- From: Christine Perey <cperey@perey.com>
- Date: Mon, 22 Jun 2009 15:26:15 +0200
- To: "'Melvin Carvalho'" <melvincarvalho@gmail.com>, 'Sören Preibusch' <Soren.Preibusch@cl.cam.ac.uk>
- Cc: <public-xg-socialweb@w3.org>, <public-pling@w3.org>
Hello Melvin, I think that the paradox which this paper raises, and the question on which your e-mail concludes, is really fundamental, but possibly outside the scope of the SWXG. At the risk of boring others with out of scope posting....Does anyone else feel that there is a risk of future W3C SW recommendations being isolated as a result of their lacking the involvement of commercial community providers? The lack of participation of commercial communities/community operators in this XG concerns me. It could reflect that the commercial community providers perceive standards in this domain (you called them "open frameworks") as threatening. Perhaps they have not had time to read Henry's post ;-) If there were not already billions of personal records already (safely?) locked in current (proprietary) databases, these businesses would not constitute a risk to SWXG future impact. If we want those in existing communities to embrace future W3C standards for social networking, would it not behoove us to suggest a path (roadmap) to embracing the proposed standard without jeopardizing commercial viability of these services? We could hypothesize that commercial companies don't hold all the cards: We know that Compuserve and AOL had healthy businesses providing information and communications services to consumers using their own technology for portal, etc which did not survive the adoption of Web standards by other information service providers. It is convenient that the study focuses on privacy and data protection. Can there be proprietary platforms for operating community-centric experiences which use a standards-based approach only for managing data protection/sharing/portability? Can we examine examples in other digital (Web) domains where there was a healthy viable (commercially sound) business based on proprietary solutions which continued to be profitable with/after the widespread adoption of a standard? Providers of digital media streaming platforms, a domain in which I have long history, have continued to be viable after widespread adoption of standards video codecs because the providers now focus on the management of the media, metadata and presentation layer. Christine > -----Original Message----- > From: public-xg-socialweb-request@w3.org > [mailto:public-xg-socialweb-request@w3.org] On Behalf Of > Melvin Carvalho > Sent: Monday, June 22, 2009 2:28 PM > To: Sören Preibusch > Cc: public-xg-socialweb@w3.org; public-pling@w3.org > Subject: Re: Privacy Jungle: Data Protection in Social Networks > > Very much enjoyed reading this paper, particularly the > empahisis on economic aspects. Suspect I will be rereading > sometime soon. > > It seems we have a kind of paradox in social networks. > > On the one hand it seems necessary for a provider to ensure "lock-in" > in order to achieve enconomic competative advantage and > maintain running costs and profitability. > > On the other, any compromise on usability and privacy, is > likely to come at a price in over the long term. It is quite > easy to imagine a popular network with stringent lock in > policies suddently becoming "not cool", from one year to the > next, and thereby impacting long term profitability. > > It seems the industry will be generally pro lock in, and > architects and engineers espousing an open framework will be > generally against. > > As such, does that not leave standards bodies in an > impossible situation of being able to please one group and > not the other? > > On Fri, Jun 12, 2009 at 4:42 PM, Sören > Preibusch<Soren.Preibusch@cl.cam.ac.uk> wrote: > > Dear all, > > > > We are pleased to announce the largest and most comprehensive field > > study in the academic literature so far of data protecti > on social > > networking sites. Our analyses include the sites' functionality, > > privacy controls, written privacy policies, P3P policies, > and metadata > > for each site. The dataset and our interpretations are freely > > available online and will be presented at WEIS 2009 in > London in two weeks time: > > > > Joseph Bonneau, Sören Preibusch: > > The Privacy Jungle: On the Market for Data Protection in Social > > Networks > > in: The Eighth Workshop on the Economics of Information Security > > (WEIS > > 2009) > > http://preibusch.de/publ/privacy_jungle > > > > Abstract: > > We have conducted the first thorough analysis of the market for > > privacy practices and policies in online social networks. From an > > evaluation of 45 social networking sites using 260 criteria we find > > that many popular assumptions regarding privacy and social > networking > > need to be revisited when considering the entire ecosystem > instead of > > only a handful of well-known sites. Contrary to the common > perception > > of an oligopolistic market, we find evidence of vigorous > competition > > for new users. Despite observing many poor security > practices, there > > is evidence that social network providers are making efforts to > > implement privacy enhancing technologies with substantial > diversity in > > the amount of privacy control offered. However, privacy is > rarely used > > as a selling point, even then only as auxiliary, > non-decisive feature. > > Sites also failed to promote their existing privacy controls within > > the site. We similarly found great diversity in the length > and content > > of formal privacy policies, but found an opposite > promotional trend: > > though almost all policies are not accessible to ordinary > users due to > > obfuscating legal jargon, they conspicuously vaunt the > sites' privacy > > practices. We conclude that the market for privacy in > social networks is dysfunctional in that there is significant > variation in sites' > > privacy controls, data collection requirements, and legal privacy > > policies, but this is not effectively conveyed to users. > Our empirical > > findings motivate us to introduce the novel model of a privacy > > communication game, where the economically rational choice > for a site > > operator is to make privacy control available to evade > criticism from > > privacy fundamentalists, while hiding the privacy control interface > > and privacy policy to maximise sign-up numbers and encourage data > > sharing from the pragmatic majority of users. > > Regards, > > Sören > > > > > > > > >
Received on Monday, 22 June 2009 13:26:51 UTC