The danger of social markers made public (more on the Social Graph API)
Thomas Vander Wal makes a good point in response to my post: Why I’m excited about Google’s Social Graph API. He’s concerned that by exposing social relationship information (social graphs), we’re inviting hackers to mine that information and use it in bad ways:
“I do have great trepidation as this is exactly the tool social engineering hackers have been hoping for and working toward.
Most hacks of organizations (most are populated with 98% of people not like us that are more open to social engineering hacks) that have been hacked (been through more than a few of these meetings after the fact) are done through some clever individual using social engineering to convince somebody to trust the hacker. The identification of connections (usually best approached with weak ties) is a great starting point (this is the major reason why most organizations no longer have their employee list or full-contact list posted on their websites).
The Google SocialGraph API is exposing everybody who has not thought through their privacy or exposing of their connections.
This is an excellent point that needs to be considered.
An example of what Thomas describes might be that someone contacts you and pretends to know all the same people you know, and thereby gains your confidence and uses it for evil purposes. (Hugh Macleod calls these shared social objects social markers)
I think this is the same issue that Tim O’Reilly was getting at when he recently said:
“The counter-argument is that all this data is available anyway, and that by making it more visible, we raise people’s awareness and ultimately their behavior. I’m in (this) camp. It’s a lot like the evolutionary value of pain. Search (searching the social graph) creates feedback loops that allow us to learn from and modify our behavior. A false sense of security helps bad actors more than tools that make information more visible.
So Tim is saying that while we’ll probably have issues going forward (some will get burnt), in dealing with them we’ll learn how to expose our own social relationships on the web, which is a skill we’ll need from now on. Forever.
I tend to agree. But obviously this is a complex issue. Whether or not exposing relationship information comes to be an accepted practice, we’ll likely see new norms of behavior spring up.
Not everyone is happy with the Social Graph API. danah boyd has a dissenting opinion. She says:
“Being socially exposed is AOK when you hold a lot of privilege, when people cannot hold meaningful power over you, or when you can route around such efforts. Such is the life of most of the tech geeks living in Silicon Valley. But I spend all of my time with teenagers, one of the most vulnerable populations because of their lack of agency (let alone rights). Teens are notorious for self-exposure, but they want to do so in a controlled fashion. Self-exposure is critical for the coming of age process – it’s how we get a sense of who we are, how others perceive us, and how we fit into the world. We exposure during that time period in order to understand where the edges are. But we don’t expose to be put at true risk. Forced exposure puts this population at a much greater risk…”
While I agree that what danah is talking about is tremendously important, I don’t know why she says that this is “forcing” people to expose their personal relationship information. From my understanding, the Social Graph API is simply aggregating data and providing a means to query it. Now, that certainly makes it easier to find, and that’s an issue (technology is NOT neutral) But isn’t the bulk of responsibility, on those services where code is automatically generated, on the publisher’s themselves? And isn’t it on the individual who publishes their own code?
I have been assuming that publishing personal information would be done by choice. That is, an individual either makes a relationship public or not. If you choose to make it public, you can choose to mark up your information as XFN (or other supported formats) or not. If you do choose to mark it up, then you reap the benefits of the API and services that are built upon it. If you don’t mark it up, then the relationship is public but you keep some “security by obscurity” and your content is seen only in context.
However, there is still the issue that one side of the relationship could publish when the other wants to keep it private. This, in the current Google environment, is treated as a “possible relationship”. It makes a difference if only one side of the relationship is published. This situation may be what danah is referring to, and it does raise some concerns.
But simply publishing this API doesn’t mean that it forces publishers to use the formats without offering some level of control to their users, in fact publishers should give lots of controls around this. Now, if Six Apart and WordPress.com were to tomorrow say “We’re publishing your relationship data in these formats and you can’t opt out”, then that would be a serious problem. I hope that’s not the case, and from what we’ve seen with Facebook and their privacy issues, one would hope that other companies wouldn’t be so cavalier with people’s relationship data.
But I’m reminded again by the age-old saying: “the best way to prevent secrets from getting out is to not have any in the first place”. As technology makes it easier to share information, it becomes harder and harder to keep any of that information secret.
Make them Care! - Struggling to communicate the value of your product or service? I'm writing a new book that shows you how to make people care about your product or service by clearly communicating the most important bits. For designers and marketers creating product web sites. Find out more.
Links to this Post
Comments
1. Mat 1:47pm, Mon 4th, 2008
> I’m reminded again by the age-old wisdom: “the best way to prevent secrets from getting out is to not have any in the first placeâ€.
That’s a cop out, because in many legitimate situations there is a whole world of GOOD to harboring certain secrets (um, whistleblowing for starters?).
2. Marshall Kirkpatrick 2:00pm, Mon 4th, 2008
I am guessing that danah’s people of interest would find the conclusion here even less convincing than Mat above does. Thanks for making this post though, pulls it all together well.
3. Josh 2:06pm, Mon 4th, 2008
Mat: I amended my bit at the end…I’m not saying you shouldn’t have secrets, but it’s a heck of a lot easier to keep them when you don’t have any.
4. Els 6:29pm, Mon 4th, 2008
> I don’t know why she says that this is “forcing†people to expose their personal relationship information.
If I have a friend Tim on one site, and a friend Sarah on another, and they know each other on a third site and both publish their social graph, mine is being exposed too. The more people will use this API, the less privacy I will have, even if I’m not using it myself.
5. David Lifson 7:32pm, Mon 4th, 2008
I can’t help but be reminded of the outrage that sprung up when Facebook introduced the newsfeed. “What? That’s public??”. User groups springing up in revolt and revulsion. The solution? Provide great tools – with lots of entry points – for managing privacy. People will flinch when reality conflicts with their mental model, but that’s not an excuse.
As an aside, comprehensive yet easy to use privacy control user interfaces is a challenge that will need be solved again and again in the near future. Some things you want to share with some friends, but not all things with all friends. Human relationships in the real world are complex, and revealing them via computer interfaces in a beautiful way will take some thought.
6. David Lifson 7:36pm, Mon 4th, 2008
To test the “creepy” sensor in your head, check out Spokeo.com. It’ll suck in your email address book and then crawl the web for all the accounts your contacts use on various sites and aggregate that content into a newsfeed. I (unwittingly) discovered that my old college roommate uses StumbleUpon to bookmark his favorite pornographic images – an example of his mental model in discordance with reality.
7. Luigi Montanez 7:37pm, Mon 4th, 2008
I think the problem with the API boils down to user expectations. No one has expected this technology to exist, and when it suddenly does, people will get really creeped out.
Also, the API isn’t just limited to relationships formalized by XFN and FOAF. Google will also use relationships on the more popular sites (MySpace being a prime example) that were not marked up. Where’s the user control in that?
8. Danny Sullivan 6:36am, Tue 5th, 2008
Even without the explicit tagging, you could do this just of linkage. It’s not that hard to see profiles all pointing at a particular blog and then understanding the blog belongs to those profiles. So if people are really concerned, well — don’t fill out the profiles period.
9. leafar 8:37am, Tue 5th, 2008
Great, great post. I was also working on social markers but in a more random thoughts approach (I’ve speed up the publishing – available here-)
This all discussion (like often when it comes to identity) reminds me of phrases that were in EPIC 2014. “It is the best of time, it is the worst of time” or At its best, EPIC is “a summary of the world — deeper, broader and more nuanced than anything ever available before … but at its worst, and for too many, EPIC is merely a collection of trivia, much of it untrue.”
Google API may be a social norm that constrains people (I think that’s why danah is using forcing). Anyway, like with any technology we need to be alphabetize. Otherwise will be submitted to it. Identity education will be highly needed in school in a few years.
I’ll invite you to take a look at this work on identity that shows 4 types of behaviors. I think what will happen is that it will become more difficult to manage the all system (I start to have troubles despite my knowledge) and therefore you will either do it fully or not (we come back to the secret metaphor) .
But that’s our job! And I am trying with U.[lik] to push it to its best and making decision that enforces good and easy management (@Lifson i do agree). My “marxism” (small m) makes me believe that infrastructure plays a bigger role in determining behaviors that we always think. Therefore encouraging on demand chiaroscuro is probably the best solution.
10. leafar 8:39am, Tue 5th, 2008
Crap my illustrations pictures that appeared in the preview disappeared: here is the link to them
11. Justin Baum 1:55pm, Wed 6th, 2008
> I’m reminded again by the age-old wisdom: “the best way to prevent secrets from getting out is to not have any in the first placeâ€.
I agree Josh. People are going to get more familiar with answering a few not so simple questions…
“Is a publicly exposed profile on the web right for me?”
“What do I have to hide?” – yikes
“What am I sharing and who am I sharing it with?” – First thing I am going to teach my kids.
Lets take for example publishing your Xbox Live activity to your Facebook profile. Say you call in sick or “work from home” one day. Your co-workers are friends on Facebook and see that you played Halo4 for 3 hours in the middle of the day. By default Xbox publishes your activity to your friends Live… if you play Halo with your boss. Oops.
Private people can get away with more. The next wave of information literacy is going to be interesting!
12. Graco 2:01am, Fri 8th, 2008
About what control are you talking about in the API?
13. Jon Marks 10:58am, Mon 31st, 2008
I’m always a little surprised by how “privacy” sensitive people have gotten. There seem to be an assumption that everything on the web MUST be anonymous. And when it isn’t, they get paranoid.
If you manage your profile properly, as other have suggested, social marker is a great way to develop your personal brand – without spamming.