Hacker News new | past | comments | ask | show | jobs | submit login
Ask HN: I don't get this privacy awareness outburst, can anyone please explain?
52 points by rick_2047 on May 23, 2010 | hide | past | favorite | 59 comments
Really, I don't get it. For a few months now everybody on HN, reddit, slashdot, stackoverflow or any other god-damn hacker hangout is talking about how everybody is ripping us off off our privacy. Facebook has been crucified already, maybe they will target google as here on HN I can see people moving to DDG just for the privacy (and not for the excellent programmer friendly results it gives). Every morning I log into HN and see a new article from someone's blog which tells how everyone and their uncle can attain more privacy. We have had privacy scanners and fixers we have had intense discussions on this topic.

I read all of this, understand most of it but I could never comprehend the idea of "privacy" online. I always assumed that whatever I put on the internet would be public now or in the future. Come to think of it, I put most of the stuff on internet just so a large mass of the world population can see me. My blog, my twitter, my facebook account all are there just so people who want to find me (or someone like me) can find me easily.

Google knows where do I live from my IP, so what? Facebook knows who I am friends with, so what? All this stuff was put up there just to make it public. If I don't want anything to be found I won't put it on the internet. It's not like they would steal my identity by knowing whom do I friend on the internet or what TV shows I like to watch. Nor would it harm me if webmasters know what word I searched to get to there website. All they want to know is what makes people want to come to there website. Where is the harm in it?

Maybe most of the people here would develop a deep seeded hatred for this post (maybe for me), but I just need to ask this question. Everyone I like from Cory Doctrow to the HN community wants to talk about something which I don't get. I know its a matter of principle to most of you. But I even can't understand that principle. So can you please explain all the privacy awareness outburst to me (without,preferably, flaming me)?




It's not about privacy. It's about trust.

People aren't upset that their data is publicly shared.

They are upset because they understood that it would remain private.

Tell everyone my favorite color and I don't care.

Tell everyone I have an STD after you promised me that you wouldn't, and we've got a problem.

It's that simple.


I agree, Ed.

I'd also argue the it's not really about geeks being upset that their own privacy is being violated. It's about other people's privacy. A huge percentage of normals don't understand the difference between a desktop app and what's inside a web browser. That ignorance can put them in very awkward if not dangerous positions. Here's why I've been part of the privacy propaganda mob on HN (without the flaming)

1. My niece and my geek friend. She's a very sweet, naive 15 year old girl who is the daughter of a conservative pastor. She loves to post pictures of her and her friends going to the beach, and camp, looking cute and goofing off. For the brief month that I tried Facebook out seriously, I had my niece posting pictures of herself in a bathing suit as well as geek friends posting comments like "MySql sucks dog cock" on my wall. Those online "friendships" needed to remain separate and in different circles of friends. And, I certainly don't want the "suck dog cock" friend ogling my niece in a bathing suit. I needed to have those relationships compartmentalized and kept private. Even had I figured out how to maintain that separation, Facebook could change that at will. I opted out, but my family still doesn't understand why.

2. My mother. She's now 74 and she bought her first laptop last year. She's on "the Facebook" because her grandkids are on Facebook. There is no way to easily explain how to maintain private/public information on Facebook. While she wants a tool to share status updates about medical conditions with friends/family, she doesn't want those broadcast to the world.

3. Rafael. I work with Rafael at my hospital. He worked in a 3rd world country as an agricultural minister before he got a visa to work in the US. After he got his green card, he packed up, moved to the US and changed careers to work in the health care field. He's been homesick so he's been catching up with old friends via Facebook. He went to a university 20 years ago with very communist leanings, and he's been talking to his friends/intellectuals about the political situation in that country. He personally knows several journalists who have been killed because of what they've written in the press about government corruption and drug cartels. He was shocked when I told him that his wall posts/conversations with his friends on Facebook were publicly searchable.

4. Alan. A former coworker of mine is a nurse, and he has issues. For a while, our hospital administration was in a tail spin about missing narcotics. Alan didn't show up for work one day, and I haven't seen him since. Another friend said that he was friends with Alan on Facebook, and several weeks prior, Alan had posted a status update on Facebook: "Vicodin, Valium and Vodka... the Holy Trinity".

I think you're right, Ed. It's about trust. But, for me it's not just that Facebook is changing their privacy policy. I, as a geek, know that anything I do online is inherently public. I use online tools with open eyes. Many Normals intuit wrongly that they are having private conversations when they interact with friends in a dark room via a laptop. That wrong belief can cause no end of problems for people.

That's why I'm on the privacy propaganda bandwagon.


What's weird is that it would be pretty easy for FB to make it easier to keep your stuff in the circles you'd like to keep it in.

They have deliberately chosen not to do so, and I don't really understand why. There's no advantage to them in making it hard, and significant risk. All that's needed to bring them total disaster is one good nationally publicized horror story. The groundwork for that story is being laid now.

I just don't the the upside of their choices. They could get away with selling anonymized data to advertisers. They could get away with letting marketers target you as long as they didn't sell your identity along with it. That's all stuff people will tolerate.

But why make your information public by default? What's the real gain there? I see a reason they might think it's of use if they think really shallowly, but sure they've put more than 10 seconds of thought into their core business.

FB can't go public while they maintain this approach. The investors would raise havoc over the risk it poses to the company. And rightfully so.

One good sensationalized story. That's all it takes at this point.


But why make your information public by default? What's the real gain there?

The more public data there is, the stronger the network effects can be? There are a bunch of decently supportable practical and principled reasons for this.

Since there are going to be leaks anyway, reducing the expectation of privacy is in their interest.

Getting more data searchable and public means people are more likely to consume more facebook time/data (alluded to above).

In the medium term, privacy for things people put on the internet is dead, and spending a lot of effort fighting a rearguard action seems pointless if you've already accepted where this is going. I think this is actually where most of this is coming from: Zuckerberg, Schmidt, and others have spent a lot of time thinking about privacy and the implications of a basically open internet (largely unused SSL, DNSSec, public key crypto), and they understand that the battle for keeping things private was lost more than ten years ago. We could have all been using encrypted-by-default everything by now, but the fact that we're not, and the fact that there's no movement on the horizon to do encrypted-everything, means that we're just not going to be able to put the privacy genie back in the bottle.


There's all sorts of private content available to approved people via the internet that's not available to the public.

Entire organizations use it as such.

The idea that everything on the internet must be public simply ignores reality and is shallow thinking.


There's all sorts of private content available to approved people via the internet that's not available to the public.

It's not how much oil hasn't leaked that concerns people.


If I surrender data to a big corporate server like Facebook, Amazon, or Google, even when they promise you privacy, I'd better assume it's public. There, privacy is dead, and information will leak. I think everyone on this thread will agree with that.

Now don't forget that the internet is not limited to the web of cloud computerized big servers. E-mail, file sharing and social networking are not that, for instance. They are decentralized by nature. They do not require Gmail or Mega Upload or Facebook. Such services can't last. They are a fad that will fade…

…If we do things right. We just need ubiquitous, easy to use personal internet servers. They are technically and economically possible right now. We have cheap hardware, and cheap software. We just need to wrap that up together, and massively sell them.

With a suitable propaganda about privacy and independence on the internet, the dream of a mostly decentralized internet may come true in less than 3 decades. And at that point, privacy on the internet won't be a problem any more.


That's the crux of the problem - that most people's mental model of what's public and private doesn't fit with the way that Facebook is currently arranged. Where there's dissonance people are going to get caught out, embarrassed, outed, sacked, or worse depending upon what sort of regime you're living under. Privacy breeches can be trivial or humorous, but sometimes they can also have much more serious consequences.

If you're a technologist who has followed the development of the web closely, and I suspect that most people on this site fall into that category, then you have a much better understanding of what the risks are when putting information about yourself online, but most ordinary Facebook users aren't technologists or hackers and don't have the same understanding.


It seems some of the culture around what newbies should do has also shifted, making it more likely that people will end up with their data somewhere they didn't expect.

It used to be that, even if they knew almost nothing about the internet, one of the first things hammered into a new AOLer was: you should be careful about putting personally identifiable information on the internet, at least until you understand exactly what you're doing. The norms for things like mailing lists and web forums were to use psuedonyms, etc. I think I was even taught that in a computer-literacy class in school at some point. So it ended up being sort of conceptually opt-in: don't put anything out there until you know what you're doing. That reduces the risk that a n00b will end up putting personally identifiable information into a system that they don't understand, that will use it in ways they didn't expect.

Facebook obviously sends the opposite message: put stuff out there by default, because that's how things work these days.


Why would you post that somewhere even vaguely public though? The vast majority of people I know are aware that Facebook isn't completely close. They may of course be surprised how easy stuff is to extract.

But the truth is that better and more secure privacy exists today than it did six months ago. And a pretty large number of people are aware of that.


> […] better and more secure privacy exists today than it did six months ago.

You sound like you're talking about something specific. Could you elaborate, please?


Facebook. The privacy controls are leaps and bounds better than last year. Also they are generally respected better (i.e. if you lock it down it is respected).

The problems, currently, are mostly to do with a) when privacy options are not being respected properly (by accident or design) and b) Facebook not making privacy options clear to "noob" users.

Irrespective; from the view of a security researcher with an interest in social media (like myself) it is a lot harder today to see someones private details than it was last year.


This is what you are looking for: Danah Boyd's SXSW keynote: http://www.danah.org/papers/talks/2010/SXSW2010.html

It's important to realize that "privacy" actually means "control over how your personal information is presented and revealed". Because having a magazine photographer with a telephoto lens take a naked picture of you and post it on the web sends a different message than posting that picture yourself, which in turn sends a different message than mailing that picture directly to a younger member of the opposite sex. Even if the pixels are exactly the same.

This is about the important social meanings encoded in the way you present something: Steven Pinker on "indirect speech as a window onto social relationships":

http://fora.tv/2007/10/15/Steven_Pinker_Games_People_Play

It's a bit abstract and academic, but this is HN, right?


One problem is that not everything people put on the web is intended to be public for everyone in the world to look at. Especially Facebook is seen as (and used to be) a way to communicate with people you know, not to be stalked by people you don't. It's a mix of broken implicit promises and false (but absolutely natural) expectations.

Another, perhaps bigger problem that you seem to have completely missed is that Facebook, Google & Co. don't just collect information about what you put online, but also about what you do online, and can correlate it to a frightening and potentially harmful degree:

"Dear Rick,

By analyzing your search and websurfing profile we are able to offer you products that are tailored to your personal interests. Included is your personalized catalog: "Kingsize anal dildoes".

Christmas is near, and you still haven't found the right presents for some of your family friends and colleagues? No problem! Just send us the name and address of the person you want to surprise with a special present and for only $5 you get a personalized gift catalog tailored to that person's interests!

42 of your acquaintances have already asked us about special presents for you."


In some respects you are right. However most people have, to date, assumed some level of privacy. The issues can probably be summarised as:

1) Lots of people using these services assume only friends can see/access their data. They don't realise that much of their stuff is actually visible to a much wider audience, or if it wasn't before, it is now, due to privacy policy changes. This problem is exacerbated by extremely complex and lengthy privacy options.

2) It's not just about what you are putting out there, it's what others are putting out there about you. Whilst you might be happy for a friend to post a picture of you puking at the prom, or smoking a fat reefer, and to have that image accessible by only your friends, you probably wouldn't be so happy for your prospective employer to see it, and would, I imagine, be pretty hacked off if an image like this became accessible through some privacy change.


We all have a vague, intuitive sense of what the appropriate degree of publicness and privateness is in a given situation. Although vague, our sense of privateness is incredibly fine-grained and what is perfectly normal in one context can be a massive violation in another, almost identical context. While some of us geeks might think of "public" and "private" in a binary, cryptographic sort of way, most people have a much more nuanced approach.

Consider for example the difference in privateness between two people sitting on a quiet park bench and two people sitting on a bus seat. They are both obviously public places, but there is a subtle but significant difference in our expectations of privacy. In one context, eavesdropping is perfectly normal (within certain bounds), in another it is quite sinister.

On the internet, these intuitions are frequently confounded. Someone who assumed that their facebook feed was fairly private discovers youropenbook. User 927 assumed that his search terms were just noise in the crowd until AOL published them all. Countless iPhone users didn't know that their photos contained their exact geographic location until 4chan had a go at ruining their life.

The problem isn't the level of privateness or publicness of a particular service, it's not even particularly about leaks or breaches; it's about people being completely unable to judge the level of privateness of anything digital. I expect most people simply would not use a 100% public medium for their private communications, so the "if it's on the internet, it's public" mantra isn't a great deal of use. I think this is one of the reasons why Twitter has been so successful - it provides a platform that implicitly communicates its privacy or lack thereof. Twitter's simplicity makes it easy to understand and integrate into your existing model of social appropriateness.

I think we come back to a very old and very simple principle of interface design - don't surprise the user. We should be trying wherever possible to design systems that are as private in practice as they would seem to be intuitively. Users don't read much of anything, so we need to think about other ways of communicating "publicness" and "privateness" in our software. We need to recognise that designing social spaces is not a primarily technical problem. Small differences in architecture, interface and even general ambience can create enormous differences in how a platform is used. This stuff is really hard and really easy to completely cock up and I think we need to think much harder about it. Nod to PG here - HN is IMO a great example of a subtly, intelligently designed social platform.


There are different levels and types of privacy, and people believed they had certain types of privacy, while understanding they didn't have others.

For example, I fully get that Google has my IP address and search queries. But I fully expect that you do NOT have that information. Likewise for my email on gmail. If Google were to take my old emails and post them on a public site I'd be upset.

Likewise, I'd be upset if Google went around my neighborhood gathering wifi data. Unencrypted or encrypted (which given their computing power, they could likely break, given the state of current implementations) I'd not be happy -- it breaks the unwritten assumption I have about what data is private.

And the relationship with advertisers is another issue. This is more an issue that I have finite time to deal with things and the last thing I need is for Facebook giving my name and email address to thousands of advertisers. And companies like Apple probably even have your credit card info. You probably don't want them giving that info away to advertisers either.

And lastly, there is also a component, at least in the US, of fear of intrusion by the government. If for some reason, the government wants to start auditing supporters of gay marriage, they could use the Patriot Act to narrow down the real name of Jack_2099@yahoo.com. The less info Yahoo and other sites have on you, the more difficult this becomes.

The fundamental question is why give up your privacy? What are you getting out of it? What do you potentially have to lose? Not today, tomorrow, but what about in ten years? There's very little upside to losing privacy, but _potentially_ huge downside.


It doesn't matter until you're denied a loan application or a job interview because of what is out there about you.


This is something people have been saying since long before facebook when myspace was the undisputed king of social networks. As early as my freshman year of highschool nearly 8 years ago teachers and administration were telling us to be careful what we put on the internets and the myspace because our prospective colleges and jobs would be looking at them.

I hate to generalize and single out a group, but of the people I know I feel like the only people who didn't understand that facebook had very little privacy were the older parents and family and such who all joined after they saw all their kids doing it.


+1 This is exactly the issue. There are many, many people out there that don't feel like something is a problem until it literally bites them in the ass. This applies on and off the Internet.


It's currently a trend like any other trend. There's a huge amount of the public (specifically the younger generations) both content to follow and eager to conform and fit in. It's my guess that a huge amount of people are doing that. Of course, the whole privacy debate started because of what was viewed as an actual issue that was uncovered. While you may have the common sense to think what you post online might not remain private, many people do not understand that. When Facebook made a conscious decision to make privacy options essentially off by default, a lot of people had a problem with that. They felt tricked that they didn't have a say in the matter.

As any other popular topic, it's going to have a long wind because any blogger or news outlet wanting a little extra attention is going to rewrite posts, come up with new accusations, and highly publicize every development.

I'm for privacy, not because I expect it, but because I prefer to control what other people can learn about me. The real issues with privacy are situations like an abusive ex-husband being able to relocate his wife due to a privacy breach or a private matter publicized.

I hate those posts too, I'm tired of them but it's not going to go away and the best you can do is ignore. When this issue is over, there will be another equally unreasonable issue making headlines.


When you become a member of some website, you look it over, you weigh the advantages and disadvantages, and maybe after reading their various policies (ok, probably the majority of the people doesn't read them) you decide to sign up.

You do that with the website as it is at that moment.

If at a later date the website owners decide to use the data that you gave them under your previous image of that website in new, creative and unexpected ways they are effectively breaking the unwritten contract between their users and themselves.

This will usually cause a backlash, but only in a small portion of the userbase because most sites are too small to get significant mainstream press coverage.

When sites like facebook get involved in this sort of thing the media will latch on to it immediately because of the potential audience for the information. This will then piss off more people that otherwise would not even have realized something has changed and so on.

It's a side-effect of the network effects that facebook profited from when they established themselves, I don't think it is possible to have the one without the other.


As I see it i's just part of the elastic bouncing between extremes.

Just 10-15 years ago privacy was a huge issue between parents and their children. People assumed -any- personal information made their kids targets for predators (which isn't necessarily untrue, but that's another discussion).

That view morphed into people blindly shouting personal details of their lives at the Internet.

The natural trend is to become more privacy aware. As more people use the Internet those people are more concerned with who see their content (my addition to the examples is Daughter: O_O I'm pregnant. Mom: WHAT). Sure, people argue to only post what you want everyone to know; however, Facebook is artificially stretching the concept of privacy from blind shouting into radical openness.

This artificial manipulation in one direction causes the opposite side to recoil (perhaps violently) in an attempt to maintain a sort of homeostasis.

That and people don't like having some faceless corporation take control from them.


It's probably to late to care anyway. Google probably has your searches of the last 10 or so years, your email, it knows the places you have been, your parents, your friends, the pages you visit every day, the kinds of porn you like, what disgusts you, what you really like, what you buy, how much money you can dispose of, and so on.

I don't like that. I probably would give that information only to some of my best friends, and maybe not even all of it. I don't intimately know google enough to trust it with all that data, google is not my friend. The only thing I know about google is that they make cool online webapps, and that they have a great search engine, but that does not make them my friend, so they don't have my trust. That's why I try not to give it too much info about me. The same holds true for facebook, and every other online service I give info about me.

But this is just me, and what I think is probably not what the majority thinks.


When you are right about something, people tend to eventually share your point of view. Don't give up.


People don't comprehend how insecure the Internet is. They take for granted that their information will remain private unless they explicitly wish to share it publicly. This may be naive, but ideally this is how things ought to be.

The reason these issues have been at the forefront lately is that mainstream media has picked up the story. Facebook has, to use a cliche, reached critical mass. Everyone and their dog has a Facebook profile, so when something involves Facebook, even if it's a slightly more technical topic than usual, people are interested and want to understand.

Combined with other coincidental events, like Google being compromised by Chinese hackers, and people start thinking about it.


I disagree that it is just about "trust", as someone above asserts, although that is a big part of it. Many people indeed are upset mainly about the violation of trust rather than the underlying privacy issues. (The intrusions are not advertised, explained clearly, and the amount of interconnectedness is quite beyond most people's understanding.)

However, one component of all this I find distasteful is the more or less explicit coercion into revealing private information to use a service which, in some cases, is perceivedly or de facto necessary for one's livelyhood, social life or whatever. In particular because the offline equivalents or predecessors never needed such. You can argue that a teen does not need to use a virtual (no pun intended) monopoly like Facebook, or that no-one really needs to use unencrypted e-mail but that is just not realistic.

The (soon-to-be) ubiquity of the WWW or internet in general means that it cannot for long be allowed to go so radically against people's privacy expectations (some countries already offer better protection than others). The solutions may well be created by the private sector - say, making HTTPS and encryption for e-mail or equivalent the defaults.

Disclaimer: For this and other reasons I have avoided Facebook, MySpace et al., do not exclusively use Google's services, handle my own e-mail and so on. I am under no illusion that I am particularly secured against a concentrated effort, but I am satisfied I have limited my exposure somewhat.


You're right, there is no problem with privacy. At least, for me & you.

That's because we know that our facebook data went from private to public a long time ago, and we have modified our behaviour accordingly.

However, you should also therefore know that not everyone in our social network understands the implications of these default changes.

So, the geeks are upset on behalf of the non-geeks they know and love.

And they should be. If you don't think so, I challenge you to question 5 of your less techie friends and family on this issue. You will be amazed at how few of them (a) understand what the hell you're on about, and (b) care.


http://en.wikipedia.org/wiki/Physician%E2%80%93patient_privi...


Out of curiosity: when did you start your Facebook account, at what age (approximately), and were you in school at the time?


I agree with him, I started my Facebook account in fall of 2004, and I'm 24. It was about a month or two into my freshman year of college. First day Facebook was out.


I started facebook when I got into freshmen college, which was this year. I mainly started to use it as people like to share assignments on there fb accounts(we are not emailed our assignments)


Right. Here's my experience. While I obviously don't speak for everyone -- steveklabnik is an obvious example of someone who would disagree despite his seniority on the site -- I'd like to think I'm not the only one thinking along these lines.

I created my Facebook account in late 2005, in my first semester of university. (This was a couple of months after Facebook was first opened up to non-American schools, including ours. My user ID was #1714 in our network.) You might know the history. Only secondary and post-secondary students were allowed to register, and by default your profile was only visible to people in your school. I seem to recall allowing friendships between people in post-secondary and secondary networks was a big deal. There was no newsfeed and there was no API.

It was a very walled garden, but for better or for worse, it was walled reasonably tightly. Bugs were definitely there, but they were usually bugs, not deliberate action. At the time, Myspace was king, and Facebook was definitely presented as a less cluttered, more closed, more elitist, safer, cleaner version of that. You felt like what happened on Facebook would stay on Facebook, and people behaved accordingly. It's sort of like email -- you might realize that it's pretty trivial to eavesdrop, but few people who do realize that will write emails as if everyone could read them. It's more like a real conversation if you don't. There was no sense that whatever we put on Facebook would be public, now or in the future. This was a campus conversation: people might eavesdrop occasionally, but the walls don't have ears or eyes.

Then Facebook realized they want to make money and started to slowly turn up the heat on the frog cauldron. You've likely followed the story -- opening up to registration for everyone, loosening defaults, Beacon, applications, 'likes', instant personalization. All along, it started feeling a bit less like a dorm common area where you might chat with friends and more like the internet, where you have to watch what you say. Less like a BBS and more like a job application.

Should we have realized Facebook would eventually become what it is now? Probably, but we were eighteen and enthusiastic and idealistic and more than a little bit stupid. To be honest, I don't think even Zuckerberg knew in 2005 what he would do with Facebook in 2010, and we implicitly hoped it wouldn't change that much.

Now, I understand why Facebook is doing this. I mostly stay on top of the developments. I started gradually removing the personal of information from my profile a while back. (When signing up, I gave a fake birthday, left gender blank, etc. Still, there is room for feeling betrayed when you realize that no, you simply can't stop people from seeing your profile picture at 200 px wide. That doesn't leave a lot of room for optimism as to what will happen to walls and status updates in a year or two.) At this point, my profile is nothing I wouldn't want or care about the internet at large seeing -- and that's a lot less than it once was. The most recent thing to go were 'likes'; I don't like being described by foreign keys in a database, not to that degree. Call me picky.

I'm not even outraged. By now, I've come to expect Facebook to fuck up when implementing new things, to change defaults on me without notice, to open me up to the internet. I conduct myself accordingly. That's probably not the reaction they are hoping for.

Still, there is a sense of sadness. I care, because Facebook of yore was better for us. It didn't make money, but that doesn't change the end user experience. I miss having complete control of everything I trust Facebook with. I miss being able to put "post-beat-power-puff-dance-punk-youthloud-romantic-garage-pop extravaganza" as my favourite music without some dumb script trying to make sense of it. I miss the four whimsically named groups I belong to that were unceremoniously removed from my profile in a not-so-subtle attempt to get me to 'like' things instead. I miss being able to name my hometown as Trójmiasto, rather than having to name one of the cities belonging to the metropolitan area known by an informal name because Facebook wants a link to a database of all municipalities on earth. I miss what I once had.


How much of this is perpetuated by 'echo chamber' I wonder?


As someone who can be described as a Gen X'er, I have the same position now, as I did when I first saw Myspace and Facebook - I don't want to be part of it. The lack of privacy is a huge problem, and the worrying part is that it seems that the younger generation has a much lower threshold than others. I guess they are not old enough to have fully experienced or thought about the potential risks.

I take great care in how I present myself on the web. I have blogs and share photos online, but only on personal sites that I have full control of.


[deleted]


I don't understand. Are you trying to be funny, or just really lame?


Making a point. It's exactly the sort of problem a lot of Facebook noise-makers are focusing on.

There are different levels of privacy, and privacy can be expected online. How else do you buy anything online? You're giving out your credit card / bank data and billing and delivering address, but when was the last time you saw those broadcast online to everyone who can google your name?

If Amazon started listing names of people who purchased things (and what they purchased), you can bet people would get pissed. What Facebook is doing is about the same thing, and it's getting worse all the time, hence the uproar. But remember the uproar is happening in a tiny amount of the internet - the goal of all this is to get the average user to realize what's happening, because they should be upset about it.

edit: As an example, take a look at the Facebook phone number site. People are clearly expecting FB to be holding things at least somewhat private, when they're not. And they keep opening things up further and further, and the UI keeps implying it's just you and your friends. Nobody but us geeks even consider reading privacy statements, so the UI is all they go on.

http://news.ycombinator.com/item?id=1370786


The bottom line is, other people don't have the attitude you do about online privacy. That explains it all.

And maybe they didn't think about it, or they trusted it, and they just woke up and realized how much dirt there is to put together on them. They weren't consciously deciding that online = open.

They're realizing that these free "tools" aren't tools at all; they are big, nasty companies. And their user data is the product.

Nobody likes waking up and realizing they're a product.

Also, trends come in waves. The 'privacy' thing comes in waves. The 'openness' thing comes in waves. Everything in life is a pendulum, from boom & bust economies to the level of religious fundamentalism.

Nobody seems to put that all together, but these waves of trends are largely BS, almost totally ineffective, nothing will happen, and it will disappear, only to reappear again in a year or two when the next big co. sells its user data without warning.


I don't think the author has the attitude he says he does. No-one truly can stand by the statement that everything they put online they expected to be public at some point.

So, your banking is online, your email is online. Clearly you expect some things to not be public. The question is about where that line is and whether someone moves it without your say so.

People would indeed freak at Google and banks if they revealed what they promised they wouldn't. And that is the issue with facebook, they told people they wouldn't share this stuff and so people used facebook to tell their close friends stuff and facebook moved the line, repeatedly.


You're not putting your banking online—you're accessing a private service on an individual computer using a cryptographically-secure protocol. That's basically no different than having a direct hard line to the company's servers; there's no "Internet" involved, and therefore no "public" involved.

Email is public. It is hugely vulnerable to MITM attacks at every step of the process, not in the least by the postmasters of Alice and Bob's companies or ISPs, both or which are subject to police search as well as social engineering under the guise of police search. Unless you create a secure channel over email, you should always treat everything you say in an email as if, well, it was posted on your facebook wall. No sending email to your human trafficking buddies, in other words.


I'm late to replying to this, but your response is the reason why many geeks don't get the problem here. None of what you just said makes any sense to my sister or my wife's aunt, both heavy Facebook users. "Cryptographically-secure", "MITM", and "social engineering" are meaningless phrases to them.

They hear the word "email", and they think, "the Internet version of the letter I used to stick in a mailbox", and they make assumptions about the level of privacy their communications enjoy. They log on to Facebook, see a list of updates from people they know, and immediately have a feeling of close-knit community; it simply doesn't occur to many Facebook users that something like YourOpenBook could possibly exist.

You and I understand and appreciate the subtleties of online communication. They don't.


Actually, I'd say most people do have the attitude he has about privacy, which is what makes the wave of privacy hand wringing mildly annoying. Most regular users of Facebook or Google couldn't care less. I can't back this up with data, but I'd bet on it. Even if its a lot in absolute numbers, the materiality threshold is really high. If ever HN user and every techcrunch reader quit facebook tomorrow, I doubt that would be enough to provoke a drastic course correction from fb.


Most users simply don't realize how little privacy they have online and what consequences it can have.

They're relying on social instincts that tell them that only the people they percieve as being present can hear what they say, and that it might get passed on, but thereby becomes hearsay and gossip that can be denied.

They may know intellectually that online statements are much less ephemeral and private than spoken words, but the act based on their instincts, not their knowledge.


How do you know that most Facebook users think like that? I believe most users have a better understanding than you are giving them credit for.


have you ever talked to normal people about technology. not to teach them, but to understand how they think? you could figure out how accurate your belief is.

geeks take the basics for granted. For example: here are normal people answering the question "What is a web browser": http://www.youtube.com/watch?v=o4MwTvtyrUQ.

talk to normal ppl about IP addresses, privacy settings, open graph, API, etc etc and their eyes glaze over. in my experience, most of them have no clue. (not because they're dumb, mind you - it's because they don't live and work online like most of us.)


http://www.geekologie.com/2009/08/how_to_lose_your_job_via_f... http://www.geekologie.com/2008/10/moron_calls_in_sick_busted... http://www.readwriteweb.com/archives/how_google_failed_inter...

Anecdotal evidence for sure, but my main point wasn't even about what users think, but about them acting based on social instincts without giving it much thought.


Facebook's biggest demographic is 30 something women with kids. They are unknowingly putting pictures of their kids in public. Young bachelors don't understand the outrage, but one day you will.


A citation on this pretty please?


His remark might not be 100% accurate, but it's pretty damn close:

http://www.insidefacebook.com/2009/02/02/fastest-growing-dem...

The majority of facebook users are women 26-44: no word on their maternal status though.


Please tell me that you're not talking about sexual predators viewing pictures of children.


First of all I thank all of you to post such a nice explanation (without flaming me). I don't have much time to put all my thoughts but I must tell you I have realized that the confusion I had was due to my differing background and some wrong inferences of the topic at hand itself simple barriers to communication which led to this catastrophic failiure of communication. I always assumed online means public and that was a wrong assumption.I will elaborate this as soon as I can.


I remember an IT guy telling me that the extent of privacy when sending an email is roughly equivalent to talking loudly on a public streetcorner. Hyperbole I hope, but everyone assumes that email is private - Hypothetically maybe, but realistically I doubt it. The only thing truly private is the inside of your head. Tin foil hat aside, the problem the OP misunderestimates is the boundaries of marketing. Every ad agency would love to have realtime data of your BP and heartrate when viewing their commercial, and if they could, without your knowledge, they certainly would. Of course no one would sign an opt-in clause.


Hyperbole I hope

You can stop hoping. The great majority of email is sent in plain text (SMTP) and as the datagrams are routed from machine to another, they're open to interception, and in fact, are routinely logged.

SSL/TLS are cryptographic extension that attempt to secure messages in a socket communication, and by extension, application layer protocols such as SMTP.


Is it really that easy to hack emails without getting caught? Judging by the Sarah Palin hacker, the risk if caught seems pretty high.


It's not even about hacking emails. Some people have legitimate access to the information and abuse this by simple snooping or eavesdropping.

Back in the early 2000s a friend of mine worked for a large consultancy in Canada and often had to work on equipment in the Bell/Sympatico (largest ISP in Canada at the time) data centers.

While he was there, he said the network techs would routinely snoop the traffic of the customers at the router level to see what web pages they were looking at, and grep'ed mailboxes on the servers looking for funny/dirty pictures or private information (credentials for porn sites were a big one)...

I'm sure this isn't a common thing, but you can bet it happens..


If done by an individual, sure. For large organizations with political power, I suspect it's a whole 'nother ball game.


As promised I am back with a longer post explaining what I learned from this thread of interesting discussions (after studying and taking a 6 hour sleep). First of all I thank again all the people who explained things so well and enabled me to infer things which otherwise I would have overlooked.

In my first year of engineering I took a course in communication skills. Our second lesson was titled "Barrier to communication" in which we studies what type of inter, intra and organisational barriers are there to communication. I read whatever was written here with an open mind I tried to infer what went wrong in terms of those intra-personal barriers. I found myself guilty on 4 counts of barriers. Let me list them all out.

1)Wrong Assumptions: As I had stated in my original post, I always assumed that internet == public. To me posting something on the internet was like posting it on the bulletin board of the classroom or college. Thus, when all this concern over privacy started I had incongruent thoughts from the privacy aware people.

2)Varied Perceptions: Due to my wrong assumptions, I perceived whatever I read in a very wrong way. It felt like people were suddenly and randomly picking up on something to argue about and hate. This was not so. People had different notions of what to keep to certain circles and what to make entirely public. Thus this barrier further confused me.

3)Differing Backgrounds: Now this is perhaps the most strong and significant barrier that I had. I failed to understand that most of the people who are writing such essays do not have the same cultural background as me. Most of these people were from a developed country and there is certain culture of independentness there. People have different circles of people who are oblivious to each other. But this is not true for me. I grew up in a liberal Indian family. Now a "liberal" Indian family knows everything about each other. And I am not talking just about my nucleus of mother father and sister. I am talking about relations till first cousins. I meet these people every few weeks and they know all about me. Thus everyone in my FB stream knew something or the other about each other and had a actually posted keeping in my that those people would be seeing all this stuff.

4)Impervious categories: I must be ashamed of my self that I fell for this trap, a trap which I like to avoid like a disease. I didn't come in to this discussion with an open mind, I only responded to notions which were congruent with mine. This way I was not able to get to grips to all these thing before.

When I posted this question I had decided keep my mind open and try to understand what happened here. I think I got to grips with most of the problems people have been talking about. Here is a list of what people claim to be the problem with them

1)They do not have total control over there data. So they cannot separate things among groups.

2)Sites like FB violated there trust when they made things public. I read some history and found that when the site was started people joined up so they can share things in private, but now that is very hard to maintain.

This is all I have learned from this brief discussion here. And I again thank you for explaining this to me.


hey zuckerberg..... LURK MORE


People like complaining and crucifying. For many years, Microsoft was the obvious target, but the last couple of years they've become ever harder to fault on principle (they still produce bad software), so the pitchfork mobs need a new bad guy. Someone started drumming about privacy at the right time, and the mob latched on. That's about all there is to it.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: