I have never believed that any of the services and products that are built on the whole fallacy of social media have ever had any concern about user privacy and security. From day one of services like Twitter, Facebook and even Google the emphasis has been centered around reducing peoples expectations of what privacy and user security means.
Sure there are the advotes of this personal openness who proclaim that if we have nothing to hide then it shouldn’t matter what either we share implicitly or gets shared by omission by those services we use.
Already we have the famous – or would that be infamous – lines from Google’s Eric Schmidt where he suggests that if you don’t like what shows up on the web about yourself is to simply change your name, or even the other day were he factiously suggests that is you don’t like the fact that your home is on street view then you should just move.
Even from day one all these social media services have been shown to have nothing but an ambivalent attitude about privacy and ignored even the most basic concepts of web security 101, as more than few notable web security experts have pointed out.
One has to wonder why there is this barest nod to privacy and security but really it boils down to one simple thing – money.
All these companies that are so reliant on us willing to pull the wool over our eyes need us to constantly lower our expectations of what privacy and security means on the web. As much as everyone in the social media business would like us to believe this is all about changing society; because only with an open society does the average person have any chance to have a say or be an influence. We’re lead to believe that all this user generated content that we create is the bedrock of social change.
From our non-stop sharing on Twitter to posting our daily lives to Facebook this is more about conning us into think that any of this really means anything. It does but not in the way that we are lead to believe.
All this user generated content that is filling massive datacenters worldwide isn’t going to change a single thing beyond our own little worlds but it does make all those social media services incredibly valuable to the companies that create reports after reports based on the demographic information we blindly hand over.
These are reports used by government agencies of every kind of alphabetical combination as well as by both huge corporations looking for any competitive edge and the marketing firms hired by those companies.
The last thing that anyone of these companies, agencies and social media companies want is for the subject of privacy or security to be raised because every time this happens their revenue and information streams become threatened. The last thing that they want is for the sheep to suddenly wake up and start asking embarrassing questions as to why these companies are nothing but patronizing prats when it comes to privacy and security.
Even now Google is still getting slammed around the world for its Street View project that was also sucking up what was suppose to be private user information. Their solution to what they say was just an employee’s 20% gone wrong – hire a director of privacy. Why did it take the threats of lawsuits from around the world to be the catalyst to do something that should have been a requisite position for any company that deals with the Web.
But then that is the way it is when it comes to all these social media and Web 2.0 companies – bury one’s head in the sand until you are forced to deal with a firestorm. A perfect example of this total lack of willingness to ensure that even the most basic user data is safe can be seen with the release of a Firefox extension that literally lets someone “borrow” your identification and login into all these cool social media sites as you.
Called Firesheep it is an extension that literally lets you hijack anyone’s identification when they connect to an unsecured WiFi. As Mike Melanson writes at ReadWriteWeb:
Firesheep takes advantage of unsecured wireless networks and unencrypted cookies to “sidejack”, or gain access to sites by way of accessing these cookies. Developed by Eric Butler, a freelance web application and software developer in Seattle, Washington, Firesheep was created and released at Toorcon 12 to demonstrate the security risk inherent in storing unencrypted login data in cookies. As Butler writes on his blog, “On an open wireless network, cookies are basically shouted through the air, making these attacks extremely easy.”
Firesheep opens a sidebar in Firefox that shows everyone who is connected to a certain unsecured WiFi network. With a single click, you can connect to most any social network using that person’s user name and password.
This is something that should never happen and doesn’t need to except for the fact that all these social media companies don’t care about web security.
If your think that they do and that I am off my gourd then you need to read a post today by Robert Scoble about a Stanford University student and professor who have created away for people to connect without the knowledge of the hosting server. The only problem is that these two gentleman can’t interest any of the social media companies that could use the technology in using it.
Let me say that again.. or better yet here is what Robert wrote about this:
While there I met a student, Arvind Narayanan, and a professor, Dan Boneh (you see them in the photo here) who showed me that they’ve developed a way to let people tell other people where they are located, or, especially, if Dan is near me so we can go and have lunch together. So? Doesn’t Foursquare do that? Doesn’t Google Latitude do that? Yes. But the system that Boneh’s team has developed does so without letting the host server or other users know. Whoa. How does it do that?
Well, through some neat cryptographic tricks. On the whiteboard they simplified it for me. Let’s say we were using Loopt and that Dan wanted to let me know where he was. He checks in, and a crypto key that I have would let me unencrypt his location without letting Loopt see that. It’s actually a lot more complex than that, and you can see how it works on the paper they drew up.
But after explaining it all to me, they said none of the location-based services were interested in it.
You see this kind of technology while making the service totally safe for the users it also totally ruins the business model of the companies like Foursquare, Google, or any number of other companies that rely on aggregating your activity online.
Instead we get stupid platitude like if you don’t want anyone to know then don’t post it to the web, or the totally inane statements from people like Eric Schmidt that are more patronizing than sensible.
The simple fact is that no matter how these companies want to phrase their lawyer-speak claims of concern about privacy and security you can be sure of one thing.
They’re lying sacks of shit.