Ben Adida writes:

Privacy Advocacy Theater

May 27, 2010 @ 1:58 pm

I like this idea.  He then discusses what he calls advocacy theatre:

I want to focus on a related problem that I’ll call privacy advocacy theater. This is a problem that my friends and colleagues are guilty of, and I’m sure I’m guilty of it at times, too. Privacy Advocacy Theater is the act of extreme criticism for an accidental data breach rather than a systemic privacy design flaw. Example: if you’re up in arms over the Google Street View privacy “fiasco” of the last few days, you’re guilty of Privacy Advocacy Theater. (If you’re generally worried about Google Street View, that’s a different problem, there are real concerns there, but I’m only talking about the collection of wifi network payload data Google performed by mistake.)

On a technical level, Ben follows up:

devices, payload data, and why Kim is (in part) right.

June 1, 2010 @ 8:19 pm

A few days ago, I wrote about privacy advocacy theater and lamented how some folks, including EPIC and Kim Cameron, are attacking Google in a needlessly harsh way for what was an accidental collection of data. Kim Cameron responded, and he is right to point out that my argument, in the Google case, missed an important issue.

Kim points out that two issues got confused in the flurry of press activity: the accidental collection of payload data, i.e. the URLs and web content you browsed on unsecured wifi at the moment the Google Street View car was driving by, and the intentional collection of device identifiers, i.e. the network hardware identifiers and network names of public wifi access points. Kim thinks the network identifiers are inherently more problematic than the payload, because they last for quite a bit of time, while payload data, collected for a few randomly chosen milliseconds, are quite ephemeral and unlikely to be problematic.

Kim’s right on both points. Discussion of device identifiers, which I missed in my first post, is necessary, because the data collection, in this case, was intentional, and apparently was not disclosed, as documented inEPIC’s letter to the FCC. If Google is collecting public wifi data, they should at least disclose it. In their blog post on this topic, Google does not clarify that issue.

I enjoyed the way of thinking here in addition to the issues discussed.

OReilly Radar – Insight, analysis, and research about emerging technologies.

via Analysis: Three privacy initiatives from the Office of Management and Budget.

Will have to read this more carefully later. Tackles privacy, social networking, authentication, cookies..

The Electronic Frontier Foundation EFF is urging a federal judge to dismiss Facebooks claims that criminal law is violated when its users opt for an add-on service that helps them aggregate their information from a variety of social networking sites.

via EFF Seeks to Protect Innovation for Social Network Users | Electronic Frontier Foundation.

I have a Facebook account because it is, unfortunately, an important part of staying in touch with some people and finding out about events. However, as an app developer, I early-on learned how much information a user gives up when granting an application access to his/her account.

Subsequently, with the continuing releases of hidden opt-out policies making account information public, I have really become quite afraid of having anything to do with the account.  I’ve deleted almost all personal information.

Also, it’s annoying, as happened today, to login and have a popup div with the choice of either connecting myself to various pages, or to “do it later”.  There’s no way to say “no”.

Now, they are suing a company for breach of Terms of Service.  I’m not sure how much longer I can justify maintaining my account.

Do you have a Google account and ever wonder what information Google has on you?  Well, it has a privacy dashboard where you can look it up and modify settings in one central place.

Tech site Ars Technica saw a university study reporting that photos and other images posted by Facebook, MySpace, and other social network users are often left on those services’ servers long after the posters hit “delete.” They put that finding to the test. Images posted to Flickr and Twitter were immediately gone upon refreshing, but images could still be found on Facebook and MySpace’s servers two months later, with both companies saying the issue was one of third-party server response. Anyone who can grab a direct link, in other words, can get at your stuff long after you want it gone. Need some web reputation triage? Break out the web Band-Aids and get to managing your online reputation.

via Lifehacker – Your Deleted Social Network Pics Are Probably Still There – Facebook.

A lot of people, including myself, often overlook the importance of managing their online identity.  A friend teaching school thought no one would ever find his blog, as he blogged anonymously, but it ended up being the second search result for his name in Google.

I have an obvious web presence tracking spots across various sites I’ve registered for at some time or another.  With a little bit of work, you could probably even track down those sites that don’t personally identify me as I haven’t historically been very careful in keeping my handles private.  It’s a shame, since, once they’re out there, there’s not too much you can do to prevent a persistent person from finding you.  For example, that same friend’s web site from high school on an ISP long gone is still available via the web archive.

So, I’ve settled with the goal of simply not making my associations too obvious– I don’t link my various blogs one to the other.