Facebook head of communications Elliot Schrage posted a company blog entry on Thursday inviting members to review proposed updates to the social network's privacy policy, and much of it deals with what happens to the content of accounts that members have opted to delete.
"Specifically, we've included sections that further explain the privacy setting you can choose to make your content viewable by everyone, the difference between deactivating and deleting your account," and the process of memorializing an account once we've received a report that the account holder is deceased," Schrage wrote. Earlier this week, Facebook detailed the process of "memorializing" an account, which leaves the profile intact to current friends but hides potentially sensitive information.
Now, in the proposed new policy, which members are invited to review and comment on until November 5, Facebook explains to users that they can "deactivate" their account, which hides it but keeps information stored for potential reactivation, or alternately choose to delete it for good.
"Even after you remove information from your profile or delete your account, copies of that information may remain viewable elsewhere to the extent it has been shared with others, it was otherwise distributed pursuant to your privacy settings, or it was copied or stored by other users," the new wording explains. It's referring to content like posts and comments on other members' profile 'walls.' "However, your name will no longer be associated with that information on Facebook."
It's been a long and twisted road for Facebook's privacy regulations. The new policy was put into place after a complaint from the Canadian Privacy Commission called into question what would happen to member profile data if a user deactivated an account.
That fiasco followed outrage over changes to Facebook's terms of service that implied Facebook claimed an "irrevocable, perpetual, non-exclusive, transferable, fully paid, worldwide license" to member content even if the account had been deleted. One privacy advocacy group readied a federal complaint, and Facebook backed off and returned to its old terms of service.
In July, Facebook cleaned up its user privacy controls as it prepared to open up more of its profile content to public access and search engines.
But the Canadian Privacy Commission had also taken issue with how much Facebook profile information could potentially be shared with third-party developers or advertisers. Facebook made additional modifications to its user privacy controls in August in response to concerns about the developer platform, and in Thursday's post about the new privacy policy Schrage highlighted that the social network does not intend to share personal data with advertisers.
"The information we provide to advertisers is 'anonymized,' meaning that it can't be traced back to you as an individual in any way," Schrage's post explained.
Google's Street View is now live in Canada.
(Credit: Google)Google announced on Wednesday that it has launched its Street View service to 11 cities in Canada, including Vancouver, Toronto, Montreal, and Ottawa, among others.
Google Street View, which originally launched in May 2007, allows users to virtually navigate neighborhoods in 14 countries around the world. When the service first launched, it was only available in five U.S. cities.
Street View has come under some fire since its debut for the service's alleged potential to infringe the privacy of those people found in its images. To address that issue in Canada, Google said in a statement that it "has gone to great lengths to ensure Canadians' privacy."
The company said that all the images in Canada's Street View are already visible from public roads. Identifiable faces and license plates were blurred to ensure no one in the images could be identified. As with its other Street View services, Google's Canadian Street View features a "Report a problem" link, allowing concerned users to request images be taken down.
Whether Google would ever be able to bring Street View to Canada was very much up in the air not too long ago. In September 2007, Canada's Privacy Commissioner Jennifer Stoddart wrote to Google saying that she was concerned that the service might violate her country's privacy regulations. She believed that Street View could infringe Canada's Personal Information Protection and Electronic Documents Act, which went into effect on January 1, 2004.
For its part, Google said in the statement on Wednesday that it "consulted with Canada's federal and provincial Privacy Commissioners in developing Street View and its privacy safeguards." Evidently, that has helped the company bring Street View to the country.
Users of Google Docs and Spreadsheets accustomed to publicly publishing their documents might want to rethink exactly how publicly available they want to them to be.
Google on Thursday wrote in a blog post that "in about two weeks, we will be launching a change for published docs. The change will allow published docs that are linked to from a public Web site to be crawled and indexed, which means they can appear in search results you see on Google.com and other search engines...This is a very exciting change, as your published docs linked to from public Web sites will reach a much wider audience of people."
"Marie" of Google was quick to note that the crawling for search results "only applies to docs which you explicitly publish using the 'Publish as Web page' or 'Publish/embed' option, and which are linked to from a publicly crawled Web page" (documents for which users choose only to "allow anyone with the link to view" will not get crawled, she wrote, adding that users can unpublish documents they wish to remain uncrawled).
Some users of the search giant's suite of online productivity applications expressed concerns about the plan, suggesting better labeling of potentially crawlable documents, spreadsheets, and presentations. For example, how would you know definitively if a publicly crawled Web page has linked to your published document? Is the only way to ensure that your published document does not ultimately show up in search results to actually unpublish it?
As noted by The Register, "Google Apps master view does not tell you which docs are publicly published and which aren't." While it may well be obvious to most users how publicly available their Google documents are--and many of those published documents may well be intended to be as publicly available as possible--this seems to be another area where Google needs to find the right balance between transparency and data accessibility.
It's finally over for Beacon, the ill-fated advertising program that the social network initially launched with splashy Madison Avenue fanfare nearly two years ago.
The social network has settled a year-old class action lawsuit that targeted the social network's alleged failure to provide adequate information and privacy controls to users with regard to Beacon, which shared information about users' information on third-party partner sites in Facebook news feeds.
One of the terms of the settlement? Any last vestiges of Beacon, which failed to gain traction amid a barrage of negative press stemming largely from advocacy groups like MoveOn.org, will be shut down completely.
Also as part of the settlement, which is still pending approval from a judge, a $9.5 million "settlement fund" has been established to set up an independent foundation to "fund projects and initiatives that promote the cause of online privacy, safety, and security," according to a release. Up to a third of that fund, however, can potentially be recovered by the plaintiffs' lawyers.
"We look forward to the creation of the foundation and its work to educate Internet users on how best to control their privacy; engage in safe social-networking practices; and, generally, enjoy themselves more online by having knowledge that gives them a greater sense of control," a statement from Facebook representative Barry Schnitt read. "We fully expect the foundation to team with other leading online-safety and privacy experts and organizations that have been working diligently in these fields."
The suit was filed in August 2008 on behalf of 20 plaintiffs, most of whom were Texas residents. Named as defendants were Facebook, along with current and former Beacon participants Blockbuster, Fandango (owned by Comcast), Overstock.com, STA Travel, Zappos, Hotwire (owned by InterActiveCorp), and GameFly. Another, earlier Beacon-related lawsuit had been filed against Blockbuster several months earlier, claiming that its participation in the advertising program violated the Video Privacy Protection Act of 1987. Facebook was not named as a defendant in that suit.
Shortly after the negative buzz about Beacon started, Facebook began tweaking and modifying the program to allow more user control over the feature. But it was too late: advocacy groups claimed that it still wasn't enough, some existing partners pulled out, and others were likely deterred from participating because of the unsavory implications. Surprisingly, a "small number of customers" were still using it; Facebook will work to transition them out of it.
Facebook's experiments in social-media advertising turned instead to "engagement ads," which have come under some scrutiny themselves, and the "fan pages" that it encourages brands, organizations, and celebrities to create.
The irony behind Friday's news is that the thinking behind Beacon ultimately evolved into the phenomenally successful Facebook Connect, the universal log-in standard that, among other things, shares third-party activity on members' Facebook profiles.
The privacy controls on Connect are clearer and more extensive, but perhaps more crucial to Facebook Connect's success has been the fact that it's been marketed as a utility for ordinary members rather than an advertising tool for paying clients. It's free for third-party sites to implement, and with only a few exceptions, sites working with Facebook Connect code it in through the social network's application programming interface, or API, rather than ink a formal partnership.
And offering Facebook users the chance to register and log in to external sites without separate usernames and passwords gives Facebook Connect's marketing a slant of user convenience--and security, as some Web users may be more comfortable hitting a "Connect with Facebook" button than registering for an account with a new Web service.
"We learned a great deal from the Beacon experience," the statement from Facebook's Schnitt read. "For one, it underscored how critical it is to provide extensive user control over how information is shared. We also learned how to effectively communicate changes that we make to the user experience. The introduction of Facebook Connect--a product that gives users significant control over how they extend their Facebook identity on the Web and share experiences back to friends on Facebook--is an example of this."
Google is adding two new products to its data liberation effort, hoping to draw wider attention to the concept that users should be able to take their data wherever they go.
The company formally announced the Data Liberation Front Monday, although the group has been around for at least two years. A cheeky play on the Judean People's Front from the Monty Python classic "Life of Brian" (although, technically, Brian joined the People's Front of Judea), the DLF is the group within Google that is charged with finding ways to make it easier for users of Google products and services to export their data in standard forms.
Google has been working on that kind of effort since 2007 as an extension of the company's famous "Don't Be Evil" pledge, a component of which strives to avoid falling prey to the traditional Silicon Valley business strategy: lock-in. "We started looking at our products and discovered that while the door to leave wasn't locked, in some cases it was a bit "stuck" and we thought that we could do better," Google said in an FAQ accompanying the launch of Dataliberation.org.
The undercurrent for such an announcement, of course, is the scrutiny Google is facing at home and abroad this year as users and governments become wary about the amount of data the company has amassed and organized. One of the most heated topics of criticism concerning Google's Book Search settlement with authors and publishers has been concerns about privacy, such as how Google will treat records of which users are reading which books.
Therefore, anything Google can do to show that it isn't planning to create an impenetrable fortress surrounding user data, it's going to do. But this is an industry-wide issue for Internet companies in general: Facebook, for example, faced off with anxious users concerned about the difficulty in exporting Facebook data outside that site before the launch of Facebook Connect.
What makes it tricky is that the personal data stored on these services is more valuable--for both the user and the company--because of the fact that so many people use the services, therefore giving companies incentives to build the largest network possible and retain those users once they've made the switch.
Two Google products--Google Docs and Google Sites--will soon be added to the list of products that Google says it has "liberated," with users slated to receive the ability to batch-export files created in Google Docs.
Google has released additional details about the privacy policy it plans to use if its settlement over Google Book Search is approved.
(Credit: Screenshot by Tom Krazit/CNET)Google has released a more detailed privacy policy for its Google Books product, a move demanded in recent weeks by several critics of its settlement with publishers and authors.
The company announced the new policy in a blog post late Thursday afternoon, saying it developed the policy following conversations with the U.S. Federal Trade Commission. Google had previously said it was unable to release a detailed policy because the Google Books product was incomplete due to the fact that the settlement allowing its Book Search project to display certain types of books has yet to be formally approved.
However, criticism of Google's lack of detailed information on the subject appears to have forced its hand. "To provide all users with a clear understanding of our practices, and in response to helpful comments about needing to be clearer about the Books product from the FTC and others, we wanted to highlight key provisions of the main Google Privacy Policy in the context of the Google Books service, as well as to describe privacy practices specific to the Google Books service," wrote Jane Horvath, general privacy counsel for Google, in a blog post.
A few highlights of the new policy, the full text of which can be found here:
• Google will not require book searchers to create a Google account if they are viewing pages of books online, browsing books through a university's institution subscription to the book service, or accessing the book service from a public terminal at a library.
• If you want to actually buy a book you'll need to have a Google account, but Google will let users remove records of books they have purchased from their accounts and said it will not pass along information about specific books that were purchased to credit card companies.
• Google plans to release a more detailed privacy policy containing specific language about the various services that will be available when, and if, the settlement is approved giving it the right to offer the service.
It's not clear whether these provisions will be enough to quiet those criticizing the settlement on privacy grounds, but it's a step in that direction. The proposed settlement will be debated at a court hearing in New York in October.
A recent simplification of Facebook's user privacy controls wasn't enough for some policymakers.
On Thursday, in conjunction with the Canadian Privacy Commissioner, Facebook announced a new set of modifications to its user privacy controls as well as its developer API, and the targets of these changes are the thousands of third-party applications built on Facebook's developer platform. That means there may be major implications for developers--some of whom rely almost exclusively on Facebook activity as a revenue source.
The Canadian Privacy Commissioner's office released a set of recommendations for Facebook last month, specifically highlighting concerns that third-party applications could access a significant amount of users' personal data. "It's clear that privacy issues are top of mind for Facebook, and yet we found serious privacy gaps in the way the site operates," commissioner Jennifer Stoddart said in a release at the time.
Facebook's newest set of changes will require third-party applications to specify which fields of user data they access (birthdays, favorite music, geographic location, etc.) and will require users to offer explicit permission before an app can access any of their friends' profile data. This is also in tune with recommendations offered earlier this week by a chapter of the American Civil Liberties Union, which highlighted the amount of personal data that third-party apps can access--sometimes without a user knowing it.
"Our productive and constructive dialogue with the Commissioner's office has given us an opportunity to improve our policies and practices in a way that will provide even greater transparency and control for Facebook users," Elliot Schrage, Facebook's vice president of global communications and public policy, said in a release Thursday. "We believe that these changes are not only great for our users and address all of the Commissioners' outstanding concerns, but they also set a new standard for the industry."
But what does it mean for developers? This could make it difficult for some apps--particularly the sillier ones that rely on heavy viral spread and often one-time use--to gain traction and stay effective. These are similar concerns to those that arose when Facebook cracked down on apps that it deemed "spammy" (and often rightfully so). But on the other hand, the new privacy controls could stem off bad press that could easily paint the developer platform as a whole as unsafe or untrustworthy.
"It is important for developers to have access to information, but we want to balance that with transparency and control for users," Ethan Beard, Facebook's director of platform product marketing, said in a blog post geared toward developers.
"We have committed to making these enhancements over the next twelve months, and anticipate a lengthy beta period including opportunities for you to provide input, multiple blog posts, and updated documentation delivered well ahead of time," Beard's post continued. "Understanding that this will likely require modifications to your code base, we want to give you the earliest heads up that these enhancements are on our road map."
The Northern California chapter of the American Civil Liberties Union has put out a campaign designed to raise awareness of the privacy implications of Facebook's developer platform. It's focusing specifically on the popular "quiz" applications, like "Which Cocktail Best Suits Your Personality?" and "Which Wes Anderson Movie Character Are You?" These are largely one-time-use apps that many a Facebook user clicks on and tries out with little concern.
According to the ACLU chapter, "millions of people on Facebook who use third-party applications on the site, including the popular quizzes, do not realize the extent to which developers of quizzes and other applications have access to personal information. Facebook's default privacy settings allow nearly unfettered access to a user's profile information, including religion, sexual orientation, political affiliation, photos, events, notes, wall posts, and groups." For the promotion, it's put together a quiz about how much you know about Facebook-based quizzes.
Side note: Creating a Facebook quiz app to draw attention to the pratfalls of Facebook quiz apps is very meta.
"It's time for Facebook to upgrade its privacy controls so that quizzes can only see what people want them to see," Chris Conley, technology and civil liberties fellow at the ACLU of Northern California, said in a release. "Users need stronger protections than Facebook currently provides."
So are the ACLU-NC's claims legitimate? The most damning one asserts that "regardless of whether a user's Facebook profile is 'private,' by taking a quiz the user allows its developer to gain access to the user's profile information...by Facebook default, every time one of a user's friends takes a quiz, the quiz has access to that user's profile information." That could have particularly alarming security implications if an app turns out to be malicious.
Facebook does not deny this, but notes that "sensitive" information like contact details are not available to third-party apps, and that Facebook has settings for users to tweak exactly how much their friends' apps can see.
Last month, the company modified its privacy settings to make them more user-friendly.
The ACLU chapter recommends that Facebook make it an opt-in, rather than opt-out process for apps to access a user's friends' data and require that apps list the specific profile data fields that they will be accessing.
"We generally agree with (the ACLU's) recommendations and have already made public announcements about relevant changes that are under way," Facebook spokesman Barry Schnitt said in an e-mail. "Specifically, we recently disabled hundreds of applications, including quiz applications, that were inconsistent with Facebook Platform policies...We've also had productive discussions with the Canadian Privacy Commissioner about improving user data controls on Platform. We'd be glad to also have productive discussions with the ACLU and generally catch them up, if they want to give us a call."
The office of the Canadian Privacy Commissioner, which has taken issue with Facebook's privacy policies, is holding a press conference on Thursday to address the subject, and Facebook plans to hold a conference call with reporters in response.
A Twitter account can be used as the command center for harnessing a "botnet" of virus-infected computers, security firms Arbor Networks and Symantec reported. In a blog post Friday, Symantec analyst Peter Coogan wrote that researchers found an account, @upd4t3, which was tweeting out links to download a piece malware called Downloader.Sninfs. The account has since been suspended by Twitter.
Downloader.Sninfs, also known as Infostealer.Bancos, is a Trojan that uses the guise of a Brazilian banking site to collects passwords and related personal information from infected computers.
Security on Twitter is front and center right now, as the microblogging site was completely downed by a distributed denial-of-service attack last week that was targeting a Georgian political blogger. While other services like Facebook and the Google-owned Blogger were also hit by the attack, Twitter was the only one to suffer a full-out, hours-long outage, and it called into question just how secure the service really is.
But in this case, the Twittering botnet doesn't necessarily highlight a vulnerability that would be unique to Twitter.
"Although Twitter.com has been used in this instance, there are plenty of alternative sites on the Internet that could also be used as a similar medium of communication," Coogan wrote.
This post was updated at 1:05 p.m. PDT to note that Arbor Networks also reported the Twitter-based botnet.
Privacy advocates aren't pleased with Google Web History, which records the sites you visit, searches you make, images and videos you view, and even sites you haven't been to but may like. When you create a Google account, the option to use Web History is checked by default. Opting out doesn't mean Google doesn't collect the information, just that you don't have such easy access to it.
It feels like I've been using Gmail for five or six years, but I found my Web history begins in January 2007, according to Google. The entries since that time are far from a complete log of all my searches and surfing; apparently, events are recorded only while you're logged into your Google account.
To open your Web history, sign into your account, click My Account in the top-right corner of the main Google screen, and choose Web History under My products. The default view is All History. Your other view options include Web, Images, News, Videos, Maps, Blogs, and even the Sponsored Links you were served up, just in case you missed them the first time.
View a record of your online activities in Google Web History.
(Credit: Google)I was ready to find all sorts of embarrassing information about myself in the logs, but they were really kinda boring, which probably indicates their accuracy. I did find several entries that didn't belong—obviously, someone borrowed my PC while I was logged into my Google account. To remove unwanted items in your history, click Remove items in the left pane, check the entry or entries you wish to excise, and click Remove.
To surf without being tracked, click the left pane's Pause button. (Frankly, I'm inclined to sign off the account altogether.) When you're ready to go back on the record, click Resume.
One of my favorite Web History features is Trends, which shows your top 10 queries, sites, and clicks over the past seven days, month, year, or all recorded. I had fun trying to figure out why I did almost three times more searching last April than I did the previous October, or why I've never searched at 2 a.m. A real shocker for me was that I search more often on Sundays than I do on Fridays. I would've never guessed that one.
Get a view of your search history by hour, day, or month in Google Web History's Trends.
(Credit: Google)Maybe I should have qualms about anybody keeping such close tabs on me, but the fact is, most or all of this information is tracked whether or not I sign up for the service, unless I use an anonymizing service or product. About a year ago, I described how to customize the history settings in Firefox and Internet Explorer, and all browsers let you wipe your Web history clean, but these settings don't affect Google's servers.
Google's privacy policy offers a link to DoubleClick's opt-out cookie, but the best solution is to disable cookies altogether. Doing so cripples many of the Web's most useful features, in my book. So I'll just keep my surfing semipublic and hope Google doesn't suffer the security breach of all time.
