not hiring someone, they'll come up with another reason the profile will just have made their minds up.

Secondly, there's an article on the Inquirer which suggests that the UK's Revenue and Customs department (yes the one's who loast all that personal data) are now using social networks such as Facebook and MySpace to catch criminals who have gone missing. An unnamed customs official claims that social networks are proving to be a useful source of information for tracking wanted persons down. The official suggests that it has led to a number of successful arrests.

So all this goes to show that your trail of data left behind on these sites is highly useful to anyone wanting to trace or assess you. Self PR is hugely important now, and this will get more and more important as the information connectivity provided by the web gets more pervasive into society.

Reuters reports that the EU is planning to look into targeted web advertising with increased scrutiny. They're concerned about the increasing risk to privacy and protection of data that some of the new advertising developments bring with them. The Article 29 working party will be looking into the issues, that's the same working party who got Google to limit the amount of time it stores web searches to 18 months.

This potentially doesn't bode very well for companies like Facebook. Their new beacon advertising system is getting enough scrutiny from users, the last thing they need is someone official looking into it too. This also doesn't bode too well for the Google-DoubleClick acquisition.

I posted ages ago about the risks of posting too much info on social networks. It's all too common now for potential employers, universities and parents to use Facebook etc to find out what people are doing in their personal lives.

Now the Information Commissioner's Office has launched a website aimed at helping to protect young people in the way they use social networks.

The ICO have found that more than half of young people asked divulged far too much information and failed to keep it private. More telling still, 71% of 2,000 14 to 21-year-olds said they would not want colleges or employers to do a web search on them before they had removed some of the material. Two thirds of those questioned accepted as friends on such websites people they did not even know. Some 60% posted their date of birth, a quarter put their job title and almost one in 10 gave their home address.

So the ICO have launched this site to help inform young people about how to protect themselves on Facebbok and MySpace (amongst other social networks).

Very interesting story on the Channel 4 website today.

Apparently, a Facebook user has logged an official complaint with the UK Privacy Watchdog after it transpired that trying to leave Facebook didn't actually mean that your data was all deleted and removed from their servers. Actually, when you try to leave Facebook all it does is deactivate your account and keep the data on their servers so anyone who changes their mind can easily sign back up again.

Now that's all well and good, but storage of personal data and photos of someone who doesn't actually want to use your service is blatantly against the UK Data Protection Act (I believe). The act is designed to protect people like you and me from having their personal data misused in any way. Facebook definitely have the resources and technical know how to offer a way to delete the data for those who really want to delete an account. By not doing so they are making it very difficult for users to clean up their trail of data, it could take hours to go round the site deleting everything you've ever posted or uploaded.

Will be interesting to see how this pans out! I do wonder whether MySpace and Bebo etc offer this full deletion service or whether they are also possibly infringing on ex-users privacy.

Apple has a reputation of being a fair and open company and has acquired a massive die hard fan base thanks to this approach. They are seen as one of the good companies compared to others such as Microsoft (and sometimes Google).

However, they've not been doing themselves any favours of late...

First they crippled peoples iPhones when they tried to update, hack or unlock them. I can understand the desire to do this but it's fairly narrow minded and unnecessarily antagonises the types of customers they rely on as a tech company.

Now they've committed what to me is a cardinal sin. According to Techcrunch there is a feature in the iPhone which sends data back to Apple all the time. This data includes IP address, stock quote preferences and other preference data, worst of all though it sends the IMEI number for the users phone back as well.

Now an IMEI is one of those rare bits of data which can instantly be linked to a person, unlike things like IP address which are more transient and changeable. This means that Apple could be building a profile for all it's iPhone users with more than just who they are and the fact they own an iPhone. This could contain data that would be hugely attractive to advertisers around the globe.

So could Apple be planning a Facebook? Possibly. Are they harvesting information on their users? Undoubtedly, yes they are. What they plan to do with that data is anyones guess at the moment but Apple should expect to receive some backlash from their customers for this as it seems a breach of privacy to me.

Update - 20th Nov: The latest from Techcrunch is that this isn't 100% true, apparently the iPhone doesn't send an IMEI back to home base.

A few tidbits of insight from some of the webs best blogging reporters here today. As I'm busy I'm just going to link to them and let you read at your leisure:

The Facebook Ad Backlash Begins - an insightful look into the beginning of a possible backlash against the latest Facebook advertising announcements. My opinion; it will take time for users to understand the enormity of having their personal data in the hands of an advertising network of this scale. Expect to see the noise around this backlash grow.
Erick Schonfeld - Techcrunch

Why Is Google Afraid of Facebook? - a decent look into the reasons Google should be worried about Facebook. Traffic is only half the story, the main points are around the lack of access the Google spiders have to this data. Do Google feel shut out? Sure they do, otherwise why OpenSocial?
Om Malik - GigOM

Is Facebook Beacon a Privacy Nightmare? - a closer look at the reasons the new 'beacon' advertising tool from Facebook could be a privacy concern for users.
Om Malik - GigOM

I expect many more articles about the issues surrounding privacy and personal data with Facebook in the coming days, I'll continue to post and comment on the best. I also expect the focus to switch back to Google as more news emerges about OpenSocial and it's integration with Adsense and once the DoubleClick deal goes through it'll probably be Google taking all the flack!

When it's on Facebook it would seem!

Valleywag has uncovered the rather dubious practices going on at Facebook HQ. Employees at the world's most popular social network have access to every users profile information. Not only that, they have access to a log of all the user profiles you have looked at during your time on the site.

Obviously some people within Facebook have to have open access to the whole database of users and their activities, however to make this open to everyone seems a major breach of privacy to me. I don't want their junior developers reading my wall posts, or their interns knowing who I have added to my top friends (and who I haven't).

This breach of privacy becomes even more worrying when you think about who are members of Facebook. From political candidates to pop stars to Bill Gates and Steve Jobs, all their personal and attention data is available to Facebook employees.

It's unknown whether the data available to employees includes the more sensitive messages and contact details.

It's seen as a perk of the job, but to me this just seems plain wrong!

Really interesting post here from MADComments which I'll quote from below:

'So was Facebook’s primary reason for existence to gather information from its users in a ‘fun’ environment that everyone can benefit from?

According to internet conspiracy theories, Facebook’s investors all appear to have links to In-Q-Tel, a venture capital firm established by the Central Intelligence Agency, BBN Technologies, a research and development firm known for spearheading the ARPANET, or what is popularly known as the internet as well as the US Department of Defense.

Most disturbingly it has strong links with the Information Awareness Office (IAO), which is an organisation set up to gather information about everyone in a centralised location including internet activity, credit card purchase histories, airline ticket purchases, car rentals, medical records, educational transcripts, driver’s licenses, utility bills, tax returns, and any other available data.

So is Facebook really a service that allows us to keep in contact with friends, reunite with long lost pals and find out the truth about our Saturday night dates, or is it the best planned modern marketing and data capture tool that ever existed?'

Scary stuff indeed! I just blogged about the possibilities of an ad serving company using Facebook to gain reams of demographic and behavioural data on users but this would be something altogether more sinister.

Far fetched in my opinion, but you can guarantee that the organisations mentioned in the excerpt above would have a vested interest in accessing the data on Facebook users!

I blogged previously about the issue of social networks being used to gather info about people by recruiters and employers and now Sophos, the anti-virus people, have published a report on the dangers of divulging too much info on Facebook.

Sophos' "Facebook ID Probe" involved creating a made up Facebook profile, then sending requests to 200 randomly-selected profiles to be friends with them.

The profile was for one 'Freddi Staur' (itself an anagram of "ID Fraudster"), a green frog who gave away very little info about himself.

In most cases, Freddi gained access to photos, info about likes/dislikes, hobbies, employment details and other personal facts, such as date of birth. Many users also disclosed the names of spouses or partners. Some even divulged contact details!

Sophos's research shows that 41% of users, more than two in five, will divulge personal information - such as email address, date of birth and phone number - to a complete stranger, greatly increasing their susceptibility to ID theft.

So, take care out there! Be sensible with what you post, don't post anything that can identify you and don't say yes to random friend requests.

I'm waiting for the first ad serving company to work out how to extract profile information and then create a dodgy Facebook app to cookie those users, enabling them to serve up highly targetted ads to them. Won't be long I suspect!

In a rare move, CNet News has managed to get frank explanations of privacy policies from the major search engines AOL, Ask.com, Google, Yahoo and Microsoft.

CNet sent the engines a survey and the responses are published here.

Users logging into Facebook on Tuesday morning were shocked to discover they were being served up other user's private pages. Strangely users were able to see other members inboxes in some cases so obviously privacy was a huge issue at this time.

It seems Facebook is having a few issues at the moment. They had a period of downtime the other week and now this problem which they put down to a bug of some sort.

They really need to be careful that they keep users data private as too many hiccups of this kind will send users running to other services.