From ea58111ea067def8feb345314934a299514948da Mon Sep 17 00:00:00 2001 From: P. J. McDermott Date: Wed, 25 Sep 2013 16:17:34 -0400 Subject: essays/social-networking.mdwn: New file. --- diff --git a/Makefile b/Makefile index 51eca5a..660414a 100644 --- a/Makefile +++ b/Makefile @@ -11,7 +11,8 @@ srcs = \ talks/software-contracts/index.mdwn \ talks/index.mdwn \ essays/index.mdwn \ - essays/commercial-free-software.mdwn + essays/commercial-free-software.mdwn \ + essays/social-networking.mdwn objs = $(srcs:.mdwn=.html) .SUFFIXES: diff --git a/essays/social-networking.mdwn b/essays/social-networking.mdwn new file mode 100644 index 0000000..acf24dd --- /dev/null +++ b/essays/social-networking.mdwn @@ -0,0 +1,283 @@ + + + +On Facebook, Google+, and Ethical Social Networking +=================================================== + +TO COME: An introduction and a section on Google+. + +The Ethics of Facebook +---------------------- + +Facebook shares their users' personal information with third parties. They use +mere Web site design changes as an excuse to revert users' privacy settings to +unsafe defaults. Their social platform has huge security holes that allow +personal information to be leaked. One such hole made some users' private chats +accessible to all of their contacts. Facebook also exposes users to malware and +identity theft. [1] They make it easy for application developers to collect +personal information. [2] The Wall Street Journal found that these application +developers collect this personal information, link it with other information, +and sell it to others. [3] + +In general, Facebook has always operated on an opt-out basis. In some cases, +you can actually disable third-party access to your information. But you must +always be on the lookout for new "features" or changes to privacy settings. +Facebook always changes the way it collects information, and it catches many +people unaware. But it's impossible to opt out of things you don't even know +about. Recently, Facebook added a feature they call "tag suggestions". If you +have photos on your profile, Facebook can pick out people's faces and suggest +names for them. This may sound useful, but it's the tip of an almost +nightmarish ethics iceberg in information systems. Facebook uses facial +recognition software to make this work; they scan already-tagged photos and +record distinguishing facial features and then find photos with similar faces +and give them names. They maintain a database of people's facial features. +They never notified anyone about this database. They never asked users if they +could record this information. Instead, of course, they made it an opt-out +feature; you have to explicitly disable this hidden feature to keep your facial +information out of the database. This new feature has even sparked an +investigation by the European Union. [4][5] But just imagine what Facebook +could do with this information (and consider their track record with personal +information). I suspect they may soon start selling facial data to other +companies, law enforcement agencies, and oppressive governments (I've heard that +the U.K. once used video camera footage to locate and arrest protesters, so +imagine what they could do with facial data). + +Basically, Facebook is a business. And you are not their customer. You are +their product. They are, in fact, selling their products to advertisers. That +is, they use a person's face (without getting permission and without paying +anything) to advertise things to that person's friends. Claim to like +something, and you've given a product endorsement at a price advertising +agencies would love. [6] + +And they also seem to like selling out their users to governments and limiting +what their users can read and say. After their recent collaboration with +Chinese partners, the Facebook platform was allowed into China under political +censorship. At the time, Facebook lobbyist Adam Conner remarked, "we're +allowing too much, maybe, free speech". [7][8] The Associated Press reported +last month that Facebook sold out hundreds of peaceful pro-Palestinian activists +who had been organizing events through the social platform. Facebook allowed +governments to track its users' activities. As a result, more than 300 peaceful +activists were added to airline terrorism watch lists and denied the right to +leave their countries. International air travel was disrupted as planes from +Geneva and Italy were diverted for security inspections. 310 people were +detained after landing in Israel on their way to stand with Palestinians in a +peaceful mission of solidarity and fact-finding. [9][10] Imagine what might +have happened if Facebook (and widespread publicly-accessible computer networks +for that matter) existed during the civil rights movement. Would there be +racial equality in the United States today? Or would peaceful protesters +organizing events have been sold out and arrested before they could even meet? + +But it seems you don't even have to use Facebook to get tracked by Facebook. +Everyone who sees a "Like" button somewhere on the Web (as I'm sure you have) +can be tracked. Facebook has the ability to map out the browsing behavior of a +massive number (a number that grows by tens of millions each month) of Web +users, even those who don't use Facebook. [11] Again, imagine what they could +do with such vast amounts of information. + +Things like these gaping holes in privacy, devious information collection +practices, abuse of users, censorship, and tracking inspired Matt Lee, campaigns +manager, and John Sullivan, executive director, of the Free Software Foundation +to write about Facebook's poor track record with privacy and create rather +amusing "Dislike" and "not f'd" buttons. [12] + +Ethical Social Networking +------------------------- + +TODO: Move characteristic four into a note somewhere, as it is rare for a +service provider to attempt to claim copyright on user-submitted works. Also, +refer to the Franklin Street Statement. + +But social networking is not inherently evil. You can connect with old friends +and discover new ones without sacrificing privacy, security, autonomy, and +freedom. You just have to be careful about the platforms you use. I've +identified four basic characteristics that a social networking platform must +have for it to be an ethical one that doesn't abuse its users. The first two +characteristics are universal; all viable platforms, whether running on your own +computer or hosted by a service provider, must have these. The last two apply +only if you choose to use a platform that is run by someone else as a service. + +1. Software freedom. You must be free to use the software that powers + the social networking platform on your own computer without + restrictions. You must be free to inspect the software and modify + it. You must be free to share the software with others, with or + without modifications. With these freedoms, you have full control + over your social networking and you can decide who has access to + which personal information. Without these freedoms, only the + developer can decide what the software does, and you may not even + be allowed to know what it does to you. +2. Federation. You must be able to run the software on your own + computer and still be able to communicate with other people using + other copies of the software. If the software has protocols for + communication between users across multiple installations, then the + software is federated. For example, e-mail is federated; you can + run your own mail server and still send mail to other people who + use other servers. This is because all standards-compliant mail + servers speak the same protocol. +3. Privacy. If you choose to use a social networking service run by + someone else, the service must offer a clear and agreeable privacy + policy to which the service provider must strictly adhere. The + service provider must not be allowed to give your personal + information to third parties without your consent (unless required + by law) or use your information in ways that threaten your privacy + and autonomy. +4. No claims of copyright. The service provider must agree that your + personal information is yours, not theirs. There must not be any + claims of copyright on the information you provide. The provider + may, however, require you to license such information to them + and/or to others for it to be published on the service; in this + case, you should make sure you agree with the license terms before + using the service. + +Let's look at some social networking platforms and see how they adhere to these +criteria. We'll start with Facebook. Facebook fails criterion one; you cannot +run, inspect, modify, or share the software that powers Facebook. This means it +also fails criterion two; it is inherently not federated because you cannot run +it on your own computer. Since Facebook is not federated and you're stuck with +the hosted service, criteria three and four apply. Facebook has a terrible +track record with privacy and therefore fails criterion three. According to +their terms of service, you retain copyright on your information and give +Facebook "a non-exclusive, transferable, sub-licensable, royalty-free, worldwide +license to use" your information. [13] This is standard licensing language that +allows Facebook to publish information you submit, and with these terms Facebook +seems to pass criterion four. (I've heard that Facebook claims or used to claim +copyright on your information, but seeing these terms of service I'll give +Facebook the benefit of the doubt here.) Facebook fails three out of the four +criteria, and we can conclude that Facebook is an unethical social networking +platform. + +Next we'll evaluate Twitter. Again, it fails criterion one since you cannot +run, inspect, modify, or share the software. And again it fails criterion two +since you cannot run the software on your own computer. Twitter has a clear +privacy policy that describes what information is made public, what information +you may optionally provide, what information is collected in logs, and what +information is to be kept private except under certain circumstances. [14] I +don't know of any occasion on which Twitter has failed to adhere to this policy, +so if you agree with this policy then Twitter passes criterion three. Twitter's +terms of service explicitly leave you with the rights to your information, but +you must agree to grant Twitter "a worldwide, non-exclusive, royalty-free +license (with the right to sublicense) to use, copy, reproduce, process, adapt, +modify, publish, transmit, display and distribute [your information] in any and +all media or distribution methods (now known or later developed)". [15] Again +this is standard licensing language that allows Twitter to publish the +information you post, and I conclude that with these terms Twitter passes the +fourth criterion. In summary, Twitter passes two out of the four criteria; it's +not completely ethical since it leaves you without important freedoms and at the +mercy of a single centralized provider, but it seems it's not as bad as Facebook +is in terms of privacy. + +Next up is Identi.ca. Identi.ca is an instance of StatusNet, a free software +microblogging platform that is similar in function to Twitter. StatusNet is +licensed under the GNU Affero General Public License, which requires that all +users, including those who use the software over a network, have all of the +necessary freedoms with the software. With this license, StatusNet, and +therefore Identi.ca, pass criterion one beautifully. StatusNet implements the +OStatus protocol, which allows users of other installations of StatusNet (or +even other software such as GNU Social) to communicate seamlessly. With this, +StatusNet and GNU Social (and instances of the software such as Identi.ca) are +federated and pass criterion two. If you choose to use Identi.ca instead of +running StatusNet or GNU Social on your own computer, then criteria three and +four apply. Identi.ca has a very clear privacy policy that describes what +information is made public, what information remains private, and how +information may be used by Identi.ca, by users, and by other instances of +StatusNet and GNU Social. [16] With this, Identi.ca passes criterion three. +Identi.ca's terms of service make no claims to copyright on your information. +The terms require that you grant Identi.ca "a world-wide, royalty-free, and +non-exclusive license to reproduce, modify, adapt and publish the Content solely +for the purpose of displaying, distributing and promoting your notice stream". +They also require that you "grant all readers the right to use, re-use, modify +and/or re-distribute the Content under the terms of the Creative Commons +Attribution 3.0 [Public License]". [17] This license allows readers to share +your notices, to modify your notices, and to incorporate your notices in larger +works, as long as they give you credit for your words and do not misrepresent +you. These are agreeable terms that leave you in control of your information +and allow the world to share and build upon your work, so we can conclude that +denti.ca passes criterion four. Identi.ca, which runs the free social +networking platform StatusNet, passes all four criteria. It is an ethical +platform and service that protects your privacy, autonomy, and freedom. +Because of this, I myself use Identi.ca. [18] Since the software is free, +before registering I checked the source code to make sure that my password would +be stored securely. And since the software is federated, I reserve the right, +especially if Identi.ca in the future ever fails criteria three and four or +ceases to exist, to move to my own self-hosted instance of the software without +losing contact with other users. + +These three cases are just examples of popular platforms. There are of course +many others. Google recently opened up their new platform, Google+, which so +far is neither free nor federated. The Diaspora project began in response to +outrage over privacy on Facebook; Diaspora itself is free and federated, and +there are hosted Diaspora services with decent privacy policies. Finally, I +don't claim that these criteria are perfect; they are merely the result of +observations I've made. A similar set of criteria for "freedom in the 'cloud'" +has recently been offered by Georg Greve, founder of the Free Software +Foundation Europe. [19] + +References: +----------- + +1. "Five Hidden Dangers of Facebook". CBS + News. CBS Interactive Inc. May 11, 2010. + <>. +2. Barnett, Emma. "Your data is Facebook's most valuable asset". + The Telegraph. Telegraph Media Group + Limited. January 17, 2011. + <>. +3. Steel, Emily and Fowler, Geoffery A. "Facebook in Online Privacy Breach; + Applications Transmitting Identifying Information". + The Wall Street Journal. Dow Jones & + Company, Inc. October 18, 2010. + <>. +4. Gannes, Liz. "Facebook facial recognition prompts EU privacy probe". + CNET News. CBS Interactive Inc. June 8, + 2011. + <>. +5. Snyder, Bill. "Facebook Facial Recognition: Why It's a Threat to Privacy". + PCWorld. PCWorld Communications, Inc. June + 21, 2011. + <>. +6. Tynan, Dan. "Facebook ads use your face for free". + ITworld. ITworld. January 25, 2011. + <>. +7. Williamson, Elizabeth; Schatz, Amy; and Fowler, Geoffery A. "Facebook + Seeking Friends in Beltway". The Wall Street + Journal. Dow Jones & Company, Inc. April 20, 2011. + <>. +8. Crovitz, L. Gordon. "Facebook's Dubious New Friends". + The Wall Street Journal. Dow Jones & + Company, Inc. May 2, 2011. + <>. +9. Higgins, Alexander. "Facebook Now Helping Governments Spy On And Arrest + Peaceful Activists". The Intel Hub. The + Intel Hub. July 9, 2011. + <>. +10. Last, Jeremy. "Israel uses Facebook to blacklist, detain or deport Tel + Aviv-bound travellers". thestar.com. + Toronto Star. July 8, 2011. + <>. +11. Roosendaal, Arnold. "Facebook Tracks and Traces Everyone: Like This!". + Social Science Research Network. Social + Science Electronic Publishing, Inc. November 30, 2010. + <>. +12. Lee, Matt and Sullivan, John. "Mark Zuckerberg is TIME Magazine's Person of + the Year? Where's the "dislike" button?". Free + Software Foundation. Free Software Foundation, Inc. February + 3, 2011. <>. +13. "Statement of Rights and Responsibilities". + Facebook. Facebook, Inc. April 26, 2011. + <>. +14. "Twitter Privacy Policy". Twitter. Twitter + Inc. June 23, 2011. <>. +15. "Twitter Terms of Service". Twitter. + Twitter Inc. June 1, 2011. <>. +16. "Privacy". Identi.ca. StatusNet Inc. + <>. +17. "Tos". Identi.ca. StatusNet Inc. + <>. +18. McDermott, P. J. "P. J. McDermott (pehjota)". + Identi.ca. StatusNet Inc. + <>. +19. Greve, Georg C. F. "Freedom in the 'Cloud'?". + freedom bits. Free Software Foundation + Europe e.V. July 30, 2011. <>. + + -- cgit v0.9.1