A coming privacy freakout?


Photo by Thatha

People don't know how much information about them is freely available on the internet. I was reminded of that by this thread on the WebFinger list about a prototype YQL implementation that lets you look up information about any Yahoo user from their email address. I'll quote Kaliya:

I went and tried the page out to see what it exposed about me.

Both for my "public" use around the web a lot yahoo handle and another one
that I have explicitly kept my "real name" not attached to in any public

My name listed in both accounts was Kaliya however when you expose people's
"profile names" in web finger you might be exposing information people don't
think is public on the web.  Needless to say I went in and immediately
changed my profile name in my more private account.

I just shared this with guy friend who has several yahoo accounts – one of
them for dating.  I said do you have your "regular name" listed in the
"profile name" – he thought he might. It sort of made him cringe that this
was now exposed.

I think you might have a real uproar from users by exposing their profile
names publicly on the web without letting them know you are doing this. It
would be good to send people a note asking telling them this information
will be exposed to ANYONE WHO ASKS before you make it available via

I was thinking about the difference between twitter and almost everyone
else.  Twitter starts at Radically Open and explicitly so – so as a user I
know what bargain I am striking in using the tool.

Everyone else is trying to go from "closed" as the default and move towards
more open and pulling users along is a challenge – it is changing the rules
of the space and it needs to be well thought out or it will back fire badly.

The response from the developers has been 'Silly user with your expectations of privacy! Didn't you know there's been a Yahoo profile page with that information up for years?' That's my instinct too, there's so many wonderful new services we can build with more open profile information, and we'll never get anything done if we spend all our time sitting around worrying about potential problems.

From talking to people outside the bubble though, I do wonder if there will be trouble ahead. They don't know that Facebook puts up a public profile for them by default, with pictures, your location and some of your friends all open to the world. Services like Flickr, Amazon, Google, AIM, Vimeo all provide APIs to look up information about someone based on their email address. Rapleaf claims to have social network infomation on 375 million people. If you're interested in the information that's available on you, try this example:

The worst case is that we plow ahead with what's technologically possible, trigger a moral panic and we end up with restrictive legislation, but even a mild backlash would cause providers to neuter their APIs and remove access to all that lovely data. So what's the answer? I'd love to see something like the apparently defunct attentiontrust.org pledge to help us self-police our use of the data, before someone else comes in to police us!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: