What you should not share online

​The social Web encourages sharing but sometimes we share too much. This post gives you an idea of what to look out for and, perhaps, what not to share.

I received an email from Nadya, a Canadian student, who is researching how people express themselves online and she posed a few questions which I answered in a recording. This is related to my previous post titled “What you can legally say on Twitter” which I published in the aftermath of the Oscar Pistorius tweetstorm. I go a little further than defamation and also talk a little about privacy concerns and content sharing. The important thing to bear in mind is that just because you are using the social Web to express yourself, it doesn’t mean that what you say and share won’t have very real consequences for you and people close to you.

Evolving privacy paradigms: Twitter, Facebook and Google+

I’ve been using Google+ for a few days now and despite being a “limited field test”, it has a brilliant approach to privacy. If you are unfamiliar with Google+, take a look at this introductory video:

At Google+’s core is the Circles feature. Circles offers users fairly granular control over their contacts and what they share with who. Circles are a little like Facebook’s Lists (don’t worry if you’ve never seen those, they’re not clearly exposed to users) and Twitter’s Lists. Using Circles you can allocate contacts to Circles like Family, Friends, Acquaintances and pretty much whatever you want to call the Circles. Google+ gives you a few read made Circles but you can create your own. Here is another video introducing how Circles works:

Setting up Circles takes a bit of work because you need to go through your contacts and add them to whichever Circles you want to add them to. The interface is really slick and easy to use, a little fun even. Once the Circles are set up you have the option of publishing content to specific Circles or even specific individuals and this is where the brilliance comes in (at least as I see it).

Before getting into Google+’s privacy paradigm, its a good idea to revisit the Facebook and Twitter privacy models. Facebook tends to push people to share more publicly. Its defaults for its products tend to be more public than private and Facebook has made a few glaring mistakes where they have gone too far. Whether it be due to enormous public outrage or an evolving sense of how to handle privacy issues, Facebook has improved its practices but most users seem to be unaware of or unconcerned with the more granular privacy controls. The average user has few friends on Facebook and probably doesn’t think too much about the publicity issues and certainly doesn’t bother with lists.

Facebook has similar functionality to Circles and, in one respect, goes a little further than Google+. Yishan Wong wrote a handy description of this in his recent post on Quora critiquing Google+:

In fact, Facebook allows you to do everything Google+’s “Circles” feature do, including post things only to specific friend lists. Further, Facebook’s selective posting feature is more advanced than Google+’s. Not only can you post information to specific Facebook Groups of curated friends, you can do more exclusionary posting than Google+

Despite the functionality being available on Facebook, few users actually use it and Facebook has pretty much buried it a couple layers down in the friends menus. That leaves many Facebook users left with a few choices:

  1. who to friend;
  2. what to share with those friends.

Unless you only friend people who you are genuine friends of or are related to on Facebook, you may find yourself having friended people who you may not be comfortable sharing all your content with so you may elect not to share everything. While this probably hasn’t stifled Facebook’s growth, the model has limitations based on its structure and users’ preference to share more personal stuff on Facebook.

Twitter, on the other hand, has two privacy/publicity options: public or private. Anything tweeted publicly is public and you have no legitimate expectation of privacy. Its a little like standing on a street corner shouting out to whoever may be passing by. The private option is a little like going into a room and selectively allowing people inside to hear you speak. Twitter also has a Lists function which you can use to categorize Twitter users you follow. I have a number of lists on Twitter which include Communications and Marketing people; people I consider to be influencers; as well as other lawyers using Twitter. You can create your own lists and include whoever you may be following into those lists. As with your updates, lists can be public or private. I have a couple lists which I have kept private because they are meant for me, not everyone else. Lists are handy for when you want to focus on a specific group of Twitter users. I may, for example, switch from my general Twitter stream to my Lawyers list to see what those lawyers are talking about rather than try to single out their posts in my general Twitter stream of more than 1 100 people who I am following at the moment.

On Twitter you have two choices when it comes to publishing content: either publish your tweets to all your followers or don’t publish the tweet (you also have an option to Direct Message people on Twitter but its a one to one messaging system). There is no granularity. This binary choice means you may be reluctant to share something you only want certain people to see. That limits how you use Twitter.

Circles borrows from the Facebook friends model and Twitter Lists. Using Circles you can limit your consumption and sharing to specific Circles or you can publish to the Public stream. Unlike with Facebook and Twitter you have quite a bit of control over who to share your posts with. In this example below you can see that I elected to share a post with people in my Acquaintances Circle, Sergey Brin and Robert Scoble. I also have the option of sharing my post with people in my Acquaintances list by email (they are not yet using Google+).

Google+ post with share options

Privacy is about secrecy and about informational self-determination (being able to decide how your information is distributed and manipulated). Jeff Jarvis made the point that if you engage in a social network, the point is to share so privacy as secrecy is less of an issue. On the other hand, the other aspect of privacy becomes even more important because you want to be able to decide who can see what you share. The level of control Circles gives users may alleviate any anxiety about sharing stuff intended for a limited group of people. I prefer to limit visibility of my photos of my children to friends and family and its one of the main reasons why I am fairly selective about my Facebook friends. On Google+ I can share those photos with friends and family in one post and publish an interesting link or a few thoughts completely publicly in the next post. I have more control over who gets to see my posts. Moreover, users also have pretty granular control over their Circles’ visibility (apologies for the cross-linking, I wrote about this aspect of Google+ privacy on my personal blog). This level of control makes Google+ far more attractive to users as a candidate for the one social network for all contexts.

Google has said that Circles are based on real-world interactions in that we tend to segment our contacts contextually. We have colleagues, friends, family, hobbyists and so on. Circles creates the infrastructure to recreate those contextual groups in a social networking environment. It is also important to bear in mind that Google+ is the latest and most publicized of a number of updates Google has rolled out and will be rolling out to make the Google ecosystem itself a social platform. Google+ is also still in a limited field test and isn’t open to the public just yet so it remains to be seen whether it will gain traction with mainstream users. Regardless of whether it does attract a large userbase, Google+ has demonstrated a very different privacy paradigm which addresses many of the criticisms levied against Facebook in the past.

Looking to the left of copyright

I just watched a terrific video interview with Neil Gaiman in which he talks about his experiences with what some may consider piracy on the Web. His story is not new to me and a number of popular authors and artists have had similar experiences including Paulo Coehlo and Nine Inch Nails. The story is usually about an author or artist who releases his or her works on to the Web under a liberal licensing scheme or comes across pirated copies of those works on the Web. The result is often counter-intuitive: an increase in sales and popularity.

As an author or artist your work is your livelihood and the conservative approach is to restrict access to the work by reserving all rights under copyright law and clamping down on infringements. There is a lot of merit in this approach, for sure, but there are also a number of opportunities for those creators who are courageous enough to try something a little more open. Options include using Creative Commons licenses, more accessible purchase options and pricing strategies. I found Gaiman’s experiences in Russia to be particularly interesting. If I remember correctly, Coehlo had a similar experience in Russia, a country associated with music piracy websites and a disregard for copyright law.

Copyright law was originally and is still intended to foster creativity. What we find, in practice, is that Big Media (my term for the international music and movie industry) is engaged in a cold war against new business models and copyright infringers and, almost in keeping with George W Bush-style rhetoric, have made the choice consumers have one between supporting an aging and increasingly ineffective business model and supporting the “terrorists” (these people may be actual terrorists or something similar from Big Media’s perspective). Copyright law is currently being used to stifle creativity, frustrate consumers from legitimately purchasing content they want (the licensing limitations on music, movies, tv series and books which we see through iTunes Store and Kindle books availability is a manifestation of this approach) and manipulate governments to implement draconian penalties through draft treaties like ACTA.

This is not an argument against copyright law but rather its application by vested interests that are often at odds with creators’ interests. Content creators would do themselves a disservice by not exploring alternatives to the conventional model (sign with a label, publisher or equivalent body) and making informed decisions about what would be in their best interests as creators and business people. Rather than being intent on stealing content at the first opportunity as Big Media would have us believe consumers are (this characterization sounds a lot like racist rhetoric we have come across in South Africa), I firmly believe that consumers want to pay for content but it has to be at a reasonable price and through a convenient outlet. In the case of music, movies and tv series, that tends to be downloads for many people. When it comes to books, it is increasingly ebooks from Amazon or elsewhere. Those consumers are who this content is intended for.

So called copyleft options make content more accessible consumers. Think about it.

Facebook’s sleight of hand with Groups and profile information downloads

Facebook announced a number of changes on the 6th which signified a privacy and personal information control about-turn by the biggest online social network on the planet. I previously commented that Facebook has become something of a privacy fiend recently. Why did I say this? Here are a few reasons and approaches that concerned me from a privacy perspective:

  • Facebook makes determinations how users should be sharing their information or what the current trends are;
  • It then changes its privacy policy and terms of use to achieve these perceived changes to how personal information is handled; and
  • Facebook then opens users’ personal information up by default to align with its determinations of what the trends are or how it believes we should handle our personal information.

Since then, Facebook changed how much control users have over how much of their profile information is shared on the site by improving the privacy settings page. This was a welcome change coming on the heels of its latest push for even greater publicity.

Profile information downloads

Facebook’s announcements yesterday included two pretty substantial features or products. The first is a new feature which enables users to download all (everything except what users may have removed from their profiles beforehand) their profile information. This includes messages, updates and content. The feature will apparently compress everything into a zipfile and make it available for download. If you happen to use Facebook as your photo sharing website this could work out to a fair sized file (I am not sure if you can pick which categories of data to export). This is a good feature and it addresses one of the complaints about Facebook, namely that it has been very difficult to get your profile data out of the site. That said, Facebook still hasn’t made it easy for users to readily export their profile information to another social service as a data stream (I stand to be corrected here but I haven’t seen options like this in my profile).

New Facebook Groups

Another new product which Facebook announced, with much excitement, is a new Groups product (All Facebook has a terrific post about Facebook Groups which you should take a look at). This is a complete rewrite of the old Groups and is intended to help users segment their Facebook friends better according to social groups. Groups is also the most controversial of the new features/products. It is designed to replace the underutilized list functionality which Mark Zuckerberg said most users just haven’t taken advantage of as well as a way to create more specific communities of interest which are analogous to groups we have seen on services like Yahoo! Groups and perhaps even Google Groups.

While much was said about how Facebook Groups will enable users to better keep in touch with their friends, contextually, people who have started to encounter the new product have complained about how they are being included in Groups without first opting in to the Groups in the first place. As I understand the new Groups product, the underlying algorithms and/or group creators’ friend selections will help populate groups with members who appear to be appropriate members of those groups. In theory the algorithms should add your actual family members to your family groups, university friends to the university groups and so on (I am still a little unsure about this aspect of Groups but Mark Zuckerberg did mention the role algorithms play in his presentation). In another All Facebook post highlighting the problems with the new Facebook Groups, Nick O’Neill pointed out the following:

There have been a number of complaints from users, most significantly that group membership is now opt-out. That means your friends can instantly subscribe you to noisy Facebook groups. If you woke up today and had a bunch of notifications, the main reason is probably that you were subscribed to groups by your friends who thought they were being kind. The problem is that I need to manually go in an unsubscribe from all the notifications I receive from noisy groups because my friends have added to them. This is more work for me to do!

The problem with this approach is that users will find themselves pulled into Facebook Groups they may still prefer to be left out of. The old Groups and (current) Pages still require users to opt-in to be part of the Groups or Pages. The new Groups changes that option and forces users to opt-out of the Groups they don’t wish to be part of. Why is this such a problem? Well, one of the ways the new Groups product works is as a sort of mailing list:

When a group member posts to the group, everyone in the group will receive a notification about that post. Now I won’t have to guess anymore about whether my parents saw the pictures I posted of their grandkids; when I post in my family group, I’ll know that they’ve been notified about it and that only they will see it. Since information posted in my new groups is only visible to group members by default, I can feel confident about who sees what I post.

Another concern is that group members can’t hide the new group chat functionality. As Nick points out:

Yesterday, many users quickly realized that group chat is annoying as hell … especially if you are a member of a large group. Suddenly your browser tab is flashing every couple of seconds to let you know that someone else has posted a message. The only way to shut off a group chat room at this point is to shut off chat all together. In other words, there’s way too much noise. My guess is that Facebook will make it possible to hide a room’s chat at some point.

Conversely, I’ve found that by popping out the Facebook chat it can suddenly become manageable in that you can hide the chat window behind other browsers. Something about this doesn’t feel right though.

What strikes me is how disingenuous Facebook has been about Groups and how, despite its emphasis on improved user control over their privacy and profile information, Facebook is up to its old tricks again. Take a look at this video introducing Groups. Do you see any indication that users could be added to groups without their consent and practically spammed until they either give in or opt-out?

A number of other high profile personalities have similarly criticized Facebook for its blunder. Mathew Ingram mentioned a number of responses in his GigaOm post. Here are a few of the reactions:

p>Anil Dash, founder of Expert Labs, said Thursday morning on Twitter: “Oh, Facebook. I wanted to like groups, but now I’m on 50 unwanted email lists. More incompetent defaults, or an attempt to undermine email?” Others complained about a deluge of auto-add emails from Facebook Groups, including Daniel Victor, the online community manager for TED.com, who said Thursday: “I’d rather be invited than added to a group on Facebook. Woke up with 45 unexpected e-mail notifications today. Spammer’s dream.” Among those who also weren’t impressed with the rollout were technology blogger Dwight Silverman and Socialtext co-founder Adina Levin, who said that the current implementation of the Groups feature “has some serious social design flaws.”.

Jason Calacanis has been a pretty vocal critic for some time now and his email to Zuckerberg and Facebook COO Sheryl Sandberg is worth reading too.

So where does this leave Facebook users? Well, for now it seems that as Groups rolls out to Facebook’s 500+ million users, more and more people will find themselves inundated with emails from groups they have been opted into. In South Africa this presents a real challenge because, as I have mentioned previously, our changing privacy legislation is requiring a shift from opt-out mailing options to opt-in. This potentially places Facebook at odds with the law from a consumer protection and privacy perspective largely because Facebook’s privacy policy does seem to include consents to be spammed the way Groups spams users who are subsumed into the application. The closest the Facebook privacy policy comes to dealing with Groups is what it says about the Facebook Platform and 3rd party applications:

4.  Information You Share With Third Parties.

Facebook Platform.  As mentioned above, we do not own or operate the applications or websites that use Facebook Platform. That means that when you use those applications and websites you are making your Facebook information available to someone other than Facebook. Prior to allowing them to access any information about you, we require them to agree to terms that limit their use of your information (which you can read about in Section 9 of our Statement of Rights and Responsibilities) and we use technical measures to ensure that they only obtain authorized information.  To learn more about Platform, visit our About Platformpage.

Connecting with an Application or Website.  When you connect with an application or website it will have access to General Information about you.  The term General Information includes your and your friends’ names, profile pictures, gender, user IDs, connections, and any content shared using the Everyone privacy setting.  We may also make information about the location of your computer or access device and your age available to applications and websites in order to help them implement appropriate security measures and control the distribution of age-appropriate content.  If the application or website wants to access any other data, it will have to ask for your permission.

We give you tools to control how your information is shared with applications and websites that use Platform.  For example, you can block all platform applications and websites completely or block specific applications from accessing your information by visiting your Applications and Websites privacy setting or the specific  application’s “About” page.  You can also use your privacy settingsto limit which of your information is available to “everyone”.

The trick with Groups, though, is that it isn’t a 3rd party application. It is a Facebook application and users can’t remove it like they can 3rd party applications. That leaves users in a position where they can (and probably will) be co-opted into Groups whether they like it or not and associated with Groups created by other users, regardless of whether they want to be part of those groups initially (users can opt-out of these groups but consider what that would involve if even half your Facebook friends added you to a group). The EFF addressed this in their recommendation to Facebook in a post titled “Facebook Moves Closer to EFF Bill of Privacy Rights” (I don’t share the EFF’s optimism):

Recommendation 3: As a strong proponent of the power of anonymous and pseudonymous speech, EFF further recommends that Facebook also allow for another category of groups: anonymous groups. There are many people, such as violence survivors or HIV positive individuals or religious groups, who may want to have a group discussion without revealing their identities. Facebook should enhance the Groups feature by allowing for the creation of groups where the membership list is secret from members (i.e. just available to the group’s administrators, if anyone), and where group members can interact using pseudonyms rather than their real names.

Our longstanding concern for anonymous speech aside, though, EFF is very pleased with today’s Groups revamp, which we hope will provide users with a powerful new tool for managing their privacy on the Facebook site.

Bottom line with Groups is that the opt-out nature of Groups and users apparent inability to pre-approve their addition to other users’ groups is problematic. The big question is whether users will care about this abuse of their profile information beyond the inconvenience of having to opt-out of all the groups they are added to? My guess is probably not and that is based on the relatively small opposition to Facebook privacy abuses in the past by users. It is still something to be borne in mind, though.

Applications and privacy

The third big announcement was an improved dashboard where users can better control how applications make use of their profile information. Facebook has shifted the responsibility for privacy issues relating to 3rd party applications to 3rd party developers and this new dashboard gives users more information about what personal information these applications use. Ironically Facebook gives users more control and information over 3rd party applications although it leaves it up to them (and requires them) to develop and abide by their own privacy policies and processes.

Like the ability to download your profile information, this is a very positive step. Anything that gives users better control over their personal information and how applications use that personal information is a good thing all around. Better information about how this personal information is used is an essential component of informed consent which is, in turn, the goal of a good privacy policy.

Rounding it all up

Facebook took very positive steps with two of the three new features/products it announced. At the same time it reiterated its complete failure to appreciate the need to give users meaningful control over other aspects of their profile information when it comes to Groups. This does seem to be a fairly typical approach, though. It may be motivated by a genuine desire to bring users into the Groups fold and show them the benefits of the product but just as Google fumbled doing a similar thing with Google Buzz when it launched, Facebook has messed this one up quite badly. what remains to be seen is whether Facebook will act quickly to address these concerns or will simply ignore the vocal minority like it usually does.