Playing WhatsHerFace-book.com

After launching this weekend, we’ve seen over 700 users (Mostly college age students) tag 35,000 friends, and it turns out that the average player only knew 70% of their Facebook friends presented. Now, of course, the term “average user” is very skewed given our user base. Facebook reports that the average user has 130 friends, while our average player has boasted a whopping 880.

We argue that anything under 100% recognition of your “friends” should raise some privacy red flags. Every one of your friends can share your information with third-party apps (in fact it’s this that allows our app to function); we are able to pull all of your friends photos, without their permission–that is, unless they’re smart about their privacy settings.  Even if you can’t bring yourself to defriend a long-lost acquaintance, at the very least you should consider creating managed friends lists with restricted privacy settings.

Results from a round of WhatsHerFace

We also hope to remind people to consider their audience when sharing content. “Friends of Friends” is never a good idea. For the average Facebook user, that’s 17 thousand people you don’t know, and why would they need to see your information anyways? Entire networks are generally a bad idea as well. You have no idea how large those networks can be, and with companies asking alums to Facebook stalk you on their behalf, does all of Yale really need to see you with your solo cups?

You probably think you know all your friends. Maybe you even pruned the list recently. But you had names and faces, and it’s so much easier to identify someone with a name. Try out whatsherface-book.com and you’ll understand just what we mean when whatsherface from freshmen year comes up and you’re forced to think, “Who the hell is that?”

Charlie Croom
Bay Gross

First, the emphasis on “circles” makes you think about who is going to read what you post.  Circles are similar to the optional “list” function on Facebook.  But the operative word here is optional.  You need to go out of your way to customize who sees your statuses on Facebook, clicking the lock icon next to the “share” button, then going to a “Customize” menu.

Sharing options for Facebook posts

Clearly, Facebook doesn’t want you to think about who sees your posts.   For Google+, on the other hand, at the bottom of each post, you see who the post will be sent to (see below).  It’s similar to an email mailing list, except the ensuing discussion looks more like Facebook.  Now let’s think about this in the context of a useless post: “I just had some awesome pancakes for breakfast.”  It’s on my mind, so on Facebook, I’ll just type it in, hit enter, and it’s there.  On Google+, I’ll type it in, then go to select which Circles to share it with.  Because of this, I’m forced to ask, “who would care about this?”  Acquaintances are immediately unchecked.  Family? Nah, they wouldn’t care either.  Classmates? No dice.  How about “Close Friends”?  Come to think of it, why would they care about an above-average breakfast?  No one wants to know this, so I’m not going to end up posting it.  This is a perfect example of the power of defaults – two networks have the same options, but they feel fundamentally different since one integrates choice into the interface, while the other hides a default.

Sharing a post on Google+

Select who you share with.

Second, there is no wall.  This is a big move for Google, considering some form of public personal messaging has been a staple of both MySpace and Facebook, its precursors. There’s a complex psychology and sociology to the Facebook wall, but it just starts feeling weird after a while.  It’s akin to people holding a loud conversation in public – you don’t necessarily want to eavesdrop, but you can’t quite avoid doing it.  On Google+, if you want to direct a message at someone, you have two options.  First, you can make a post that you share only with the intended recipient; the person will get a notification about your post.  This is a bit odd, though, since it only appears in your “stream” along with posts not specifically directed at anyone.  Second, just email the person.  Depending on various privacy settings and whether you are Gmail contacts, Google+ profiles have an email link featured prominently under the profile picture. (Edit: You can control whether this link appears by going to your profile, then clicking “Edit Profile,” then the “Send an Email” icon.  When people click this link, they send you an email without actually seeing your email address.)   Either way, you’re encouraged to keep two-person conversations private.

It might seem surprising that the folks who brought us the Buzz disaster would discourage us from sharing too much, but they’ve clearly focused their network around what people don’t like about Facebook (and perhaps they’re trying to avoid the backlash they got from Buzz). Facebook has become inundated with information you never wanted to know from people you met once and became friends with out of politeness.  Even to many people who are “hooked,” Facebook has become more of a social burden than a welcome way to keep in touch with friends.    It’s hard to predict how Google+ will evolve as it scales up and is modified over time – after all, Facebook was once somewhat similar to the current Google+, but it incrementally eroded privacy to draw users in.  However, Google has an advantage that Facebook didn’t have.  It is already an established web resource with enough useful services independent of its social network to keep itself relevant for a good while. Google can continue to attract users by making Google a one-stop digital resource, leaving an unobtrusive social network intact.

Addendum: I should probably note that the “resharing” function leaves a privacy hole, but resharing itself requires that you think about who would want so see someone else’s post.  Though it amounts to no more than automated copy and paste, this is another example of the power of defaults; hopefully Google will allow users to turn off resharing by default before Google+ becomes open.  In general, the Google+ design allows you to limit the people you give information to, not what they do with it, which is really all you can hope for, anyway (see Hoffa v United States).

A visualization of iPhone location data, from Alasdair Allan and Pete Warden

Let’s recall US v. Maynard, a 2010 case where FBI agents planted a GPS tracking device on a car when the car was on private property, and then recorded its location every ten seconds for a month without obtaining a warrant.  The US Court of Appeals for D.C. held that obtaining such information required a search warrant, and rejected the Bureau’s claims that their actions didn’t constitute a search.  The Bureau cited US v. Knotts, in which police used a beeper device to track the discrete movements of a suspected conspirator’s car over a limited period of time.  In this case’s opinion, the court only addressed the use of such tracking technology for a single car trip–not limitless access to GPS data, regardless of previously specified time or place.

Accessing aggregated GPS data in an investigation constitutes a search and requires a warrant.  However, we’re only familiar with this situation when a third party is seeking that location data.  What’s unique about Apple as the original collector?  They’re not going after data collected by another party–it’s a function built into the software, and it’s covered in the terms of service.

Indeed, Apple’s iOS 4 TOS says

To provide location-based services on Apple products, Apple and our partners and licensees may collect, use, and share precise location data, including the real-time geographic location of your Apple computer or device. This location data is collected anonymously in a form that does not personally identify you and is used by Apple and our partners and licensees to provide and improve location-based products and services. For example, we may share geographic location with application providers when you opt in to their location services.

So what’s next?  The blogosphere is feeling squeamish, but is that the extent of the response? Thoughts, guys?

As an aside, Apple’s capitalizing upon the buzz with advertisements on Google, perhaps employing the same publicity tactics that BP did, post-oil-spill (I blogged about it here). I’d be interested to see if the content of these word-triggered ads changes to be more actively positive in Apple’s favor as more eyebrows are raised in response to this latest discovery.

Of course, with all of these social networking sights, there is the risk of overshare. One wrong click could make a journal entry that was supposed to be “private” readable to all the world, and a lapse in judgment could result in you complaining about your boss in your Facebook status update when, in fact, your boss is a Facebook friend. My high school teachers were quick to remind us that we should be very careful about what we posted online, as we might have viewers outside of our intended audience. They held up one of my peers as a prime example. A recently graduated student had tried to get a job in the school’s Computer Lab during his gap year before college, but he had made the mistake of alluding to his affinity for marijuana on his MySpace profile. In addition to refusing to hire him, they saw fit to share his faux pas with the entire faculty, student body, and association of parents as a cautionary tale.

I felt: Lesson learned. No open profile. No stupid photos. No exposing my personal information to school officials, potential employers, or strangers. I had assumed that, if I was careful, I could maintain my privacy. Of course, there was the issue of a friend writing something unsavory on my wall or tagging me in a photo I wasn’t proud of, but there are means of protecting yourself against that. As the author of  “10 Privacy Settings Every Facebook User Should Know” suggests, you can protect your privacy by monitoring your friend list, removing yourself from Facebook result searches, removing yourself from Google, avoiding the infamous video/tag mistake, protecting your albums, preventing stories from showing up in your friends news feeds, protecting against published application stories, making your contact information private, avoiding embarrassing wall posts, and keeping your friendships private. If I did all of this, my profile might look a little boring, but I should have absolute privacy, right? Wrong.

Even Facebook users with the most strict security settings do not really have “protected” profiles. According to Wall Street Journal investigators, Facebook “apps” have been transmitting identifying information such as Facebook user IDs and names to external companies to use them for marketing purposes, regardless of whether the user has tried to make his/her information private. For some users with less strict privacy settings, their age, occupation, residence, and/or photos might be released to these advertising and data firms which could then attach them to “dossiers” they had already compiled on the user’s personal information and internet-activity history. When the WSJ conducted its investigation in the fall of 2010, each one of Facebook’s ten most popular apps (FarmVille included) was guilty of transmitting user IDs, contributing to a breach of privacy for tens of millions of Facebook users.

Facebook officials indicated that their company was opposed to such information sharing (evidently it is against its privacy policy for apps to user information to these external companies), and they promised that Facebook was working on limiting user’s exposure. Several “guilty” apps were disabled, but, how can Facebook monitor the activities of all 550,000 apps? What incentive do they have to bother?

After coming under a lot of scrutiny for its privacy policy (which most users could not even understand because of its length, density, and language), Facebook unveiled its plan for a new format, which should make the policy more readable and understandable. Facebook disseminated a graphic to demonstrate how the new format, characterized by “simplified explanation” and “interactive tools,” will help users understand the way their information is being used:

This is a nice gesture… but the privacy policy itself will remain completely unchanged, so personal information can still be used to target advertisements and “Sponsored Stories” about us can be used to advertise products to our friends. For a lot of people, this gesture is simply not enough.

Steven J. Vaughan-Nichols argues that our personal information and privacy is too high a price to pay for just “free web-hosting and some PHP doodads.” He believes that the Facebook’s Panopticonic system developed out of the centralized server/client architecture that pervades today, and he suggests that our freedom can be obtained through decentralization, through the use of small, inexpensive plug servers, dubbed Freedom Boxes. According to the Debian wiki, “We live in a world where the use of the network is mediated by organizations that often do not have our best interests at heart. By building software that does not rely on central service, we can regain control and privacy. By keeping data in our homes, we gain legal protection over it. By giving back power to the users over their networks and machines, we are returning the internet to its intended peer to peer architecture.” Freedom Boxes will offer data encryption and security, and it will allow Internet users to enjoy “safe” social networking through “privacy-respecting” services such as Diaspora, Appleseed, and Lorea.

Sounds very interesting, but I’m curious about how successful these new sites will turn out to be. The centralization of Facebook’s system might give it too much power, but it is a power that will be difficult to overthrow. Facebook has become not just a social network but THE social authority; as Hortsense Smith for Jezebel notes, “it often seems like its somewhat required to have a Facebook profile just to appear to have a presence on Earth.” If you’re not on Facebook, how will you get this invitation or hear about that piece of news (gossip)? How will the person you met at the dinner on Friday track you down to see you again? How will you announce to the world that you’ve just finished reading Twilight and the ending made you cry? While ceding control over one’s personal information is certainly a cost, it seems to be one that many millions of people are willing to pay for the convenience and size of the network. Seeing as so many of the people that join networking sites join them to have 1) an audience to perform to and 2) a constant source of entertainment as they watch other people’s performances, how could they walk away from so vast an audience and so great a spectacle?

I anticipate that Diaspora and similar “secure” social networking sites will become very popular within certain circles (most likely among computer-savvy users that already know P2P, appreciate open-source software, and understand how seed systems work), but I think they will remain niche. Most of us (many computer-illiterate) will just stay on Facebook and grumble about privacy breaches through status updates, wall posts, and Facebook groups.

This perspective may be comforting, but we should qualify this comfort. It is a small, finite comfort.

The comfort lies in the realization that our own mistakes will not be as damaging as we might initially fear. Mr. Scalia (who often seems to be assigned in readings at Yale at his expense!) if little else in our readings does seem to remind us that the idea of the law protecting every little fact about us is absurd. Kashmir Hill suggested that more openness might lead to more comfort. And indeed, for stuff like what happened last Friday that a friend posted with you tagged in it, it might be less silly to turn to social norms than to turn to law. Social norms are formed online — we all have seen this happen in our generation — and we can expect a great deal of such online exposure to be made safer by online social norms, without overprotective, “silly” legislation. We can all simmer down now because the privacy FUD problem is solved.

If that leaves you less than satisfied, I’m with you. “Online exposure” can go far beyond being tagged in a Facebook pic. Specifically, your online exposure is not necessarily of your own doing, or even your friends’ doing.

Daniel Solove’s blog post in this week’s reading suggested an interesting term: Aggregation. Solove uses this term to describe a way that gathering data on someone can lead to violating his/her privacy, essentially by connecting “innocuous” points into a “detailed portrait of our personalities and behavior.” We can ask a sort of philosophical question: What other effects might the Internet bring about to data about you?

Like Seth Godin’s list of ways things can get broken, my list of privacy FUD is sure to be incomplete. Please comment and add your own!

1. Aggregation – Connecting innocuous dots can lead to an uncomfortably detailed big picture. For an example, do the readings.

2. Dis-gregation – Less is more — more harmful.

What if an online journalist or a Facebook friend isolated a couple (true) facts about you and leaves out other relevant facts?

3. Context Distortion – Taken out of context, new implications begin to arise.

I thought of this last class when I discovered searching for my name leads to a porn website. No, I don’t have a porn star double life! But in 2009 I did help promote Yale and other US colleges to Japanese students, and the Japanese term 中高生 (middle and high school students) landed links to YouTube versions of our video footage filled the greater part of a fuchsia-colored website. (Incidentally, if you’re being naughty and trying to find this website, at least on the page with my name in it there was nothing graphic, let alone anything involving minors.)

4. Unplanned Anti-Obsolescence – It’s forgotten by now, right? No, it’s in the Net’s hands now.

A friend thought he’d put up a silly status update, and delete it 30 minutes later. It wasn’t something he wanted everyone to know, but having a few know would have been acceptable to him. He had it planned out that way. But when another friend found it hilarious and re-posted it as his status, control over it had changed.

5. Promulgation – Data that’s out there, but in small circulation, can become less innocuous by gaining popularity.

A funny story shared to friends might not be best when shared on the Internet, where there are less degrees of separation from total strangers who might interpret it differently. Cyber-bullying examples come to mind as well — a few enemies at school is a smaller problem when they’re not enlisting online comrades. Or what if RapLeaf had sold (“inadvertently”) data about your online behavior not to a dozen advertisers, but hundreds? What if they also sold data to your workplace, school, or to the government?

I am sure there are more effects we could talk about, but the bottom line is that an embarrassing Friday should not be our only concern. Even if greater transparency helps establish social norms online, we shouldn’t ignore that it’s becoming easier and easier for the Internet to affect info about you. What you post about yourself or reveal to marketers tracking you is really just where that data might start off – really we’re talking about the potential for that data to take on a life of its own. Much of this seems difficult for the law to prevent, but I suspect we’re more eager to turn to the law rather than social norms when we consider that it’s not just about our own mistakes confined to a few popular sites.

A cursory Googling revealed that Zappos is one of the many clients of Criteo, an award-winning advertising company which specializes in behavioral retargeting following people with a product until their last ounce of willpower dissipates. As it turns out, I’m not the only one who has been followed across the net by a vengeful piece of merchandise. This blogger was chased by a pair of shorts, and this one by some brown loafers.

What it comes down to is that I WANT THOSE BOOTS. Criteo knows as well as I do that the more times I see them, the more tempted I am… and the more likely I will be to buy them. Is it a great advertising strategy? Of course! But is it totally weird? Perhaps.

As it turns out, Criteo collects nothing but browsing behavior on their clients’ websites, storing a simple cookie. From Criteo’s FAQs:

What does Criteo know about me through the ads they serve?

We do not know who you are. We do not know your name. We do not know where you live, where you work, your gender, your age, your email address or any other personally identifiable information about you. We do not collect any information from the publisher website on which you may have seen our ads. We do not store your IP address. We do know that the Internet Browser you are using has visited one of our partner sites (probably an online retailer) in the last 30 days, and we have seen which products you were interested in on that site.

Here are some screenshots from the Take a Tour section of Criteo’s website:

Criteo basically keeps track of which items a user visits on their clients’ websites. Then, when a user fails to be “converted”— and approximately 98% of users are not converted on any given visit— Criteo displays those same browsed items through dynamic personalized ads across a vast array of websites. Images of the viewed items float around Criteo’s banner ads until the user finally caves, or becomes so frustrated that he or she takes the time to go to Criteo’s website and opt out.

Companies like Criteo are well within the limits of what is technically acceptable in terms of privacy. They store simple cookies, which users can block by changing their browser settings, and users can choose to opt out on Criteo’s website. These behavior-targeting companies are certainly less egregious than companies like Facebook and Google, which store much more than a simple tracking cookie, similar to the ones which are stored at almost any other website. But the visceral reaction that I and other bloggers have had to Criteo’s ads comes from the age-old adage that ignorance is bliss. I, like millions of other web users, like to pretend that I’m not being tracked and recorded with every virtual footstep that I take. Seeing my browsing history displayed across a banner ad on a totally unrelated website shatters the illusion of privacy. What I’m trying to say is: I don’t like being reminded of what they know about me and my behavior. I’d like to believe that the only one watching me shop for the gray suede boots was me.

While Gmail and Facebook obviously don’t share exactly the same purpose (as Facebook is primarily a social networking tool and Gmail is primarily an email provider), there is, in fact, much overlap. Facebook has private message exchanges, Gmail has contact lists and Google Buzz, and both have an online chat function and current status update capabilities. Thus it is both useful and meaningful to compare the privacy policies of the two sites.

First, Facebook and Gmail differ in what extraneous information they collect. Facebook collects information “about your browser type, location, and IP address, as well as the pages you visit (emphasis added).” Gmail does not collect information on what pages you visit, but instead, limits its collection to relevant information such as IP address, browser type and language. At the risk of sounding biased, I ask you to consider what nefarious reason Facebook has for collecting information on what other sites you visit and what they are doing with this seemingly irrelevant information. They can get quite enough information for targeted advertisements from your listed interests and activities, as well as from your general information (age, location, gender, etc). (As a side note, although Google took some heat for supposed privacy violations in Google Buzz, this application had to be opted-in, and has since been updated to a better policy, and thus stands apart from the default and continuing privacy issues of Facebook.)

Second, the sites’ policies differ in scope. Both sites involve third party applications or affiliated sites. Whereas information provided to affiliated Google Services on other sites falls under Gmail’s privacy policy, information provided to popular third party applications on Facebook (even those pre-approved by Facebook) is subject to those applications’ privacy policies, which, as you can imagine, may not be all that respectful of your privacy.

Third, a friend’s settings on Facebook can affect the leakage of your private information:  “If your friend connects with an application or website, it will be able to access your name, profile picture, gender, user ID, and information you have shared with ‘everyone.’”  In Gmail, a contact’s privacy settings have no effect on your information.

Finally, there are various reasons why privacy on Facebook is worse than on Gmail in terms of Facebook-specific activities. If a friend on Facebooktags you in a photo or video or at a place, you can remove the tag, or you can limit who can see that you have been tagged on your profile, but you cannot prevent the person from tagging you in the first place. If they publish the tagged media to their news feed (which is often the default option), many people will likely see the offending picture/video/location before you get the chance to remove the tag yourself.

Another issue deals with Facebook’s default privacy settings. These settings allow “social ads” to use your picture in advertisements that your friends see, unless you opt-out. Gmail has no such egregious misuse of your information. Similarly, Facebook may store information about a payment source account that you use for transactions on Facebook (such as buying a virtual gift for a friend’s birthday). Again, Gmail does not store your bank account information. (While no analog features to social ads and virtual gifts currently exist in Gmail, they easily could be implemented, but tellingly, haven’t been).

There have also been issues with breaches in Facebook’s already lenient policy. Such leaks may allow apps to sell your information to ad companies and to track your online behavior. As many people still consider the Web a place that makes anonymity possible, this online footprint may leave you feeling unsettled and a little creeped out. The fact that a company such as Rapleaf may have been tracking you through Facebook, compiling information on you and selling your information should make you reconsider how anonymous you think your online activity, especially on Facebook, really is. For example, some political campaigns may buy information from Rapleaf (including voter-registration files, shopping history, social-networking activity, real estate records, and your name and email) to better target their demographic.

Remember when people were really upset by the lack of privacy of the then-new Facebook mini-feed? It seems we’ve been desensitized to this particular invasion of privacy. Let’s not continue this apathetic trend to the point where Big Brother can convict us of google search crimes (thoughtcrimes of the digital age).

Well This Zucks...

Welcome to the new business model: infringe on your privacy first, ask questions later.  Now before I fully delve into the issue of Facebook’s new user privacy settings, I should note that I have always been a proponent of Facebook’s right to pursue what it feels is a profitable and satisfying business model.   Capitalism at its finest.  I have defended Facebook using what I have termed “The McDonald’s Defense”.  Often, consumers demand that businesses comply with outrageous orders.  For example, consider the following conversation:

McDonald’s Employee: Welcome to McDonald’s, may I take your order?

Customer:  Yes, hi.  I would like to order, uhm, a large double unsaturated soy mocha float, and two uncooked vegan tofu gluten-free eggs.

McDonald’s Employee:  Uh, sir, we don’t sell those-

Customer:  Oh and could those eggs be fried in omega-3 monopolyunsaturated fats from a Komodo dragon?

McDonald’s Employee:  **Confused Look**  May I help the next customer?

Of course, such a scenario seems ridiculous, but I use it to illustrate the fact that McDonald’s (i.e. Facebook) has the right to refuse service based on what it offers.  If you don’t like the way Facebook organizes its privacy controls, or any of its other features, go to Burger King (maybe, MySpace?).

But, what happened to me the other day was not a matter of asking for unreasonable privacy controls, but rather having my privacy infringed upon with a deceptive “opt-out” system.  Facebook now has a new “Instant Personalization” feature that allows partner websites to access personal information stored on Facebook’s servers without you knowing.  That’s right: FACEBOOK GAVE NO NOTICE OF THIS SERVICE, the only “warning” they gave was a small blue box at the top of each person’s home page that said privacy settings had changed.  Only after clicking “Learn More…” and digging to the very last section did I discover the feature.  Then, when I tried to disable it, I was confronted with the following confirmation page:

The More You Share, The More You Care (For Facebook's Wallet?)

Note that, although I have some of the strictest privacy settings on Facebook (no public search and the only things people who aren’t my friends can do are message me or add me as a friend), I was automatically opted into this Instant Personalization module.

So Facebook, where does that leave us?  You’re probably right, the “richness of the social interaction” from these new features is probably worth the hassle of a slight loss of anonymity because they provide so much convenience.  But why make it so hard to opt out?  Why not notify us about these changes?  WHAT INFORMATION ARE YOU GLEANING FROM THESE PROGRAMS THAT MAKE YOU WANT US TO PARTICIPATE SO BADLY?  WHAT IS “THE MAN” PAYING YOU?

Please, Mark Zuckerberg, get back to me on that.  You know how to reach me: just add “Thaddeus Diamond” as a friend, and click “Share”!

Tweeting something as benign as “great tilapia tacos @ Drew’s Taco Shack” is potentially unsafe as it alerts burglars to the fact that whoever is currently eating a taco with Drew is also not home. A new wesbite, pleaserobme.com, hopes to increase awareness about the dangers of publicly providing too much information, so it collects tweets and Facebook status updates and displays them to the world for anyone to see.

Pleaserobme.com means to make people realize the dangers of constantly updating and disseminating their location at all times, but it does so by letting robbers know when you’re not home, which is, although an admittedly pretty funny way of getting thoughtless social media users to think twice before tweeting “I’m I’m at Cali Yogurt,” also a lawsuit waiting to happen.

That said, it really is easy enough to find out where a sizeable chunk of the population lives by using Google’s phone number look up on a number or address. Consider also the enormous amounts of information provided by Google Earth or Streetview, and the extent to which digital technologies empower house robbers (or identity-thieves or other poorly intentioned individuals) becomes abundantly clear.

But even admitting that “criminals are becoming increasingly sophisticated in their information gathering… to plan their burglaries with military precision,” as Darren Black, the head of home insurance at confused.com, has pointed out – does this justify insurance hikes? What standards of burglar-sensitive stupidity (e.g. “Oh no! In Mexico for three days & think I forgot to turn the heat off at home!”) will insurance providers use? How does one gauge burglary (or other) risks from a tweet or Facebook status update?  And isn’t the very purpose and function of social media to disseminate opinions, constantly updated personal information, microstatements about daily life and wherabouts? Insurance hikes might make sense if there is an actual increase in risk because of social media use, but they also go against the nature of these services. The Huffington Post article refers to a news clipping from 1983 warning telephone users about the dangers of voicemail. “If you have an answering machine that tells callers you are not at home it could alert potential burglars, advises Family Circle magazine.”

Isn’t the fear over the disclosure of too much information via Twitter et. al. unsubstantiated, given the fact that a great portion of tweets are sent via mobile (and hence out of the home) anyway? Wouldn’t home insurance hikes for social media users be just as silly as if they were applied to phone-owners who didn’t change their voicemail?

But the kinds of information we propagate online through 4square and Facebook and Twitter also point to the kind of information ecology we would like to live in. Sure, it’s easy enough to make your entire Facebook page private – but was privacy ever the point of social media? Is privacy, as Mark Zuckerberg (in)famously recently stated, “no longer a social norm.”

But, then, where does one draw the line between stupidity and paranoia? There are undeniable dangers to giving away too much of our privacy, but what might those be? Is it more reasonable to be worried about burglars robbing your home, or about the larger privacy or security implications of geolocative (social) media? Shouldn’t we be more concerned about national security compromises that arise when the heads of national intelligence disclose too much information online? For the average person, disclosing too much information may not be a security risk, but it certainly remains a privacy risk. Forget robbers – what about data trawllers, or hostile intelligence networks, or government agencies, or corporate interests, who amass our geolocative (and all our other) social media information?

By default, Facebook makes you publically searchable by everyone, and publically visible by everyone in your networks. Default settings go more often unchanged then not. Privacy is not a default setting. The question is whether it still remains a social standard.

Social media is still a new technology. It will have direct implications on things such as hikes in home insurance premiums, as well as much larger cultural consequences. Is a social media universe where it is considered unsafe to post birthdates, pets names, phone numbers, photos a friendly one? A social one? We may have to value privacy and friendliness against each other.

BBC Interview of Adi Kamdar Regarding Gmail at Yale (mp3 – 2mb)

Consider this an invitation to crowd-source a transcript in the comments?