I think this graph on privacy from the New York Times didn’t get the attention it deserved. Although the companies argued, that they are not collecting individual data but statistical information, it is still a case of data mining versus privacy.
While the web expands, the user’s need for privacy increases.

I know that Google’s Street View is old news.

Google actually uses an extremely high-tech camera, scrounges the streets and takes photos. I’ve never really used the service myself, but while surfing today I found some articles that drew my attention on the subject.

Invading Privacy

Mashable: Mashable’s top 15 google street view sightings is supposed to be an entertaining article listing some pictures of several interesting and funny places around the world. What is disturbing in this article is not only the complete disregard of people’s privacy but also the quality and quantity of comments.

There are currently 155 comments linking to other sighting (guy picking his nose or girl showing her panties, etc.) or praising the humor of the article. From these 155 comments only 8 are actually referring to the factor of privacy.
Googlesightseeing: A little bit more search down the road and I found googlesightseeing.com. This site’s niche is posting images from Google Maps and Google’s Street View. Of course this might not directly say anything about privacy issues, since images of people are not that often on the site. But it implies something else:

There are people, who are extensively searching these all-viewing databases. So it is not the government, the CIA or “add conspiracy theory here” but ordinary people that are breaking the privacy barrier.

Psychology of Control

The panopticon was a model prison proposal of Jeremy Bentham in 1785. The idea was that the prisoners could not see the guards observing them. Although the concept was never realized, Bentham

pointed out that the prison could employ very few guards, since the prisoners could not know when they were being watched. The project’s key concept, however, wasn’t about architecture or economics; it was about the psychology of control.

In other words, people will start developing a sense of being constantly observed and therefore behave accordingly. It seems that there is not only a central authority, which practices control and surveillance, but also the society in general. Google’s Street View is one of the tools provided to the public to spy on each other.

Between private and public

But where are the boundaries between private and public?
There has been a great discussion on the subject;

• some state that Google’s street view is a major privacy issue, which will be subject in upcoming legal discussion

• while others don’t see any privacy violation, since the people are already in public.

It is already questionable how can we achieve true privacy, but the question goes beyond the boundaries of public and private. We are witnessing the development of an all-seeing, all-knowing society.
I’m already against any surveillance of any kind but moreover should the public really have access to such spying tools?

In this blog, I have repeatedly discussed the subject of online privacy. Either by commenting on the current affairs of peer-to-peer networks like torrentspy or talking about the future of privacy regarding the data openness we are lately experiencing.
Yesterday, I visited one of my favorite annual exhibitions in Berlin, the transmediale, whose topic this time was “conspire”. Among other things, I attended a conference called “Web 3.0: Conspiring to keep the Net Public”, with the hope of discussing the evolution of the upcoming semantic web. To my surprise, the talk concentrated mostly on the privacy prospect of the web. To be honest, the overall conference didn’t blow my mind (it was hard to follow), but the presentation of Seda Gürses was a pleasant exception.
She pointed out some very interesting insights on privacy in cyberspace, which I would like to discuss here.

So what is privacy?

In her presentation, Seda showed a mathematical formula of privacy, which says that:

privacy = the right to be left alone / concealment of data x k-anonymity.

This means, that privacy consists of our fundamental need and right to be left alone, which can be achieved by concealment of data and k-anonymity. Lets get a bit more specific with the terms.

Concealment of Data

Whenever you subscribe in a site, there is always a login form with asterisks next to the fields you must fill in (your mail, your age, your zip code, etc); and there is always this little box you must click called “I have read the Terms of Service and agree with the policy”. Now if the service is a commercial one, it may provide these information to the so called ‘data-miners’.
They are marketing people, who collect vast amounts of information and then plan a corresponding marketing pattern.

They say for example: 50% of the Facebook users who have installed the vampire application are buying Dungeons and Dragons books in Amazon. And they put an ad next to the vampires applications about D&D.
Data mining vs. Privacy is an important issue covering not only the online world but also political subjects.

But it’s not, that there is no solution. Bruce Schneier noted:

there are many ways to analyze data without knowing details of the data, [...] it’s just that there is little incentive to use them.

Concealment of data suggests, that information such as name, age, location, etc. remain private. But how can this achieved?

K-Anonymity

That’s where k-anonymity comes handy. It keeps data miners and privacy advocates satisfied. K-anonymity simply says, that

A release provides k-anonymity protection if the information for each person contained in the release cannot be distinguished from at least k-1 individuals whose information also appears in the release.

K-anonymity can be achieved by two methods:

1. Generalization.
   Instead of saying: this subject is 26 years old, you say it is 20-30 years old. Instead of saying he lives in 10247 Berlin, you say 10xxx Berlin. And so on.
2. Another interesting way is perturbing the data. This means, that

The actual value can be replaced with a random value out of the standard distribution of values for that field. In this way, the overall distribution of values for that field will remain the same, but the individual data values will be wrong.

In other words, you can change the individual data in such way, that the collective data will still remain the same.

The right to be left alone

I left this one in the end on purpose. We all take this right for granted and in a way it is for granted. But if you think about it, its boundaries are very flexible. The issue of privacy is not only about concealing data, but also about the negotiation of what is private and what not. Years ago it was a debate if domestic violence was a privacy issue or not.

The best question ever

Seda Gürses stated in interesting theory (with a cute video), which concluded with the best question ever. It is a theory of a swedish scientist, whose name she didn’t remember (sadly).

If we really want to stay private and anonymous, concealing our personal information is surely not adequate enough. There are many parameters, which distinguish us from the others.

True and absolute anonymity can be only achieved when:

• Everyone would wear an identical box, which should be so wide and tall as the widest and tallest person on earth, so that our external characteristics wouldn’t be possible.
• Everyone would walk with the same pace, so that walking differentiation wouldn’t be possible.
• Everyone would go out of his house at the same time, so that noone could identify another.
• Each time someone went out, he should take a different route, so that a categorization would be impossible. etc. etc.

Also to avoid loneliness and isolation, people would be allowed to have a pet.

So in a world of true anonymity, the only distinction from one person to another would be his pet.
The question is: do we really want to live in a world of true anonymity?

Today is International Privacy Day. I always wonder why we always have one day to celebrate something (peace, literacy, freedom, privacy, etc.), when these are subjects we should daily consider and honor. I suppose these International Days act as reminders to the forgetful ones, for the importance and weight of these ideals.

So International Privacy Day. Online privacy is a very vague subject. The International Association of Privacy Professionals (IAPP) has published some very interesting presentations explaining how can our privacy be harmed and how we can protect ourselves. Although researches show that our online privacy concerns have increased google points out that

70% of Europeans did not understand how their personal data was being protected.

So let’s see what one can learn and do on a day like this.

Privacy Harms

• Intrusions: When “they” come to your space to tell you what to do or where to point your attention. In cyberspace, SPAM is the most common example.
• Information Collection: Sadly, our world today. Visual surveillance we experience in our everyday life and don’t complain anymore. Of course asking for private information is considered a privacy breach (do your remember the TorrentSpy trial?).
• Information Processing: The curse of web 2.0. We are willingly opening our private data to anyone. Data mining can be considered as the mildest consequence. Letting marketers to develop patterns and decide if you are a good customer (if not, how can you become one).
• Information Dissemination: When services or software disclose more information about you as they should.

Protecting your Privacy

There are four basic ways to protect your privacy online:

• Technology: use firewalls and spam-filters
• Law: The CAN-SPAM act; an act which establishes certain requirements for those who send commercial email. For example using false headers is illegal.
• Markets: You choose a safe mail provider or a safe Operating System

Of course there are simple actions you can do yourself now to increase the protection of your private data and your system.

6 simple ways to protect yourself

1. Delete cookies after each session. Cookies are a nasty thing. They are the trace of your surf activity on your computer. This means that anyone can see which sites you lately visited. But some sites require cookies to work. So be smarter. Customize your browser to delete the cookies after you close him.In firefox just go to Preferences and to the “Privacy” Tab. Have the ‘accept cookies from sites’ clicked, but in the ‘Keep until:’ chose ‘I close Firefox’. If you think some cookies are really nasty and you don’t want them at all, just add them in the ‘Exceptions…’
2. Delete your web history. While you’re at the same tab (Privacy) select the ‘Always clear my private data when I close Firefox’ box. On ‘Settings’ you can customize that. I Clear everything apart from my saved passwords. (Remember, if you have saved passwords on firefox, ALWAYS keep a master password)
3. Change your passwords often. This might seem like an extreme measure, but it is very important one. Most users (me included) are participating in so many communities, they just have one password for all. The password for gmail, wordpress, ubuntu, yahoo, mixx is just the same. I know it is difficult changing the password for all these services, but it is necessary. I learned it first hand: Almost 3 years ago, while I was still running Windows, I logged in to my MSN Messanger just to see my username changed to “I have been hacked…yeah truly”. I immediately changed the password of my hotmail (and eventually stopped using it) and all other services I currently used. Or just get an OpenID and wait until it gets more popular.
4. Hide your IP when surfing. There are software that can hide your IP. Although, it is not 100% guaranteed hidden IP it is the best you can get. You also get this great feeling of freedom. Some free software to hide your IP are Tor and Smarthide.
5. Read The Terms of Service. I know it is boring. But sometimes you will find something in the Terms of Service that goes completely against your beliefs.
6. Use Encryption: Don’t protect your privacy only from marketers and spammers but also from identity theft, surveillance, system crackers or even espionage. A good place to start is the Pretty Good Privacy project. It is absolutely free and it runs almost in every computer (I think even Atari!)

What will you do today to protect your privacy?

Additional resources:

• Privacy Rights ClearingHouse
• Electronic Frontier Foundation on Privacy
• Tutorial to make a PGP key on Ubuntu for evolution

A study published yesterday on the Associated Press showed, that people are becoming more aware of the security of their private data.

Sixty-one percent of adult Americans said they were very or extremely concerned about the privacy of personal information when buying online, an increase from 47 percent in 2006.

This is a natural reaction, since reports are increasing on breaches of private information.

The Identity Theft Resource Center, for instance, listed more than 125 million records reported compromised in the United States last year. That’s a sixfold increase from the nearly 20 million records reported in 2006.

The paradox

It is interesting though, that two thirds of adult internet users continue buying products online. Of course with credit card frauds, “a customer’s liability is capped at $50, and even that amount is often waived”. But when we are dealing with identity theft, resolution may come after several years.

A very peculiar paradox. On the other hand people are worried about the integrity of their online data and on the other hand the continue shopping online. False priorities? Are people willing to risk their private data for comfort and availability?
I believe people are aware of the risk, but are engaged in a very (ir-?)rational thinking: It won’t happen to me.

Conclusion

The DavidAirey case a month or so ago reminds us, that identity theft can happen to all of us (do you consider your blog/website a part of your private data?).

With the developing privacy wars, the question still stands: Are users ready to have complete control over their private information?

If the subject has made you a bit more worried, here’s a starters guide to safeguard your privacy online, by Allan Leinwand.

Most of us got a taste yesterday of the whole Facebook-kicks-Scoble-off debate. After several hours and numerous posts on the subject from various bloggers, Facebook explained that this was a standard security process against all kinds of scripts.

When our systems detect these types of scripts, they immediately disable the account of the user responsible as a preventative measure.

The aftermath of this story brings up a series of questions:

Is there a monopoly of data?

When Facebook noticed a potential competitor (Plaxo), it did its best to block its development (in this case by forbidding the extraction of data). Plaxo’s script wouldn’t extract any data that the users kept hidden – only the ones, that were public (see Wired’s post on that).
When Scoble explained to Facebook his (not malicious) purpose, Facebook replied:

Since you contacted us and have agreed not to run the script again, we have reactivated your account. You should now be able to log in with your normal email and password. In the future, please refrain from running these types of scripts again.

So although the script wasn’t malicious, Scoble (or anyone else for that matter) is not allowed to use it.

Other social software (linkedin, yahoo, etc.) seem fine with the implementation of their services in plaxo.

It seems to me that Facebook tries to monopolize a service, with malicious ways.

[The coming war over data is a thorough post on data ownership]

Who owns the social network?

So Facebook actually implied that users (and developers) are allowed to bring data in, but not allowed to bring data out.
In other words, the contacts in your digital address book are your friends, but the data belongs to the network.
Social networks are explicitly made out of people. Without people, these networks wouldn’t exist.
Nonetheless, Facebook has clarified its opinion on that one:
Your network belongs to the service provider.

[An interesting discussion about this subject can be found at Center Networks]

Which social engine to trust?

• Do you read the Terms of Use, when you sign up in a social network? I don’t, but maybe I should. Facebook makes it clear in the Terms of Use that we have a limited access to our network:

All content on the Site and available through the Service, including designs, text, graphics, pictures, video, information, applications, software, music, sound and other files, and their selection and arrangement (the “Site Content”), are the proprietary property of the Company, its users or its licensors with all rights reserved. [...]
Except for your own User Content, you may not upload or republish Site Content on any Internet, Intranet or Extranet site or incorporate the information in any other database or compilation, and any other use of the Site Content is strictly prohibited. Such license is subject to these Terms of Use and does not include use of any data mining, robots or similar data gathering or extraction methods.

• Maybe we should take a more careful look on the protection the network provides.

After this whole story, I got the impression that Facebook is very safe. I mean it blocks any kind of scripts, no matter what.
But it doesn’t seem so.

Although Facebook tries its best to protects its users from any kind of scams, some spyware still made it through; and it gets worse with phishing scams.

Conclusion

What to do? What to do?
After such a discussion, do you still remain a Facebook member?
I mean you will lose your big, nice network of friends.
It is a moral question, i think. I never was a Facebook fan (I had a network of 10 friends), so I have nothing to lose.
But think about it. Do you really have something to lose?

A wonderful article was posted today in the ReadWriteWeb concerning ‘Questions to consider in the coming privacy wars‘.

Although the entry reaches perfection, I would like to express my opinion about some points.

How do we balance the benefits of data openness with the need for privacy?

Now this is a tricky question. I’m afraid we (the ones participating to the online community) have gone beyond a threshold, where privacy is a very thin layer. Facebook gives us the option to find long gone relatives, acquaintances, love affairs; and be found. With twitter we allow everybody to follow our every move. And anyone can keep a database of these entries.

Our need for privacy (if there is one) is in great danger, if not lost, when we decided to actively enter so many online social communities.

Welcome to the global village.

Are users savvy or motivated enough to control our own data?

If we weren’t capable of controlling our own data, we would be (at least indirectly) allowing the centralization of data in a single vendor (Point No. 6). Either way if we are dealing with private data, then each user alone is responsible for his/her information. I find decentralization a better way to protect information, than leaving it in the hands of a central power.

The result

Our private data are not being threatened from one day to the next. It is a situation, which slowly evolved, elevated; and therefore it is a situation, that is hard to recognize. We don’t realize to what extent our privacy is actually at stake, because we embraced each step of this development. We gladly participate in all these communities, without really considering the side-effects, because we are taking our privacy (each one has a different conception of privacy) for granted. But examples have come forward, proving that these communities can evolve differently. I don’t know if you have heard about the StudiVZ (facebook service in Germany) and how it evolved (see also Karsten Wenzlaff’s post on the subject. this one too). Even facebook phishing scams have been developed, to get a hold of people’s data.

Last thoughts

Under that perspective, maybe a central authority protecting us is needed. But who can guarantee, that this central control will not take advantage of its knowledge?

The subject Marshall is discussing goes beyond the web. With the shadow of national security, individual privacy is constantly at stake. But I wonder if the public has actually a say in the whole process?