Re: Privacy Jungle: Data Protection in Social Networks from Karl Dubost on 2009-06-15 (public-xg-socialweb@w3.org from June 2009)

From: Karl Dubost <karl+w3c@la-grange.net>
Date: Mon, 15 Jun 2009 06:28:18 -0400
To: Sören Preibusch <Soren.Preibusch@cl.cam.ac.uk>
Cc: Story Henry <henry.story@bblfish.net>, Alex Korth <ak@ttbc.de>, public-xg-socialweb@w3.org
Message-Id: <BF9DB38C-3CAD-46BF-89FE-3D562DFBE68A@la-grange.net>

Le 15 juin 2009 à 04:47, Sören Preibusch a écrit :
> As such, more recently established sites score less well in terms of  
> privacy and data protection controls.

There are sites giving the possibility to put your messages or  
publications in an limited(1) group: Yourself, a group of people (with  
different granularity), public as large. I remember a Web hosting  
platform saying a few years ago that 30% of its users were not going  
public.

When I have written (with olivier thereaux)

	* Data Independence,
           http://bit.ly/freedata
	* and Digital Me Management (workshop paper)
           http://www.w3.org/2008/09/msnws/papers/olivier-karl

I started to check how networks were dealing with "data publication  
controls". They are very weak most of the time. A few examples of  
things we forget to consider:

1. Yahoo! Flickr gives the possibility to put a photo in a limited  
access to a group of friend in the *Web UI*. The URI of the photo  
itself was still accessible to the large public (last time I checked).  
It means someone can share the URI with someone else.
    => Privacy setting doesn't mean not accessible.

2. Tumblr gives the possibility of forbidding the search engines to  
index the public content you have published. I like this one a lot  
because I do the same for my web site. My pages are public but not  
indexable by search engines (with htaccess skills.)
    => There should be a way for users to control the level of access  
to their data (who/what, when and how).


(1): Full privacy doesn't exist. There is always someone in the room,  
the provider of the service, except if communications are crypted. I  
very rarely use the term privacy but I talk about opacity.
Opacity (for me) is the parameter to set the level of information  
access. On a network, the information is either
	a) on your own machine without any access to anyone else
	b) or crypted in a way that only you can access to the data (full  
privacy).
	c) or is shared at a certain level (with many levels of granularity)

In c) we often put privacy, even if the service broker has still  
access to the data, with sometimes rights to use them. You might want  
to share your data with people but not bots or commercial entities.  
You might want to slow down the process of information propagation  
(ex: blocking bots).



-- 
Karl Dubost
Montréal, QC, Canada
http://twitter.com/karlpro

Received on Monday, 15 June 2009 10:28:33 UTC