Software, Software Development and other Atrocities

The other day I googled my name. Most of the hits I got were expected. Information about me which I knew was searchable, because I had made the decision to make that data public previously. Some hits were from data aggregators showing profiles made up with data taken from various other websites. All of these were wrong of course having taken data without my consent (although that data are public I haven't agreed for them to be used by another website) and without me verifying its accuracy and quality. These aggregators mix data that is mine with data from people with similar names. The result is of course an unreliable and unethical source of information. This isn't good, is it? Anyway, even if I don't like this I was kind of expecting this kind of links.

There was however one hit (on the 5th page) which was completely unexpected. It was a link to a Facebook Music Application Page saying that I had "claimed" a song on a specific date 2 years ago. The music website appeared embedded within Facebook, similar to what would appear if I logged into my Facebook account. But I hadn't logged in. What worried me more though were two things:
1. It showed my Facebook Profile Picture, which I had made private to my friends only.
2. It stated that I had "claimed" the song and that I had been the first person to "send the song".

Why am I worried?

1. I had previously checked all my privacy controls on Facebook and made sure everything I wanted private was private. I missed something obviously.

2. My Facebook Profile Picture is a photo which I uploaded on Facebook, not on this second application/website. This photo is not public is private. And this application is displaying it to everyone. Even if I had set my photo to "public", meaning everyone within and outside Facebook can see my picture, it would be my "Facebook Photo" not my "Music application within Facebook Picture". This change of context is misleading.

3. I never "claimed" or "sent the song". What I did is to build a list of songs I liked from a broader list offered by the application. In other words I created a playlist with songs I got from the application. I never knew if I had been the first to pick a song, I never cared. What I know is that I didn't want to "claim" anything let alone being tagged as the one who "sent the song". When I built my playlist I was not aware of these "other" things I was doing. The application never gave me a clue. Or maybe nothing happened in that version of the application until someone decided to change it to add new events. So now it uses a different wording to categorise the actions I did when they were called differently. The change of wording is misleading.

What did I do?

I removed the application from Facebook.

Was any of the information displayed by this music application inappropriate or embarrassing?

No, no personal embarrassing information here. I would've not minded this information to be made public had I actually done what it said I did and been informed previously. This information was not true and taken out of context. It was just frustrating to see how I can easily lose control over my data.
Stuff to read about privacy:
Nissenbaum, (1997) “Toward an approach to privacy in public: the challenges of information technology,” Ethics and Behavior 7(3) , pp. 207–219.
Nissenbaum, H. (1998), “Protecting Privacy in an Information Age: The Problem of Privacy in Public,” Law and Philosophy, 17, pp. 559-596.
Regulating the Use of Social Media Data

You may have read (a lot) about online privacy recently, privacy on social networks and web applications that feed or are fed by social networks. I am also a user of those networks and hear/read what people are saying. People are either, ignorant or panicking, afraid of the unknown, unable to control what is happening to their data or at least not knowing if the controls they apply actually work. Being technology literate myself I sometimes doubt if my data are safe out there, I am concerned too. So I thought about blogging about this. This is what is happening, from my point of view anyway.

With the rise of web2.0 technologies (and open source) the ways in which people engage with technologies have changed profoundly. This includes techies and normal users :) Now techies can easily create applications in no time. They can access sources of information through APIs and create networks of interconnected applications (mashups, widgets, APIs, Atom Feeds, etc) Normal users have acquired new powers as now they can also create content by using the applications techies develop. Users have come in the millions to create their blogs, wikis, open accounts in social networking sites, buy online (e.g., eBay, Amazon), read the news, watch videos, etc. In all these places users enter their information, trusting it will be kept safe and private.

Because now users have so many accounts here and there (some of which they forget about), application providers have thought of ways to interconnect those applications and help users to manage their information (ha, although “help” might be in their minds I think their main aim is to make more profit out of those interconnections and to make the web into a super massive web).

A hypothetical example is, to tweet from another site that I just added Filemón as a friend or that I just tagged myself as social software fan. For that I would need to access my Twitter account while being connected to the first site.

To do this, exchange of information is necessary between these applications, and at least the user is (hopefully) aware that there are two applications there. There are other cases where this isn’t clear. When within an application one accesses other (external but which look internal) applications which pick up our information. For example a music application where we select the songs we like and share them with our contacts in a social networking site. That music application might have their own website, accounts, etc. and our data taken from the social networking site, although we may have never opened an account with them.

What do they do with our data is unknown at least to the lay person. Actually, most people are not even aware that there can be other applications collecting information about them when they are just using the one application they know. And if to all that confusion we add the (legal but unethical?) aggregation of (private) data without users’ consent we get a complete mess of data and application interconnection. A mess that of course the techies can understand, and even people like me find promising in terms of potential for development of the semantic web for example.

But what do normal (semi-technology-literate) users think? People get lost in the mess and do two things:
Well, the mess is such a messy mess that people start fearing it. We fear what we do not understand. We fear what we cannot control.
Or people just do not care, or over-trust, or are so ignorant they are not aware of any problem. They use the web and disseminate their data with little care. They publish their photos, their contacts, their address, PEI (personal embarrassing information) etc taking lots of risks like identity theft, being exposed to people they do not want to (boss) and loss of privacy.

My advice to people in general is to be careful about where they go online and the kinds of content they upload there. Trust only sites where you have control over your data and its privacy.

But this is not about telling people: if you want to be online you have to be public. Or put in other words, that "privacy is dead." That is wrong and stupid. My hope is that online providers (hey Facebook!) start taking privacy issues more seriously. Not limiting it to the technical (yeah, (.) private ( ) public options are not enough, privacy is not a boolean variable) but considering the human and social aspects of it, by learning how people deal with their privacy off and online, and by understanding the implications that making assumptions and getting privacy wrong has on people and societies. (hmmm, " public" by default is wrong!) Because the data that they have, is not only data, is information about people and their lives, data is people.

I think it is going to be a s-l-o-w process, creating laws, enforcing laws, creating awareness and learning to be careful online. All that while technologies develop at the speed of light, difficult but not impossible.



Note: I think data aggregation is a good thing, when it is regulated, when trusted sources are used and when owners of data are aware of who and what people are doing with their data, and when users can, if they decide, stop sharing it with some applications or everyone. Aggregation of data and the semantic web can help content be more accessible, organised and therefore useful. But if you don't do it right you can misslead people, violate contextual integrity, threaten privacy and more. I wrote about that here.



Something extra to read:
Howard, A. (2010) Online privacy debates heat up in Washington. O'Reilly Radar
(2010) IT privacy campaigners celebrate. BCS
Don't share things you don't want people to discover