CategoriesJoin Us At:
|
Quiz Facebook: Will We Have Control over Our Own Information?Today, in response to an inquiry by the Privacy Commissioner of Canada, Facebook announced plans to enhance user privacy over the next year. Some of these plans address third party applications, like quizzes and games, that have access to a lot of your personal information. Wondering what this is all about? Concerned about your privacy on Facebook? If you’re a Facebook user, check out the ACLU of Northern California's very own quiz. It’s a behind-the-scenes look at all the personal details a Facebook app can collect about you and your friends – and some steps you can take to keep your private information from landing in the wrong hands (including changing your own privacy settings)! (And, yes, we know it's a little weird to warn you about Facebook quizzes by asking you to take a Facebook quiz – but at least you know who we are and that we are committed to living up to our privacy policy, unlike many quiz authors who haven't posted a privacy policy at all!) Today’s Facebook Quizzes Get a Failing Grade for Privacy Even if your Facebook profile is "private," when you take a quiz, an unknown quiz developer could be getting access to almost everything in your profile: your religious views, sexual orientation, political affiliation, pictures, and groups. Facebook quizzes also have access to most of the info on your friends’ profiles. This means that if your friend takes a quiz, they could be giving away your personal information too. (But, again, don’t just take our word for it: take our quiz and see for yourself!) And Facebook’s current restrictions on the collection and use of personal information by applications are simply inadequate. Although Facebook’s Terms of Service require that applications limit the collection and use of information, enforcing terms like these is really difficult. That means that random developers who choose to ignore the Terms of Service could potentially sweep up vast amount of personal information about you and your friends – and once they’ve collected it, they could easily sell it, share it, or even turn it over to the government. This is a major privacy hole, and Facebook needs to take stronger steps to address this problem than just writing a sentence in a rarely-read document. Facebook Responds – But We Still Need Your Help In response to the Privacy Commissioner’s investigation, Facebook has committed to taking several steps to improve user privacy. As part of these changes, Facebook needs to ensure that users are truly in control of their own information. That means changing the default privacy settings so that each user, and not that user’s friends, can decide whether to share her information with a third-party application. That's where you come in. Learn what you can do to protect yourself right now - and help us pressure Facebook to make meaningful changes in the coming months!
Don't let Facebook's default settings force you to silently pay with your privacy when you – or your friends – use Facebook. Demand that Facebook upgrade its privacy controls to give you control of your personal info. Demand Your dotRights!
Google: Don't Close the Book on Reader PrivacyThe ACLU of Northern California, the Electronic Frontier Foundation, and the Samuelson Law, Technology & Public Policy Clinic at Berkeley Law School sent a letter to Google CEO Eric Schmidt (PDF) today. It was about books. Why books? Google is planning to dramatically expand its book service, Google Book Search. The good news is that millions of books will be available for browsing, reading, and purchasing online. But the bad news is that Google is leaving reader privacy behind. What you choose to read says a lot about who you are, what you value, and what you believe. You should be able to read about politics, health, or anything else without worrying that someone is looking over your shoulder. That’s why the ACLU has fought alongside libraries and bookstores time and again to defend the privacy of readers. Now we need your help to protect reader privacy into the digital era. Currently, Google Book Service can monitor the books you browse and search for, the pages you read, and even the notes you write in the "margins." Without strong privacy protections, all of your browsing and reading history may be collected, tracked, and turned over to the government or third parties without your knowledge or consent. Given the long and troubling history of government efforts to compel libraries and booksellers to turn over records about readers (PDF), Google Book Service must incorporate strong privacy protections that gives us at least as much privacy in books online as we have in our neighborhood library or bookstore. Without a strong privacy policy that protects reader privacy, Google Books could become a one-stop shop for government and third party fishing expeditions into the personal details of your life. Our letter demanded that Google, at a minimum, take the following steps to protect reader privacy. If these principles resonate with you, join us by emailing Google CEO Eric Schmidt today and demanding that Google:
Google needs to know that you and other readers will not pay for your digital books with privacy. The ACLU of Northern California is committed to working to protect user privacy in Google Books. Please join us! Three things you can do today to support reader privacy:
Quiz: What Do Facebook Quizzes Know About You?(Originally posted on the ACLU of Northern California's Bytes & Pieces blog.) Ever whiled away five minutes on a Facebook quiz, finding out what cartoon character is your look-alike or how your IQ stacks up? These quizzes may seem like a perfectly harmless way to spend a few spare minutes. But have you stopped to think about what these quizzes are learning about you and how that info could be used? Take our quiz and learn more! QUESTION 1: When you take a Facebook quiz, the quiz: A. Is just for fun and doesn’t collect any info about you. ANSWER: C. This isn’t a back-of-the-magazine quiz — Facebook quizzes can collect and store the answers you give. But that’s not all: these quizzes can collect the information in your profile — and even information from your friends’ profiles — in addition to any answers you give. QUESTION 2: OK, that doesn’t sound good, but my privacy settings will protect my information, right? By default, Facebook’s privacy settings: A. Prevent any application from seeing anything on my profile unless I install and use that application. ANSWER: C. Facebook, no stranger to controversy over its policies regarding user data, does not have policies in place that reassure users that their information is automatically kept private. By default, Facebook’s privacy settings let applications access information on your profile even if you have restricted access to a specific network or friend group (as application privacy settings are separate from profile privacy settings). In addition, Facebook's default settings allow applications run by your friends to pull information from your profile. Surprised? Check out your settings and see for yourself! QUESTION 3: OK, so quizzes can collect a lot of info — but what can they do with it? The information that quizzes collect: A. Cannot be retained or used at all ANSWER: B — sort of. Facebook’s Statement of Rights and Responsibilities requires that application developers limit their use of any user data that they collect. That’s nice - in theory. But in practice, it only works if quiz developers comply with this limit. If they don’t, your information could easily be abused, sold, or released without your knowledge or consent. How do you know if you can trust these developers? QUESTION 4: No worries; Facebook screens developers carefully, right? To be a Facebook developer, a person or company must: A. Pass a thorough screening by Facebook and provide Facebook with a real name, address, and telephone number. ANSWER: C. That’s right: these developers — who are able to collect all sorts of information about you and your friends — don’t have to reveal their information to you (or to Facebook) at all. That means it can be hard for Facebook to enforce these developer data use limits - or even to know if they've been violated in the first place. QUESTION 5: All right, I’ve heard enough — I want to do something about it! The best way for me to take action is to: A. Use Facebook’s privacy settings to limit the information that my friends’ quizzes and applications can see on your profile. ANSWER: ALL OF THE ABOVE. Taking control of your own privacy by using the privacy settings that Facebook offers is a good start — but it’s time to start demanding more of the companies who hold our personal information. Tell Facebook that you want better privacy protection for your personal information. Sign up for our email list and join our dotRights campaign on Facebook to learn more about what you can do to control your privacy online. And stick around as we expand our campaign to reclaim control of our personal information and Demand Our dotRights!
Facebook's Latest About-Face
(Originally posted on the ACLU of Northern California's technology blog, Bytes and Pieces.)
Facebook, hardly a stranger to controversy, set off yet another firestorm recently when it changed its Terms of Use. The previous terms of service explicitly stated that Facebook’s license to use user-created content expired as soon as the user deleted the content or cancelled her account: You may remove your User Content from the Site at any time. If you choose to remove your User Content, the license granted above will automatically expire, however you acknowledge that the Company may retain archived copies of your User Content.The new terms, however, removed this sentence, suggesting that Facebook retained a license to user-created or uploaded content forever, whatever the user might do. This small change triggered a storm of outrage, eventually leading Facebook to reverse course and withdraw the new Terms of Use. Permanent License? Facebook presented the change as a simple attempt to clarify the previous terms with no practical implications on its treatment of data. Moreover, privacy settings would still “trump” anything else even according to the new Terms of Use. Still, these changes could have had long-term implications, granting Facebook a permanent license to share your content with anyone who could see it when it was last visible, even if you later decided to delete it or cancelled your Facebook account entirely. Even if Facebook didn’t actually abuse that potential, the possibility of future abuse would still exist. And while, as Facebook said, you would still “own” the content, at some point the difference between ownership and eternal irrevocable rights become rather blurry. Ultimately, the issue with Facebook’s new terms was one of control. The old terms made it clear that, as between Facebook and a user, the user was the one who retained official control over her own content, and could delete it any time she chose. The new terms turned that understanding on its head: Facebook, not the user, was asserting the right to keep information even after the user “deleted” it. Users Speak, Facebook Listens But this story has a happy ending: in response to complaints by Facebook users, Facebook has withdrawn its new Terms of Use and reinstated the old version. The reinstated Terms aren’t just a victory for Facebook users; they are a victory by Facebook users. If users work together, voices will be heard, and companies and lawmakers will respond. So keep working. If you are a Facebook user, join the "Facebook Bill of Rights and Responsibilities" Group and tell Facebook that you want control over your information. Push other companies to give you the same rights. Tell lawmakers that online privacy is important to you. And keep working with us to update privacy law and practices so that they aren’t left behind as technology evolves.
How Private is Private Browsing?'Tis the season for private browsing, or so it seems. Apple's Safari Web browser led the pack in introducing a "private browsing mode" in 2005; in recent months, the other browsers on the market have finally followed suit, with Google's recently-released Chrome and beta versions of Mozilla Firefox and Microsoft Internet Explorer adding similar features. What does "private browsing" mean, however? For the most part, these "private" modes are designed to protect your privacy only vis-a-vis other users of the same computer, whether you're at an Internet cafe or just trying to avoid letting your partner know what you're doing with their laptop (which earned these features the moniker "Porn Mode"). But do these "private" modes prevent Web sites from identifying you and tracking your actions? If so, how, and how effectively? Private Browsing and Shared Computers All of the browsers above offer features designed to protect your privacy vis-a-vis other users of the same computer — preventing others at an Internet cafe, library, or even your home from knowing which Web sites you visited or what information you provided. The mechanism in each browser differs, but the basic concept is the same: none of the sites you visit or the information you provide will be stored in your browser's history or cache, and any cookies that are generated will be deleted when you close the browser. It's worth noting, however, that private modes offer only partial protection. Certain browser extensions, notably the Flash animation player, generate their own cookies when they are activated — and these cookies are outside of the browser's control. Thus, while a typical user may not be able to retrace your steps, a sophisticated user may be able to do so. Private Browsing and Internet Sites Of course, other users of the same computer are far from the only ones who might be interested in your online activities. Web sites and other Internet actors also track behavior for a wide range of purposes. Does private browsing keep their prying eyes away? One way that Web sites track users is through the use of cookies. All of the new web browsers promise to discard any cookies accumulated while you surf in private mode — but what about the cookies that you've already collected before using private mode? Private mode in new versions of Firefox and Chrome both start "from scratch," ignoring any cookies you may have collected while browsing normally. IE and Safari, however, continues to share any cookies you collected before entering In Private mode. In addition, sites can use scripts to gather information about Web users. Third-party scripts, which are often used for advertising purposes, pose a particular threat to user privacy, as they allow a single entity to track your behavior across a wide range of Web sites. The only browser to address this situation is the next version of Internet Explorer, which has a feature called "In Private Blocking" that will block scripts that it will block "third-party content that appears with a high frequency across sites you visit." IE users will also be able to subscribe to lists of scripts to block, providing an alternate method of identifying and addressing privacy threats. However, none of these private browsing modes is capable of making your browsing completely "private" by preventing any site from recording your information. Your browser, and your computer, simply don't have that level of control. Web sites can still track you by using your IP address, they can still send and receive cookies within the context of the private browsing session (and many Web sites won't work at all without cookies), and they can still gather, store, and use data that you generate even while browsing "privately." Having a privacy setting on your browser is nice; having a privacy setting for the Web sites you use would be far better. Private Browsing and User Control We shouldn't have to "hide" our data from Web sites if we want to remain private; we should simply be able to tell them "don't record this session" and expect our request to be honored. While private browsing modes that use technical measures to protect personal information add value, they only take us so far. Getting Web sites and online businesses to respect our right to control our own personal information is the only way to truly browse privately. There's a long road to get there, however, and in the meantime, privacy-enhancing techniques like those seen in some of the new browsers are a welcome feature. We hope you'll take the time to tell Apple, the developers behind Chrome, Microsoft, Mozilla, and other software developers to keep up the good work. And, of course,we hope you'll continue to support our efforts to upgrade the laws to reflect modern technology, so that "private mode" is the default setting on the Internet. |
|
© ACLU, 125 Broad Street, 18th Floor New York, NY 10004 |
