- Lots of people post things to social network sites.
- Some of these things are private (friends/family type of private).
- The users understand and follow the rules, and protect themselves.
- There is a bug in the system.
- Their private stuff is now available to anyone.
- Someone grabs the content.
- Then redistributes it anonymously and efficiently.

What we’ve not seen yet…

- Talking heads blowing it out of proportion.
- Reactionary bad law passed to ‘fix’ it.

Hopefully, with more mainstream news coverage and widespread understanding and adoption of better privacy practices and controls, we won’t get to the point where we have any more bad law. But I wouldn’t bet on that happening.

As of this writing, there are 4 seeders and 340 downloaders on thepiratebay torrent link. 17GB of photos. 567,000 images.

Yes, I’d say this has blown up.

Word of Caution

We sometimes forget we’re in uncharted territory. We are playing with the new shiny toys of the internet and not necessarily understanding the implications. These tools provide great power across the board. Users gain abilities to connect, find, sort, and publish in ways never before available. Conversely, companies gain abilities to monitor, gather, and sell more personal information than ever before. Additionally, third party observers gain the ability to observe at a distance and in numbers never possible in the physical world.

And we don’t yet know all the rules.

With all these new powers, our nuanced understanding of how we interact and the ramifications of our various ‘digital’ actions have not kept up with our abilities. We don’t know how these things “break” yet.

I would argue that this MySpace leak (as well as the Facebook minifeeds and Beacon) are examples of how these systems can break in explosive ways – ways that were not possible, and on a scale that was not possible before we were ‘hyperconnected’ and ‘always on’.

Please pay attention to what you post. Please think through what happens when it is made public. Please consider how our systems break – because it’s rather a question of “when and how” than a question of “if”.

Update: Fred weighs in, referencing this post
Update: Michael Zimmer referencing Fred

As I wrote over at claimID, we had an incredible few days. There was a new energy in the air this time as interoperability was assumed and a focus on services began to take centerstage. There was a lot of talk about Reputation, OpenID 2.0, and OAuth 1.0. We’ve got the pieces now to begin building compelling applications and services. The business models will be appearing in May at the next conference.

We even had an impromptu OAuth party on Tuesday night in honor of the spec being released. Smarr/Recordon/Wachob/Hammer-Lahav/Messina and myself.

I ran a session on Tuesday morning on OpenLifeBits (thanks to John Panzer for the wiki notes) – and had some excellent feedback as well as discussion around what we should be building to house/manage our personal information. How do we define these bits and who owns this content? Is the information we have housed in the corporate silos our own? If someone else is involved in the creation of a particular piece of data – do we both own it? Do we own it jointly with the company as well? A friend request on Facebook – who’s is that to share? Mine? Hers? Facebook’s? Legally, today, it’s Facebook’s.

I’ll take credit here for two quotes captured on the wiki:

“Stalkers were on MySpace, now Facebook _is_ the stalker.”

A little over the top – but definitely something I feel strongly about. We’re seeing individuals post more and more personal information into corporate repositories willingly and without due consideration for where their information is visible and/or to be used under the terms of service.

I see Beacon as part of a greater slippery slope – we’ll all be living, publicly documented, without recourse.

“It’s a good thing that a bad thing became public” — on FB Beacon.

I feel strongly that Beacon is only the first public-facing version of what these large corporations have been doing for years. It is completely naive to think that companies will give away their services for free to the consumer without trying to leverage what they learn through statistics and demographics to make money. They have to have a bottom line, or they go out of business. Free or not, this stuff costs money to run.

When Facebook shows the public what is possible with their data, at first we squirm and yell, then we realize that we like more targeted information – it becomes less about SPAM and more about information we actually wanted.

The tricky part lies in where that fuzzy line of ‘worth it’ is drawn. Is it worth it for me to give my information to a company so I can get a free burger or $5 off my next box of detergent? For most consumers, the answer is clearly yes – or we wouldn’t continue to see these types of offers.

A quote from Alison Black:

Getting inside people’s decision-making, to inject caution before commitment is likely to be extremely difficult (even with well-understood hazards, such as smoking and alcohol, health educators have difficulty getting their message across). But given that there is a likelihood that many people will continue to act humanly and, therefore, incautiously, there is an opportunity for companies to commit openly to respectful data handling. It may cramp their style for trading data in the future, but as more companies commit themselves to rigorous standards, those that don’t will stand out. Maybe this contrast could pique people’s consciousness just enough for them to ask ‘whatever they’re offering, do I want to hand my data over to them?’

When things like Facebook Beacon force us to realize what is happening behind the scenes, we’re more likely to have informed opinions in the future (which is a good thing). That said, I’m not holding my breath for when we’ll see all these companies go with opt-in as their default. In today’s market, it just doesn’t pay nearly as well.