Khare: “As long as the same information that social networks piously prohibit their own customers from using is being bought and sold on the open market by giant marketing companies, social networks are only pretending protect your privacy. … Last week’s headlines brought news that RockYou had accumulated 32,603,388 identities over the past few years – and negligently stored them in plaintext in an incompetently protected database. … After all, the advent of social networks’ partner APIs was supposed to make impersonation and scraping obsolete. … In an ideal world, a third party developer shouldn’t have to store any personally-identifiable information (PII). In many jurisdictions, PII is akin to toxic waste, because of the regulatory burdens and civil, even criminal, liability for acquiring and disposing of it. … If PII is so hard to protect, then the only way for social networks to protect their users’ privacy must be to prohibit partners from accessing contact information in the first place. … Naturally, I prefer to think of myself as one of the ‘good guys.’ I prefer to believe that privacy protection is a competitive advantage that users (citizens!) really value. Until this outrageous RockYou breach, I didn’t fully realize how irrelevant that is. … If the industry expects self-regulation to forestall government regulation, well, here’s what I think it would take: An immediate ban on all of RockYou’s applications by all of their partners, pending a public audit of all of their apps. That’s taking a page from the audit provisions of LinkedIn’s ToS and adding sunlight by publishing the results.”
Gerrit Eicker 09:07 on 28. December 2009 Permalink |
Khare: “As long as the same information that social networks piously prohibit their own customers from using is being bought and sold on the open market by giant marketing companies, social networks are only pretending protect your privacy. … Last week’s headlines brought news that RockYou had accumulated 32,603,388 identities over the past few years – and negligently stored them in plaintext in an incompetently protected database. … After all, the advent of social networks’ partner APIs was supposed to make impersonation and scraping obsolete. … In an ideal world, a third party developer shouldn’t have to store any personally-identifiable information (PII). In many jurisdictions, PII is akin to toxic waste, because of the regulatory burdens and civil, even criminal, liability for acquiring and disposing of it. … If PII is so hard to protect, then the only way for social networks to protect their users’ privacy must be to prohibit partners from accessing contact information in the first place. … Naturally, I prefer to think of myself as one of the ‘good guys.’ I prefer to believe that privacy protection is a competitive advantage that users (citizens!) really value. Until this outrageous RockYou breach, I didn’t fully realize how irrelevant that is. … If the industry expects self-regulation to forestall government regulation, well, here’s what I think it would take: An immediate ban on all of RockYou’s applications by all of their partners, pending a public audit of all of their apps. That’s taking a page from the audit provisions of LinkedIn’s ToS and adding sunlight by publishing the results.”
Facebook Privacy III. « Wir sprechen Online. 09:29 on 12. May 2010 Permalink |
[…] Privacy III. Daitch: Facebook can not be trusted. Orwellian takeover of a single platform is a dystopian future; […]
Facebook Privacy IV. « Wir sprechen Online. 14:34 on 12. May 2010 Permalink |
[…] Privacy IV. Inside Facebook analysis: some Facebook privacy issues are real, some are not; http://j.mp/b4Z0Ch […]