Opt-in/Opt-out: How to Add Shades of Gray

Update: See related CMO.com article The choice of opting in or out, as presented by many businesses to their customers, is a limiting one. Adding shades of gray to the options improves the likelihood that your customers will find one they like. Enlightened e-newsletters are already using this principle by allowing their readers to select from a list of different newsletters that target different aspects of the subject matter. Many of these newsletters also allow readers to select the period (daily, weekly, monthly) at which they’d like to receive the newsletters. As described in research by Wilson, et al, providing users more choices leads to higher customer satisfaction and the sharing of more data. I was lucky enough to sit in on a talk by Professor Sadeh of Carnegie Mellon University describing this research a few years ago. It was then that I decided to create methods to enable “shades of gray” for a broader set of data types. This paper describes an application that enables its users to share their location. Shades of gray can be easily added to location by changing the resolution of the data. Resolution can be changed by adding noise or decreasing the data precision. A simple resolution set for location could be: Latitude & longitude provided to the precision of the measurement method 10 meters (e.g. in a building) Block Zip code City State Country Hemisphere How do you create similar resolution sets for other types of data. The first step is to create a taxonomy of the different data types you’ll be dealing with. Make the taxonomy as simple as it can be without losing important distinctions. A data taxonomy for data related to a bike ride might be: Location Speed Acceleration (could be calculated from other data) Altitude Rider age Rider weight Rider heartbeat Rider respiration rate Pedal force (could be calculated from other data) Gear selection Cadence (could be roughly calculated from other data) Bike weight Bike type Bike manufacturer Bike component model & manufacturer Bike drive train efficiency (could be roughly calculated from other data) Temperature Humidity Date-time Tire pressure Some of the bike ride data elements are dynamic, requiring small sampling intervals, while others change slowly enough that they could be described using a single sample that is structured as part of the ride’s “context”. Some of the data elements, as noted above, could be calculated from other data elements and reasonably removed during a follow-up normalization step. The above data set works well when comparing bike ride to bike ride, but what if you want to compare a bike ride to other types of transportation or recreation. One obvious way to generalize the taxonomy is to change...

Read More

Distribution Scope, Security, and Useful Tools

While working on the Facebook Privacy Informer App, I had to tackle the issue of “Scope of Distribution” of your personal information. Actually, this should be more properly named as “Scope of (Intended) Distribution”. Facebook privacy controls allow you to set the distribution of various aspects of your Facebook profile. In general, the controls allow you to set distribution to: (The inappropriately named) “Only Me” A subset of your friends, Your friends Groups that you belong to The general public Why does Facebook say “Only Me” when you share information with Facebook? Shouldn’t the setting be labeled, “Only Facebook (and whoever they decide to share it with)?”. Even when you spend the time to tune those controls, there will certainly be leakage of your information beyond your intended settings. Facebook has enough money that you would think your biggest issues would be their intended privacy violations (sales of tracking ads) and your own privacy control lapses (friending people you don’t personally know). Unfortunately that’s not really true. There is a 1 in 4 chance that your account will be hacked this year. Given the information that Facebook acknowledges it holds about you, and other information it won’t tell you about, that’s somewhat alarming. With all that information, and many examples of leaky security, what happens when the almost inevitable major breach occurs? Still… Facebook is a very useful and entertaining service for many of us. So the issue is not how fast we run away from it, but how we control our risk to value ratio. The Privacy Informer Apps is intended to provide feedback on your risk and strategies for reducing that risk. The Privacy Informer for Facebook app is currently in development and has had limited demos. One of the issues I had to incorporate into the risk scoring strategy was Facebook’s distribution scope controls. Once I  added that factor to the scoring model, I saw that it could also be used to incorporate security and reputation risks into the scoring. An example of a security issue is when Facebook says that it will only share information with your friends, but then one of your friend’s account gets hacked. A reputation issue is when Facebook gives you control over some information, but then hides other information about you that it intends to monetize. In both cases, there is an expansion of scope beyond the limit your settings indicated. In this model, if you set that level to be “Friends”, I adjust the risk value calculation to include some leakage to the public. That adjustment begs the question, how does one know how much to tweak the value? That’s where some interesting tools and data sources can provide...

Read More

Update: Recent Online Privacy Activity

I was on a development death march for the weeks leading into the Internet Identity Workshop #13 (conference notes to be posted soon on the IIW website), but I succeeded and showed the Facebook Privacy Informer App at the conference. The goal of the Privacy Informer App is to analyze the inherent privacy risks associated with a particular website or online service. It then convolves the inherent risk metrics with how the viewer has configured their website and browser privacy settings, and generates a final number that rates your personal privacy risk (see this earlier post for more info on the algorithm). Detail data, and strategies for controlling that risk while still getting value out of the website or service, are also provided as a result of the analysis. Back in August, when Facebook made major changes in how they present your privacy settings and how they dynamically load their pages, I had to do a major retooling of the screen scraping code in the app. So I created a table driven, asynchronous, sequencing engine in cross-browser compatible JavaScript. I also used Kynetx to trigger the app when the browser loads the Facebook Privacy Settings page. The engine runs from the viewer’s browser, which has some advantages and disadvantages over one that runs as a web service. To make the basic sequencing engine useful, I added several “filters” and actions that can be included in the sequence table, to scrape the information off of Facebook and send it out to my server for scoring. The weakness of that approach is that I had to put the Facebook page into an iframe. Those of you familiar with using iframes know that while they’re useful for creating mash-ups, some websites abuse them to steal Google link “mojo” from the organization that actually created the content. For that reason, many websites include code that detects iframes and refuses to render the content. And that’s what Facebook recently did to break my Privacy Informer app again. Other apps that review your Facebook privacy settings, like the Reclaim Privacy app, appear to have been broken by that same change. Now, I have to create a true browser add-on to do the screen scraping without an iframe. That also means that I have to create an add-on for at least four browsers – Safari, Internet Explorer, Firefox and Chrome. It helps that I only need to put some of the URL detection, context data and sequencing into the add-on, and that I can leave a lot of the code in JavaScript. That should reduce the difficulty inherent in supporting multiple browsers. I’ll be done with a Facebook and Chrome version of the app soon, and...

Read More

Pop-Psychology and Privacy

Maslow’s Hierarchy of Needs, a popular tool for many pop-psych discussions, also provides a useful framework for discussing privacy. The privacy concerns that I described in my previous post can be mapped to Maslow’s Hierarchy as: Will I be harmed? => Safety Will my property be damaged or taken? => Safety Will others think bad of me? => Esteem Will I be bothered by people trying to sell me stuff? => Self Actualization Let’s think about that last one. Is Self Actualization a useful label for my concern about being bothered? I do think that being bothered takes my attention and resources away from my prime task of being the best “Dwight Irving” that I can be. It‘s interesting that there is no privacy concern in my list that can be related to the levels of Physiological, Love and Belonging, or Self-Transcendence. Given those gaps, I wonder if I’m missing something. Should “Publicy” and “Publicness” (see Stowe Boyd and Jeff Jarvis ) be considered as the privacy concepts that come in at the Self-Transcendence level? Some think so. Even if Publicness and Publicy should be the goals of my quest for enlightenment, I’d rather make that decision myself by controlling the release of my data, than to let others grab my data and make the decision for...

Read More

Facebook Privacy Settings

I’m working through Facebook’s Privacy settings this morning as part of a new design and engineering project. Johnny Lang in the background singing “Good Morning Schoolgirl” seems very apropos. Have you taken the time to look through your Facebook settings lately? While I expected most of what I saw, what really struck me as weird were the permissions that may be allowed for friends-of-friends, and for the apps that friends install. Like many others, I personally know all of my Facebook friends. Like most others who use Facebook, I have friended some who are only brief acquaintances. Even of those friends that I know well, I don’t have a lot of trust in their ability to identify online scams and data harvestors. And given what little trust I have for my friends in that area, none of it transfers to friends-of-friends or the apps my friends use. Why would anyone give friend-of-friend access to their detailed profile and social network information? Why would Facebook, by default, allow friends-of-friends to view my birthday, wall posts (and my friends’ wall posts), political and religious views,  and photos? Why should the apps that my friends install have access to my profile by default? If you don’t already have a good understanding of Facebook privacy settings, I suggest that you read this [updated 1/14/2016]. If you also want to see all the permissions that Facebook apps may request, check out...

Read More