Wednesday, November 30, 2011

Owning your data

Yesterday Facebook and the FTC came to an agreement on privacy settings. This will require Facebook to undergo privacy audits twice a year by a third party firm. In Europe Facebook users are already able to download their data as I mentioned in a previous post. I think we're living in an age where users will need to be well educated on the impact of the privacy policies of websites on the users personal data. However, how can we do this? I personally never look at the privacy policy on a website. Why? Because I don't really trust them. Effectively, just by going to the website I agree to these policies and effectively whatever is stated in the privacy information I'm bound to. However, I have to go to the website before I can read it, thus creating a catch-22.

If I did disagree with something written in the privacy policy, I've already agreed to accept their terms and if they said "we're going to steal all your cookies and sell them for profit" and I object to that it's too late. They already did it.

This puts us users in a bind. We enjoy the benefits of cookies. We don't have to always remember our passwords, we automatically get logged into our favorite websites. Personal settings pop up as soon as we log in. There are plenty of benefits from using cookies. We lose all of these as soon as we use services like Incognito from Google Chrome. Some of my readers have commented that they have switched to using an Incognito window, but it's much more of a pain to log into Facebook and they have actually started using the service less. In terms of Facebook to compensate I use TweetDeck which pulls my news feed from both twitter and Facebook. However, it doesn't get everything including messages from friends, which is annoying, but not the end of the world.

To deal with these privacy issues, the EU is proposing a pan-European standard for privacy policies that a website has to get approved. Companies like Facebook are actively fighting against this rule. I think that this is a great step. I know a lot of people don't like new government regulations. However, in this case the public is woefully uninformed and find getting informed on these topics cumbersome. A lot of money is being made off of people's ignorance. Now, many people would say that's their fault for not properly investigating this topic.

There are a few resources out there to help with getting a better understanding of how to protect yourself. The EFF has an entire section of their website devoted to privacy issues. The ACLU has a Technology and Liberty section which includes topics like privacy.

So why should we care about this? If you aren't doing anything wrong you don't have anything to worry about. I'm sorry, but this is a really naive way of looking at privacy issues. Some of you readers out there have fences in your back yard. Many of them are called privacy fences, if you aren't doing anything wrong why do you have a fence? Others will have a safe to store valuables and important documents, why do you need a safe, if you aren't doing anything wrong you shouldn't need a safe.

Putting this into a physical context highlights the absurdity of the not doing anything wrong argument. It also highlights the differences between privacy in the physical world and in the digital world. It's really easy to understand how to increase your privacy at home build a fence, better curtains better locks, bars on your windows etc.. Fixing privacy on your computer is much more difficult. Security experts have tried to make things as simple as possible by using names like Virus scanner, Firewall etc.  Most people don't really know how to use these properly.

Adding a Firewall to your computer can make using it difficult and clunky. Services that you use frequently suddenly stop working correctly and it's not always obvious why at first. There needs to be a movement within security companies to make everything as simple as possible for the broader population. There should be advanced settings for the people who really want to control their data. Basically we need the firewall to turn into a fence for most people but with settings to turn it into the Berlin Wall if an advanced user wants it.

All users need to understand the risks, just like they need to understand risks of burglary, they shouldn't need to be a security expert though.




Other potential resources (I have no idea if they are any good, I just searched for privacy resources)
http://www.privacyresources.org/
http://epic.org/privacy/privacy_resources_faq.html
https://www.privacyinternational.org/article/ephr-privacy-resources

No comments:

Post a Comment