This Week in Privacy

This week was an interesting one in terms of privacy, and there are some great writeups for 2 of them:

  • Sex Baiting Prank on Craigslist Affects Hundreds – Gordon and I came up with most of the headline for this (ours was a slightly more gripping “Sex Baiting on Craigslist Destroys Lives” – now, if I can get a nickel for each time someone uses sex baiting). The mechanics of this is pretty simple and doesn’t differ much from phishing or 419 scamming (using fraud to engage victims) except that instead of financial gain, the main goal seems to be hurting other people. I believe of all the commentary the best description is that of sociopath (one interested only in their personal needs and desires, without concern for the effects of their behavior on others). Like Andy, I think that some of the immediate effects will be a profound change in how communities treat the way they interact with strangers over email (a good thing), but I fear that in the long-term this will only contribute to continued degradation of the norms of our expectations of confidence when interacting with individuals (ie JigSaw, which a few years ago would have been a parody-dotcom not a real site)
  • Facebook’s “Privacy Trainwreck”: Exposure, Invasion, and Drama – danah writes up her thoughts on the Facebook changes and subsequent backlash with her regular keen insight and spot-on metaphors. Cam’s write-up earlier this week mentions that Upcoming.org (that’s us!) introduced a similar feature at the beginning of the year to much less fuss. That point wasn’t lost on me when I first saw Facebook’s announcement, the differences in implementation help illuminate what’s at the crux of the backlash. The primary differences with our Activity Log is that 1) this information isn’t displayed globally on profiles, but serves as a personal tool only on the dashboard, which I believe has an effect on comfort levels and more importantly (and to Cameron’s point) 2) the information we display is either point-to-point (notifications of a message, etc.) or information that is not only expected to be public, but central to the point of the site (comments/attendance of an event you’re watching, etc.). It’s not a technical issue to show changes to profiles, group membership changes, etc., but it’d be “icky”, largely irrelevant, and a disservice to the community.

One other privacy story that hasn’t gotten as much play is the HP boardroom scandal (“pretexting aka social engineering aka lying; more ongoing) which actually ties very closely to the sex baiting in terms of MO, but because of its more traditional context perhaps isn’t as controversial. We’re not talking about any changes in actual/perceived social architecture, just business as usual.