WSJ Breaking News: Information on the internet is not private

The Wall Street Journal published a breathtaking revelation (yes, the sarcasm is thick) that some information on Facebook is not private, even with the strictest privacy settings enabled:

Many of the most popular applications, or “apps,” on the social-networking site Facebook Inc. have been transmitting identifying information—in effect, providing access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found.

Unfortunately, many legitimate news organizations including The Washington Post, The LA Times, Bloomberg News, and Forbes have propagated the fear that your information is not yours, and that Facebook is to blame. These news organizations are either attempting to drive traffic through fear mongering – or worse – they have no idea how the internet really works and are just simply trusting  a “credible” source like the Wall Street Journal because they are uninformed and lazy.

Here is the truth about everything you do online : It is NOT private. A little article in TechCrunch today starts to paint the picture:

We’ll put aside the fact that no mention was made of the Wall Street Journal’s sister company and Facebook competitor MySpace….

The way this is being done is via referrer URLs (99% of the general population just got lost on what those are), which can contain profile IDs. Which can then be used to look up users. And whatever information that user has in his or her public profile can then be scraped and added to a database.

And then…well, nothing. It’s in a database. And theoretically can be used to target ads to you.

So, in laymen’s terms, when you sign up to use a third party Facebook app, you give them a little information about you so they can target advertising to you. If it is not plain and obvious to you already, nothing is free on the internet (not totally free). If you read content, play games, watch videos, do the social networking thing, or shop for anything, you are giving a little piece of yourself to the sites you visit. Most of us WANT this. Let me say that again in case you missed it. Most of us WANT the sites we visit to remember what we like – it prevents us from entering data over and over again. It prevents me from getting advertisement for women’s perfume. It lets my bank know that I do most of my banking online, and it does not treat me like a new customer but as an existing customer. It tells YouTube that I like kitten videos. You get the picture.

Further, if you operate on the web believing that you can do it privately, you are a fool. My educated guess is that less than 5% of people that use the web today have the technical skills needed to truly surf the web totally anonymously. And of those 5% that know how, most of us don’t care.

So, my advice? Do as Robert Scoble does (he’s part of that 5%):

How do I handle the privacy issues Facebook is having? I changed all my settings to “as public as possible.” That solved a few things.

1. It made it easy to figure out the privacy settings.

2. I won’t be shocked if something leaks into public view because now I’ll expect it.

3. It lets me move on with my life and make fun of all those wacky pundits who deleted their Facebook accounts.

In other words, expect your information to be public – only post things that you are okay with your boss, kids, spouse, friends, bank, congress, and your mom finding out. If it needs to be private, save it for email and the telephone (if you are paranoid or working for the NSA, perhaps you should stick to in person conversations in a brick room with no windows)

One last word on this – nobody (besides the people that make money selling you stuff) probably cares about your “private” information. Seriously, stop being so narcissistic and get over yourself.

  1. b3nsen said:

    true words…! only thing is if we get that one day or just wait until its to late with the precious data so we can say we didnt know? ;)

  2. Shortsighted viewpoint. The technology is neutral – neither private nor public – its about how information is gathered and used. Information is only public if it is distributed and information is private only if it is not. Value judgements about how right others are to be concerned are misplaced.

    People should not have to be tech experts to participate in the web. They have an expectation of privacy because privacy is implied. Websites make their privacy policies obscure and there is much secret tracking – LSO’s, ISP server-based tracking, etc. No normal person should have to understand this stuff in order to use the web, anymore than I need to be a survelliance technician to ensure my phone is not tapped. If every website clearly announced on their home page what their privacy policy was, people would not have false expectations.

    The concern is not for the tracking of Joe Average. The issue is that this opens the possibility of the occassional horrific abuse – the person who’s medical insurance is withdrawn because they joined a cancer victim forum, or the child who is stalked online by a pedophile, or the person who is fired because they put their CV in a job website. Such cases are rare, but the public is concerned because they intuitively recognise from past experience that minor misuse of technology, if not stopped, inevitably leads to really serious abuse.

    Any person who understands web technology can easily imagine terrible abuses if there were no privacy limitations at all. Every privacy violation which goes unchecked moves us closer to a world where people get mistreated online in a manner we would find objectionable if it happened offine.

    Privacy is REALLY important. If you’re technically aware, and you don’t support improved privacy, you’re part of the problem.

  3. Brandt,

    My viewpoint is not short sighted, it is practical. You are correct to say that technology should work as promised, but it is naive to believe it will. Your comment is suggesting that we should all operate as though companies actually follow their privacy policies and that we should all trust that those companies’ IT departments will never make any mistakes. Who is more short sighted :-)

    We have laws that protect consumers around privacy, and I am all for them. My post was to shed light to users of the web – to tell them that privacy is also their responsibility.

    Additionally, the Facebook “security hole” was really not a hole at all. A user gives permission to Farmville to know their user name – Farmville can use the user name to access all the other PUBLIC information that user shares on their Facebook profile. The WSJ article was sensationalist journalism at best, competitive fear-mongering at worst. The horrific abuse in this circumstance may actually have come from the publication and not the “Evil Facebook”.

  4. Once Facebook has gave by default each app full access to all user data. Facebook has made dramatic changes since then and now the user needs to explicitly grant access permissions to his data. It should be obvious to all that Farmsville is trying to use all data it can lay its hands on to deliver the best user experience.

    I don’t see any problem nor Facebook terms breach as long as the user data is fully maintained private – within Zinga databases. The problem begins once this data starts traveling to 3rd parties in one way or other and eventually is going through abused use.

    I think that the users can’t expect to not disclose any data and still enjoy the user experience and the highly invested games they are playing for free today. Zinga and others needs to deliver top user experience in order to monetize their games. Without any user data the experience will be damaged and their monetization wouldn’t cover their expenses.

    My suggestion is that all user data will remain under the app (e.g. Zinga). Zinga should do all efforts to optimize their users offerings using IN-HOUSE optimization technologies. Personally I’m well familiar with more then one self-learning and artificial intelligence algorithms that given the user data can do the job of targeting ads and offers in a much better way then any 3rd party ad-network that has no visibility to the user-data.

  5. Thusian said:

    Be careful using terms like nothing you do online is private, I bank online and take my own precautions to be able to do so securely, but if I found out my Bank did not honor their claims of my privacy I would be mad. You have valuable statements in your post, but you loose some credibility in my eyes speaking in absolutes. I would concede that people do need to recognize that if you supply info to social networks etc that you can expect it to leave your control at some point. Titles like the one you used are dramatic, but not entirely accurate: See Wired the Web is Dead.

  6. Thusian —

    Sometimes speaking in absolutes is required. I agree that my Bank should adhere to its privacy policies – but should my Sister, Aunt, Dad (who are all on the internet but novice users) adhere to the notion that they can trust communication with their bank? Or should they look at an email from their bank or paypal or amazon and question its authenticity. Shouldn’t we all approach data entry to the web with caution?

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: