- Lots of people post things to social network sites.
- Some of these things are private (friends/family type of private).
- The users understand and follow the rules, and protect themselves.
- There is a bug in the system.
- Their private stuff is now available to anyone.
- Someone grabs the content.
- Then redistributes it anonymously and efficiently.

What we’ve not seen yet…

- Talking heads blowing it out of proportion.
- Reactionary bad law passed to ‘fix’ it.

Hopefully, with more mainstream news coverage and widespread understanding and adoption of better privacy practices and controls, we won’t get to the point where we have any more bad law. But I wouldn’t bet on that happening.

As of this writing, there are 4 seeders and 340 downloaders on thepiratebay torrent link. 17GB of photos. 567,000 images.

Yes, I’d say this has blown up.

Word of Caution

We sometimes forget we’re in uncharted territory. We are playing with the new shiny toys of the internet and not necessarily understanding the implications. These tools provide great power across the board. Users gain abilities to connect, find, sort, and publish in ways never before available. Conversely, companies gain abilities to monitor, gather, and sell more personal information than ever before. Additionally, third party observers gain the ability to observe at a distance and in numbers never possible in the physical world.

And we don’t yet know all the rules.

With all these new powers, our nuanced understanding of how we interact and the ramifications of our various ‘digital’ actions have not kept up with our abilities. We don’t know how these things “break” yet.

I would argue that this MySpace leak (as well as the Facebook minifeeds and Beacon) are examples of how these systems can break in explosive ways – ways that were not possible, and on a scale that was not possible before we were ‘hyperconnected’ and ‘always on’.

Please pay attention to what you post. Please think through what happens when it is made public. Please consider how our systems break – because it’s rather a question of “when and how” than a question of “if”.

Update: Fred weighs in, referencing this post
Update: Michael Zimmer referencing Fred

I’m noticing that these things are moving to the next level. We are seeing the next stage of social manipulation. These are attempts to grab attention where the mechanisms for detecting such grabs are still under-developed. An arms race. Only this time – it’s happening on a personal level. The friend list.

Our friends and contacts (as we discussed at last week’s IIW2006 session on Reputation, “who you hang with”) say a lot about who we are and what type of person we are. So, therefore, it follows that this list of people would become a vector of attack for manipulating that reputation calculation. And it seems so wrong…

Bruce Schneier captures the sense of strangeness – and the fascination of watching this unfold:

Hacking Reputation in MySpace and Facebook

I’ll be the first to admit it: I know next to nothing about MySpace or Facebook. I do know that they’re social networking sites, and that — at least to some extent — your reputation is based on who are your “friends” and what they say about you.

Which means that this follows, like day follows night. “Fake Your Space” is a site where you can hire fake friends to leave their pictures and personalized comments on your page. Now you can pretend that you’re more popular than you actually are:

FakeYourSpace is an exciting new service that enables normal everyday people like me and you to have Hot friends on popular social networking sites such as MySpace and FaceBook. Not only will you be able to see these Gorgeous friends on your friends list, but FakeYourSpace enables you to create customized messages and comments for our Models to leave you on your comment wall. FakeYourSpace makes it easy for any regular person to make it seem like they have a Model for a friend. It doesn’t stop there however. Maybe you want to appear as if you have a Model for a lover. FakeYourSpace can make this happen!

What’s next? Services that verify friends on your friends’ MySpace pages? Services that block friend verification services? Where will this all end up?

( via Howard Greenstein at Social Media Club )

As for how this ties into reputation management software? I think the goal of reputation management software should be to make public and make explicit those connections we want to publish about ourselves. But with that comes a responsibility on the part of both the publisher and the consumer to understand the metadata surrounding those connections and those claims.

We need tools to be able to verify things – follow leads – trace back and investigate. Without that, everything really is a popularity contest that can be gamed very easily. We need the ability to see who is lying. Social norms will sort out the punishment.

Of course, that assumes that people are watching and that people care, which is another matter altogether.

One teacher said that a parent printed out his daughter’s MySpace page and told her he was going to post it at the mall. When the daughter objected, mortified, the parent explained that MySpace is as public as the mall.

I love this.  Online identity *is* public.

In fact, it’s *more* public, because it’s persistent and searchable.

Kudos to Dad.

But the unintended consequences of all that data being compiled, stored and cross-linked are what Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a privacy rights group in Washington, called “a ticking privacy time bomb.” [NYTimes]

Every search is being remembered and potentially could be aggregated later with unknown consequences. Every email we send works via a store-and-forward technology (your email is a postcard much more than a sealed postal service letter). Every hop along the way (average of 10-15?), the email servers could save your email for later. Subpeanas anyone? To protect the children?

“All of this is dangerous enough. But recent actions of the United States Attorney General and the Director of the Federal Bureau of Investigation last week raise an even larger threat to privacy and security. In the interests of prosecuting child abuse cases, the AG and the FBI Director have asked that the ISP’s retain all of their records just in case someday, somehow, for some reason, the government may want them in some future case.” [Mark Rasch]

It’s not fearmongering, it’s a healthy dose of reality and risk analysis.

So first of all, we’re not anonymous. Second of all, this non-anonymity can be assumed by someone else if the procedures and protections we put into place are poorly thought out.

So I find it interesting today this juxtaposition of an Iraqi child holding a piece of cardboard claiming he’s Rupert Murdoch, owner of MySpace, performing the ‘MySpace salute’. Probably, being the actual Rupert, there is little chance Rupert’s real identity will be compromised by this wonderful image. Those of us who are not Rupert, in name or in financial stature, have a significantly greater risk associated with issues concerning our online identity and attempts to hijack it by others.

We need to become more aware, vigilant, informed, and proactive about our online identities. Our public face is a growing part of our reputation and is beginning to play a significant role in our day to day lives. There are early adopters who have seen this effect for a few years now, but the mainstream media is now catching on and the average citizen will begin to interact with these issues very directly. We all swipe the grocery store member cards to save 10%. Do we know what can be done with data mining and aggregation over time?

ClaimID is using MicroID to allow individual users to claim the pages online about them. This uses cryptographically robust mathematics to confirm that the pages on both ends of the claim are legitimate. It’s proactive, it’s reproducable, and it’s open. It’s not a piece of cardboard. Rupert cannot claim that my weblog is his. Neither can that Iraqi child.

We need more awareness so our policies are better. I’m afraid, however, that it requires us to endure a listing of a few million customers like Thelma before the rest of us wake up.