Terrell Russell: This Old Network

The future is logged. And we’re seeing some of the future right now.

The students of the Facebook are currently working through the newfound reality of their complete Facebook activity being front-and-center to all their ‘friends’. The new mini-feed of their activity within Facebook (comments, notes, adding/removing of pictures, friends and groups) is now broadcast to all their friends’ dashboards automatically and without their consent. As of today, there is not an option to remove this functionality either – mini-feed items can only be deleted after the fact.

i love information. i love my friends. i love information about my friends; however, i don’t like everyone knowing information about what my friends and I do. good networking is like good flirting: leave something to the imagination!

There are two views of these mini-feeds:

1) A user looking at their own page sees a reflection of all their friends’ activity within the system for the last couple weeks – a ‘fortnight story’ of their friends’ activities/updates.

2) A user looking at another user’s page will see what that particular user has been up to the last couple weeks – a ‘fortnight story’ for someone else.

I think this move was inevitable and I applaud it. But I’ve got a longer view than someone using the Facebook today. I would be upset if my information was suddenly available like this. I am not sure why they didn’t have a smaller rollout with some feedback testing. I feel they’re going to get burned by public opinion in the days to come.

I agree, this new facebook is ridiculous! It makes me want to remove my account. I don’t want everyone knowing what I am doing at all times…it has become creepy. Please change it back!!

Normal is shifting.

The users of the Facebook were living in a dream world. Of course their activity was being logged – it’s how Facebook became Facebook. It’s just that the users of the site, until today, didn’t expect their information to be aggregated in quite this way – simply because it hadn’t happened before. And I feel sorry for those who have been ‘outed’ by this system and will continue to feel the brunt of these changes in the next few days as the changes propagate and begin to have a ripple effect on behavior within the system.

I don’t want everybody seeing who i friended, whose wall I wrote on, and when I change my relationship status everytime they sign on. This is a total violation of everyones [sic] privacy. We all hate it. If we want to see something about someone, we will go to their profiles our selves.

This information – this activity information – was already public. It was already part of a public discussion that the users were engaged in by being a member of the community. These students were spreading their political views, their personal habits, their class schedules and friendship networks for all to see (well, all within the Facebook). However, they had the luxury of assuming that most of the people looking at them would have to dig for that information themselves. Someone who wanted the aggregated view of a new aquaintance had some work to do. There was some social friction to knowing too much. And this was comforting – to a point. There was a barrier to entry that insulated the students from the reality.

This change brings them kicking and screaming into the light.

I love facebook, I really do, but this “new facebook” is not improved, it’s horrible! I dont want everyone to know what I am always doing! I wonder what we can do to have it changed?

What we’re seeing is the birth pains of a third generation of social networking.

The first generation was email/IM buddy lists. These allowed us to connect and keep track of our people across distance and time in a way that was more efficient and more seamless than ever before. We knew who was on our lists and we managed the connections. Visibility was limited but we were hooked.

The second generation is our current crop led by Friendster and now MySpace/LiveJournal/Facebook. These sites allow for users to keep track of one another and add a layer of visibility that was quite dramatic when first ‘discovered’. Users were very excited about sharing pictures and collecting as many friends as possible because all these were visible to those who were watching. It was like the mall and middle school all over again. To be seen was the thing.

The third generation will expose the history of this visibility. The full history of what you’ve done in the network. A record of how you’ve behaved in the past will be available in the future. This will (and should) affect your behavior and your friend lists and your decision about which pictures to post.

I really don’t care, i think its a bad move to make it default on with no opt out… …i’m just worried that i will be caught in lies… like saying i am busy working on something, add a friend, and have another friend know i was lying to them, because at 7:34pm i was on facebook…

And this is a good thing – as it mirrors the real world. You shouldn’t lie to your friends. As I’ve said before, the real world is a quaint place where actions matter and people remember. It’s also a place where this virtual overlay we’re playing in today will be taken for granted in only a few very short years. The decisions you make online today will, and should, matter tomorrow.

Students of the Facebook… Play hard, but play smart – and know that everyone is watching.

P.S. I’ll go out on a limb here and say that I expect Facebook to make these mini-feeds optional very shortly. The feedback has been very loud. That said, a dose of reality this big is understandably hard to take.

Update: Just over two days later and the first changes are live.  They’ll survive just fine.

Tags: consolidation - facebook - identity - minifeed - normal - reality

So, I’ve been working through this thought experiment for a few years now…

1) You post information online about yourself in various places
2) It gets aggregated by bot or human
3) Bad guy decides you’re worth screwing with
4) Bad guy finds all this information and can act on it accordingly

Pretty straightforward.

(We also realize that #1 and #2 are not necessary for #3 and #4 to happen)

Today, I find a story on Slashdot with all these elements represented:

http://dumblittleman…/how-to-get-robbed-killed-or-stalked-by.html
Death by Google Calendar: How I Identified you to rob you

(Apparently, it too has undergone some reconsideration – note the title vs. the URL)

I am not picking on this woman but I needed to show a real example. There are tons of public calendars far more revealing than this one. In literally 20 minutes, I now know the name, address, phone number and schedule of this woman. If I can do it, you can be damn sure the real bad guys can. Please be smarter about what you share online. If given a choice, choose the private setting. If you are not given a choice, either choose a new calendar or talk in some code that only you understand. I guess I just don’t understand why people set themselves up to become victims.

There’s nothing really interesting in the story except the way it played out.

I mean, we know that “public information” means it’s public. If someone decides to post something online, then it’s online. It can be crawled, saved, searched, found, archived and refound later. It can also be aggregated, resyndicated, blogged or forwarded. There are entire websites devoted to this aggregation of interesting things – it’s how I found the post in the first place.

That said, there’s nothing new in what was posted. What’s interesting here is how he went about doing it and how little foresight he displays by using real information about someone.

The poster himself now has to deal with the emotional trauma (apparently not so much) of having posted the personal information of this young woman and her housemates. Perhaps more importantly, the young woman herself has to deal with the emotional and potentially physical fallout of being made the posterchild of “How to stalk someone 101”. This is not fair to her at all. And the author should have considered this before making her the object of his ‘research’.

While he and his two friends are positioning their site as “Tips for Life”, they’ve crossed the invisible but morally obvious line of someone else’s personal space. This young woman’s sense of identity and safety has been violated by this posting of personal information. Her trust in the world has probably been knocked down a notch or four. This, to me, is an unacceptable use of the power of “making a point” in any public forum, especially one that’s electronic and archived. The author neglected to consider this (we hope) before making her an example. If the consideration was made and somehow deemed insufficient, then it’s even worse.

Additionally, the comments attached to the original post eventually included a message from the girl’s friend who first woke her with this information on a holiday weekend as well as messages from the girl herself and a close friend. You can read the frustration and loss of control in their words.

First of all, being the topic of discussion suddenly, I would have greatly appreciated a heads-up on this whole article before hving [sic] a friend call me at 6am to alert me that I’ve been publicly cyber-stalked.

Secondly, I admit my own stupidity for listing the calendar as public, a problem that has quickly been fixed, but two things: you could have

1. notified me before posting this article so I could have locked my calendar before having the whole world view it, and

2. used a PSEUDONYM?? For somebody not “thinking bad guy thoughts,” you’ve already endangered me and those who live around/with me by posting my name and screen shots of my calendar.

So thank you in advance for all the lovely stalkers and real “bad guys” out there who now have this information thanks you you. I realize you used my calendar to make a point, but you have also seriously upset me by ACTUALLY endangering me now that slashdot and whoever the hell else has read this article.

I’ve been wanting to post examples of how not to post personal information online for a long time. I’ve wanted to share my own Tips for Life but in every case, have come to the conclusion that it’s not fair to single anyone out. I can only sleep at night if I’m not part of the problem.

Teaching a “Paranoia 101” course might be in my future at some point, but I will definitely not be using previously unaggregated and obscure personal information of young women whom I’ve not contacted ahead of time and asked for consent.

I agree with the original author – be smart, be vigilant, don’t post things you’re not willing to actually let the whole world see.

But I also feel very strongly that the author, in this case, has crossed a very important line and should realize the instructive benefit afforded by his post does not outweigh the personal trauma caused to this young woman. It’s not fair and there are better ways to make a point.

The network brings us closer – but we’re still people and we should consider our actions.

Like she said, he’s really no better at this point than the actual bad guys who might use this information against her.

Tags: identity - PowerOfMany - stalking

First, our friend the search engine…

Search data recently released from AOL allows anyone with some intrepid follow-up skills and some social engineering to quickly narrow in on unique individuals – individuals who never considered their independent searches were being aggregated by their ISP. A recent flurry of activity designed to protect us from the search engines signals a slumbering uneasiness with this situation. Something dark has been uncovered and in the short term there is much handwaving and interest. However, as time passes, we’ll fall back into our ‘normal’ ways and continue to put our most personal information-seeking into that gloriously simple bare single box. “It’s just too convenient”, you say. “They’ve done nothing wrong.”

And here’s where the discussion changes. It’s not about Google. Or MSN. Or Yahoo. It’s about one person. Or one subpeona. The fact that it’s all being aggregated is the problem. The fact that there’s a potential for negligence, court-order or simple employee curiosity has profound implications for a great number of people. That is what makes this discussion so important.

Note that the reason employees could inappropriately access sensitive information was because it was sitting in databases they could get to – not because it was present on a card in someone’s wallet.

Centralized databases worry me way more than any other aspect of this technology.

– Kim Cameron

We need to understand that our daily breadcrumbs – our attention – our personal interests in where we’re going and what we’re looking for and what we’re buying, are all being sucked up and stored with a unique identifier. We need to realize we’re broadcasting our attention and that it has great value to those who would suck it up. Inform yourself and make a conscious decision about where you spend your time and what you look for. You’re not alone while you surf. AOL has shown us the light.

And onto IM…

Most users think they’re anonymous behind their instant messenger accounts. They think their words aren’t being recorded. You think your friend on the other end of the IM doesn’t have her auto-logging turned on? And that it’s not fully searchable later? Severe paranoia and tin-foil hats notwithstanding, you’re being very naive.

And that’s just your friends. How about when the person on the other end reports you?

Earlier this week the UK government-funded Child Exploitation & Online Protection Centre announced a partnership with Microsoft Messenger. Messenger will be putting a button on the toolbar to allow any user to ‘report abuse’ to the authorities. This is a dangerous precedent. How is this any different than the Terrorist Information and Prevention System (TIPS) program proposed by the US back in 2002?

How much money will be tied up in the next 12 months because of this trigger being too easy to pull? How many prank reports will eat through the government funding? How will danah boyd react to the feeding frenzy this will create once the first one is ‘caught’?

Be aware of what you project. Be aware that this is a global medium. Be aware that it’s being broadcast and recorded. This Internet thing will be around for a while.

Tags: cameron - google - paranoia - privacy - projection

Earlier this summer I put the call out to the MicroID army…

Today, a victory in the making – Russ on the forum writes:

I’ve added this to our development branch – it’ll be live in a month.

Russ

This is a big one – let’s keep knocking on doors and see who answers.

Tags: lastfm - MicroID

Online identity is something we’re all beginning to face. We exist in a time when the majority of our digital footprints are being copied somewhere else. One AOL searcher so far, Thelma Arnold of Georgia, 62, has been identified by the NYTimes to be unique user 4417749. This is a disturbing first shot across the bow and we need to take every precaution, both as companies doing business and as consumers using these services, that this information be protected (or never stored at all).

But the unintended consequences of all that data being compiled, stored and cross-linked are what Marc Rotenberg, the executive director of the Electronic Privacy Information Center, a privacy rights group in Washington, called “a ticking privacy time bomb.” [NYTimes]

Every search is being remembered and potentially could be aggregated later with unknown consequences. Every email we send works via a store-and-forward technology (your email is a postcard much more than a sealed postal service letter). Every hop along the way (average of 10-15?), the email servers could save your email for later. Subpeanas anyone? To protect the children?

“All of this is dangerous enough. But recent actions of the United States Attorney General and the Director of the Federal Bureau of Investigation last week raise an even larger threat to privacy and security. In the interests of prosecuting child abuse cases, the AG and the FBI Director have asked that the ISP’s retain all of their records just in case someday, somehow, for some reason, the government may want them in some future case.” [Mark Rasch]

It’s not fearmongering, it’s a healthy dose of reality and risk analysis.

So first of all, we’re not anonymous. Second of all, this non-anonymity can be assumed by someone else if the procedures and protections we put into place are poorly thought out.

So I find it interesting today this juxtaposition of an Iraqi child holding a piece of cardboard claiming he’s Rupert Murdoch, owner of MySpace, performing the ‘MySpace salute’. Probably, being the actual Rupert, there is little chance Rupert’s real identity will be compromised by this wonderful image. Those of us who are not Rupert, in name or in financial stature, have a significantly greater risk associated with issues concerning our online identity and attempts to hijack it by others.

We need to become more aware, vigilant, informed, and proactive about our online identities. Our public face is a growing part of our reputation and is beginning to play a significant role in our day to day lives. There are early adopters who have seen this effect for a few years now, but the mainstream media is now catching on and the average citizen will begin to interact with these issues very directly. We all swipe the grocery store member cards to save 10%. Do we know what can be done with data mining and aggregation over time?

ClaimID is using MicroID to allow individual users to claim the pages online about them. This uses cryptographically robust mathematics to confirm that the pages on both ends of the claim are legitimate. It’s proactive, it’s reproducable, and it’s open. It’s not a piece of cardboard. Rupert cannot claim that my weblog is his. Neither can that Iraqi child.

We need more awareness so our policies are better. I’m afraid, however, that it requires us to endure a listing of a few million customers like Thelma before the rest of us wake up.

Tags: aol - claimID - copa - doj - identity - MicroID - myspace - rupert