Few months ago i worked with cambridge folks on the problem of mobile location privacy and yesterday i presented the resulting paper (with the cool name of spotme). during my presentation, i realised that we computer scientists often ignore the difference of your social media data being public or being publicised, and we do so because technically there isn’t any difference but socially there is a dramatic difference. To see what I mean, consider services that combine pieces of public information shared by individuals from different sources; they are often called data mashups. The problem with data mashups is that they have caused public outcries over privacy issues and are expected to create more problems in the future. To see why, consider that when people willingly share information about themselves, they do so in specific social contexts. When they make a piece of information publicly available, they implicitly guess who is more or less likely to come across that piece of information. When different pieces of public information are integrated together (when they are publicized), the social expectations people had when disclosing the single pieces may be completely disrupted (danah docet). Recent privacy failures are telling stories of disrupted social exceptions. A few years ago, Facebook aggregated content in ways that made it more visible to users who could already access it. When a Facebook user switched to an “it’s complicated” relationship, the user thought that only the few social contacts regularly visiting his profile would notice the change. Suddenly, that was not true anymore. A variety of contacts would learn the switch just from their streams of updates. This change caused a big outcry, but Facebook did not have to back off – the users did. Facebook founder Mark Zuckerberg recently contributed to the discussion and claimed that the rise of social networking online means that people no longer have an expectation of privacy, adding “we decided that these would be the social norms now and we just went for it” (MZ sharing his wisdom). The result is that Facebook “users are now so hooked that they are unlikely to revolt against a gradual loosening of privacy safeguards”. Another example comes from the data mashup performed by the site pleaserobme.com of Twitter (a microbloging service) and Foursquare (a service that lets people publicize their location so their social contacts
can see where they are). This site publishes Foursquare location posts that appear on Twitter. The problem is that, when a user shares her location on Foursquare, the user thinks that only her social contacts on Foursquare or Twitter would notice it. But that has now changed – the site pleaserobme exposes whether users are somewhere other than their home to the entire Internet community, including to burglars. Again, when sharing location data, one has specific social expectations, but those exceptions are disrupted by data mashups. The aim of pleaserobme was not malicious but was to simply make users of location-based services reflect upon whether they are over-sharing. Sharing decisions might be rational in the short term, but they underestimate what might happen to that information as it is remixed and reshared.