Blown To Bits

Archive for the ‘Social computing’ Category

A File With 100 million Facebook Users’ Data

Wednesday, July 28th, 2010 by Harry Lewis

So some clown, sorry, security researcher has done a scan of every Facebook profile his robot could reach and assembled a file of all their public information, and posted it for download. 100 million profiles.

I could have done it. You could have done it. No need to bother, though, because Ron Bowes did it for you.

This is one of those things that is not a technology story. It’s an ontology story, or a spiritual story, or something.

Facebook reports that it’s all public information, public because the users wanted it public. So there is no news here, in their view.
“No private data is available or has been compromised,” as they say. And they are correct technically. Why is it creepier to have your data in a file with 99,999,999 other profiles, on everybody’s laptop, when the same information about you would have turned up in a Facebook query, or a Google search for that matter? Public is public, right?

The aggregation sure makes it feel different. But that is a matter of feelings, and Facebook’s response was written by its legal team. For lawyers, everything is a binary. Things are either black or white. But privacy has lots of grey.

The Telegraph has a good report on it.

Oh Dear, A Windows Messenger Privacy Mess

Tuesday, June 29th, 2010 by Harry Lewis

In the world of social media, it is hard to get the privacy defaults right, because the whole point of social media is to connect with other people. So you want to make that easy, so people don’t have to fight the system. And of course there is a network effect so the designers tip toward connecting more people to each other rather than less, where there is a choice. They don’t always get the design right, as the Google Buzz fiasco showed.

But then things happen that are just bugs, or unanticipated reactions between multiple databases and applications. In which category it seems the current problem with Microsoft Messenger falls. InfoWorld explains it thus:

Consider this sobering scenario: You and your boss use Windows Live Messenger (or MSN Messenger or Windows Messenger) to keep in touch. One day, you get a job offer from Snidely Whiplash at a competing company across town. You and Snidely have a brief IM conversation, using Messenger. Innocent and private, yes? Well, no.

The next time your boss logs into Hotmail — not Messenger, mind you, but Hotmail — your boss glances at the initial Hotmail screen and sees that you and Snidely have become “friends.” That’s what the notice says: “Woody Leonhard and Snidely Whiplash are now friends.”

Or think wife and girlfriend, instead of boss and competitor. Any two people with whom you are IM’ing who should certainly not be made aware that they are both part of your social circle.

This problem persists no matter how you have the privacy settings set. It’s the sort of high-stakes privacy glitch that undermines people’s trust in the entire Internet. Who knows what will go wrong with the next release of your favorite communications app?

The Power of Social Networking

Thursday, May 27th, 2010 by Harry Lewis

I must come across as a grump about social networks since I have complained about the Facebook privacy issues so much lately. Today I am happy to share a, well, happy story.

Faithful readers may remember my blog post about Dan Reetz, the genius of the Do It Yourself book scanner. Two friends passed on this Newsweek piece about how he used Metafilter, a community blog, to marshall help for two young and naive Russian women of his acquaintance who were, almost certainly, being lured into a sex trafficking ring in New York City. This was a hard one for the social web to respond to, because the women refused to accept help. Someone on Metafilter volunteered to take the women in and persuaded them to hang out at her place rather than meeting a mysterious person at a shady night club to work as “hostesses.” Money appeared too. It’s the sort of story that restores your faith in human nature, and the potential of the Web to concentrate and focus it as a force for good.

Dan is, by the way, on his way to a job working for Disney Research, which is just perfect. He is creative and fun and just cool, a good old-fashioned artisan-engineer-artist. Here is another summary of the story.

Privacy and Knowledge

Tuesday, February 23rd, 2010 by Harry Lewis

I am giving a talk with that title at Cornell on Thursday. It will be livestreamed at 4:15pm—details here. Thursday morning I am giving a talk on an earlier book, Excellence Without a Soul—that too will be livestreamed if anyone is interested. Same link.

Class Action Against Google Buzz

Friday, February 19th, 2010 by Harry Lewis

A Harvard Law School student has filed a class action lawsuit against Google for Buzz’s privacy violations. The student, Eva Hibnick, says “I feel like they did something wrong,” which is surely true but probably not her best lede. “The document cites the Federal Electronic Communications Privacy Act, the Federal Computer Fraud and Abuse Act, the Federal Stored Communications Act and California common and statutory law,” says ABC News. The kitchen sink, in other words.

The Electronic Privacy Information Center has already complained to the Federal Trade Commission (see here for EPIC’s press release, with a link to the complaint itself). This lawsuit seems like overkill, no matter how mad people are, given the risks we’ve written about elsewhere of stretching any available law to make a club with which to attack a technological innovation.


I was on the Callie Crossley Show on WGBH radio in Boston yesterday giving Google a piece of my mind about Buzz. But I was gentle compared to Callie herself. You can hear the short segment here.

Google Smartly Changes Its Mind

Monday, February 15th, 2010 by Harry Lewis

Google yesterday reversed the crucial error it made when it rolled out Buzz. It decided not to initialize the service to follow your email correspondents, but simply to show those people to you as suggestions. In other words, you now have to opt in to following people, rather than opting out if you don’t want to follow them.

Bravo. You can pick at the edges–the company responded at first just by making the opt-out clearer, and didn’t go to opt-in until it realized that the first change wasn’t making the tidal wave of criticism any less powerful. But all things considered, this is a very professional response to a very serious self-inflicted wound.

The Toyota analogy I mentioned earlier sticks in my mind. Was there something in their management structure that allowed this horse to get out of the barn? Will there be some mistrust of Google now, some greater awareness that the company never guaranteed Gmail users absolute privacy in the first place and that it retains the right to make commercially advantageous use of their data?

What Was Google Thinking?

Saturday, February 13th, 2010 by Harry Lewis

Sigh. It is so sad to see Google lurch from doing the wrong thing (helping the Chinese thought control regime) to doing the right thing (announcing they’d rather lose the business than keep censoring in China) to doing a spectacularly wrong thing: The much-hyped Buzz social network service sets up your initial group of contacts from the list of people with whom you’ve been exchanging email and instant messages. And then makes that list of contacts public to the world. So lawyers could be exposing their clients, doctors their patients, husbands their mistresses, journalists their tipsters, you name it.

Buzz is an opt-out service–you’re in it until you tell Google you want to be out. And it is hard to get out (though in the past few days Google has, in response to the furious reaction it’s gotten, made the instructions a bit more visible). Even if you get out of Buzz, however, your secret lover may be exposing you. Happy Valentine’s Day!

This reminds me of Facebook’s Beacon fiasco, in which the company did not think through the consequences of having members announce to their friends what they were buying. Except worse, because ANYBODY knows that your email contacts are private information. How could Google not have had this pointed out to them in some focus group? For that matter, don’t they employ some house skeptics who are there just to point out the kinds of flaws that lots of bloggers pointed out almost immediately after the product was released?

Google’s response, according to today’s New York Times, is that a lot of people like the way it works. Which I am sure is true, and is a reason why big industries get regulated. The interests of minorities, no matter how serious, are not as important as providing the majority a product they like. Except that this time it looks like Google miscalculated the size of the minority of people concerned about their privacy, and the intensity of their feelings. I hope Google, like Toyota, is doing some soul-searching about how they got into their current pickle.

Thanks to danah boyd for pointing me to this excellent post from a lawyers’ blog explaining and analyzing the privacy problem and giving specific instructions about how to turn Buzz off. Very much worth a read.

A Case of Mistaken Identity, with a Postscript on Encryption

Saturday, January 16th, 2010 by Harry Lewis

The Associated Press reports a strange case in which a Facebook user logged into her account from her cell phone and wound up in someone else’s. Except it turns out that though strange, it is not unprecedented. A couple of people even wound up in each other’s accounts.

It’s a little hard to figure out what is going on, but it seems that the wrong cookie (code identifying the Facebook account) got installed on the user’s cell phone. According to the story, it’s AT&T’s fault, though it is hard to be sure since all the cases involve not just the same carrier but the same web service (Facebook) and the same Nokia phones. If, as reported, it’s a bug in AT&T’s cell-phone-to-Internet connection, it’s easy to imagine that a user might be taken to another’s Gmail account in the same way.

If the connection had been encrypted, that would probably have prevented the cookie bug from doing any harm. But Facebook does not use encrypted connections.

Which reminds me of something I should have mentioned earlier. In what was already a good week for Google on the privacy front, because of its announcement that it would stand up to the Chinese censors, Google announced in a much less publicized blog post that it was going to enable https by default for Gmail. That is, up to now, your Gmail has flowed to you in plaintext, available for sniffing and snooping anywhere in the Internet. There was always a way to change that default and have your Gmail encrypted, but it took a little digging to find the check box and few people bothered. The disadvantage to Google in making encrypted email the default is that the encryption takes time, so Google had to upgrade its systems, costing them money. Now they have decided to to exactly that, and once again, good for them!

Added a little later: The betting in the Slashdot comment thread is that it’s simpler than the AP story suggests. As one comment says,

My guess is that it’s as simple as this: the http returned by a request to “” was cached by AT&T and delivered to other users who attempted to fetch that URL in an attempt to save bandwidth. The login credentials are irrelevant… once AT&T cached the page it thought of as “” it would deliver it to anyone who asked for that URL. It probably only changed for the next person because someone insisted on logging out and back in, and the caching server detected the change then re-cached the NEW user’s page. This used to happen a lot on the internet to unencrypted streams that allowed log-ins. These days most caching servers are properly configured, but it’s still an easy mistake to make if you’re setting up a caching proxy.

That is, sometimes an ISP will cache (keep its own local copy) of a web page it retrieves from a server so the ISP can deliver it to multiple users who may request it without going back to the server for a fresh copy each time. Obviously this is the wrong thing to do if there is any possibility that the page may change in an important way in between requests that the ISP is receiving. Perhaps it was just delivering one party’s version of “” (a logged in page) to another user who also asked for “”. Whatever it was doing, it was wrong! And reminds us that nothing in a distributed system ever works better than the poorest code that gets invoked. Even retrieving a web page involves lots of parties.

Foursquare Meets Harvard

Wednesday, January 13th, 2010 by Harry Lewis

While preparing a talk about privacy yesterday, I wanted to cite an example of a commercial service that lures people into surrendering their location information in exchange for social connectivity, restaurant recommendations, and the like. I was planning to make the point (and did, when I gave the talk at the HELIN conference today) that location information has cash value, and there are a variety of business models based on getting people to give it up for free and then cashing in on the data that gets collected.

Nothing wrong with this in principle, as long as people understand what they are giving and what they are getting. They are getting connectivity and exposure and recommendations, and they are giving data about the places they go, perhaps not just to the social network but to the business partners of the for-profit corporation that is running it.

In any case, forgetting the names of these networks, I did a little searching and then settled on foursquare as the example I would use. “Check-in to find your friends, unlock your city,” says the site, and the front page then gives a rolling report of what the site members are doing and saying, for example, “Jim N. in DeKalb, Illiois became the mayor of Caribou Coffee.” You can click on the name of the member (player, really) or the establishment to get more information about either. As the site explains,

People use foursquare to “check-in”, which is a way of telling us your whereabouts. When you check-in someplace, we’ll tell your friends where they can find you and recommend places to go & things to do nearby. People check-in at all kind of places – cafes, bars, restaurants, parks, homes, offices.

You’ll find that as your friends use foursquare to check-in, you’ll start learning more about the places they frequent. Not only is it a great way to meet up with nearby friends, but you’ll also start to learn about their favorite spots and the new places they discover.

Not just your friends, either. Just watch the latest check-ins scroll by on the foursquare home page, and you will get lots of interesting tidbits about lots of people. I was starting to groan about the usual privacy questions—who owns the location data, how long does foursquare hold it, how hard will it be for an unhappy spouse or employer to get hold of it, can the company sell it to business partners—when I moved on to work on the next slide.

And then I woke up this morning to discover that foursquare had cut a deal with Harvard University. As Harvard’s official organ, the Gazette, explains,

The service, which is accessible from smartphones and other mobile devices, enables students and visitors to explore the campus and surrounding neighborhoods while sharing information about their favorite places.

The Gazette goes on to proclaim that we are #1: “Harvard is the first university to use foursquare to help students explore their campus and surrounding places of interest.” (Maybe we should take pride in this, though UNC Charlotte claims to be the first university to use foursquare, for a somewhat different purpose. Years ago, when Harvard fell to #2 in the US News rankings, our humor magazine pointed out that this was a good thing, as it would teach us humility, and we should strive to be #1 in humility as we are in everything else.)

Having spent many an afternoon over the past year in information security meetings, where the University has been developing policies and standards for how information about our students may be accessed, stored, and moved, I immediately started wondering whether Harvard had somehow signed onto a deal to encourage students to surrender their privacy, and if so, who was the commercial beneficiary. The Gazette story doesn’t mention data privacy at all. It simply has a Harvard spokesman echoing foursquare’s utopianism.

We believe that Harvard’s participation will allow our community to engage with friends, professors, and colleagues in new ways. We also hope visitors and neighbors will benefit from the platform as it grows through use.

So visiting high school students and Chinese tourists are apparently also the intended “beneficiaries” of this “service.”

As Hal Roberts of the Berkman Center pointed out when I asked him about this story, foursquare’s privacy policy is pure boilerplate:

We receive and store certain types of information whenever you interact with our Service or services. Foursquare automatically receives and records information on our server logs from your browser including your IP address, cookie information, and the page you requested.

It goes on to explain how they aggregate this data and analyze it, and how they won’t disclose it in a way that would identify you personally. Only problem is, the privacy policy doesn’t mention the really private information foursquare collects—the location information. That simply isn’t covered by any of the boilerplate. So they can do what they want with it, without asking. Moreover (and thanks to doc searls for pointing this out), foursquare explicitly says that they may sell that information, and even if they don’t, the company will pass it on if it gets acquired. And that by signing up, you are acknowledging that you understand all that.

Business Transfers: In some cases, we may choose to buy or sell assets. In these types of transactions, customer information is typically one of the business assets that is transferred. Moreover, if Foursquare, or substantially all of its assets were acquired, or in the unlikely event that Foursquare goes out of business or enters bankruptcy, customer information would be one of the assets that is transferred or acquired by a third party. You acknowledge that such transfers may occur, and that any acquirer of Foursquare may continue to use your Personal Information as set forth in this policy.

It’s a free country. If people think it’s fun for people to know where they are, and they understand what they are doing, by all means they should go for it. I am not a killjoy.

But I am puzzled that Harvard wants to encourage this behavior—that it has somehow analyzed the social benefits and the evident commercial interests and privacy risks involved here, and has come to the conclusion that on balance it would be a good thing if a lot of students signed up.

I hardly dare wonder if Harvard itself might have a pecuniary interest in the success of the partnership. I hope not, and that it has simply seen great benefits to the community—and few risks. I would love to know more.

Added January 14: Perry Hewitt, who is quoted in the article, wanted to be clear that there is no “partnership” (as I called it) between Harvard and foursquare. Harvard is simply a foursquare “presence”—as it would be anyway, whether Harvard formally cooperated or not. By allowing foursquare to create a Harvard badge, Harvard is simply making more convenient something people would be doing anyway. I am grateful to Perry for getting back to me and clarifying these points.

Checkmate by World of Warcraft

Saturday, January 2nd, 2010 by Harry Lewis

World of Warcraft (WoW) is a huge online fantasy war game, with more than ten million accounts. Here is a nice holiday-weekend “bits” story: a man with an arrest warrant out on him in Indiana for two years on drug charges has been arrested in Ottawa, Canada. The crucial information as to his whereabouts was provided by Blizzard Entertainment, the game company that runs WoW. As Matt Robertson, the investigator in the county sheriff’s department, tells the Kokomo (IN) Perspective,

“You hear stories about you can’t get someone through the Internet. Guess what? You can. I just did. Here you are, playing World of Warcraft, and you never know who you’re playing with.”

Robertson seems to have take a lot of small steps to put the story together. A childhood friend of the suspect said he had moved to Canada — good to know, of course, but making many of the standard law enforcement protocols useless. Somewhere along the line a tip came in that he was a WoW fan, so the investigator sent a subpoena for the suspect’s records — a transnational subpoena with no legal force at all.

“They don’t have to respond to us, and I was under the assumption that they wouldn’t,” said Roberson. “It had been three or four months since I had sent the subpoena. I just put it in the back of my mind and went on to do other things. Then I finally got a response from them. They sent me a package of information. They were very cooperative. It was nice that they were that willing to provide information.”

That information included the suspect’s IP address, in particular. From the IP address Robertson got the latitude and longitude (here is one site that will do that for you) and then used Google Earth to home in on the neighborhood. He couldn’t quite get to the street address that way, but close enough that Canadian authorities did the rest.

So just remember that. In a multiuser game you can think of yourself as living out of time, out of space, and out of your own skin, but you aren’t. Someone knows a great deal about you, and might even be willing to answer a polite request to reveal it.

Which may be what we actually want. Or is it?