We don’t know how to build a general-purpose computer that is capable of running any program except for some program that we don’t like, is prohibited by law, or which loses us money. The closest approximation that we have to this is a computer with spyware: a computer on which remote parties set policies without the computer user’s knowledge, or over the objection of the computer’s owner. Digital rights management always converges on malware.

In an effort to stamp out piracy, we are stamping out legitimate fair-use rights, and accepting invasions of privacy by corporations in a way that also happens to dovetail nicely with the intelligence gathering goals of governments everywhere.

I don’t mean to sound too much like a conspiracy theory-loving whack job here. But the fact is that the same software that enables corporations to manage their intellectual property or make a profit on targeted advertising also makes it easier to spy on citizens. I’ll refer you to Evgeny Morozov’s enlightening, yet sobering book on this very subject, The Net Delusion: The Dark Side of Internet Freedom (of which I have read about half thus far).

[h/t: Ben Ramsey]

The guide is simply a review of privacy policies, to the extent we’ve been able to find them, plus additional information we received directly from Adobe and the Internet Archive. We haven’t been able to do independent testing to verify how these e-book providers work in practice. Also, in discussing whether individuals are linked to their reading we have only addressed direct ways … as opposed to indirect ways ….

From the introduction to 2010: E-Book Buyer’s Guide to E-Book Privacy from the Electronic Frontier Foundation.

Heilmann explains:

• Why client-side storage can be a good thing;
• The origins of and need for local storage;
• How to use local storage;
• When to use local storage;

I implemented local storage in browsers that support it for our wedding web site. It saves the open or closed state of each content chunk. It was easy enough to save the data. And it gives the user a bit of added convenience.

Read the piece.

Keep in mind: local storage can be — and will be, and right now is probably being — used to create hard-to-delete “super cookies” for advertising, marketing, and other privacy-eroding things.

The good news is the web storage specification and all browsers that support it restrict local storage data to the originating domain. The bad news is that most browsers don’t offer an easy way to local storage objects. In Safari, for example, you’ll need to fire up Terminal (quit Safari first) and navigate to /Users/tbrown/Library/Safari/LocalStorage to delete items individually or collectively.

This isn’t a new issue. Flash ‘cookies’ have existed for years (view, manage or delete yours). But what is new is that some (most?) browser makers have made it hard to manage and control what gets stored and for how long.

The battle that is underway is not a battle over the future of privacy and publicity. It’s a battle over choice and informed consent. It’s unfolding because people are being duped, tricked, coerced, and confused into doing things where they don’t understand the consequences. Facebook keeps saying that it gives users choices, but that is completely unfair. It gives users the illusion of choice and hides the details away from them “for their own good.”

I’m going to go sit in the corner and swoon over danah boyd’s brilliance while you all go read her latest post Facebook and “radical transparency” (a rant).

The complaint has over 150 numbered paragraphs, runs 38 pages, and includes a lot of legalese. But the basic claim is simple: Facebook pulled a “privacy bait and switch.” They told users to sign up and provide personal information under one set of privacy policies, and then they changed the policies. It’s like if someone offered you a new car, took your money, and then delivered a used car. We need the FTC to act in such situations to protect consumers and ensure fairness. Otherwise, markets spiral out of control.

So says Marc Rotenberg of the Electronic Privacy Information Center in a Q&A with Nisha Chittal. Check out The Case for Staying With Facebook.

Another way of looking at it from Anil Dash: I’m really enjoying seeing the public dialogue reimagine Facebook as the world’s most elaborate phishing scam. #phishbook

Also see: Pushing Back Against Facebook’s Privacy Practices

One reaction is to diversify: Hotmail instead of Gmail, MapQuest instead of Google Maps, AOL Instant Messenger instead of Google Chat ’ though that would mean losing the accumulated benefits of linked services. Another reasonable response is to focus efforts on improving our (new) media literacy so that we’re more mindful of how much even free stuff can still cost. If we don’t force ourselves to be aware of those trade-offs, we risk stumbling into an increasing dependence on yet one more company that’s too big to fail.

From Google Everywhere by Nancy Scola in The American Prospect.

Google pretty much runs my life right now, and considering this recent Buzz fuck-up, I’m not okay with that. Facebook’s handling of privacy and user data issues are precisely why I avoid it. Now that Google is trying to out Facebook Facebook, I might go in the same direction.

Trading privacy for convenience is not something I oppose. Hell, Amazon has an 11 year search and purchase history on me and does a pretty effective job of getting me to buy more stuff because of it.

I had few problems with GMail at first because the targeted advertising is automated. But I am not a fan of articulating every social connection I have in public. Yes I am on Twitter, but it is a mostly a mix of people I know, people I sort of know, and people I don’t know at all. My email connections are different because they contain information about connections to people that I have not otherwise articulated in public and connections that are very loose. That’s Buzz’ fatal flaw as far as I am concerned: it assumes a lot of things. Sometimes that’s good because it assumes incorrectly — it obfuscates. And sometimes that’s very bad.

That Google made Buzz opt-out shows either stupidity, callousness, or arrogance. Not cool with any of the above. It’s encouraging that they’ve since made it easy to opt out. But I think the original decision is a sign of the decision-making culture at Google. My advice is to use Google services carefully.

However, making such a sweeping change to a fundamental user interaction could present serious problems. Consider some contexts in which a password might need to be entered in front of a large group of people, such as while using a conference room projector. And many years of web experience have set user expectations on how form elements should work. People understood that password masking was invented for their security. Failing to meet that expectation might undermine confidence, and we cannot afford to lose our users’ trust.

I agree with Nielsen here, and suggest that if you need to enter a password while using a conference room projector, you should have logged-in before your presentation.

Password masking prevents users from making sure the password is correct before sending it to the server. If you, like you should and I do, pick long, hard-to-guess passwords, an unknown mistype can be a source of frustration.

Password masking also provides a false sense of security, particularly on unencrypted connections. Sure it prevents a person peeking over your shoulder. But it doesn’t stop her from watching you type it on a keyboard. Nor does it stop someone from intercepting it with a packet sniffer if the password is sent as plain text.

In other words: password masking is a bad convention.

So what’s the answer? Password unmasking — a toggle that allows users to choose whether or not to show the password. It’s a fairly recent convention that’s become widely used for WiFi set-up screens. Jeremy Keith described one method of password masking last summer. Mullican covers a similar technique in his A List Apart piece.

If Privacy Icons become widely adopted (and I think Mozilla is in a unique position to help make that happen) then the correlation of good companies using the icons and bad companies not using the icons becomes rather strong. If a privacy policy doesn’t include any icons it’s synonymous with that policy making no guarantees for not using your data for evil. The absence of Privacy Icons becomes stigmatic.

Aza Raskin, head of user experience at Mozilla, on how browsers and companies could make privacy policies more user-friendly through a “bolt-on” machine-readable icon system, similar to Creative Commons. [Via Webmonkey]

By and large, those who are looking are those who hold power over the person being observed. Parents look. Teachers look. Employers look. Governments look. Corporations look. These people are often looking to judge or manipulate. Given the powerful position they are in, those doing the looking often think that they have the right to look. The excuse is simple: “it’s public.” But do they have the right to judge? The right to manipulate? This, of course, is the essence of conversations about surveillance. And so we argue and argue and argue about the right to privacy in public spaces.

From danah boyd‘s “Do you See What I See?: Visibility of Practices through Social Media”.

Also see: My earlier posts Ethics, friendships and Flickr and Twitter, privacy, and informational self-determination.

The Web Storage API is basically cookies on steroids, a unhealthy dosage of steroids. Cookies are always a pain to work with. First of all you have the problem of setting, changing and deleting them. Typically solved by Googling and blindly relying on PPK’s solution. If that wasn’t enough, there’s the 4Kb limit that some of you have hit when you really don’t want to.

The Web Storage API gets around all of the hoops you have to jump through with cookies. Storage supports around 5Mb of data per domain (the spec’s recommendation, but it’s open to the browsers to implement anything they like) and splits in to two types of storage objects:

Sharp discusses the different kinds of storage available in HTML5, plus browser support and fall-backs (such as Flash’s Local Storage Objects), and how to make an offline app.

And after you’re done reading about the Web Storage API, install the BetterPrivacy extension for Firefox which protects your privacy by letting you manage DOM Storage and Local Storage Objects.

• Digital Data Make For A Really Permanent Record
• Vanish: Vanish: Enhancing the Privacy of the Web with Self-Destructing Data

Well that next big thing is here (in a limited, private beta). Meet Hunch.

What’s Hunch? As Fake explained in a blog post:

Hunch is a decision-making site, customized for you. Which means Hunch gets to know you, then asks you 10 questions about a topic (usually fewer!), and provides a result — a Hunch, if you will. It gives you results it wouldn’t give other people.

Hunch is a personalized recommendation engine. But rather than, say, track your purchase history the way Amazon does, Hunch uses a combination of your answers and community feedback. The wisdom of crowds gets coupled with your own quirks to help you make decisions.

Let’s say you’re wondering “What’s the best laptop for me?”

A screen shot of Hunch.com

Hunch.com takes you through a wizard that will, by the end, give you an answer to your question that’s based on your answers. In my case, 3 of my 4 laptop recommendations were Macs because I expressed a preference for the Mac platform, and was willing to spend > $1000.

If the answer Hunch gave you was off — say Hunch suggested a paid text editor, but you wanted a free one — you can offer feedback and help correct the system. Users can also suggest alternative answers.

If you want to really up the relevance of the answers you receive, you can tell Hunch all about yourself by answering a series of questions.

And that’s where things get a little weird and slightly creepy. Each correction you add and every question you answer not only makes the system smarter overall, but — much like your Amazon.com purchase history — reveals a little bit more about you.

The advantage is that the more Hunch knows about you, the better your results should be. But the trade-off is that The Machine, and the Hunch community may end up knowing more about you than you are comfortable revealing. It aggregates yo’ sh*t man. Over time, a profile begins to emerge. Throw in community components like followers and that’s just a whole lot of data about who you are and what you might be about.

Quite frankly, it’s a marketers wet dream and I’m quite curious to find out whether — or, more likely, when and how — Hunch will capitalize on this data. That said, I don’t think Hunch is any more of a privacy or data threat than Friendfeed, Facebook, MySpace, Amazon, or my beloved Twitter. But I would like to see Hunch give users the ability to opt-out of being followed altogether.

I would also like to see weighted questions. Perhaps after you answer each question, but before your final answer is revealed, you have the opportunity to weight how important each factor is to the decision. I’m sure that will require some massive code-fu. But it would also improve recommendations.

Conclusion

I’m not sure why people would use Hunch.com to make decisions instead of doing what we do in real life: ask friends, go with our gut, use Google. I like the idea of a trainable recommendation engine that learns what I want and also enhances the community’s knowledge. I’m just not entirely sure it works as a standalone product, and I’m not sure how much community you can form around it.

Maybe that’s not the goal of Hunch, though. After all, Netflix posted a $1 million prize to anyone who can help improve its Cinematch product. Amazon uses recommendations to boost sales. Recommendations are potentially a big business. It wouldn’t surprise me to learn that Hunch is an experiment in building this kind of trainable technology rather than a product unto itself.

Related elsewhere

• Rethinking Recommendation Engines

If you’re not listening from the CBC‘s Search Engine podcast, shame on you. It’s a kick ass show that looks at technology and culture, globally, but with an emphasis on Canada and the United States.

Episode 25, “CCTVs, biometrics, and self-destructing data,” is particularly good. It’s an interview with Canada’s information and privacy commissioner, Ann Cavoukian about online privacy and using a combination of technology, law, and ethics to protect citizen and customer data.

What stood out for me was this point made by Cavoukian (at about the 6:30 mark):

Your ability to control the information you have shared with others and their subsequent control of that — that’s when everything falls apart. You may be able to restrict the information to five people. But what you can’t do is — you have no ability to control what they do with your information. And that’s when things get weakened in terms of the weakest link of the chain, in terms of security.

I have run into this a few times with my Twitter friends. I have a private feed, largely to keep it from being Googled. I understand that “private” online is not really private — and despite my propensity to overshare, there are some things I just won’t tweet. Yet I am still uncomfortable when items in my feed are retweeted, or captured in a screen shot and reposted. My feed is protected, dang it! If I wanted my content to be Googled or re-contextualized, I would have blogged it or published to my public stream.

As J.Brotherlove pointed out in a (protected) Twitter posting, however:

I see your tweet re: your issue with SNS. this isn’t new though. we’ve had this issue with email.

I’ll argue, though, that email (and instant messaging for that matter) are conceived of as a one-to-one conversation, rather than a one-to-many conversation. It’s true that you can copy-and-paste an IM or email into another medium. But our behavioral norm is that these messages should not be re-shared without explicit permission. It’s the same from a technical standpoint, yes, but not a social one.

When it comes to tweets, Facebook data, or Flickr photos, however? As a community, we clearly have different expectations for privacy on social network sites. As thatblackchick put it (in a protected Tweet):

The nature of social networking means that it’s a one-to-many conversation, therefore, the sharing rules are different (IMO)

And what’s compounding the problem? Jason says:

Twitter, however, and it’s tools, don’t value or promote privacy. I can’t tell by glancing at tweetdeck which people in my stream are private.

He isn’t entirely right. Twhirl differentiates between protected and unprotected feeds. Twitter does too, though design changes would make those differences clearer. [Jason corrects himself in the comments: "Twitter does value privacy. The lock icon is clearly seen on the site, protected tweets don't show up in RSS feeds, you can't deeplink to protected tweets and make them accessible to non-permissioned users." I DO think that some UI changes would make it clearer, however.]

The obvious answer to all of this, of course, is don’t tweet / post / publish that which you do not wish to be reshared. Still, I’d like a higher degree of informational self-determination and awareness on all sides.

I think Cavoukian and data privacy researchers are on to something with this idea that rules for data use are embedded in and travel with the data. Going forward, I would like to see tools, APIs and user interfaces that enable and encourage people to respect public/protected settings, or enable users to opt-out of certain privacy-eroding features.

Embedding data rules in Twitter posts (or Facebook pages, Flickr photos, etc.) may be technologically unfeasible if not overkill. But how about allowing users to make their posts unavailable to the API? How about interfaces (for desktop clients and the web) that alert users they are about to retweet an item from a protected twitter feed? How about letting users opt out of being retweeted? How about ultra-granular, per-tweet privacy controls (a la Plurk)?

None of those is perfect, of course, but they can encourage a culture in which people are more conscious of and respectful of other users’ controls.

Related here:

• What I’m reading: Privacy, security, pervasive technology and society
• Ethics, friendships and Flickr (or “Why I don’t drink around some folks”)
• Plurk.com: “Karma” and Community
• My Love Life. Online.
• On Twitter-ing
• Who do you trust more: Corporations or Government?

Related elsewhere

• “Social Media is Here to Stay… Now What?” by danah boyd
• “Getting Smarter About Twitter” by Jason Toney
• “What is YOUR use for Twitter” at MrTweet
• Podcast #26: how Spybots can fire you, and is “SmartData” personal DRM?
• “Privacy by Design” by some smart Canadians
• “How I use Twitter” by jbrotherlove
• “Blogging With Split Personalities” by Sarah Dopp

I like to think that I am an above-average user of technology by American standards. And yet, if I am overwhelmed by the sheer knowledge of networks, software and hardware that is becoming required in our digital age, what implications does this have for the less savvy, if not downright technophobic among us?

And from a social justice and social control perspective: Who keeps the keys, who can get them, what rules do we draw about using them, and hell, could we even enforce those rules anyway?

The sheer powerlessness we all have compared to this faceless, mindless, multi-headed, and inherently ethics-free technical beast¹ has me feeling disenfranchised, disenchanted, disaffected, and discombobulated by it all.

Join me in my mood, won’t you? Here’s what I’ve read recently(-ish) that has me wanting to move to some remote, uninhabited, no-tech island.

Malwebolence

The New York Times Magazine looks at the culture of internet trolls and online harassment. A few paragraphs seem like a crock of bullsh*t from a movie script somewhere. And yet, maybe it was real and knowing or not knowing is part of the point.

Everyware: The dawning age of ubiquitous computing

Adam Greenfield’s look at the ethical, social and moral issues surrounding pervasive and ubiquitous computing. My main thought while reading this was “Where are we going to find the energy for this always-on network of interlinked technologies and at what economic and environmental cost?” I had more thoughts that focused on the social justice implications of ubicomp too, but the sustainability concern loomed largest.

Electronic Frontier Foundation’s Test Your ISP

Our aim is to ensure that the Internet community has the tools and organization to quickly recognize when ISPs engage in interference or protocol discrimination in the future.

Travelers’ Laptops May Be Detained At Border

Federal agents may take a traveler’s laptop computer or other electronic device to an off-site location for an unspecified period of time without any suspicion of wrongdoing, as part of border search policies the Department of Homeland Security recently disclosed. Of interest? Truecrypt

A People’s History of the United States: 1492 to Present

A look at the history of the United States in a way that centers the experiences of non-rich, non-capitalist, non-white, non-Christian and/or non-male people. This book really changed my perspective on what it means to be a citizen of the United States and the steady stream of propaganda we’re fed, even by “liberal” media outlets.

Your Privacy Is An Illusion: Privacy advocates nearly publish guide to carjacking Google executive

Well, it is an illusion, particularly as technology becomes more pervasive and more entrenched in our lives.² The comments are particularly fun.

OSS voices must be heard in national security debate

A FASCINATING review of Christine Peterson’′s OSCON 2008 presentation / opinion piece by Ryan Paul of Ars Technica on the role of open source developers and the security of our technical infrastructure. Resistance, however, is not enough. In order to overcome such challenges, technology enthusiasts must find better ways to address the underlying problems that seemingly necessitate the faulty solutions.

Objection

Firefox extension for deleting Flash’s Local Shared Objects or “Flash Cookies.” Did you know Flash stored those? And that merely deleting your cookies doesn’t delete this data? And how many web sites do you visit every day that serve rich media ads? Yeah. Install this one.

Possibly related

• Who do you trust more: Corporations or Government?
• Yahoo! Mash: an interesting exercise in trust and control
• Why I went private on Twitter
• Recommended: “SNS visibility norms (a response to Scoble)”
• Ethics, friendships and Flickr (or “Why I don”t drink around some folks”)
• Recommended: Jeremy Keith’s “Lock up your data”
• Is Google evil?

¹ Yes, I realize that computers can only do what we tell them to do. But as anyone who uses technology knows, engineers, designers, and developers have a mediocre track record with regards to the ethical, moral, social, privacy, and security concerns of the technology they (we) build. And with any technology, people will use it in unexpected, even malevolent ways.

² Honestly, whatever notion of privacy that existed in a pre-tech world really hinges on obscurity and the footwork someone is willing to put in. Birth records? Property records? Tax returns? Your friends, enemies, and associates? It’s all there for the aggregating.

It’s an inventive use of your user’s browser history, though I suspect it could potentially be used — in combination with cookies and logins — to detect which of your users are also regular porn surfers.

With that little bit of fearmongering out of the way, I’ll direct you to two Firefox extensions designed to stop such nosy coding (found in the comments on Niall’s post:

• SafeHistory
• SafeCache