Google’s Open Source Browser–private browsing
I just read via Techmeme about Google’s new, open source browser project called Chrome.
Lots of goodies, such as the potential to speed up javascript. But also a private browsing feature similar to what is in existing browsers and upcoming in IE8.
With the open source nature of the project, we won’t have to worry about back doors being embedded in closed source code. There is a legion of users out there who will be snooping around the code.
All of the tools are out there to really privatize your browsing and online communications. All we need now is a galvanizing event that really pushes adoption. I would have thought that retroactive immunity for telecommunications companies for cooperating illegally with the current administration in spying on Americans would have been an excellent trigger point.
However, I think people distinguish between making a phone call and communicating over or browsing the Internet, despite the fact that voice communications are more often now occurring over the same technology.
But if it is one thing we can be sure of, it is that there will be other, large invasions of privacy ongoing. If there are enough people not accepting of it, then the trigger point will come.
Technology moves faster and more efficiently than law or politics.
BBC reported today (hat tip to Techmeme) that the world’s market leader in internet browsing software, Microsoft, will integrate more sophisticated privacy features into IE8. This is on the heels of other browsers seeking Microsoft’s market share in part by offering better privacy features–Safari already offers this kind of protection, and Firefox soon will officially (but probably already does unofficially through one or more user-created add-ons).
You can already search and browse the Internet almost totally anonymously, so circumstances where legislation is necessary to protect user privacy should be pretty limited. Gmail’s privacy filters (and those of its competitors) do ever-better jobs of protecting consumers from spam and phishing atatcks.
You do eventually get to a place where the free market bumps up against privacy–how web sites handle data you enter. Should a web site have the legal right to sell data you provide?
Tough one. On the one hand, the FCC has stated that if a web site provides a privacy policy that they have to comply with it (presumably the one in place when you entered your information . . . you saved a copy of that, right?). So you certainly have the right to review a site’s privacy policy before entering your information and submitting it. Sites do not have to have a privacy policy–should the law fill one in with default terms regarding the handling of data if one is not provided? The law already fills terms into contracts that are silent on certain points. And it isn’t as if sites like Facebook or Amazon.com are so important that they represent an essential public service that must be provided to everyone under privacy terms explicitly set by the government. More than that, if sites are generating revenue through some limited data selling, prices will increase for consumers if that revenue stream is cut off.
On the other hand, who is actually going to sue based on the FCC’s statements, and how easy is it going to be to prove that one particular web site violated a user’s privacy? Is it really fair to put such an onus on the average consumer to protect his/her personally identifying information and online activity?
I work in the software industry for a vendor whose software may handle credit card transactions and other types of sensitive data. While some people may decry large corporations (I have my own conceptual issues with the legally-created fiction that is the corporate entity), it is those large corporations that have the leverage to push out non-legislative initiatives like the Payment Card Industry Data Standards. It’s not going to protect the pictures you put up on Facebook, but it is a system designed to integrate safeguards regarding the handling of transactional information.
I’d like to see legislators take a light, measured touch in these areas. Technology, and the market, is going to move faster than legislature, so look for those areas where the market is making adjustments, and seek to only provide a net underneath that, ideally, will be rarely, if ever, necessary.
A cautuonary tale for bloggers and anyone who uses the internet regarding identity theft.
How I Stole Someone’s Identity.
I have a Facebook account. I have a private, password-protected family blog. But this guy, really, barely put any work in and he accessed (with permission) a friend’s bank account just based on information publicly available on the web. Quite scary, given the tools that technological and social hackers have available to them!
Definitely a cautionary tale.
But there is a lot of information out there you give out that you no longer have control over. How do you know that the personal data you enter into web sites is being held securely? Think about how many times you use the same or similar password reset questions. One breach, and someone may be able to access a variety of your online accounts.
Working in the business software industry, I can tell you that major businesses and retailers are very concerned about your privacy and the protection of your data–thefts of large amounts of personal information and data over the past few years, exposing big businesses to major liability, have gotten just about everyone’s attention. PCI Data Standards are becoming a big deal. But the smaller players often can’t afford the best protections, so be cautious!
Where are our standards for entering social network information?
A bunch of individual things culminate into this post. First, I recently had to find a new job. That sucked. For real. I’m 34, I’ve got two small kids, and suddenly I’m wondering how much longer I can keep a roof over their head and feed them good, nutritious food. But now I’m negotiating contracts for a software/EDI/networking company. It’s my first time in this industry so I’m learning a lot about standards and how software really makes communication within and between businesses more efficient. Material that is alternatively completely fascinating and excruciatingly boring.
I also realized going through this process that I have been doing shit for real, productive networking. I was scrambling to get back in touch with lost friends and business associates and acquaintances. I don’t know to what extent it would have helped, maybe a lot, maybe not at all, but I am committed in my new job to better build and maintain both my social and professional network.
If you’ve read this far I really feel sorry for you that you have nothing better to read anywhere on the Internet, but here is where it ties together–I’m suddenly getting really, really tired of entering all my data everywhere on the Internet. Contacts are scattered throughout different networks–Plaxo, LinkedIn, MySpace, Facebook, Twitter, Pownce, a half-dozen different IM programs, and for each one I’m entering and re-entering the same or similar information. It’s ridiculous! Am I a human data-entry machine? Am I just an old curmudgeon destined to be left behind in the online networking revolution?
My one great thought now that I am hip-deep in the networking environment is that some meta-group of developers and programmers should get together and decide on some rudimentary standards for social and professional network data. Make it so that migrating data from one networking service to another . . . obviously it won’t be painless because LinkedIn doesn’t care what movie I saw last and Facebook doesn’t (much) care what I thought of the work performed by current and former colleagues. But my background, education, a lot of my personal information–it would be a significant time saver if these pieces of data could have universal tags that I could import and export from one service to another.
Take the various new online calendar programs. I finally took the plunge and started to get to know Google calendar. I figured that Google is a big enough name that I’m not going to try to log in to some small calendar program site one day only to find that they’ve closed up shop and all my work is vanished in a poof of smoke. There are also tools for synching Google to Outlook, so that’s a nice feature. Now I’m reading from guys like Scoble how awesome some Facebook calendar app is and I’m thinking–”Crap, I just entered Auntie Doug’s birthday along with 100 other relatives into Google calendar, now I’m going to re-enter all that? No f-ing way.” End of story.
It would be like EDI standards, and I’m assuming if you can get some of the best and brightest from the Web 2.0 movement together and by some miracle get them moving on the same page, well, maybe something could be accomplished. Who knows. But think of all the potential applications (or see, for example, my last blog post about online finance programs) . . . how many times you’ve entered data about yourself all over the Internet for different services. I can see elements of this being discussed in various places, but networking is such a jumble these days . . . and hell, I’m a journalism major who went into law, I’m so far out of my depth I can’t even see sunlight. I’m just voicing my opinion as a consumer–if you want my future patronage at a new networking service, you’re going to have to make it easier for me than it’s been so far. This has been ridunkulous.
And maybe all I’m thinking of is a more robust OpenID program; you’ve got to start somewhere. But I can tell you this–the “next big thing” in social networking is going to have to have something like this to draw users away from their existing networks, and new networking programs and services are going to start facing greater startup obstacles because people are going to be so entrenched in their existing networks that switching over is just going to be too much work. Maybe it’s already too late for new services such as Pownce, we’ll see, but the consolidation and semi-solidification of the market is going to have to happen at some point. That’s my prediction. Go market forces! Bring your bounty of efficiency upon this mess!
Holy crap I hope you’re reading this because you skipped to the end after the first paragraph.
libertarians, the new web (including Web 2.0), and privacy–what’s our framework?
I tend to think of libertarians (myself included) as being a pretty private bunch. Freedom-lovers, distrustful not just of government but just generally skeptical of other people holding, or potentially holding, power over them of any kind. I do, however, appreciate efficiency in operation. So it is with a mixed heart that I approach the new movement in web applications, including Web 2.0.
Is there any doubt of the utility of a tool such as Google Docs? The easy ability to access and manipulate documents from almost anywhere with an Internet connection is quite seductive from an efficiency standpoint. Google’s privacy policy states:
Content. Google Docs & Spreadsheets stores, processes and maintains your documents and previous versions of those documents in order to provide the service to you.
Ouch. In an age when the government may have more access to Google than it does to your home PC, how safe does Google’s Privacy Policy make you feel? On the one hand I feel safer providing my information to a market participant than the government–if the government started a “Google Docs” service, you wouldn’t see me using it. On the other hand, I have a lot more control over documents that stay on my home computer–if I want to erase them in a secure fashion I can do the research to obtain the proper software tools for the job, and feel more comfortable that it is done than I am hearing the word of anyone from Google.
But maybe you just keep your sensitive documents off Google and find other mechanisms, or maybe for what you would use Google Docs for there really isn’t a substantial personal privacy concern. But the trend is growing, so let’s up the ante . . . what about the next generation of online applications that will take on programs such as MS Money and Quicken? Mint.com, Yodlee, Wesabe, or even a good old-fashioned spreadsheet you maintain on . . . Google Docs. For a nice blog post on such services, try 6 Great Free Alternatives to Quicken & MS Money at Zen Habits.
So, wait, they want me to import my financial data into their servers? On the one hand–Yippee! The chance to see what young, innovative entrepreneurs can do in programming for personal financial software is I believe going to bring great competition to this field. For example, Wesabe takes your financial data and integrates it into some social-networking-style components (from Zen Habits):
Even more interesting is the social part: based on your tags, you can see how others spend on similar tags, and see their best tips for that type of tag.
The next generation in comparative shopping? As I said, the application of the best and brightest minds in new and innovative ways is exciting.
But, uh, wait, you want me to upload my financial data and you have the tools to analyze and data mine it? That is quite a trade-off. On one hand, unlike my documents I know that the government has, legally or otherwise, access to all my financial data no matter where it is, so if I am afraid for the privacy of my financial data for the government my options are limited as it seems there is no legitimate option for avoiding their prying eyes. So I don’t know that it heightens my concern in that area any if I am also storing my data with a third party. On the other hand there are dangers other than the government. If I store my financial data on my computer I can secure it to the extent I deem necessary within the limits of my expertise and that of the programs I install. But these services have experts in computer security whose tools and capabilities far outstrip my own. No one is as motivated to keep my financial data secure and private as I am, but keeping one’s job and reputation can be a decent motivator itself–I imagine these services go the extra mile to address the security of data from both internal and external threats.
Beyond that, the type of breach that seems most likely to occur is one of mass theft rather than individually-targeted intrusions. In other words, I admit that I have never felt particularly unsettled upon hearing that a thief has stolen 3 million records that include personal confidential information that may include my information. On the one hand, sure, that’s bad, but on the other hand the chance that it will affect me is statistically less than perhaps other types of concerns towards which it would be more productive to direct my energies.
Maybe it’s just a generational thing–it took my parents years before they would even make a single purchase online, and the concept that they would entrust their financial data to an online personal finance company? PREPOSTEROUS! The generations after me? It’s second nature. I don’t even know that 99% of them give the first thought to this type of online privacy and security. It’s the only society they’ve ever known, and so it integrates seamlessly. I suppose a challenge for some of these new services is finding ways to reach the older crowd.
And these are just a couple of areas of the new Web world–these applications will soon be everywhere, touching every part of our lives, and I’m not even hitting the big ones such as MySpace and Facebook (whose privacy concerns have been covered significantly more completely elsewhere). I don’t know that I’ve come to a satisfactory answer yet, at least not one rooted in a consistent principle. I use Facebook, but I also use Open Office or MS Office rather than Google Docs despite the fact that for my personal use I could probably use any. I am intrigued by services such as Wesabe and Mint, but not enough to try them yet, despite the fact that I use a Kroger Plus card and a variety of other electronic services that already track my purchases.
I put all this up because I do, at least in the abstract, value my personal privacy, but as time goes on I find that efficiency tends to win out–and this from a person whose identity has been stolen once. The police actually caught the guy, too, because, strangely enough, although this was several years ago our bank did offer online banking. We knew someone was using my debit card because we could see the purchases posting online, and my wife was calling these places giving them hell for not checking signatures. Finally we saw a new one posted and she said “Here, I’m tired of calling, you call this place.” So I call and speak with the manager and he says “That guy just left the store, I think he’s still in the mall, hang on.” It’s quiet for a minute, but when the manager gets back on the line he says he’s put mall security on the individual and they end up catching and prosecuting him! Technology is enabling, and efficient, and scary, and I have no developed framework for categorizing risk vs. efficiency in these areas. Feel free to help me out with your ideas in the comments section.
