The battle for our data: a holiday allegory

The following is a repost of Brian Proffitt's December 20th blog entry on ITWorld. He has kindly granted me permission to repost it. In it he looks at free speech, privacy, and Personally Identifyiable Information in ways that few people have - or if they have, they've shied away from the implications. His original post is here. I encourage you to check out his blog and let him know what you think.

The battle for our data: a holiday allegory

Did the cloud just head-fake all of our data away?

While many software developers and enthusiasts have been focusing on the push for open source software, did we miss the fact that somewhere along the line companies got a hold of something even more important: our personal data?

I am not someone that's typically the tin-foil-hat type. But I am seeing a marked increase in the tension between the public users who claim inheritance to the Internet and the private entities that may actually control it.

Every time there's a site blocked on the Internet, supporters usually first go to the "free speech" defense. First off, that's a lovely sentiment--if users and site operators all uniformly lived in nations where free speech was actually the letter of the law. Freedom of expression is something that's denied to billions of people on a daily basis--so any whining about loss of freedom is coming from citizens or subjects of countries that have the luxury of freedom of expression to begin with.

So, after eliminating a big chunk of the world's population, what about the notion of freedom of expression in countries that do have it? There again, we are beginning to see a problem between the theory of freedom and the actual implementation. The problem is this: while citizens have the right to say what they want to say in these countries, they are using a medium that is owned and operated by corporate interests. Phone, cable, satellite, and hosting providers are all beholden to their owners or stockholders, and are all uniformly out to do one thing: make money.

That, coupled with political systems that are closely tied to corporate interests thanks to the practice of political contributions and lobbying, makes for a dangerous recipe for freedom of information.

Right now, I could, if I were so inclined, get on the Web and build a web site that declared that all of Santa's elves were really part of a secret cabal who's real mission was to promote the corporate agenda of the world's major toy manufacturers. I could present leaked documents of secret meetings between Hasbro, Mattel, and the North Pole on exclusive elf-labor practices, and attempts to marginalize misfit in-house elf resistance organizations led by Herbie the Elf with marketing campaigns.

Scandal would ensue, to be sure. My web site would gain in popularity, as more evidence would mount highlighting multiple ties between global toy interests and elf factions. The big bombshell: Purina fingered in an exclusive marketing deal with the North Pole Transportation System. "ReindeerGate" would rock the holiday season.

But resistance would grow. Detractors would mock my efforts, citing a bias against short people with pointy ears... perhaps making up stories of how I was bullied by elves as a child. Or because of my Linux ties, my South Pole, pro-penguin bias was causing me to make up facts in my quest to tear down the efforts of the North Pole. Eventually Fox News would decry my site as one more offensive in the War on Christmas, and the real nastiness would begin. Whispers of being moved to the naughty list after a 44-0 nice list record would come out of the headquarters of the Big Guy himself.

The real coup would come when a US Senator would decry my site as "anti-Christmas." Faced with such public pressure, and without a hint of legal evidence, my hosting provider would drop my site like a hot potato. DNS services would unregister my site, forcing me to change my site address repeatedly, even as hosting providers around the world would refuse to give my site a home--or drop me after learning I'd set my site up on their servers.

And the final insult? Under the tree on Christmas morning, in a gift-wrapped box addressed with me, I discover not a lump of coal, but the latest Barbie fashion accessories... with a note signed "Love, the Elves."

Whimsical and far-fetched? The former, certainly. But recent events in the real world have given us all a peek behind the curtain: when push comes to shove, Internet companies will default to what they perceive as a safe mode when confronted with any real controversy. You can argue, thankfully, whether this is an appropriate response, but the problem is, we're all arguing the point after the fact. The damage has already been done: speech has been blocked, without one bit of legal action.

Faced with that kind of activity, how safe is our information on the Internet? We worry a lot about data thieves stealing our data, but what about our data just up and disappearing one day?

On the Internet there is still an element of rebellion. You can still find places to get content and data hosted. The distributed nature of the Internet makes it difficult to block everything. Which is perhaps why private and public organizations are getting more enthused about the walled gardens of the Internet. Get everyone on Facebook, corporations will reason, and they will be on a single platform on which to market. The message can be controlled, and more importantly the users and their friends can be tracked far more easily than ever. That Facebook makes it more than a little difficult to extract all of a user's data should a user drop Facebook is no accident.

Nor, I suspect, was the recent naming of Mark Zuckerberg as Time's Person of the Year. Traditional media outlets are finding it more and more difficult to generate revenue in the face of the wild and open Internet, where advertising is sporadic at best and subscription paywalls fail almost universally.

I would imagine that governments would be a bit interested in Facebook and its brethren. Warrants become a lot easier to serve when it's only one or two mega-social sites involved rather than a multitude of host providers and network companies. (Conspiracy theorists are already taking note of that same Person of the Year article's mention of FBI Director Robert Mueller just dropping by to say hello to Zuckerberg in the midst of a company meeting.)

This isn't just Facebook. Apple's App Store approach to its iPhone and iPad users reflects the same kind of centralization of user activity and data and to some extent so does Google's Android and ChromeOS though to its credit, Google has been a lot less restrictive about what gets on its platform than Apple. That may be a key difference down the road.

Free software advocate Richard Stallman sees much of the cloud as a problem, regardless of how you get to it. Despite its Linux--excuse me, GNU/Linux--origins, Stallman criticized Google's ChromeOS as promoting what he calls "careless computing" by users who blindly stick their data on the cloud without regard to who else might be able to get to it.

Stallman and I have our differences, but in this regard, I find myself in agreement with him. And we are not alone: a far-less-whimsical article I wrote on Linux.com recently highlights what others think about the situation, and some of the tools being created to deal with the issues.

Am I advocating a complete withdraw from the networks upon which we do business? That is a very hard question to answer: it would certainly be safer to remove data from the Internet, but it would be harder to conduct business. Consider credit report ratings: for those lucky folks who are entirely debt-free and deal only on a cash-only basis for their purchases, they have a credit score of 0. This would make getting reasonable loans for things like a mortgage or a college education exceedingly difficult--even though they had managed their finances so well and paid off every creditor. Similar difficulties would arise for anyone who could get off the grid (if this is even possible anymore), I am sure.

Instead, as in all things, I suggest not an extreme solution, but a carefully managed compromise. By stingy with your data. Don't reveal too much about yourself online, whether on a social network or the Internet. Pay attention to what web sites and networks can do with your data now, and what they are doing. Visiting a commerce site often might make it tempting to store your credit card data there for return visits, but don't succumb. (One thing I do: keep a low-limit card just for online purchases. If something goes wrong, thieves aren't getting much from you.)

If you have kids online: don't be the cool parent that lets them run willy-nilly out on the Internet talking to whomever they please. Be the parent, and keep track of where they go and who they talk to. Don't assume every online network they visit will want or be able to protect them. That's your job.

I have painted the cloud as a dark and scary place, and perhaps that's unfair: there are positives about being in the cloud. But any new frontier may look pleasant and inviting but can also contain hidden dangers.

It's time we all pay attention.

Could Buzz become Facebook for education?

In his blog entry on ZDNet, "A social networking call to arms" Christopher Dawson looked at Google as the potential social networking provider for education and business. He makes some good points. In the past Google has been considered a nemesis of personal privacy for their retention of user search and email data long after the fact. But they have responded to their users concerns by limiting the time data is kept, and when they made the major blunder at the introduction of Buzz were quick to fix the problem. Facebook, on the other hand, is continually expanding what user information is considered public without consulting users or seeming to care about their wishes. Schools have to keep certain data private, and Facebook does not allow that.

There was a time when Facebook might have been useful as a tool for teachers. That time is long past. But a social network run by Google could work. Google does not make change their privacy policy every six months (or less) in an effort to make more of the user data public. And Google has experience providing secure services in the cloud to businesses already. They already have most of the ingredients of a successful social media site if they can find a way to tie them all together. Google Search, Google Reader, Youtube, Blogger and Google's handling of privacy issues are some pieces of the puzzle. All Google needs is a way to package them together that satisfies the privacy and security needs of educational institutions while providing the social experience people want.

Facebook users love sex!

Shira Lazar of CBSnews.com reports that Dan Zarella has written an algorithm that analyzes social media posts and create a psychological profile of the poster. And according to his analysis of 12,000 posts (posts, not users posts), Facebook users love sex. I have to wonder if his sample is large enough to be statistically significant, and how he selected them, but it still puts that English researchers conclusions about Facebook and syphilis in a new light.

I also have to wonder how many of those people posting about sex will have reason to regret it later.

Facebook - Too big to regulate?

Robert Scoble of the Scobleiezer blog expressed the opinion last week that it is too late to regulate Facebook. He raises some good points, but I think he is missing a couple of things, too. He raises several points, covering both what Facebook has done, and what governments might do to regulate it (and why it's moot to try).

For his discussion of what Facebook has done and why it's shaking up internet businesses that never expected Facebook to have any impact on them, read his post. It's interesting (and troubling), but for my purposes, what he says about the futility of trying to regulate Facebook is more important.

So what exactly does Mr. Scoble think governments can do to Facebook? Effectively, not much, because anything they do will have either no effect or the opposite of the intended effect. But he does list three things governments can do - four reasons it won't matter if they do - along with my comments in italics:

Well, first of all, what can government do?

1. They can force Facebook to switch its defaults on its new Instant Personalization program. The government could force Facebook to turn that feature off by default and make me “opt in” for you to see my Pandora music.

2. They could fine Facebook for its behavior.

3. They could call Mark Zuckerberg in front of Congress and call him nasty names.

But what else could the government do? I don’t see too many options. Do you?

So, why is it too late to regulate Facebook?

1. The damage is done. Well, let’s assume they made them switch Instant Personalization to opt in. Who cares? The damage is done. My Pandora already has all your music shared with me. Most Facebook members won’t change their privacy settings from what they already are. So, old users will keep sharing their music and only new members will be asked to opt in to these new privacy-sharing features.

Like he says, most people will never change their privacy settings, so this could actually be very effective. It's better if done quickly so as few people as possible notice, but until more services join up changing the settings from default-share to default-private will go largely unnoticed.

2. The regulation will come too slowly. Government never moves fast. Even when it’s motivated. So Zuckerberg has at least a few months to aggregate his power before Government slaps him on the hand. Government is not going to be able to prevent that top 50 website from putting Facebook’s new features into its service. Government will not keep me from using Pandora.

Unfortunately, this is very true. Governments act slow unless directly threatened (ie, Pearl Harbor or 9/11). Each month action is delayed action becomes more difficult.

3. The regulation will come after we get used to new privacy landscape. Already I’m finding I’m getting used to the fact that you all can see my data and that I can see yours. So, if Government comes along and tries to regulate that it will get pushback from me. Why? Well, I actually like the new Pandora features. I’m finding a ton of cool music because Zuckerberg forced you to give up some of your privacy. So what that I can see that you like Kenny G? Users will get addicted to these new features and they won’t take kindly to some government jerk taking away these new features.

Again, very true. The unfortunate truth is that users will decide they're willing to lose a little privacy for these nice features, but won't realize how much privacy they're giving up until it's too late.

4. Giving Zuckerberg a fine will not change Facebook’s behavior. If anything it will just push him to monetize these features more aggressively in order to pay the fine. Just wait until Cocacola icons show up next to all those Facebook like buttons. Government taxation, which really is what fines are, might have a negative effect long term.

Sadly, Mr Scoble knows what he's talking about. Fines will have as much effect as they did on Microsoft. The threat of being broken into three companies scared MS, not fines. And even that had little effect.

Robert is right. Of the three options he sees, only one has any chance of success. Government intervention could make some changes to the way Facebook handles user data, but unless it's done quickly, it will just be going through the motions. It's up to the users of Facebook to force Mark Zuckerberg to respect their privacy. Sadly, most don't realize the value of what they are giving up to him, so they are unlikely to do anything.

Facebook exposes private chats

In the Bits blog Nick Boltin reports on the Facebook bug that exposed private chats to public scrutiny. Facebook claims the bug was only live a few hours, and has shut down chat until the bug can be fixed (perhaps by the time you read this). This can't help Facebooks reputation in the eyes of the Electronic Frontier Foundation or Senator Charles Schumer (D, NY). Senator Schumer is one of the Senators calling on the FTC to craft privacy guidelines for social networks.

I'm not sure this was really an accident. Yes, I'm being paranoid and cynical, but the Facebook business model is to push for users to make everything public. I wouldn't be surprised if this was a 'live test' to see what kind of reaction results from this "bug".

10 reasons to leave Facebook

This post is a direct copy of Dan Yoder's April 26th post on his rocket.ly blog used in accordance with his Creative Commons Attribution-Share Alike license.

Top Ten Reasons You Should Quit Facebook

Mon Apr-26 2010 | Dan Yoder

Let's all ban Facebook!

Update: Due to the surprising popularity of this post, I feel I should be absolutely clear about my role as VP of Engineering for a Hollywood-based social media startup, BorderStylo. The opinions expressed here are purely my own and are not in any way endorsed by my employer. While I do not see our applications as directly competitive to Facebook, nor have I presented them as such, it would be disingenuous not to mention this.

Alcohol + camera + Facebook = no play

Greg Cergol from nbcnewyork.com reports that several lacrosse players at Ward Melville High School in New York were suspended when school officials saw pictures of them drinking on Facebook.

Fifteen lacrosse players were suspended because of the pictures - six of them indefinitely. This kind of occurrence isn't anything new, although this may be the largest group of high school students to hose themselves on Facebook to date. If I had any illusions about high school students thinking about how private Facebook really is, my favorite quote from the article would have disabused me:

"Maybe it's not the smartest move to have put the photos up," said senior Teddy Ouwerkerk. "I guess Facebook isn't the most private after all."

Facebook users risk blackmail

Everyone who follows this blog knows that I do not like the way Facebook pretends to protect our privacy. But my statements pale in comparison to what Jennifer Stoddart, Canada's Privacy Czar, has to say. In a story in the Globe and Mail she says:

“I’m very concerned about these changes. More than half a million developers will have access to this data. The information will be stored indefinitely and it opens the possibility that a lot of people can be blackmailed from all corners of the world.”

That's a pretty strong assertion. I'm not sure how real a danger that is, but I understand her concern. It's embodied in another quote regarding how well Facebook is living up to the promise it made to the Canadian government to better protect members privacy. After the privacy changes announced last week she said, “They certainly seem to be moving in the opposite direction."

It's true that the constant privacy policy rewrites by Facebook would be better called 'personal publicity faciliators'. And with the odd, bewildering, and downright idiotic things that people post on Facebook blackmailable data will probably be posted by more than a few people. But once it's been posted to Facebook, how much of a lever can it be for blackmail?

Choosing to host malware

ZDNet's Dancho Danchev report on a disturbing development in activism; the opt-in botnet.

In case you don't know what a botnet is, it is a group of computers that have been taken over by malware that allows someone besides the computers owner to take control and/or use the computer to attack other computers, servers, and even botnets. Usually the people hosting the computers in the botnet don't know they've been infected. In the case of an opt-in botnet, though, they do. Not only do they know, they've intentionally infected their computers so a coordinated attack against an entity their activist group doesn't like can be launched. This is similar to activists chaining themselves to trees, vandalizing government (or other) buildings, or bombing whatever they don't like.

This kind of activity is illegal, but most people who become part of opt-in botnets either don't know this, don't care, or think that, as part of a large group, they are less likely to be singled out. They may or may not be right about that last one.

One of the things that make opt-in botnets feasible is the rise of social networking sites such as Facebook and Twitter. But while they make such things easier, they don't guarantee success. The article examines some successful and not so successful opt-in botnets. It's interesting reading. If you find such things interesting, check it out.

A blip from Blippy

A few months ago a new social networking service started up, one with a model I thought would never take off. Blippy posts your credit card purchases online in short, twitterlike 'blips'. The information posted includes what was purchased, where, and for how much. It's not supposed to include your credit card number. But according to Gigaom.com's Liz Gannes, for 196 transactions last week that's exactly what happened. According to Philip Kaplan, cofounder of Blippy, the transactions were from early in the services beta period, but was still being cached by Google. The problem has since been fixed - the search that had revealed credit card numbers doesn't now.

But this just brings us to the burning question in my mind. Why would you want this information to be published online, even without the credit card number? I do see a bright spot, however. Whenever I tried to use Blippy NONE of my accounts showed up to be shared. I guess they know how I really feel about their service.

Update: Blippy has since apologized, contacted affected users and promised to help them with any issues that might come up from the exposed data. They have also commited to hiring a Chief Security Officer (they didn't have one?!!!).

Tori Pennington could have lived

Last Saturday Tori Pennington's body was found by her 12 year old son. In Tuesdays Avalanche-Journal Robin Pyle reported that she was allegedly killed by a man she met through an online dating service. At the time I'm writing this not a whole lot is known, other than she had been talking with Dustin Kendrick online and over the phone for an undisclosed amount of time. It is presumed that this was their first face-to-face meeting. This isn't the first online relationship in Lubbock to end in murder. In 2004 Joanna Rogers disappeared and was later found dead in the Lubbock Landfill. Her killer was initially connected to her by chat records and emails on his computer. We can only guess at the number of people in Lubbock who have been beaten by people they met online but never reported it.

Sometimes bad things happen. But often they can be avoided, and meeting online doesn't have to be any more dangerous than any other way to meet people. So here I am going to suggest a few steps to take when meeting people online. They won't guarantee your safety, but they will at least reduce the risk. They aren't in order of importance because they are all important.

• If you're looking for dates online, go to a large, reputable site that does at least a little checking on it's members. The final call is still up to you, but every extra bit of screening helps.


• Spend plenty of time getting to know them online before meeting in person. The longer you interact and the more you see of their actions, the more likely you're seeing "the real them."


• Don't give them your address or home phone. Give a cell phone number - in most cases you can't get an address by looking up a cell phone number on the internet. With land lines you can.


• I don't care how nice he (or she) is, the first few times you meet in person, don't meet at home, a hotel, or any place you will be alone. That includes going there after the dinner, movie, whatever. Meet in public places, preferably with friends. They will probably see things you don't - good and bad.  You will have to judge at what point you feel 'safe' being alone, but the first date definitely isn't it.


• Alchohol impairs judgment. Drink little or none the first few dates.


• When you do decide it's ok to meet in more private places, make sure someone knows where your going. Having a friend call to check up on you isn't a bad idea, and it can give you an out if you're getting uncomfortable.

To find more ideas for safely dating people you meet online, google "online dating guide" or "safe online dating."

My prayers go out to Tori Pennington's family, especially her children.

Who owns your Facebook?

ZDNET's Ryan Naraine and Dancho Danchev reported on a blackmarket sale of 1.5 million Facebook accounts. The accounts vary from active accounts with loads of friends to semi-autogenerated acounts that don't have any friends yet. The price depends on how many friends the account has.

The article is a FAQ on a report by Verisign's iDefense team, and covers a lot of ground, far more than I can cover here. But one of the things I find very intriguing is the section on "Cybercrime as a Service" (CAAS), something that I'd never thought about, but that is a logical progression when you think about the development of legal business on the web.

Of course, the real question that's probably on your mind right now is either "How concerned about this should I be," or "What can they do with my Facebook account?" Those might be closely followed by, "Why would anyone, especially a criminal, want my Facebook account?"

To answer the last question first, an established Facebook account is instant trust, allowing a criminal to get things from people with far less risk and effort than sending spam or actually burglarizing a house or robbing a bank. It just makes sense that if you can approach a person as someone they know and trust, they're more likely to agree to risky behaviors you might suggest. They also are more likely to open malware you send them and open links, making Facebook accounts perfect mules for infecting their friends.

So how worried should you be about this? Well, you're probably not one of the 1.5 million accounts being sold, but I'd change my password anyway from a computer that is known free of malware just because you can't be sure. There are reported to be more than 400,000,000 users on Facebook. That means that this list of accounts for sale has less than 1/2 of 1% of all Facebook users on it. I've seen people say they are leaving Facebook because of this breach, but I wouldn't leave Facebook because of this problem alone. Of course, there are plenty of other problems that make Facebook a risky proposition.

Facebook to users: Screw privacy

Facebook proposed changes to it's privacy policy and put them online for people to comment on. After reviewing all of the comments, Facebook posted a response here. I would recommend that you read the response, even if you never read the new policy. It is full of information that I'm sure Facebook never intended to release, the biggest revelation being that Facebook considers it their right to use your content - although they claim the privacy policy limits how they can use it. Two of the responses seem to reveal the lie in that to me - I'm going to deconstruct them as I go:

Will Facebook take my creative works and use them for profit?

A number of users raised concerns similar to the following comment: “I am an artist. This section makes me nervous. Does this mean that Facebook plans to sell the artwork, photos or music that I post?” Facebook has never sold its users’ creative works, and has no intention of doing so in the future.

That's cool. Just the way it should be.

But you should be aware that Facebook does try to derive revenue from its website – such as through advertising – and your content appears on our website.

There shouldn't be a butt I mean but, here.

That said, this section limits our use of your content in two important ways that protect you. First, the rights you give Facebook are “subject to your Privacy Settings.” This means, for example, that if you set your privacy settings so that only your friends can see a photo, we cannot show that photo to anyone but your friends.

Hmmm...but in the past the default is to share with everyone. So Facebook is setting the default to share only with friends? Somehow I doubt it.

Similarly, if you opt out of Social Ads in your Privacy Settings, we will respect your decision.

You'd better, but will I ever know?


Second, the license you give us ends when you delete your copyrighted content. This means that the minute you delete it, we will no longer use your content except in the ways we articulate in section 2.

Hold up. Once I delete it, you shouldn't have any rights to my content. Also, unless you take the steps to copyright your Facebook content, it's not copyrighted, which means Facebook can use it. Facebook, you can delete section 2 right now!

And the second section that bothers me:

How will Facebook use, share, and store my content?

Facebook needs the right to use, share, and store your content in order to provide Facebook to you and your friends.

No, you could have chosen another business model. But you chose to use a model that requires you to trick us into releasing data we might not want released.

Our Privacy Policy explains what content we use, share, and store, and includes a number of examples (as do some of our responses to this section). In addition, your Privacy Settings give you the ability to direct and control how we use and share your content.

But only if we hunt them down and change them and never do anything that negates those settings. The default should be not to share - but Mr. Zuckerberg knows that the default setting is the one that most people will keep without thinking, so opt-out gives him more moneymaking power than opt-in.

Who am I kidding. I didn't like any of the replies to users objections. Mark Zuckerbergs announcement yesterday just reinforces my belief that Facebook is not responding to changing social norms, but is trying to push those norms in a direction that benefits Facebooks bottom line, not the interests users of the service.

David Goldman, staff writer for cnn.money.com, covered Facebooks f8 developers conference Wednesday and saw a number of problematic privacy changes. However much more control you may have to make things more private, that control is easily lost: Users will be asked to convert their interests into fan pages:

"Is one of your interests "The Beatles?" Well, now you're a fan of The Beatles. By default, users will receive notifications from their fan pages in their news feed.

Doesn't sound like such a big deal, but here's the kicker: Users who choose to convert their interests to "pages" will lose privacy control with the new changes. Many parts of users' profiles, including hometowns, birthdays, education, religion and work interests would be considered "connections" if a user converts them, making them public to anyone."

Goody! I can create fan pages, but only if I'm willing to give up control of my own information. That's extortion - although in my case they wouldn't find much on my pages, but they shouldn't have the opportunity unless I explicitly give it to them. Facebook is starting to change their privacy policy on an almost monthly basis. Privacy policies should be relatively static, only changing when not changing would cause problems. In light of Facebooks continuing push to take control of my data I've deactivated my Facebook account. If I try to do anything beyond exchanging messages with friends I negate the privacy settings, and it's only a matter of time before Facebook gives up any pretense and says, "To use our site you grant us full use of your content." I'm not willing to do that.

Message to Google: Respect our citizens privacy

In a story published in the Avalanche-Journal, Barbara Ortutay, AP technology writer reports that 10 nations have written a joint letter to Google CEO Eric Schmidt expressing their concern over the way Google Buzz and Google Streetview handle privacy.

It's good to see that the privacy of citizens is important to their governments. It's sad that the US wasn't represented, but we don't have a privacy commissioner, and anyone who's been paying even mediocre attention to the news for the last 5 years should know that US government isn't exactly worried about citizens privacy.

The letter pulled no punches, saying in part:

"However, we are increasingly concerned that, too often, the privacy rights of the world’s citizens are being forgotten as Google rolls out new technological applications.  We were disturbed by your recent rollout of the Google Buzz social networking application, which betrayed a disappointing disregard for fundamental privacy norms and laws.  Moreover, this was not the first time you have failed to take adequate account of privacy considerations when launching new services."

The other service being referred to was, of course, Google Streetview. Google streetview has been plagued with privacy issues such as pictures of the interior of houses, backyards behind privacy fences, and unobscured pictures of peoples faces without permission.

The commissioners expressed concern that Google was making it a standard business practice to roll out new services without adequate planning and privacy protections:

"It is unacceptable to roll out a product that unilaterally renders personal information public, with the intention of repairing problems later as they arise. Privacy cannot be sidelined in the rush to introduce new technologies to online audiences around the world."

I only wish we could convince the US government of the importance of the citizens right to privacy. If we all contact our congressman and tell them, maybe we can.

The text of the letter is here.

$1000, Free on Facebook!

There are some legitimate "free" offers on the web, although by the time you jump through the hoops to qualify for them it would be cheaper to just buy the "prize" they offer.

Robert McMillan of IDG News reports on PCWorld that there's a free offer appearing on Facebook that's a lot easier, but the prize goes to the conmen, not to you. All you have to do is become a fan and get a free gift card. The scam has covered the gamut, from Ikea furniture to iTunes, and has offered as much as $1000 gift cards. One fan page gathered 70,000 fans before being taken down.

In another article by McMillan, Facebook Spokesman Simon Axten says that right now these pages are leading to marketing websites that generate money through advertising. But traditionally this kind of scam is associated with identity theft, and it is probably only a matter of time before the information gathering gets more personal and identity theft becomes the goal.

Remember, anybody can put up a page on Facebook and claim to be anyone else. And always remember that old adage, "If it looks too good to be true, it probably is.'

Facebook puts new spin on old crimes

KTLA.com in LA reports a new spin on a not so new pastime. For that matter the spins probably not all that new. There's not really anything new about groups of teenagers or early twenty-somethings finding an unoccupied house, breaking in, and trashing it. It's also not new that the partiers don't really care if the house is empty because it's abandoned or because the occupants are away. Actually, they probably prefer the occupants be away, that way there's probably food and maybe alcohol already there.

What Facebook and other social media have made possible are a much shorter amount of time needed to setup the "party". Twenty years ago it took time to find a suitable house, let people know where the party was being held, and get everybody there. Today, thanks to Facebook, Twitter, Foursquare, and others, a careful online search can find empty houses in minutes. A Facebook update or a tweet can potentially allow thousands of people to find out about the party simultaneously, and in no time you have hundreds of people trashing your home.

As I said, this isn't exactly new. What is new is that many people are now transmitting to anyone who cares to look that they are leaving for an extended periods. So along with having your mail held, your newspaper subscription suspended, and your lights set to go on and off while your gone, make sure no one in your family reports to the world at large that you are going to be gone.

Remember, sites like Facebook are tools. It's up to us how we use them.

Facebook causes syphillis

No, really, it does. According to the Telegraph, "Facebook 'Linked to Syphillis.'"

Reading the article, it turns out that "linked to" is a little stronger than what the Professor Peter Kelly, the researcher who saw a connection said. He saw that a couple of areas of Britain that have increased incidence of syphillis also have high Facebook usage. Professor Kelly observed that "Social networking sites are making it easier for people to meet up for casual sex."  Apparently the data he used included where people were hooking up, and a lot of them were through Facebook. Not a smoking gun, more like circumstantial evidence.

Facebook is, of course coming out swinging about the assertion. A spokesman said, among other things, that "Facebook is no more responsible for STD transmission than newspapers responsible for bad vision." Not a perfect analogy, but close enough, I suppose.

I don't know that Facebook is actually making it any easier for people to have casual sex. I do suspect that attitudes and fears about sex have probably changed somewhat in the last 20 years, and that might have something to do with it.

Of course, "Some people on Facebook meet each other for unprotected sex and get STD's" just isn't as snappy a headline.

Facebook cloning plus Nestle: Facebook fanbango

Facebook Cloning

In a report on 39online.com out of Houston Mayra Moreno reports on Facebook cloning. She introduces us to Edna Canales, who has had her social networking profile cloned twice: once on Myspace and once on Facebook. Apparently both times the cloner harvested pictures of her from the pages of Edna's friends and put up a page claiming to be her. The last time on Facebook, she discovered the clone when she got notices that her friends had friended another Edna Canales.

Both incidents were reported to the police, but you can't do much to someone who's cloned your Facebook page unless you can prove slander or harm done. Ms. Canales was fortunate. Someone, for some unknown reason cloned her page, but apparently only wanted to be her online for a while. It could have been much worse. The could have posted anything, and if people believed it was her, it would have impacted her reputation, her employability, possibly her continued employment. It's important to keep an eye on what's going on with your name online. For most people it will never be a problem. For others, constant vigilance can catch bad things before they blow up. Speaking of blow-ups, next up is

Nestle, the unFanpage

Caroline McCarthy on CNET tells us about Nestle's Facebook Fiasco. It seems that Greenpeace, who has had a longtime fight with Nestle over environmental practices, ie the use of palm oil in Nestle products, encourages supporters to use altered Nestle logos for their Facebook pages. When Greenpeace discovered Nestle's Fanpage on Facebook, they encouraged people to tell Nestle exactly what they thought about using palm oil.

Nestle had created a Fan page. They were not ready for the reaction they got. Apparently in "OMG, how do I control this!" panic mode, the pages manager started deleting posts from the page if they had adulterated Nestle logos. In response to protests, they made the technically correct, but PR nightmare "we are protecting our trademark" statement. That made matters worse, and eventually Nestle apologized and quit deleting posts. Will Nestle see the negative feedback on it's fanpage as an important sign and removes palm oil from its recipes? Only time will tell, but given the current state of the Nestle wall, they may want to consider it.

Ford: First Online Road Devices

Or maybe First Online Road Death? That last is a little unlikely, but in the realm of possibility. Ford is bringing a new meaning to "mobile device," and adding to the list of web-enabled devices. With Microsoft, Ford developed Sync and started putting it in some Ford vehicles in 2008. Sync allows you to connect bluetooth phones or USB devices like MP3 players to your car and control them with voice commands. It's a really neat bit of technology, but Ford wasn't satisfied to rest on their laurels.

Kevin Spiess report on Neoseeker.com, "Ford to use Windows CE in some 2011 models." With the functionality of a full OS, Sync will become more powerful, offer more control options, and will provide wifi connectivity for web browsing when parked. As delivered from the factory the web browsing will only work when the vehicle is in park, but I figure about 2 weeks (or less) after the first wifi enabled Ford is delivered there will be a way to activate browsing while driving.

But as surprising and innovative as wifi enabling a car may be, what is more impressive is that Ford is thinking about security long before implementing wifi in the cars - both to protect users data and to protect the system from malware that might endanger the car and it's occupants. That's important since connectivity will include social networks and other high risk locales.

The security features are pretty decent. A hardware firewall between the engine computer and the entertainment computer is one nice thing. They can't totally separate the two because they need to share things like GPS data and highway speed, to name a couple of things. To help protect from malware Sync will only accept software from Ford, and it won't allow installation through the wifi connection. There are other features to keep your data safe in your car.

And the security doesn't just cover electronic assets. There are features that will make Ford vehicles with Sync unattractive to thieves, too. Engine immobilizer keeps the engine from turning over unless a coded key is used, and a keycode allows the car to be opened even if the keyfob is left in the car.

Ford is taking a lead position in bringing the automobile to the internet, and vice-versa. It will be interesting to see where this trend goes over the next few years.

Facebook, Twitter used to scam brides-to-be, vendors

This is an interesting tale. Setup a Facebook page, garner followers (real or not), get a Twitter account, and rake in the dough. These internet entrepreneurs created a facebook account and tweeted about a nonexistent bridal show, and sold upwards of 5000 tickets, plus getting booth fees from hopeful vendors and a free radiospot in exchange for a reduced booth rental. Not a bad scam. I first read of the scam on Ars Technica in an article by Jacqui Cheng.

It seems that almost $150,000 was scammed from attendees and vendors with this scam. The Facebook page is down, and the twitter account probably is, too. The bad thing is, short of calling the convention center to see if the event is really scheduled, I don't know how you could see through this scam. Maybe the fact that payment was taken through paypal? That's not really an indicator. I'm sure we'll see more about this, and more examples of similar scams in the future.