Category Archives: Privacy

How much is your privacy worth?

Fascinating post on MSNBC about the price users put on Privacy…The post talks about experiments where users were asked how much they value their private data. Customers were asked the question in two ways:

  • How much are customer willing to pay to protect their privacy?
  • How much do customers want to be paid to share their private information?

As expected customers wanted a whole lot more money to share their private information while very few were willing to pay to anything to protect that information. I think people have this assumption about privacy that its something they just have…and I think its an artifact of how things used to be before everything changed because of technology. We now need to reexamine our assumptions about how much we really value privacy and come up with a more rational value (rather then have endowment effect and other psychological factors skew our judgement) … This is too important for everybody.

And What About Privacy?

Very interesting article in the NYT today about how people are blogging about their finances.

No Privacy

When a woman who calls herself Tricia discovered last week that she owed $22,302 on her credit cards, she could not wait to spread the news. Tricia, 29, does not talk to her family or friends about her finances, and says she is ashamed of her personal debt.

Yet from the laundry room of her home in northern Michigan, Tricia does something that would have been unthinkable — and impossible — a generation ago: she goes online and posts intimate details of her financial life, including her net worth (now negative $38,691), the balance and finance charges on her credit cards, and the amount of debt she has paid down since starting a blog about her debt last year ($15,312).

Her journal, bloggingawaydebt.com, is one of dozens that have sprung up in recent years taking advantage of Internet anonymity to reveal to strangers fiscal intimacies the authors might not tell their closest friends.

Like other debt bloggers, Tricia believes the exposure gives her the discipline to reduce her debt. “I think about this blog every time I’m in the store and something that I don’t need catches my eye,” she told readers last week. “Look what you all have done to me!”

A decade after the Internet became a public stage for revelations from the bedroom, it is now peering into the really private stuff: personal finance.

A blog called “Poorer Than You” (kgazette.blogspot.com) describes the financial doings of a 20-year-old film-school dropout. (Typical post: “Yesterday we ate lunch at Subway for a total of $8.00, and went grocery shopping … with a list! And didn’t buy anything that wasn’t on it!”) On saveleighann.blogspot.com, Leigh Ann Fraley, 37, provides daily accounts of her escape from $19,947 in credit card debt.

“I teach people how to get out of debt for a living, but I couldn’t do it myself until I started the blog,” said Ms. Fraley, who conducts seminars in personal finance for a bank in Northern California. “I started to write everything down, like, ‘I saved 20 cents today by parking at a meter that still had time on it.’ I tell things I wouldn’t tell my family.” When she finally got out of debt in December, she said, “The blog was the first people I told.”

A Boston couple who call themselves the King and Queen of Debt started their his-and-hers blog, “We’re in Debt” (wereindebt.com), last March as a way to talk to each other about their debt. They owed $34,155.70 on their credit cards at the time, and an additional $120,000, mostly in student loans.

“My wife and I have good communication skills in every avenue of life except finances,” said the King of Debt, insisting on anonymity because, he said, “We don’t want our parents to find out and kill us.”

Starting the blog, he said, “was a way to communicate. We’d write articles and learn about each other. She learned how addicted to gadgets I was. When we married we never talked about finances.”

This is really shocking that people can blog about their personal finances and think that blogging keeps them accountable. Its either a sad result of lack of social support system in most people’s life or a truly emphatic example of social nature of human beings…What do you think?

10 Minute Mail

10 Minute Mail is a new service for creating temporary email addresses. These addresses can be used for registering on sites that require users to provide an email address. The goal is to to rid users of a lot of unsolicited spam emails. Chris Null from Yahoo! has a review of the service:

Well here’s a brain-dead simple solution to the problem: 10 Minute Mail (Note: Web traffic from this story may be causing the 10 Minute Mail site to crash. If it doesn’t load, try it again later.), which provides, for free, exactly what is promised in the name: An email address that vanishes after 10 minutes. There’s no registration, no verification. Just click over to the site and hit “Get my 10 Minute Mail e-mail address.” You’ll instantly be given an address that ceases to exist after 10 minutes. You can then use this address in filling out web forms or whatnot, and a very simple web-based interface gives you full access to any mail the account receives. You can reply to any messages, but you can’t send mail to an account that hasn’t already emailed you. If you can’t get the job done in 10 minutes, you can reset the timer to 10 minutes at any time. There’s no need to login, no password to remember.

For safe surfing and spam avoidance, I haven’t found a simpler, more elegant solution than 10 Minute Mail. It works flawlessly and couldn’t be easier to use. It’s earned a place in my Favorites folder. Give it a spin and see what you think!

I can see this being useful when you want to register for some event or something but you don’t want to receive any follow on emails…Typically, though, most users (including me) have an email address just for the purpose of registering for services that could send spam emails.

Now, what happens if a site requires users to give a valid email address, as part of their term of service (TOS). Isn’t using 10minutemail generated addresses a violation of such terms? Also all the emails that this service generates are from domain 10minutemail.com…Couldn’t the sites that are asking for user email address just reject emails with 10minutemail.com domain, as part of email validation?

Why mask your identity to access a service

Overall, it just seems like a wrong solution to the problem. The real solution is to punish businesses or service providers that spam their users by signing out or boycotting them. Trying to fake one’s identity to avoid potential spam mail, just does not seem like the right way to address this issue.

CopyBot

Great article by Jennifer Granick, on the issues facing Linden labs, the creators of Second life, due to the bursting on the scene of CopyBot. For those not familiar with the havoc a new program called CopyBot, is causing to the economy of second life, below is the summary of the issue from the article:

Businesses in Second Life are in an uproar over a rogue software program that duplicates “in world” items. They should be. But the havoc sewn by Copybot promises to transform the virtual word into a bold experiment in protecting creative work without the blunt instrument of copyright law.

Second Life, operated by Linden Labs, has developed differently from other virtual worlds because it allows custom content and encourages in-world enterprise. It’s a hospitable place for creators to sell virtual goods like clothing, furniture and hairstyles.

As in any economy, the value of those goods depends on their scarcity: people will pay more for a fantastic hairdo that no one else has. If Copybot can indiscriminately duplicate these items, no one has to pay the creator for them. Copying is a value killer.

As a result, Second Life merchants are understandably up in arms over the software, reportedly closing their stores until the problem is resolved.

In the short term, Linden lab is looking to allow copyright holders to sue folks using CopyBot for infringement in courts. This is unlikely to solve the problem as most people don’t have the time or the money to pursue such a case. The other longer term approach Linden Labs is looking at is building a system of norms, kinda like a reputation system, I guess, to incentivize copyright compliance without getting legal about it.

The idea that innovation can flourish in the absence of copyright enforcement is not as heretical as it might seem.

Take the fashion industry. As law professors Chris Sprigman and Kal Raustiala write in their paper on the subject, neither copyright nor patent law prohibit copying fashion designs. There is some protection for the brand associated with the apparel, but no law prohibits a knock-off Chanel suit, peasant skirt or narrow lapel. And yet fashion is highly innovative, with new styles several times a year, despite low IP protection.

Similarly, professors Emmanuelle Fauchart and Eric von Hippel write that haute French cuisine (.pdf) is another area with low IP protection, yet high levels of innovation and creativity. No law prevents copying recipes. Instead, French chefs have developed social norms, much like those Linden Labs seeks to empower, against exact copying, dissemination of tricks of the trade and adopting significant innovations without crediting the chef responsible.

Failure to follow these norms results in reputation harm, including ostracism.

Such a norms-based (rather than law-based) system might work in Second Life. Norms-based systems are context-sensitive and highly responsive to the concerns of the relevant community. They are also cheaper and quicker than litigation. But norms-based systems can only work if the people in the community value the rewards the community can bestow or withhold.

The issue is how can Linden labs expose enough information on individuals without compromising their privacy, such that the community is able to make a judgement about the individual’s compliance of established norms. This will require Linden labs to strike an interesting balance between privacy and transparency.

Another issue is the one pointed out in the article. How will Linden labs make sure that the norms in the community discourage copyright violations? In some real-world communities like some places in China and India etc., it is acceptable and even considered wise, to buy a fake Gucci purse instead of the real thing despite a difference in quality. In the virtual world, the quality of the copied products would be identical to the original products and so the downside of buying copied products will be much less. Would such communities develop in the virtual world of second life?

How would CopyBot effect the pricing power of the creator of the original goods? What is to prevent other vendors from ripping off the original goods and selling them at a lower price? This kind of arrangement will also provide a “plausible deniability” to end users and make the norm-based enforcement almost impossible.

I have no idea how these things will evolve. One thing is for sure…This is going to be interesting to watch.

Some other takes on this issue:

CopyBot, Community and Controversy

Second Guessing Property Value in Second Life

Anonymity is not privacy

I am quickly becoming a fan of Dave Kearns and his Identity Management Newsletter in Network World. Dave discusses complex identity related issues but manages to write in a very simple and easy to read style. In his latest installment Dave talks about the difference between privacy and anonymity

I’d like to begin a discussion on anonymity as it relates to identity and technology. As noted last month, anonymity and privacy are frequently confused. One difference though is that privacy is almost always absolute (either something is private or it is not) while anonymity can be relative. If you look up “anonymity” at answers.com, you’ll find some variations in definition:

* “The quality or state of being unknown or unacknowledged.” (The American Heritage Dictionary of the English Language, Fourth Edition)

* “The quality or state of being obscure.” (Roget’s II: The New Thesaurus, Third Edition)

Anonymity is characteristic of interactions in a specific context…Like you getting a coffee from a coffee shop or leaving a comment with a made up name on a forum.

If I join a chatroom where I’m only known as “SillyGrrl” I may think I’m anonymous because I think no one knows my true identity. But the chatroom has the IP address I use to converse and my ISP knows who was using that IP address at that time. Even if I go to a library terminal or an Internet café, there are records of who used which machine and IP address at any given time. Privacy considerations may lead to those records being destroyed periodically – monthly, weekly, daily – even hourly. But anyone with the wherewithal to be watching while I connect (just as the police were watching outside the coffee shop) can shatter the façade of anonymity and connect the activity to me.

In the course of our life and through out our day, we are going in and out of various contexts in various states of anonymity. We might assume that our status in a particular context is anonymous, depending on weather we share uniquely identifiable information in the context. But as Dave point out and as outlined in this excelled video from Google tech talk, “You Are What You Say: Privacy Risks of Public Mentions“, (thanks Nitin for pointing this out) the risks to your identity, from somebody taking the time to collapse and search across, such contexts, is severe. Anybody remember the AOL Search data release fiasco. I guess, with this background, we can define privacy as a guarantee, that your data will be kept silo-ed and not shared or merged with other contexts.

The upshot – we should be careful about what we say in public forums because even with rudimentary search across contexts, people may be able to find out a lot about you. Even scarier, is somebody forming a company to just search across various public contexts on behalf of clients…In fact, I am pretty sure such companies already exist. So be careful.

Privacy is the ability to lie about yourself without getting caught

Check out this old article by Dave Kearns about a presentation by Bob Blakley on the subject of Privacy.

Blakley spoke on the topic “What is Privacy, Really?” a subject near and dear to him as well as to many others in the identity realm. Privacy was, in fact, one of the driving forces behind the so-called “user-centric identity” movement.

But privacy is a widely misunderstood concept. It’s frequently confused with anonymity, often confounded with security and colloquially termed the “right” to be “left alone.” As Blakley puts it, “I don’t want to be alone, but I still want privacy.”

After about 20 minutes of telling us what privacy wasn’t, Blakley came around to stating what it was: “The ability to lie about yourself and get away with it.”

He was quick to point out that it wasn’t positing a right to lie (that’s an ethical, or legal question), just the ability to lie. What that means is that when someone asks you a question and you reply with an answer, the questioner cannot judge the veracity of your information. As Blakley more elegantly stated it: “If you could tell a listener the truth or tell him a lie … And if he would accept either story … then he has given you the benefit of the doubt…”

I think a lot of us take advantage of the ability to lie, by providing false information on intrusive web forms. Another element of the privacy that this definition does not quite capture, is that the information submitted by a user,  is contained at the site and not shared with any other sites…No wonder, people have a difficult time defining privacy and just want it to be left alone.

AttentionTrust

Came across this interesting non-profit organization called

When you pay attention to something (and when you ignore something), data is created. This “attention data” is a valuable resource that reflects your interests, your activities and your values, and it serves as a proxy for your attention.

AttentionTrust and our members support the following Principles regarding users’ control of attention data, and we invite you to join us in supporting these Principles by applying for AttentionTrust membership:

  1. Property

    You own your attention and can store it wherever you wish.

  2. Mobility

    You can securely move your attention wherever you want whenever you want to.

  3. Economy

    You can pay attention to whomever you wish and receive value in return.

  4. Transparency

    You can see exactly how your attention is being used.

To capture the attention data they have a browser plug-in that creates and stores click-stream data of your web activity. Users then have the option to either store this data on a local drive or put in an on-line “vault”. The “vault” service is provided by 4 different organizations (users can choose) that are approved by AttentionTrust.org. The idea behind these vault services is that it aggregates data and provide a platform, to other for-profit companies to come up with interesting personalized services for users. The users always controls the data and can release it to any service provider they find interesting. Its a really cool idea but I am having a difficult time imagining the kinds of useful services that can be provided to an individual by accessing their attention data. Still, this is a neat idea for enabling much needed research in the users browsing behavior, of course with user consent.

One of the other issues with the overall idea is how can users prevent companies from accessing potentially important or embarassing information from such logs? The attention recorder browser plug-in has a button to disable recording click-stream data but in my experience I found the button hard to use and remember (not that I was visiting any naughty sites :-)). I also looked at the data that attention recorder collected by looking into the XML file and did not find any data related to movement of the mouse…I don’t even know if that is feasible, but one of the things I do when I am reading (not scanning) a web page is follow my eye focus with my mouse movements. So the mouse movements on the browser might be interesting data to gather. The point here is that web browing data is so private (as evidenced by AOL search terms release fiasco) that there are a number of potential landmines here.

Another issue is how AttentionTrust can guarantee that one of these service providers are not going to misuse the information? Some other interesting liks to follow up for more information:

Attention Wiki

Attention Architecture

All-in-all an interesting idea that will develop with time. Thoughts?

Update: Upon further reflection, some of the services that could be made available will be similar to time-share deals in Las Vegas. The idea is that if you sit through a demo for an hour or so of targetted advertizing and you are rewarded for that attention. AttentionTrust provides a verfication mechanism for validating that time spend.

Privacy is to be left alone

Interesting series from MSNBC…The first article in the series “Privacy under attack, but does anybody care?” does a good job of capturing the difficulty with the concept of Privacy. The article points to a survey of 6500 users where they try to define Privacy:

Most Americans struggle when asked to define privacy. More than 6,500 MSNBC readers tried to do it in our survey. The nearest thing to consensus was this sentiment, appropriately offered by an anonymous reader: “Privacy is to be left alone.”

The article looks at the issues with putting a value on Privacy and finds the price of privacy to be unassessable.

Perhaps a more important question, Acquisti says, is how do consumers measure the consequences of their privacy choices?

In a standard business transaction, consumers trade money for goods or services. The costs and the benefits are clear. But add privacy to the transaction, and there is really no way to perform a cost-benefit analysis.

If a company offers $1 off a gallon of milk in exchange for a name, address, and phone number, how is the privacy equation calculated? The benefit of surrendering the data is clear, but what is the cost? It might be nothing. It might be an increase in junk mail. It might be identity theft if a hacker steals the data. Or it might end up being the turning point in a divorce case. Did you buy milk for your lactose-intolerant child? Perhaps you’re an unfit mother or father.

“People can’t make intelligent (privacy) choices,” Acquisti said. “People realize there could be future costs, but they decide not to focus on those costs.

The issue with privacy is that human beings are essentially social beings. We are taught to value social interactions and to build relationships. In such an environment, its hard for a common person to value privacy too highly. What do you think?