Software, Software Development and other Atrocities

You may have read (a lot) about online privacy recently, privacy on social networks and web applications that feed or are fed by social networks. I am also a user of those networks and hear/read what people are saying. People are either, ignorant or panicking, afraid of the unknown, unable to control what is happening to their data or at least not knowing if the controls they apply actually work. Being technology literate myself I sometimes doubt if my data are safe out there, I am concerned too. So I thought about blogging about this. This is what is happening, from my point of view anyway.

With the rise of web2.0 technologies (and open source) the ways in which people engage with technologies have changed profoundly. This includes techies and normal users :) Now techies can easily create applications in no time. They can access sources of information through APIs and create networks of interconnected applications (mashups, widgets, APIs, Atom Feeds, etc) Normal users have acquired new powers as now they can also create content by using the applications techies develop. Users have come in the millions to create their blogs, wikis, open accounts in social networking sites, buy online (e.g., eBay, Amazon), read the news, watch videos, etc. In all these places users enter their information, trusting it will be kept safe and private.

Because now users have so many accounts here and there (some of which they forget about), application providers have thought of ways to interconnect those applications and help users to manage their information (ha, although “help” might be in their minds I think their main aim is to make more profit out of those interconnections and to make the web into a super massive web).

A hypothetical example is, to tweet from another site that I just added Filemón as a friend or that I just tagged myself as social software fan. For that I would need to access my Twitter account while being connected to the first site.

To do this, exchange of information is necessary between these applications, and at least the user is (hopefully) aware that there are two applications there. There are other cases where this isn’t clear. When within an application one accesses other (external but which look internal) applications which pick up our information. For example a music application where we select the songs we like and share them with our contacts in a social networking site. That music application might have their own website, accounts, etc. and our data taken from the social networking site, although we may have never opened an account with them.

What do they do with our data is unknown at least to the lay person. Actually, most people are not even aware that there can be other applications collecting information about them when they are just using the one application they know. And if to all that confusion we add the (legal but unethical?) aggregation of (private) data without users’ consent we get a complete mess of data and application interconnection. A mess that of course the techies can understand, and even people like me find promising in terms of potential for development of the semantic web for example.

But what do normal (semi-technology-literate) users think? People get lost in the mess and do two things:
Well, the mess is such a messy mess that people start fearing it. We fear what we do not understand. We fear what we cannot control.
Or people just do not care, or over-trust, or are so ignorant they are not aware of any problem. They use the web and disseminate their data with little care. They publish their photos, their contacts, their address, PEI (personal embarrassing information) etc taking lots of risks like identity theft, being exposed to people they do not want to (boss) and loss of privacy.

My advice to people in general is to be careful about where they go online and the kinds of content they upload there. Trust only sites where you have control over your data and its privacy.

But this is not about telling people: if you want to be online you have to be public. Or put in other words, that "privacy is dead." That is wrong and stupid. My hope is that online providers (hey Facebook!) start taking privacy issues more seriously. Not limiting it to the technical (yeah, (.) private ( ) public options are not enough, privacy is not a boolean variable) but considering the human and social aspects of it, by learning how people deal with their privacy off and online, and by understanding the implications that making assumptions and getting privacy wrong has on people and societies. (hmmm, " public" by default is wrong!) Because the data that they have, is not only data, is information about people and their lives, data is people.

I think it is going to be a s-l-o-w process, creating laws, enforcing laws, creating awareness and learning to be careful online. All that while technologies develop at the speed of light, difficult but not impossible.



Note: I think data aggregation is a good thing, when it is regulated, when trusted sources are used and when owners of data are aware of who and what people are doing with their data, and when users can, if they decide, stop sharing it with some applications or everyone. Aggregation of data and the semantic web can help content be more accessible, organised and therefore useful. But if you don't do it right you can misslead people, violate contextual integrity, threaten privacy and more. I wrote about that here.



Something extra to read:
Howard, A. (2010) Online privacy debates heat up in Washington. O'Reilly Radar
(2010) IT privacy campaigners celebrate. BCS
Don't share things you don't want people to discover