What Facebook Quizzes Know About You (ReadWriteWeb)
Posts Tagged ‘Privacy’
In the mix
Thursday, August 27th, 2009In the mix
Friday, August 14th, 2009Welcome to our guided tour of online privacy policies!
Tuesday, July 21st, 2009
We’ve just published our report, “How to Read a Privacy Policy” on our website. You may have seen some of the blog posts we wrote summarizing each section, but you can now find all the sections together here.
There are other privacy policy analyses out there: Privacy International’s 2007 report describing privacy practices of major companies in general and Know Privacy, a research project created by students from the UC Berkeley School of Information that compares user expectations with data collection methods today for policymakers and website operators.
But we thought there was room for one more, one that takes the web user on a guided tour of that inscrutable document, the online privacy policy, and explains what issues she should keep in mind. We walk through the privacy policies of companies like Microsoft, Google, Yahoo, and Amazon, as of June 2009, and explain what they’re promising and what they’re not.
A quick visual of how privacy policies stack up next to each other, literally. See it bigger.
Questions or comments? Please let us know!
Does talking about privacy make people less willing to share?
Thursday, July 16th, 2009
Security guru Bruce Schneier recently blogged about some studies that seem to show people are more willing to share personal information when they’re not reminded that their information will be kept private.
As many of the commenters pointed out, one of the studies was skewed by the fact that people were given a fun-sounding, casual survey, and then one from an institution that might actually do something with the answers. The genius of Facebook and other social networking sites is that they’ve made people feel that social networking is as casual and non-threatening as a stupid online quiz, when those of us who care about privacy know that all the information we’re providing on those sites could be used to hack into email accounts, could adversely affect employment opportunities, etc., etc.
If you look at a service like Mint.com, though, which requires the user to link their financial accounts, you can see that the promises around anonymity, privacy, and security are much more upfront. Facebook may have a marketing incentive to bury their privacy tools; Mint does not.
So the issue to me seems to be, how do we get people to realize that their data on Facebook is as important as their data in Mint? And who exactly is behind those, “What kind of underwear are you?” quizzes on Facebook, given that they get access to the users’ Facebook profiles, and what they want to do with that data?
In the mix
Wednesday, July 15th, 2009Who gets hurt when information is withheld?
Tuesday, June 30th, 2009Whenever people talk about why information matters, it’s easy to throw around abstract formulations about transparency and the free flow of information. I do it all the time. But this story from the Columbus Dispatch on how universities around the country are using a federal law on student privacy to withhold information has some great concrete examples of why disclosure is so important, and why not disclosing isn’t actually protecting anyone’s privacy
Basic background: FERPA or the Family Educational and Rights Privacy Act generally prohibits schools from disclosing students’ “education records” without written permission from the student (if 18 and older) or the student’s parent. But interpretations of FERPA vary widely from school to school.
The Columbus Dispatch discovered that many schools cite FERPA as a reason to withhold documents that arguably don’t fit into the definition of an “education record.” In response to the Dispatch’s requests, FERPA was cited as a reason not to disclose reports of NCAA violations, lists of people designated to receive athletes’ complimentary admission to football games, and football players’ summer employment documents. Without such records, it is “virtually impossible to decipher what is going on inside a $5 billion college-sports world that is funded by fans, donors, alumni, television networks and, at most schools, taxpayers.”
The article didn’t just ask you to be shocked and horrified on principle that the university was keeping secrets. It told you exactly who is being hurt and in what ways:
1. Other students and the public. In addition to potential misuse of taxpayer funds, “some universities are covering up criminal behavior in the name of student privacy.”
2. The athletes themselves.
When news that a quarterback at OSU had accepted $500 from a booster went public, the Columbus lawyer and Ohio State fan was “swamped with e-mails from current or former collegiate athletes across the country.”
“They all were saying thank you, that it was out of hand at their school, too,” Webster said.
Before giving money to Smith, booster Robert Q. Baker had tripped up at least two other Ohio State football players. But those problems didn’t become public until after the Smith incident.
If not for Webster’s intervention, it’s impossible to know how many other players might have been approached by Baker, now banned by Ohio State from his luxury suite at Ohio Stadium. Baker was not banned until after public disclosure of the facts.
And ultimately, the universities are hurting
3. The schools themselves and their athletic programs.
All of those schools deleted names and many details of such violations from public records.
Those violations resulted in financial losses, damaged reputations and, in some cases, forfeiture of athletic victories.
The Final Four banners were removed from Ohio State’s Value City Arena because of NCAA rule-breaking. That violation involved former men’s basketball coach Jim O’Brien’s gift of money to a potential recruit and illegal benefits and academic help given to another player. Those violations cost the school more than $1.3 million in legal fees and NCAA penalties.
Florida State currently is spending about $200,000 to appeal one sanction of its numerous NCAA penalties in the cheating scandal. It is trying to preserve football victories so that Bobby Bowden might retire as the winningest football coach in college history.
The story illustrates a difficult but really important truth about information and disclosure. In the end, we’re all better off when we have more information, even those of us who think we have something to lose. This might not be true all the time, but it’s true most of the time. People who think they’re protecting their own interests by withholding information are often taking a rather dim, short-term view of their situation. And certainly, “privacy” isn’t what gets protected in the end.
In the mix
Tuesday, June 23rd, 2009In the mix
Tuesday, June 16th, 2009It’s our data. When do we get to use it, too?
Thursday, June 4th, 2009When we started this survey of privacy policies, our goal was simple: find out what these policies actually say. But our larger goal was to place the promises companies made about users’ privacy in a larger context—how do these companies view data? Do they see it as something that wholly belongs to them? Because ultimately, their attitude towards this data very much shapes their attitude towards user privacy.
In the last couple of years, we’ve seen an unprecedented amount of online data collection that’s happened largely surreptitiously. We can’t say that we, as users, haven’t gotten something in return. The “free” services on the internet have been paid for with our personal information. But the way the information has been collected has prevented us negotiating with the benefit of full information. In other words, we haven’t gotten a good deal. The data we’ve provided is so valuable, we should have struck a harder bargain.
And I think more and more people are starting to feel that way. Even though most only feel a vague discomfort at this point, it’s unlikely that companies like RealAge will be able to continue what they’ve been doing.
For us at CDP, the fear is that we’ll throw the baby out with the bathwater. We don’t want to shut down data collection altogether—we just want companies to stop thinking of our data as their data and their data alone. We want to be able to share in the incredible value that this data has, so that we as a society can all benefit from the data collection and analysis capabilities we’ve developed. Of course, that’s only possible with stronger privacy protections than are available now, which is why privacy is such an important issue for us to understand.
So what would it look like for us to “share” in the value of data? It might sound crazy that companies collecting all this data would ever share data with their users, but it’s already happening.
Google, as a company that believes it’s in the business of information rather than advertising, does make some sincere efforts to provide data to the public. Google Trends may be intended for advertisers, but it also provides the whole world with information on what people are searching for. Google Flu Trends is a natural outgrowth of that, and some researchers believe this data can be helpful in determining where flu outbreaks are going to occur faster than reporting by clinics.
Some companies, like eBay and Amazon, have built their data collection into the service they provide to their customers. Some of the information they collect on transactions and ratings can be viewed by all users. Anyone looking to bid on an item on eBay can see how other buyers have rated that seller. A user of Amazon looking to buy a new digital camera can view what other buyers considered.
Although Wikipedia is a bit different as a nonprofit, the service it provides also actively incorporates public disclosure of the data collected. The contributions of any one editor can be seen in aggregate and aggregate stats on website activity are also available to the general public. This information is important in the self-policing that is essential for Wikipedia to maintain any credibility.
Although the amount of data these companies are sharing with their users and the public is miniscule compared to the amount of data they’ve actually collected from us, it raises the possibility that data collection could happen in a completely different way than it does now. Companies could make more obvious that data collection is happening, and instead of scaring users away, give users some reason to participate in the collection of data. The whole process could be one in which users are openly engaged, rather than one in which users feel hoodwinked.
So this is our goal at CDP: what do we need to do in terms of privacy protection, both in terms of technologies and social norms, to make this model of data collection possible?
