Internet Security

Why “The Geeks” Are Upset About Privacy

Pete Warden on why everyone should pay attention to “the geeks”:

So why are the geeks so upset? They’re looking down the road and imagining all the things that the bad guys will be able to do once they figure out what a bonanza of information is being released. Do you remember in the 90’s when techies were hating on Windows for its poor security model? That seemed pretty esoteric for ordinary people because it didn’t cause many problems in their day-to-day usage. The next decade was when those bad decisions about the security architecture became important, as viruses and malware became far more common, and the measures to prevent them became a lot more burdensome.

I’d recommend reading the entire article.

That might be the best argument I’ve seen in a while for people who just don’t get it. When you spend enough time dealing with data you’re forced to understand the threat models that can impact your work. You become very tuned into what the potential exploits are and how it can be used to everyone’s advantage, and disadvantage. Despite surveys that show people are “concerned” about their privacy, and some “use privacy settings” I’d venture very few, likely less than 10% actually understand what harm any piece of data can have, and how exactly it’s being handled and shared.

There’s a reason the industry is so focused on this lately. There’s a reason why I’ve now dedicated a majority of recent blog posts to it.

4 replies on “Why “The Geeks” Are Upset About Privacy”

That’s one of the things I think is totally different about what Facebook is doing: people can understand, in real, measurable ways that affect their lives, what it means when certain information gets out about them.

There’s an easy to understand cause and effect there. Not as much with a poor security model and “Why is my computer so slow, running all these .exe’s I don’t know about?”

My latest post actually touches on this.

@Preed: I’ve got to disagree, I don’t think most people understand how it impacts their lives. In all honesty, I don’t think we’ve seen any widespread examples of misuse just yet. We know applications can access most of a users profile (and friends)… but I don’t think anyone has actually seen a real life example of misuse of that data just yet.

Someone seeing your drunken status update from Saturday night is hardly a big deal in comparison to what’s really at stake here. People tend to focus on that since it’s easy for people to parse. Statistical analysis on profile data is really the biggest risk people run. We don’t have much in terms of laws to figure out how to even regulate what can be done in this realm. We have laws in many places forbidding discrimination based on DNA when hiring, but can a company parse social network data to find out if you’re likely to have a family member with a long term illness? People who do, in particular women have a higher tendency to join support groups which can be sniffed out “interests” and “liking” links related to research in support of certain things. What about just looking at the times people update their account to see their sleeping patterns?

There are so many more obscure things that people don’t even consider. It’s the equivalent of reading body language. Someone thinks they came up with the perfect lie, but their wandering eyes and fidgeting hands tell a totally different story.

Windows was loathed by most in the 90’s. Remember Windows ME’s USB support? Windows 98’s constant crashes? Ever try to install something that needed a driver? Those were the concerns people focused on because they were real and measurable in their lives. They ignored the blatant security model flaws.

I think this is pretty much the same thing. People think they understand what sucks about the situation, but in reality they don’t see more than what’s on the surface, if that.

I agree with you that most people won’t see the really egregious stuff, but Danah Boyd’s highly-circulated blog post gives an example that isn’t as life-altering, but just as bad:

A while back, I was talking with a teenage girl about her privacy settings and noticed that she had made lots of content available to friends-of-friends. I asked her if she made her content available to her mother. She responded with, “of course not!” I had noticed that she had listed her aunt as a friend of hers and so I surfed with her to her aunt’s page and pointed out that her mother was a friend of her aunt, thus a friend-of-a-friend. She was horrified. It had never dawned on her that her mother might be included in that grouping.

Anyone can understand that example, and can come up with something similar in their own lives. It’s imminently parseable.

I guarantee you: you experience that once at a 13 year old girl, you’ll remember it when interacting with Facebook (and anything like it) for the rest of your life.

I know: I had a experience with Facebook’s byzantine privacy settings gone awry that caused a life-altering change for me.

@Preed: But do you think most people have had that experience? Or is it isolated? There were a few viruses in the early/mid 90’s but it wasn’t until the security model of Windows was challenged on a widespread scale (Melissa was likely the first) that it really came of age. That’s when people started to see the problem. Not the theoretical no matter how real it was to people who experienced it prior.

I’m sure most people understand the problem when they experience it. Most people understand anything when they experience it first hand. We definitely haven’t had widespread misuse yet (emphasis on yet). I’d argue the cases that you’re thinking of, while real and legitimate themselves are anecdotal when extrapolated to the Facebook user-base.

Leave a Reply

Your email address will not be published. Required fields are marked *