If there’s one subject that’s really hot right now on the web, it’s privacy. There’s the whole Facebook saga, and especially the company’s CEO, Mark Zuckerberg, seems somewhat averse to the concept of privacy. We also have a much smaller issue with the Chrome web browser, where someone found out zoom settings are stored somewhere, even when in incognito mode. It turned out to be a feature (sort of) but it does highlight how important the concept of privacy on the web has become.
The facebook privacy saga is long and complicated, but luckily, ChannelWeb has a nice chronological slide show that details it all pretty well. What the slides do not contain is the already infamous instant messaging conversation between Zuckerberg and one of his friends, during the very early days of Facebook. It doesn’t seem like he took privacy very seriously back then either.
It seems the privacy problems at Facebook are causing serious discord within the company, according to The Wall Street Journal. The WSJ claims that while Facebook’s employees want to make users’ data more private, Zuckerberg believes users should be more open. Apparently, Zuckerberg has at times overruled the decisions of his employees regarding privacy – in a bad way.
Right now, Facebook is working on a simplified privacy panel, and considering how hopelessly complex the current one is, that’s a pretty good idea. Facebook’s head of public policy Tim Sparapani stated ina radio interview they’re looking to launch “simplistic” privacy choices soon.
“Now we’ve heard from our users that we have gotten a little bit complex,” Sparapani said in a radio interview, “I think we are going to work on that. We are going to be providing options for users who want simplistic bands of privacy that they can choose from and I think we will see that in the next couple of weeks.”
Yes, I am on Facebook too, but I am not concerned about these privacy problems at all – simply because I treat the web like I treat any public space. If I go to a restaurant with my closest friends, I won’t be discussing my most intimate details with them there. No, I discuss those matters at home, in a private setting – most certainly not in a public space. I treat Facebook and the rest of the web in the same way: a public space, because, well, that’s what it is.
I find it incredibly ignorant and short-sighted that people think they can leave their privacy in the hands of companies. Companies need to make money, and your personal information is invaluable to them. This doesn’t make their behaviour right, but it’s a classic case of the scorpion, the frog, and the river. It’s in companies’ natures to abuse your rights, because your rights are at odds with their goals.
Chrome
Chrome had a little privacy issue as well the past few days – if you can even call it that, though, as it actually wasn’t a privacy issue at all. Someone discovered that the zoom level in Chrome/Chromium was remembered between sessions, even while in incognito mode. This caused quite the stir on Slashdot, but luckily, there really isn’t anything nefarious going on, and the issue has already been fixed, as Chromium developer pkasting explains.
“We originally wrote zoom levels to be dropped on exit from incognito. However, when adding support for other content controls in 4.1 (e.g. JS, plugins, etc.), we ran into the problem that all of these are listed in a prefs window, and there’s a pretty clear expectation that if you manually go and change a pref, that change persists outside incognito mode,” he explains, “Because all the UI for these is tied under the hood to prefs, we then decided that the most consistent behavior would be for the browser to preserve, rather than forget, changes like these.”
What then happened was that the hosts with non-default settings were stored in your preferences file in plain text. Luckily though, there is no information in there regarding when, where, and how, and since there’s no user interface for per-host settings, you’d have to open the preference file by hand to find said information.
Still, this isn’t an ideal solution, of course, since while this behaviour may be consistent from a settings panel point of view, it isn’t consistent with the idea of browsing incognito. As such, the Chromium team have come up with a solution, fixing this particular issue.
“In my view, this was a bit of a tempest in a teapot, and I’m disappointed with the various comments I’ve seen that ascribe this to some sort of desire to track user behaviors or lie to users about what’s happening in incognito mode,” pkasting writes, “Part of the reason Chrome is open source and developed publicly is so that you don’t have to take our word that we care deeply about our users and didn’t design Chrome as some sort of secretive data collection vehicle.”
The power of open source. Try this with Safari, Opera, or Internet Explorer. This is one of the main reasons to use an open source browser.
The power of open source. Try this with Safari, Opera, or Internet Explorer. This is one of the main reasons to use an open source browser.
Can you get the complete source to Chrome then? I thought you could only get Chromium. Who knows what Google is putting in their binaries.
How do you know that the binary .deb packages on Ubuntu actually match up to the source they claim to have built them from?
Even if you compile the code yourself, do you actually read it through and verify its correctness?
Even if you do read the source and verify that it is correct, and then build the binary yourself, how do you know that the compiler doesn’t add a backdoor to the binary?
Ken Thompson actually implemented exactly this trick on an early Unix box. The compiler was patched to detect two special conditions: if it was compiling a new version of the compiler it would add the patch to it as well. If it was compiling the “login” program it would add a backdoor to the binary. Read about it here: http://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf
If you are going to start doubting everything you really very quickly have no leg to stand on anymore.
Edited 2010-05-19 10:15 UTC
It’s not about checking everything. It’s about having the ability to check (or raise a racket and have someone else check it for you) in case you do notice odd behaviour. Had this behaviour been spotted in Safari, Opera, or Internet Explorer, you wouldn’t have been able to do anything about it, nor would you have had the ability to look up what was really going on.
The point of Ken Thompsons trick though is that you can’t really be sure that you can check what is going on with Chrome any more than with IE even if you build Chrome yourself, unless you assume that your compiler is trusted. So you have to trust something. It is all relative of course, some things being more and less likely than others, but you are basically in a situation where you will have to trust other parties.
You can rebuild the .debs from the deb-source package, and you can then verify that your binaries are exactly the same as those built by Debian (or whoever).
You can’t do this with Chrome as you don’t have the complete source to binary which they release, only the parts released as Chromium. Thus, you have no way to verify if extra code has been inserted into the binaries.
That’s brilliant!
Edited 2010-05-19 10:53 UTC
Even if you do read the source and verify that it is correct, and then build the binary yourself, how do you know that the compiler doesn’t add a backdoor to the binary?
It’d be REALLY hard to sneak such an addition to the compiler. First of all, compiler source repositories are really damn well guarded because they are so important to not only regular geeks, but also to companies themselves.
Secondly, distros themselves also do regular checks on their compilers exactly because enterprises depend on them. Especially enterprise-oriented distros can’t let such things sneak up on them.
So, yes, it’d would be possible to add backdoors to code which didn’t have it before if the compiler was compromised. But getting the compiler compromised is the hard part.
So the dozens of oddball distro vendors are trusted to turn out a good binary but Google is not? The point is that you necessarily trust someone, since there is no way to be absolutely sure about anything.
It is all relative in the end. Personally I don’t even worry much over IE’s inPrivate mode either, since I think Microsoft has learned their lessons, and even at the worst of times weren’t really spying on their customers. I don’t really trust facebook though since I have a problem with their motives and know that they have the means to do bad things with my information.
I find it incredibly ignorant and short-sighted that people think they be on Facebook and as long as they don’t post stupid stuff they will be fine.
They won’t. There are lots of ways that your friends, your network of friends or all the “Like” buttons on the net can compromise your privacy. There is even more (Gaydar etc.)
The naiveté concerning FB an the net is really astonishing.
You don’t get it. There IS no private stuff about me on Facebook. None. So there’s nothing to compromise. Everything I have on Facebook is something that others may know. In fact, it’s all information you could get even if I did not put it on Facebook. Where I went to high school, for instance, can be found quite easily… On the site of my high school.
Get it?
You have 0 friends?
You have 0 friends?
Does it matter? Most people do not have the need to hide the fact that they are in fact friends with someone. Atleast to any normal, sane person it is perfectly fine if people know who they are friends with.
Of course, it tells a little about that person, but then again, it doesn’t tell anything that matters.
Mistaken again:
http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project…
I could write pages and pages about this stuff, but I won’t.
A Microsoft researcher summed it up better than I ever could. If you really interested read these links:
http://www.zephoria.org/thoughts/archives/2010/05/14/facebook-and-r…
http://www.zephoria.org/thoughts/archives/2010/05/15/facebook-is-a-…
Most people don’t want to see that that they are loosing privacy by being on Facebook, no matter how they use it. The amount of ignorance is about it is probably just human
EOD for me.
That’s convenient, isn’t it?
The simplest remedy against Facebook’s lax privacy policy is to only pt stuff on Facebook that even the most random stranger may know about you. You might not like that such a simple solution to this problem exists, but that doesn’t make it any less valid.
“EOD”ing this discussion just because you have no answer to that is weak. At least you can just admit that the best way to deal with internet privacy concerns is to never put anything on the web that you would otherwise never tell even a random stranger. That doesn’t excuse Facebook in any way – but I cannot change Facebook or any other company, I can only change myself and my behaviour to deal with the reality that companies will abuse my rights as much as they can, simply because that’s in their nature.
As for your gaydar thing – if that project reveals me as being gay, then it apparently isn’t working very well, since I’m not gay. I’m confident enough not to let something like that bother me. If it would bother you, then you have problems that far exceed just privacy concerns.
Edited 2010-05-19 11:21 UTC
OK, so your assumption is that you and all your friends and their friends and their friends only put completely harmless stuff on FB and that all that stuff can’t be correlated to reveal stuff about someone that he doesn’t want to be in public?
Good luck with that, but I guess math is against you here.
Mistaken again:
http://www.boston.com/bostonglobe/ideas/articles/2009/09/20/project…..
Bah. That’s just one of those I-use-lots-of-numbers-to-make-false-assumptions-and-declare-them-true- to-get-headlines. You just can’t find out someone’s sexual orientation by looking at his or her friends; people associate themselves with people whom they like hanging out with, not only whom they want to shag with.
It might not work every time, but I tend to believe MIT researcher more than you.
And I am sure FB can tell if you are gay or not just by looking at your friends and your logs on the site. Or how you are likely to date next etc.
I am not gay (I didn’t think pointing that out was necessary) but there are valid reasons for people to keep that info private. Especially in the US.
And anyways, the gaydar thing is just one example there are lots and of other examples.
Mmmkay?
It might not work every time, but I tend to believe MIT researcher more than you.
Even geniuses are wrong sometimes as history has proven.
And again, as they themselves say in the article they can guess things about a person to a degree, they can’t guarantee they are correct. As such their results might or might not tell about you. Such educated guesses are mostly useful for advertising purposes, nothing else.
And again, what IF someone thinks you’re gay? Is that bad? I was talking to a girl once at a party, a few years ago, and it turned out that she thought I was gay. Big whoopdido, we had a few laughs about it, my friends obviously went to town on that one for a few days (I would’ve done the same in their shoes), and that was it.
And no, I didn’t try to come on to her. Come to think of it, maybe that was the error that lead to her misjudgement in the first place…
.
it’s not about whether being gay is bad or not. The point is that with analysis of one’s friends list, someone can discover with a fair degree of accuracy information about one that one has not specified in his profile. The example in this study was sexual orientation, but it could have been other things.
You’re fixated on “gay” here but the point is info someone did not explicitly put on facebook can still be discovered via facebook.
Sexual orientation, religion, politics etc. Which of these things you may or may not personally care about revealing is irrelevant. Some people may not want some or all of those things to be public knowledge, but things like friends lists can reveal them, which many people are not aware of.
You said “shag”!
You said “shag”!
I could’ve used the f-word, I know, but I don’t like to swear :/ It’s rude, it’s something I don’t wish to teach to children, and given the audience here being mostly children or childish……
No. But the stuff I share with them on Facebook is the stuff I am comfortable with EVERYONE knowing – friend or no. In other words, the stuff on Facebook is stuff that even complete strangers may know.
I don’t know how I can make this any clearer.
I think he meant that even though you do not put any personal info on Facebook; people can still see who you are friends with.
I agree with your usage of Facebook. I don’t get the users on Facebook that are complaining about the way the company treads that privacy while at the same time putting all things they want to be kept private on the web.
There are even people like my sister that use Facebook (well she used Hyves) as a email address.
Found in the Gizmodo article:
http://joindiaspora.com/
Finally a social networking concept I might actually join and support. No putting personal information on a private company server. At least not if you don’t want to. I guess you could still setup a company to offer Diaspora seeds, but you have a real choice not to.
A lot of naysayers on this one seems to think that this is just like any other Facebook/MySpace upstart, and that they’re just going revert to the evil ways of Facebook when offered enough money. But honestly, no, they really seem to want to do this the right way, by making it extremely difficult to impossible for any one company to just harvest or exploit all the personal info on the network.
If this works out as I understand it, you could market something like Diaspora + SheevaPlug for a completely home-run seed.
Not saying this will supplant Facebook anytime soon, but maybe some of us non-Facebook extremists will have a realistic privacy-retaining alternative
Yeah, they have the right goals.
( Actually they have Eben Moglens goals http://www.youtube.com/watch?v=QOEMv0S8AcA excellent talk btw ).
Even is Disapora fails it seems they push will OStatus in the right direction (encryption) and people will be able to share private stuff on the internet with a lot more privacy than they have now (realistically mostly none).
The problem with most open social standards at the moment is that they are done be exhibitionists.
Edited 2010-05-19 12:49 UTC
In the case of the Facebook one, it seems a bit queer that anyone would expect security on a site who’s primary purpose is to share information about yourself with the world… As such I can see why Zuckerberg would shoot down a lot of ‘security’ proposals. So long as someone else can’t log into your account, that should probably be the be-all end-all of security it needs…
I like the booth at a restaurant analogy, just because you invite people to your booth doesn’t mean the people in the next booth over aren’t going to hear you. We’ve gone too far with the “go ahead and share details about yourself” with ego-stroking sites like Twitter, Facebook and mySpace (in case you couldn’t tell, I don’t “get” this whole social networking craze)– and then we’re supposed to feel bad when somehow ‘personal’ information is leaked off those sites? BULL.
Great example in the news recently with the psycho kid just happens to commit suicide from ‘cyber-bullying’ when it was probably the REAL bullying at school, complete lack of parental interaction, and behaviors permitted that would have gotten your ass whipped even by a teacher when I was in school… or at least gradeschool – this whole limp wristed “don’t upset the children” nonsense started showing up just as I was finishing high school in the 80’s – I feel bad for the thin skinned wussies we’ve churned out since.
Bullying occurs most in forced social situations where the bullied cannot flee – Cyber bullying? That’s BULLSHIT. I got a solution for that one, it’s called go to another website – It’s called turn off the damned cell phone and go outside and have a LIFE. The recent little miss national news media frenzy from the Commiewealth is a great example of this – on article literally said:
Nonstop-texts? TURN IT OFF. That thing does have an off button, the ability to block texts from people you don’t want to get texts from, etc, etc… Oh noes, she might shut down and stop using Facebook – her life is over…
I’ve got a great solution if your kid is being the victim of cyber bullies, take away the cell phone, monitor their internet use, teach the kid it’s not OK to give away every personal detail about yourself online and take them to go climb a mountain or to Six Flags. In other words, BE A ****ING PARENT.
The general public does not practice enough paranoia when it comes to volunteering information on the internet. If they did most online scams wouldn’t even exist and things like “security” on Facebook would be non-issues.
BUT
On the flip side of the coin we have the fringe whacko’s tossing a tippy over “Oh noes, Chrome is storing my last used zoom value”… MEIN GOTT. That this is even considered an issue shows such severe levels of clinical paranoia that ANYONE who really thinks this was a big deal.. do us all a favor and seek professional help. 100% swing to the opposite extreme!
Though you have to read between the lines, since this massive non-issue is magically turned into open source propaganda; as if magically the people who notice real issues can fix them… When it’s more like people dicking around fixing non-issues that are ‘popular’ while REAL issues (like say CAPTION having incorrect width when you pad a table, word-spacing ignored on whitespace between inline-level containers, incorrect height if you try to use baseline) go unfixed for years after being discovered while you end up having coders dicking around with meaningless trash like making a new skin for every release.
The real truth of open source – if it’s not flashy or trendy, or won’t make a splash in the headlines it’ll never get fixed. Hey Mozilla, how’s 915 coming along?
Although Twitter, Facebook, and MySpace do allow you to make everything you post world viewable, a lot of people expect to be able to use it to share photos, event invitations, and just general life updates and banter with their friends, not the whole world.
People should be able to hold discussions and share photos, etc. with their friends without the whole world being able to listen in. The fact that it is on the internet shouldn’t change that.
Because the purpose *isn’t* to share information with the world – if users wanted to do that, they’d just setup a fully-public blog, or use Twitter or something. The purpose of Facebook (for it’s users, at least) is sharing information with one’s circle of friends, and there’s an expectation that it’s not visible to random strangers outside of that circle – any more than sending email or SMS to those friends would be.
You’re right, posting things to it that you wouldn’t want *everyone* to see is stupid. But the expectation, from their earlier policies, is that information sharing is limited to your specific list of friends by default – it’s the changes to that policy that are upsetting people…
Thank you, drill sergeant, at ease.
The world isn’t the armed forces, though. It may be cathartic for you, but accusing people of being wimpy, effeminate, or slacking may not get the results you want. It’s ironic, too, when talking about bullying.
It seems apparent that manners and protocol need to be emphasized again, and that the rules need consistent updating to apply to online circumstances. Whether the plug is pulled or not doesn’t negate the need; the need was always there. In times past these rules kept kings, nobles, and soldiers from killing each other outright– recent news just seems to indicate they apply to so-called peons and plebians, too. Literally, sometimes.
It’s also pretty effete to just browbeat the parents. Any good teacher I’ve met (and I was taught this when I was trained as a teacher, as well) will admit freely that their students success depends largely on efforts at home. It’s a foundation, no doubt, but it doesn’t cancel out the role of the school. I’ve heard moans and groans from kids worldwide about “Internet Safety” classes, but I think they need to be there. Ideally, teachers, parents, and other elements of society should equally contribute to this effort, but the reality is that their participation will vary. Pointing fingers and laying blame to individual elements is imprecise at worse and ineffective at best.
Is all about false spectatives, facebook has never claimed to give you the maximun privacy, when you use facebook you know what you get, but with Google, always claiming that takes your privacy serious is a let down.
Tsk, hardly.
Facebook has been deliberately vague. They’ve been playing a shell game, and even the aware have been duped. One of the best articles I read on the subject suggested Facebook has been walking a dangerous middle ground in semi-privacy. And they’ve never been clear about what’s private and what’s not.
I’ve heard Thom’s “treat all the Internet as explicitly public” dozens of times from various people over several years. Erring on the side of caution is fair enough, but it’s simply wrong to assume everything everywhere in cyberspace will be up for equal grabs. It’s not.
Mark Zuckerberg seems to be a white-collar sociopath some stripes of hackers have been, based on what many have demonstrated for the media over and over again, often with just as little lack of conscience. I sincerely doubt he gives a shit about people in general; like those hackers, he’s just going to do whatever he figures he can get away with. The only real difference, I think, is his opinion about freedom of information involves corporations and making some cash. It’s within the rules for Madison Avenue and Hollywood, but I think he cares very little about the end user/consumer.
Yeah, I quit. I wound up losing access to family and friends I will never hear from any other way. But that’s just it. I don’t hear from them otherwise. Those that matter keep in touch by other means; those that don’t care– they won’t. It became increasingly obvious to me that Facebook matters very much to public figures and merchants, but I’m not really within either of those two categories, and so I decided I really wasn’t going to miss much.
For a lot of users facebook only groups the information available about you. It just makes it a lot easier for companies to use that information. Whether that bothers you depends on yourself.
The privacy setting on a browser is a usefull feature, but I think a lot of people forget that your browser is not the only place where the information passes..
I do like it because those sites aren’t listed in the history which prevents them from accidentaly showing up when you want to show something to other people.