Tag Archives: privacy

Blog

Diaspora: open-source distributed Facebook equivalent

1 Comment

I’m surprised it hasn’t happened before (as it’s an idea I predicted in rudimentary form for an article in Focus back in 2007, and I’m hardly at the cutting edge of web software thinking), but the Facebook privacy backlash has prompted a small gang of geeks to build an open-source distributed social network platform that gives you back full control over your personal data [via MetaFilter].

Diaspora is intended to be installed on a webserver, with every installation serving as a node in a peer-to-peer network – a complete reversal of the centralised model that Facebook and similar systems currently work on. Most of the current objections I’m seeing hinge on the fact that the majority of SocNet users don’t yet have their own server and domain name, and aren’t technologically able to maintain one themselves: the former is a matter of cost, and the price of webhosting is falling constantly; the latter is a matter of demand, and the turnkey installation scripts for software like WordPress which are available from many bargain basement hosting outfits suggests that, if the demand increases, the barriers to entry will lower rapidly.

That said, not everyone cares about their privacy online. Whether that matters or not is a debate for another time, but while the situation persists, the free-to-use no-technological-hassle SocNets will always have the upper hand in the casual user sphere. If Diaspora is to succeed, it’ll have to demonstrate tangible advantages over the competition in addition to the more abstract USP plus-points of enhanced privacy.

Fingers crossed… although, as science fiction fans, I think we should all get behind a piece of software that shares a name with a Greg Egan novel. šŸ˜‰

Blog

Foursquare, Chatroulette and the social panopticon

3 Comments

I think what surprised me most about the Please Rob Me flap was how little flapping there was, and that most of what there was came from the sort of people I usually expect to see beyond the obvious tabloid angles to the truth of a technology story. Perhaps technopanics just aren’t getting the click-through they used to… or maybe everyone’s too busy covering the adventures of neoprene-clad sportsmen in cold places to care.

Stowe Boyd managed to make the point about Please Rob Me in a much more coherent and conciliatory fashion than I did:

I am suggesting that a single level of ‘friending’ is probably too general to satisfy assumed needs for safety, although there is little evidence that social tools increase the likelihood of burglaries or rape. We don’t have an epidemic of ‘social crime’ to resolve here.

The slippage of geolocational information from a closed, stable network into an open, dynamic one opens up a wider assemblage of contacts, but without the assumed friendship that comes from symmetric following. […]

So, I think the slippage of geolocational information from a closed, stable system like Foursquare into an open, dynamic system like Twitter is less problematic than generally considered. I don’t think it, per se, is scary.

While it is possible that a cadre of burglars or a sex slave ring might try to eavesdrop on our geolocational information in these services, history would suggest that our so-called friends and acquaintances are actually the source of most of these dangers.

People are scary, not social tools.

Quite – and that’s not to underemphasise the potential scariness of people, either. The perspective we need to regain here is that technologies aren’t intrinsically creepy, invasive and risky, but that some people are. If anything, gaining a true understanding of the implications of a technology is probably a better way to minimise its risks than a witch-hunt. Kids can cut themselves with sharp knives – so do we ban all knives, or do we just teach kids not to play with them?

I’m not saying that encroachment into privacy isn’t a problem – just ask the kids of Harriton High School. But we need to move away from this culture of blaming technology for the misuses it is (or could be) put to by people; it’s the same fallacy that the hair-shirt greens are so fond of, and it’s counterproductive on every level. Sure, we’re all able to watch each other more thoroughly than ever before, and yes, the social panopticon comes with similar social risks to a more monolithic (e.g. governmental) surveillance apparatus [via @AmandaChapel]- but it’s not going to go away. Wringing your hands is a waste of time; if you really want to prevent tech misuses, educate your audience instead of trying to terrify them into momentary Luddism.

Talking of technophobia, I name ChatRoulette as front-running candidate for the next tabloid technoterror. The more moderate mainstream media has a hold of the story already, painting it in very “wow, the crazy things these internet people build!” colours with some positivist highlights:

… Chatroulette is a social Web site that allows you to navigate somewhat incognito. ā€œThereā€™s no log in, thereā€™s no registration, and thatā€™s fundamentally different from Facebook and Twitter, where your real persona is tied back to you,ā€ said Sarita Yardi, a doctoral candidate at the Georgia Institute of Technology who studies the role of technology in teenagersā€™ lives.

The Web has long allowed anonymous conversations among strangers. Text-based chat rooms are rife with deceit ā€” people pretending they are someone else. Video makes this harder ā€” even if youā€™re wearing a mask. Then, too, the anonymity can be fleeting. Screenshots of people using Chatroulette have popped up everywhere. Is one of them you?

In truth, ChatRoulette looks to be a pretty benign (and ultimately banal) thing – not to mention strangely reminiscent of a Jeff Noon story I vaguely remember, in which every one in the world had a mirror that showed the face of another person somewhere else in the world. The usual social media/privacy commentators are being quietly sensible, too, albeit keeping their guard up against the inevitable accusations of showing support for technodepravity:

I like the fact that there are still a small percentage of folks out there looking for some amusement because theyā€™re bored and they want to connect with randomness, folks who recognize the joy of meeting strangers in a safer space than most physical spaces where thatā€™s possible. I realize that this creates the potential for seeing some pretty gross and/or problematic things and I certainly donā€™t want to dismiss that, but Iā€™m pretty certain that teens are responding the same way that Iā€™m responding ā€“ by clicking Next. Is that ideal? Probably not. And Iā€™d certainly love a filter ā€“ not just for teens but for my own eyes.

[…]

Iā€™m not sure that immature folks of any age (or the easily grossed out) should be on this site. But I do hope that we can create a space where teens and young adults and the rest of us can actually interact with randomness again. Thereā€™s a cost to our social isolation and I fear that weā€™re going to be paying it for generations to come.

Indeed; the more we seek to protect ourselves and our children (especially the children, poor innocent things that they are!) from everything and anything, the less able to deal with adversity we become – and adversity is inevitable, unless you live in a box lined with cotton wool and a Faraday cage. Common sense aside, however, the potent and flammable combination of children, strangers and video pretty much ensures that ChatRoulette will be moral-panic-boogie-man of the week for the usual suspects within the next month or so… provided the fad lasts that long, of course.

Blog

Please Rob Me: what’s the big panic, exactly?

2 Comments

Unless you’ve been sleeping under that hypothetical internet-proof rock for the last 24 hours, you’ve probably caught wind of the charmingly-named Please Rob Me, a site that aggregates publicly-available Twitter updates which announce that their creator has left their home empty while they go somewhere else. The theory here is that, by announcing you’re not at home, you’re openly inviting some nefarious evil-doer to burgle all your stuff in your absence; what a terrible indictment of geolocational status updates and public announcements of your daily comings and goings, AMIRITE?

Well, frankly, no. Even someone as poorly versed in crime literature (be it fictional or factual) as myself is aware that an experienced and/or smart burglar tends to “case the joint” carefully before doing the job. And while Please Rob Me might make it possible to know when someone’s out of the house without surveilling it from across the street, that’s its only advantage… assuming that said burglar is willing to take an internet status update as a surety, which – were I a burglar – I certainly wouldn’t do.

So, yes – Please Rob Me may be a useful way of highlighting the fact that many people who geolocate themselves publicly on the web haven’t thought about the implications of that information being publicly available (which is what its creators meant it to do, if I’ve understood their “why” page properly), but it isn’t a sign that there’ll be a sudden swarm of Twitter-combing burglary crews hitting the luxury pads of Silicon Valley high-flyers while they’re slurping up lattes downtown.

If your house is worth robbing, and if it’s being targetted by the sort of burglar who doesn’t just operate on the basis of pure opportunism, then that burglar will find a way of knowing when you’re out of the house, whether that be through watching your Twitter stream or the more old-school (not to mention tried, tested and reliable) method of keeping an eye on the place for a week or so and learning your daily routine. Public geolocation might make that easier to do at a distance, but when their freedom is at stake, I expect the more cautious burglars – the ones who are likely to get away with burgling rich people’s houses at least once, in other words – aren’t going to rely on 140 characters and a GPS tag before crowbarring your back door.

Privacy and lifelogging are important issues, but the alarmist tabloid-esque flapping over Please Rob Me is actually obscuring the important parts of those issues, not bringing them to the forefront. So let’s think things through before hitting the big red button marked ‘technophobia’, shall we?

Blog

Second Life Enterprise: virtual worlds behind the corporate firewall

4 Comments

Second Life business link terminalHere’s an interesting development in the metaverse – Linden Lab, creators of Second Life, have announced the formal launch of their “Second Life Enterprise” platform, which is essentially a fragmented piece of the virtual world that runs on corporate servers behind the firewall. Private, hermetically-sealed virtual worlds, in other words. [image by Daneel Ariantho]

This is important for two reasons. First of all, it’s a major step in Linden Lab’s attempts to turn a decent profit from Second Life, which it has struggled to achieve with the free-to-use business model of the public version. If they can convince some big players of Second Life’s utility as a collaborative business tool, the subsequent inflow of money might enable them to step up the bug-hunt and fix some of the virtual world’s bigger flaws. IBM have been a presence in SL for some time, as have other big corporations (to whom we can now add the US Army’s Medical Research and Materiel Command branch, who are financing a “therapeutic space” for amputee veterans using SL Enterprise); the potential for the same tools in a more secure environment (e.g. devoid of flying penis barrages, for a start) may entice more money into Linden Lab’s coffers, and open up the field for competition from other virtual worlds. So now’s the time to set up a business making sharp business suits for executive avatars, I guess…

Secondly, the veil of privacy will doubtless encourage experimentation, and should lead to some new and weird ways of interacting with (and creating within) synthetic spaces. After all, you wouldn’t want to go developing your top-secret big-money idea in public where anyone could see (and copy) it, would you? Imagine for a moment that DARPA decided to set themselves up with an SL Enterprise installation… I’d pay a good big bribe to check out the crazy crap they’d have filled it with after a year or so of getting to grips with the interface, that’s for certain.

And, of course, one can’t help but be reminded of the abandoned corporate virtualities featured in William Gibson’s Bridge Trilogy, most particularly Idoru. Like the adandonware websites that already festoon the web, sat on some server somewhere, waiting for a rental agreement between two companies that no longer exist to expire, the metaverse could soon become a multimetaverse, with a few vast virtualities with public access and countless little bubbles of digital existence locked away behind firewalls and restrictive protocols. Urban exploration is a growing trend at the moment, but in a decade or so, the adventurous people will be cracking their way into abandoned corporate and gubernatorial realities to see what they can find lying around… and hell knows some of it will be more interesting than rusty old swivel chairs.

Blog

Secure your privacy: tell everyone everything

Privacy please!What if the best way to protect against identity theft was not to hide the fingerprints of your digital daily life, but to expose them to public scrutiny? It sounds like an Orwellian contradiction, but Alex Pentland of MIT’s Human Dynamics Lab believes that allowing limited access to logs of our electronic acitivities is actually much safer than relying on passwords or keys which can be phished or stolen. [image by hyku]

“You are what you do and who you do it with,” says Pentland. Researchers and corporations have realised the potential of such data mining, he points out. “It is already happening and it is time for people to get a stake.”

If people gain control of their own personal data mines, rather than allowing them to be built and held by corporations, they could use them not only to prove who they are but also to inform smart recommendation systems, Pentland says.

He recognises that allowing even limited access to detailed logs of your actions may seem scary. But he argues it is safer than relying on key-like codes and numbers, which are vulnerable to theft or forgery.

If I understand my cryptographic principles correctly (and I may well not, so do put me straight in the comments if I’m wrong), Pentland is proposing something a little bit like a public key verification system. Perhaps in this case “your best defence is a good offence”… the sort of thing that could easily be combined with some sort of reputation-based currency like whuffie? And hey, he’s advising we take our data back from the corporations that already scrape at it when we’re not watching. Makes sense, right?

“It is not feasible for a single organisation to own all this rich identity information,” Pentland says. What he envisages instead is the creation of a central body, supported by a combination of cellphone networks, banks and government bodies.

That bank could provide “slices” of data to third parties that want to check a person’s identity. That information could be much like that required to verify high-level security clearance in government, says Pentland.

Uh-oh… suddenly I’m not so keen on this idea, at least in the way Pentland is thinking about it. A peer-to-peer system, fine, I’m down with that… but handing the reins of identity verification over to banks and quangos, after having already admitted that private corporations are prone to abusing the crumbs of data we drop behind us all the time? That’s got to be a step sideways, if not backwards. Pentland has thought about ways to monetise the system, too:

An individual could also allow their data to be used by services like apps on their smartphone to provide personalised recommendations such as restaurant suggestions or driving directions. This has the potental to be much more powerful than the recommender systems built into services like Netflix and iTunes, and would help familiarise users with the value of the approach, says Pentland.

Pentland’s carrot seems to be much the same as the one dangled by the people behind Phorm: “if you’ve nothing to hide, there’s nothing to fear, and we’ll even be able to recommend you stuff that you’re more likely to want to buy!” Maybe I’m just being paranoid; I remain convinced that a certain degree of personal transparency is not only a societal good but a useful tool for personal security, but something about this particular formulation smells very bad indeed.