A heavy topic for midweek, kids, but today it’s karma or, in less religious terms, what goes around comes around (such a child of the 60’s, I know). What has me on this topic are a couple of things that came out during the last week and I want to bring them to your attention. Both have some strong implications to anyone who uses the web (and obviously, since you’re reading this, you’re included). In a sense, there’s a third thing – the whole PRISM program from the NSA – but since we don’t do politics, and that program can’t really be discussed without politics entering the discussion, I’m going to table it. I will say, however, that if you’re angry about it now, where were you a dozen years ago when it all began?
That’s sort of the point I want to make about the other two topics. The first are the “shadow” profiles Facebook has been gathering. It came out that a bug on Facebook exposed user data for 6 million folks. Moreover, the data it exposed proved that Facebook has been putting together profiles of everyone, even people not on Facebook, and the information contained in those dossiers has not been offered up to Facebook – they just found it. The company that exposed it – Packet Storm – asked:
would Facebook ever commit to automatically discarding information of individuals that do not have a known Facebook account? Possibly age it out X days if they don’t respond to an invite due to a friend uploading their information without their knowledge?
Their response was essentially that they think of contacts imported by a user as the user’s data and they are allowed to do with it what they want. To clarify, it’s not your data, it’s your friends. We went on to ask them if Facebook would commit to having a privacy setting that dictates Facebook will automatically delete any and all data uploaded about me via third parties (“friends”) if it’s not in scope with what I’ve shared on my profile (and by proxy, is out-of-band from my privacy settings)?
We were basically met with the same reasoning as above and in their wording they actually went as far as claiming that it would be a freedom of speech violation.
Let’s repeat that: it’s not your data. The solution proposed? Governmental intervention. Frankly, I prefer the solution contained in the other topic of the day – the Cookie Clearinghouse being developed by the folks at Stanford. I encourage you to click through here to see how it works. It won’t solve the “bad actor” situation that we see in the Facebook example but since it’s designed to enable browser developers to block third-party cookies — such as those set by ad networks — without also inadvertently blocking cookies from companies that have relationships with consumers, it’s a start. The ad networks and others are not happy about any blocking and are doing their damnedest to stop it, but I think it’s pretty obvious that privacy is(finally) front and center for even casual users.
Sorry for the length today but the point is simple: we reap what we sow. If we’re bad actors when it comes to invading people’s privacy, the odds are that some legislated solution will arrive on your doorstep and it won’t be as simple as just doing the right thing you should have done in the first place. Witness COPPA and CanSpam, brought about because the bad stuff came back around to haunt not only the perpetrators, but the legitimate companies that tried to behave as if it were their own data and their family’s data being taken.
Are you aware of this? What do you think?