Privacy on the Web

The last couple of weeks have been quite eventful regarding Privacy issues on the web, although, it’s unclear to me how much of this has been noticed by the general consumer.

  • Facebook has released updates to its platform, which bring about two privacy-impacting changes: your life’s “timeline”, and the inability to logout from Facebook as they’ll continue to track you across the web.
  • Amazon’s new Kindle Fire tablet, with it’s “all new but not really” cloud powered browser, Amazon Silk.

As a stockholder, I love Amazon’s new tablet offerings.  For the Fire, the price is great, the physical seems good, the OS looks good in the screenshots.  The only real disapointment to me on the Fire was the pretty miserable battery life (only 8 hours?).  The release of these devices is perfectly in line with Amazon’s true mission statement as being the World’s Best Fulfillment company.  Whether they’re delivering books, baby formula, computing power or movies, they’re the ones fulfilling it, and the Kindle line of products continues to be a digital extension of Amazon’s famous, highly efficient warehouses.

As an armchair privacy advocate (hey, I donate to the EFF and Software freedom!  And I use Tor!) I’m reasonably troubled by the Amazon’s cloud browser.  Unlike what millions of nerds thought when they watched the video, this is not new.  Opera’s been providing this service on their mobile browser for years.  This is how many high latency (read: Satellite) providers implemented their browsing experience.  This is how Blackberry used to provide their browsing experience.  It works by keeping a persistent connection open to Amazon’s cloud and heavily cache content saving DNS lookups, connection initiations, and on being able to prefetch common navigation paths.  Amazon does get points for telling us they’re going to track our browsing habits in the Terms of Service, but this is yet another one of those small but troubling erosions of privacy that I believe the normal consumer is simply unable to rationally comprehend. 

Except this IS different from Opera/Blackberry/Others, because Amazon has a much higher incentive to use this data in initially innocuous but eerily invasive and potentially damaging ways.  Remember, as a shopper and a stockholder of Amazon, one of my favorite assets of theirs is their incredible recommendation engine, which is now being bolstered by information on what websites you visit, in what succession, and how long you spend there.

We need a Privacy Nutrition Facts.  It doesn’t need to be regulated, but it should be voluntary, easy to read, and prevalent.  Just like how Firefox and Chrome solved the Phishing problem by warning you when you’re on a risky domain (combination of crowd sourcing and URL parsing looking for those password strings), we need a way of accurately conveying risk to the consumer. 

Are we all sure that we want to be offered books about marriage counseling due to a few Google searches?  Do we want ads about relocation options and moving supplies appearing on my work browser because I visited a job board last week?

Don’t we at least want the option of making the above decisions without needing to have a Computer Science degree or reading in-depth technical blogs or reviews of every major new product?  I do.  Just like Apple removed a lot of maintenance work from my life with their products, at some point it’d be great to not have to spend time on security due diligence with every gadget or service my extended family purchases.

And as for Facebook – they’ve long been almost blatant about how little they care about privacy.  The new flap over them tracking you around the web even after explicitly logging out is crazy and was defended by some as an “oversight” or part of the new strategy of “frictionless sharing.”  I’d go so far as to say they’re now actively endangering users on the web, and it’s their “aww shucks” attitude fronting for their true corporate priority of privacy non-priority that makes it particularly infuriating.  But at least in my opinion, most of the “Aww shucks” is coming from new/young/sniped-from-Google-or-elsewhere employees of Facebook who desperately need to justify the mental model they have of Facebook as a company who cares about its users.  I don’t think there’s any confusion over the true corporate intentions, which are evidenced by action after privacy eroding action.  

Lets just say that I’ve added rules to Adblock to torch all Facebook cookies ( see here , there are also some plugins that do this for you now as well).  It does seem that they’ve tweaked their disingenuous logout procedure some in response to the controversy, but how many of their 500 million users are even aware that this every happened?  And they still track you, just “not as much”.  In healthcare we’ve learned that deidentification of large data sets is almost impossible, and AOL’s CIO got fired for not learning this when he release de-identified search results – when will we learn this with social networking as well?

To sum up – privacy is really important, and in many ways it has become an even more urgent problem with the variety of broadcast style mechanisms we have out there that are learning our habits and likes and dislikes, increasingly with an eye towards monetization.  Maybe it’s the next great must-have plugin – a crowd sourced privacy grade for sites and application.

 

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s