I actually started this post a long time ago, but the real world intervened and I never got to publish it. Looking back over the past weeks, it probably makes more sense now than ever — so here goes.
When you work with mobile and social applications as I have, “privacy preservation” is a term that invariably rears its ugly head. Location-based services? Oh, users won’t like others knowing where they are — its stalking. Health alerts?? Oh, this is sensitive data — we can’t clear HIPAA? Peer-to-peer ad hoc networking? Oh no — I don’t want some stranger nearby to see my personal photos or know what music I listen to. And so, as technologists, we pare the features down and overload the configuration settings till the user either feels underwhelmed by the utility or overwhelmed by the maintenance.
That said, we are now seemingly in a stage where the notion of privacy becomes fuzzier. Services like Twitter, Gowalla and Foursquare are promoting “voluntary disclosure” of information by users — to perfect strangers. Privacy is typically a simple cutoff-switch — be public and share your data, or be private and manually-oversee who you share data with and when. And if the statistics are to be believed, Foursquare is catching on and Twitter is going strong with an annual growth rate of over a thousand percent. And services like this are becoming the underpinnings of a new slew of social presence, sentiment mining and analytics applications that openly seek to share, slice and dice the data — exposing hidden traits and increasing the visibility of personal data through contextual or domain-specific interfaces.
And as expected, with popularity came paranoia. We’ve all seen the buzz created by PleaseRobMe — a site that rebrands location updates as an indication that the user is not home. Of course, this conveniently forgets that (a) one person checking out doesn’t mean the house is empty, (b) its common practice for the working population to be outside of the home during work hours — so is every working man a candidate now? and (c) since robbery requires physical proximity, it would be so much easier to just watch for people to leave.
But its (IMO) flashy sites like this that give privacy a bad name and mask the more important issues. Personally, I find it more interesting that companies mine social data (including blogs like this one) to profile users discreetly and track their interests. And translating limited social interaction data into a concrete user identity may not be too difficult either as this hack shows. A recent report indicated that phone carriers could potentially determine your exact location (and intent) simply from cell traces and the patterns of activity they indicate.
So, what can we learn from all this? I think there are two key insights here.
- Don’t underestimate the user. Users will disclose information voluntarily if they see a value to that disclosure. And, disclosed information is better that inferred profiles. As Dennis Crowley of FourSquare puts it, “The data set that people want you to have about them is better than things that are collected passively about them.”
- Replace preservation with pragmatism. As Scott Nealy famously said, “Privacy is dead. Get over it.” With sufficient effort and computing power, it will always be possible to find some relevant information about any person in any context. No one device or application can ever assert complete control over the information dissemination ecosystem. Perhaps a new way to think about these things is to proactively make users aware of the potential penalties associated with different data-sharing actions always assuming that information will go public. Put users in control of disseminating the data rather than in fear of an involuntary or out-of-context disclosure.
In the digital world, just as in the physical one, we should always hope for the best but be prepared for the worst — and let the market decide the policies through their actions (or lack thereof) in using the related applications or services.