If you are like the many people getting Quechup invitation spam, consider how it relates to the serious privacy problems with Social Networking. Quechup automatically imports your Gmail contacts and spams them when you register for their YASNS. If Bob signs up for it, he is opting into the graph, but he doesn't opt in to spamming Sally. Sally is included in the graph, whether she opts in to register or not. Over time, even if Sally resists, she is modeled as a node in the graph.
At first, this doesn't seem to matter. But if Bob adds relationship details like they are dating, and then her husband John opts into the graph and adds the detail they are married, you get the idea. But it is far worse, when the value of the network isn't the relationships, but simply the contact information. This is the case with enterprise social networking, particularly for sales. Many don't realize that Jigsaw actually pays people for submitting business cards of people they have met. Yes, there are financial incentives for people to register you into graphs without your knowledge. I'm seriously considering copywriting my contact information (Stowe Boyd suggested via twitter when I was exploring other ways of suing evil social networks).
The fundamental privacy problem is that social networks grow virally by adding you to a graph without asking you to opt in. Once you are in the graph, it may be hard for you to know you are in, let alone opt out (Spoke, you may recall, did this purposely). You are modeled without your control over social context, and identity and relationship data can be layered on top of you as a node. Not all data may be available to users, but more will to developers and all will to the social network service providers. Providers come in all stripes and you not only have to concern yourself with their ethical business practices, but the basic of security. Opening the graph to third party developers based on open standards is a laudable effort to solve one social graph problem. But the privacy concern of governance and oversight over those third party developers who have access to more data than users is uncharted.
Now, we have a very loose definition of privacy, particularly in the US. And the odds of a constitutional amendment are slim. But this is a new and increasingly popular risk to your right to privacy that unfortunately is not popular in understanding.
UPDATE: Someone pointed me to this Rapleaf public profile which I never opted into. Rapleaf has a decent privacy policy, but it is unclear if by emailing them to opt-out I become a user. And if I register to manage my public profile I certainly become a user "We use this information to process registrations, contact our users, and to provide our services." Auren Hoffman is behind Rapleaf, is very conscious of these issues and will probably clarify. But there is an interesting facet about public profiles people don't opt into. Great for SEO marketing and extortion signups.
UPDATE: Facebook opens to public profile search. Guess I'll change my profile picture from the one of me partying like a rock star. Also, copyrighting my contact info is a no go, perhaps I'll trademark it and me.
UPDATE: danah says:
I'm also befuddled by the slippery slope of Facebook. Today, they announced public search listings on Facebook. I'm utterly fascinated by how people talk about Facebook as being more private, more secure than MySpace. By default, people's FB profiles are only available to their network. Join a City network and your profile is far more open than you realize. Accept the default search listings and you're findable on Google. The default is far beyond friends-only and locking a FB profile down to friends-only takes dozens of clicks in numerous different locations. Plus, you never can really tell because if you join a new network, everything is by-default open to that network (including your IM and phone number). To make matters weirder, if you install an App, you give the creator access to all of your profile data (no one reads those checkboxes anyhow). Most people never touch the defaults, meaning that they are far more exposed on Facebook than they realize. zrven a college network is not that secure. MySpace on the other hand is rather simple: public or friends-only. Friends-only is far more secure than the defaults on Facebook. And public is well-understood to mean anyone could access it (and often this is the goal). But I know all too well that privacy has nothing to do with reality - it's all about perception. And Facebook *feels* more secure than MySpace, even if it's not. Still, I can't wait to see how a generation of college students feel about their FB profile appearing at the top of Google searches. That outta make them feel good about socializing there. Not.
It seems odd to me that Facebook is doing all sorts of things to go against what gave them such strength: group support for people who wanted to gather around a particular activity, tightly controlled privacy defaults, and simple/clean profiles (which have been made utterly gaudy by Apps). I think I'm missing the logic here. ::scratching forehead::
UPDATE: Auren Hoffman, in comments:
Ross -- thanks for the shout-out on Rapleaf. Anyone can opt-out of Rapleaf (and you do not become a user). We do have a bunch of people that opt-out every day. We also have many people that choose to only display some of their information (like just hiding their age or gender). There are many public profiles about people on the Internet (ZoomInfo, Spock, Wink, Rapleaf, and others) … at Rapleaf, our goal is give people the opportunity to manage their privacy and numerous online profiles and control what people see about them. Of course, we're a start-up (and thus not perfect) … so we really welcome your suggestions on how to improve.
