Another big Web company erodes user trust

This article was originally published on on December 3, 2010.

Yahoo says it’ll sell bookmarking service, a reminder that we exist online at other people’s whims


(Please see the note at the bottom of this piece.)

Yahoo says it will try to sell its Web bookmarking service, Delicious. This news, posted on the Delicious blog, comes a day after widespread reports — unchallenged until now by Yahoo — that the company was shuttering the service.

One result of the earlier reports was a frenzied search for a new social bookmarking service to replace what many people, including me, have used over the years to stockpile and organize links to online material we’ve found interesting. A second result was a further hit to Yahoo’s declining reputation.

Continue reading Another big Web company erodes user trust

Online, the censors are scoring big wins

This article was originally published on on December 3, 2010.

Attacks on WikiLeaks are part of an attack on free speech, aided by the companies that make up the Web’s backbone


The WikiLeaks affair is highlighting the Internet’s soft underbelly: the intermediaries on which we all rely to store our information and make it available. We are learning, to our dismay, that we cannot trust them. Combine that with increasing government intervention, we’re also learning that the Internet is somewhat easier to censor than we’d assumed.

This should worry anyone who believes that we’re going to move our data and online lives into the fabled “cloud” — the diffused online array of hardware and services where, proponents say, we can do our online work, play and commerce without the need for storing data on our own personal computers. Trusting the cloud is becoming an act of faith, and it’s time to question that faith.

Continue reading Online, the censors are scoring big wins

A do-not-track list? It’s a start

This article was originally published on on December 2, 2010.

The FTC’s proposal is a potentially useful improvement in our woefully inadequate online privacy

Americans have become so numb to the relentless erosion of our privacy that we tend to view even small advances with skepticism, if not outright cynicism. Such is the case with yesterday’s Federal Trade Commission proposal for a “do not track” system, whereby people could tell online marketers that they don’t want their online activities to be captured and used by websites or online advertising firms.

The FTC’s report is just that: a document with no regulatory power. But FTC Chairman Jon Leibowitz told reporters in a conference call that the commission will urge Congress to act if the industry doesn’t “step to the plate.” I take the need for congressional action as a given, since the online industry’s self-regulation has ranged from weak to bogus.

Continue reading A do-not-track list? It’s a start

Facebook’s über-communications platform

This article was originally published on on November 15, 2010.

The social networking giant wants all of your conversations to happen on its site. You should think twice.


Facebook wants you to live, online, in, and it wants to be the main repository for your online identity. Its new, all-in-one messaging system will encourage more people to do just that.

Which is why, despite the overall smartness of the initative, I believe people should be wary about using the Facebook Messages platform. I don’t believe Facebook should dominate people’s online experiences, and the idea of the company becoming the de facto online identity holder is downright scary. Before I discuss why, let’s look at what the company announced on Monday in San Francisco.

Continue reading Facebook’s über-communications platform

Facebook über alles

This article was originally published on Salon on August 19, 2010.

Social networking giant moves swiftly to be the central reality in your digital life

One of the obvious missing pieces in the Facebook data arsenal has been granular location data — knowing where its users are and what they’re doing. The modest but genuine inroads we’ve seen from startups such asFoursquare and Gowalla, among others, proved that at least some members of the latest generation of Internet users are willing to share their location, among many other things, with friends, colleagues and maybe everyone else.

So last evening’s rumor-confirming rollout of Facebook Places, a location check-in service that has a lot in common with what’s come before, wasn’t a big surprise.  Facebook is nothing if not eager to incorporate other companies’ innovations into its own core services.

The launch demonstrated a number of Facebook’s qualities. On the positive side, the Places pitch also included the notion that we need to get out from behind our screens, PC and mobile, and join each other in the physical world. Can’t argue with that, even if has been years ahead in the hugely important recognition that one of technology’s greatest values is in bringing people together to collaborate on offline goals.

The company insisted it had made a serious effort to create meaningful and, if desired, somewhat protective user privacy settings, and it does look possible to stay out of the location service if you wish while still using the service’s other features. Yet the bias — as always with Facebook settings — aims to get you to say Yes to sharing, not No.

The breathtaking über-ness of the initiative shone through in what a company vice president, Christopher Cox, described as a goal: essentially to aggregate history itself — or at least tomorrow’s version of it — around users’ locations, doings and what they’ve told each other about both.

And Facebook will be holding it all in its corporate databases, creating a data set that advertisers will surely find irresistable. (In my case, no thanks — but this is a topic for another day.)

Facebook’s not alone in having vast ambitions, of course. Google, for example, has major social-networking plans of its own and no small amount of location expertise. So presuming Facebook doesn’t succeed in its goal to become the Internet that most people use — Internet users will need to figure out that Facebook isn’t really their friend — a healthy competitive marketplace could still emerge. Will it include the innovators who have helped bring location so prominently into the mix?

When Foursquare and Gowalla shared the stage with Facebook executives, you had to wonder what they were thinking. Certainly they seemed to celebrate their new partnership. Maybe it’ll all work out, but technology history suggests other possibilities.

When Microsoft was the despotic ruler of the personal computing software world in the 1990s, it had a strategy some called “embrace and extend” — to develop software that had the functions someone else had already created and then to extend it in ways that would tend to freeze out others. In time, that phrase morphed, according to Microsoft’s rivals, to “embrace, extend, extinguish.”

Maybe the earlier location services have the kind of deal with Facebook that will give them what they need to grow. If I were one of their investors, I would not be betting on this outcome.

I’d be betting more on an updated riddle (which I first heard in the 1990s in relation to dealings between Apple and IBM):

Q: What do you get when you combine Facebook and Foursquare? A: Facebook.


Coverage I liked by other folks:

For better privacy, create countermeasures

This article was originally published on Salon on August 2, 2010.

Our Web browsing habits are under growing surveillance. Can we fight back?


The next time you leave home, are you willing to have someone follow you with a video camera? The idea would be to record every step you take, everything you look at and especially everything you purchase. That information would be available to people you don’t know and whose specific reasons for wanting to see it — apart from wanting to know your habits better so they can sell you things — are considered none of your business.

This is the rough equivalent of what happens when you browse online these days, and not just at shopping sites. Data surveillance by marketers, as the Wall Street Journal is describing in a series of articlesthat started running over the weekend, is one of the online world’s “fastest-growing businesses.”

The main article begins by describing the eerily granular information that online surveillance and marketing companies have learned about Ashley Hayes-Beaty, a 26-year-old woman in Nashville, without her direct knowledge or permission. Then we are told:

In between the Internet user and the advertiser, the Journal identified more than 100 middlemen — tracking companies, data brokers and advertising networks — competing to meet the growing demand for data on individual behavior and interests. The data on Ms. Hayes-Beaty’s film-watching habits, for instance, is being offered to advertisers on BlueKai Inc., one of the new data exchanges.

“It is a sea change in the way the industry works,” says Omar Tawakol, CEO of BlueKai. “Advertisers want to buy access to people, not Web pages.”

The Journal examined the 50 most popular U.S. websites, which account for about 40% of the Web pages viewed by Americans. (The Journal also tested its own site, It then analyzed the tracking files and programs these sites downloaded onto a test computer.

As a group, the top 50 sites placed 3,180 tracking files in total on the Journal’s test computer. Nearly a third of these were innocuous, deployed to remember the password to a favorite site or tally most-popular articles.

But over two-thirds—2,224—were installed by 131 companies, many of which are in the business of tracking Web users to create rich databases of consumer profiles that can be sold.

To be sure, the Journal’s coverage is lurid — more so than necessary to make the point. And the series, at least so far, doesn’t address the disturbingly huge amount of information collection and sales by the shadowy offline industry that combines our credit-card, banking and other information into a gigantic data bazaar over which we have little or no control.

That said, the Journal’s coverage is valuable in at least one respect: It explains just how pervasive the surveillance has become and with what indifference the people doing the surveillance view your privacy.

They will say, with some truth, that it’s all in the interest of creating advertising and services aimed at your interests. Why, then, do they cloak what they do in such opaque ways?

My friend Jeff Jarvis, who leads an unusually public life, says the Journal is telling us nothing we don’t already know. Granted, the fact that websites have put cookies and other user-observation mechanisms on our computers is not news. But do we all know that tracking systems have become not just ubiquitious but also disturbingly interlinked? I pay fairly close attention to this field, and the Journal series has opened my eyes a bit wider; for those who have a vague idea of what’s going on, the stories may well come as a nasty shock.

I’m closer to what another friend, Doc Searls, concludes: This is creepy, and we need to turn it around. Doc, a Fellow at the Harvard Berkman Center for Internet & Society, writes:

There is no demand for tracking by individual customers. All the demand comes from advertisers — or from companies selling to advertisers.

For now.

Here is the difference between an advertiser and an ordinary company just trying to sell stuff to customers: nothing. If a better way to sell stuff comes along — especially if customers like it better than this crap the Journal is reporting on — advertising is in trouble.

Here is the difference between an active customer who wants to buy stuff and a consumer targeted by secretive tracking bullshit: everything.

Two things are going to happen here. One is that we’ll stop putting up with it. The other is that we’ll find better ways for demand and supply to meet — ways that don’t involve tracking or the guesswork called advertising.

Doc is working on a project to create “Vendor Relationship Management,” turning on its head the idea that sellers should manage customers. Rather, he says, we should be the ones in charge.

At best, getting there from where we are will take years. What do we do in the meantime?

It’s encouraging to see that venture funders have “spotted a new market opening and are pumping millions of dollars into privacy-related start-ups,” as the Journal reported last month. What we need, sooner than later, are tools to manage our own privacy.

When I browse I use several extra tools in the browser that help me block unwanted spying. In particular, Firefox has a well-developed add-on ecosystem including BetterPrivacy (for “super-cookies like Adobe’s irritating Flash plug-ins) and NoScript (lets me specify by domain). Whatever browser you use most, you’ll probably be able to find ways to block at least some unwanted behavior. I’m testing Abine‘s tools, which go much further than others (too far, by some accounts), as well.

One thing I don’t do is block cookies from host sites. I don’t mind at all if a website I use regularly — especially a site offering me services at no charge — wants to keep track of what I do there, or ask me to register. These are entirely fair tradeoffs.

What I mind a great deal is when that information becomes cross-referenced with what other sites and services learn about me. What I do at the Journal’s site (which I pay for, making further data collection even more outrageous, in my view) is emphatically not the business of, say,, or vice versa. Yet I have no clear idea if they or third-party data collectors are sharing or cross-referencing, or what they’re doing with the data if they are.

The alleged transparency efforts by data collectors is an illusion of openness. Read the various privacy statements and disclosures, not  just on the sites you’ve visited but the third-party trackers they don’t always tell you about, and if you can decipher it all you’re a lot smarter than the rest of us. It’s obfuscation and plainly designed to be.

A few years ago, when supermarkets started offering frequent-shopper cards that provided discounts in return  for creating shopper databases, some people I knew came up with a clever idea. They met once a month and put their cards into a hat, then drew someone else’s card out of the hat and used it. This clearly violated the spirit of the bargain, and probably the letter, too. But it reflected a wise mistrust of the corporate motives behind the shopping cards, especially because it was not clear what would happen to the data.

I suspect we’ll need to do things like this on the Web, too. Until we have vastly more transparency from the companies collecting, massaging, renting and selling this information, I’ll be inclined to mislead the marketers.

Saving our digital heritage

This article was originally published on Salon on July 19, 2010.

The Library of Congress and other preservation-minded organizations ponder how we preserve what we’re creating

They’re trying to save the news. Among other things.

No, this isn’t yet another thumb-sucking cogitation about the future of journalism, at least not the kind we typically see these days. Rather, this is about a different issue: How do we save journalism (and other media) that’s already been created — including the all too ephemeral information that we’re creating online?

This week in Washington, DC, the Library of Congress is gathering its “Digital Preservation Partners” for a three-day session — one of a number of such meetings the library has been holding under a broad initiative called the “National Digital Information Infrastructure and Preservation Program.” Its multi-year mission is:

to develop a national strategy to collect, preserve and make available significant digital content, especially information that is created in digital form only, for current and future generations.

It’s what my technology friends call a non-trivial task, for all kinds of technical, social and legal reasons. But it’s about as important for our future as anything I can imagine. We are creating vast amounts of information, and a lot of it is not just worth preserving but downright essential to save.

My role this week, and at a workshop I joined last year, is to be thinking about the news. My mind almost explodes when I consider the issues.

Even when there were relatively few community information sources — mostly newspapers — we had preservation issues. I started my newspaper career at a small weekly that has long since closed down. While I’m sure someone, somewhere, has a printed copy of the issues, the journalism is nowhere to be found online. And what happens when a newspaper with some printed archives and some online shuts down? Sometimes those archives go dark, too.

Even newspaper archives that exist online tend to live behind paywalls that prevent most people from using them. This greedy policy, which I’ve discussed before, has helped ensure that newspapers are less relevant in their communities than they should be.

A newspaper company I worked for deleted years worth of my blogging, twice. Once was when it changed publishing platforms. The second time was after I left the company. With some technical help I recovered and republished most of it myself.

TV and radio broadcasters have tended to save tapes or digital archives, though huge gaps have emerged in the record. Remember, storage used to be expensive.

The rise of citizen media has complicated everything. Now we had vast new sources of information, some useful and some not. (Kind of like traditional media, no?) Who had the obligation, if there was one, to save this material?

Well, we have the wonderful Brewster Kahle and his team at the Internet Archive to thank that a bunch of it still exists (including my old blogging that we recovered, no thanks to the newspaper company that killed it). The reality, however, is that much of the Web — not to mention many if not most of the great BBS conversations of earlier times — is lost.

After last year’s digital preservation meeting I suggested that we needed better ways to do our own archiving of blogs and other social media. I still believe the Library of Congress, Internet Archive and other preservation-minded folks should help the rest of us with this task.

The social question arises about people who don’t want to save what they’ve done.? Do they have a right to delete it? The Archive will take things down on request. But once you’ve put something up publicly, isn’t it public?

It’s not just a social question, but a legal one, now that judges areordering newspapers to delete archived stories. It’s a legal issue as well because copyright laws are constantly getting in the way of reasonable use of published material. The entertainment industry has taken us down a troubling path in this regard, and things are only getting worse.

And then there’s the entire question of material we create spontaneously, using databases that provide individualized experiences when we seek information. This isn’t just about search queries but about many kinds of community information sources; what you and I see when we visit Everyblock may well differ based on what we type into the text box. The only people archiving this stuff are the ones who own the databases; will the rest of us every have a look? Privacy interests say that we should not reveal it, but historians in the next century and beyond would find this absolutely crucial to their understanding of our times.

Happily, smarter people than yours truly are working on all of this. I’ll be filing some reports from the Washington meetings, to let you know what they’re thinking.

Facebook founder sweats it out

This article was originally published on Salon on June 3, 2010.

Zuckerberg’s evasions about FB’s evolving privacy policies raise new questions about the company’s intentions

Some of the tech-world buzz today is about Facebook founder and CEO Mark Zuckerberg’s astonishingly poor showing onstage at this week’s Wall Street Journal conference, All Things Digital. Make no mistake: His fumbling, rapid-fire, sweat-drenched appearance was probably the most cringe-inducing at the D gathering since Jerry Yang and Sue Decker, then CEO and president of Yahoo, spent many minutes several years agofailing to explain what business Yahoo was in.

On Wednesday afternoon, Zuckerberg repeatedly ducked some fairly simple questions about Facebook and its notoriously evolving privacy policies — rules and default settings that have led many, including me, to mistrust the company and its intentions. In fact, his fast-talk evasions deepened my sense of unease.

What attracted much of the notice, especially from media covering the event, was his extreme perspiration, which more than a few commentators called Nixonian. (This is a reference to a TV debate Richard Nixon held with John F. Kennedy in 1960 when they were running for president; Nixon’s sweaty, shifty appearance in the first-ever event of its kind is widely seen as one of the reasons he lost the election.)

The Nixon comparison is, of course, a big stretch — and it distracts from the much more serious issues.

For one thing, Zuckerberg’s panic attack — which is the most charitable explanation I can come up with — raised more than a few questions about his fitness as CEO of one of the biggest companies on the Web and, increasingly, one of the most important companies on the planet.

The “he’s young, give him a break” folks have half of that right. He’s young, just 26 years old, and has the obvious smarts (and a solid senior team) to get his P.R. efforts in better shape. But give a break to someone who wields such influence? Not likely.

I don’t know Zuckerberg personally. Several people I know well, and who know him well, say he’s deeply thoughtful about what he and his talented team at Facebook are creating. And his admission of having said and done regrettable things when he was a much younger college student — Facebook was founded at Harvard, where he was an undergraduate — was at least a sign of some self-awareness.

But I absolutely do not trust him or his company’s intentions. Facebook’s P.R., and Zuckerberg’s recent statements on privacy, claim a deep concern for users’ privacy. Their actions tell a different story. Repeatedly, Facebook has expanded the user data and postings it makes public by default, as this compelling visualization by IBM’s Matt McKeon shows. The evidence suggests that the company’s policy is to push and push the boundaries, roll back when enough people complain, and then keep pushing.

This is worrisome enough. But consider, among many other Facebook aims, its goal to essentially own personal identity on the Web — identity that you use to sign into all kinds of other sites. If Facebook becomes the default user ID for the Internet, it will have a power that no single company should own, period.

Facebook’s legions of fans, and most of its users, plainly find this line of thought silly. They keep signing up and using the service for more and more of their activities. They may regret their info-promiscuity someday, but maybe Zuckerberg is right that people really don’t care, and maybe there will be no consequences for not caring. Although we all need to cut each other some slack about the foolish things we all say and do, especially when we’re young, I’m also convinced we need zones of genuine privacy, and that we should not turn over our Web presences to a single company, even one we might trust. (I’ll be writing more about this in an upcoming post.)

For now, when I watch Facebook, I hear echoes of Silicon Valley in the late 1990s, when the standard of behavior changed. What was acceptable was what you could get away with. That’s a corrosive way to do things.

Facebook: Starting Over


Like many other people, I have a Facebook account. One reason is to keep track of what’s happening in the planet’s largest social network, including what application developers and users are doing there.

Another is that some of my friends — actual friends — are using the site. Facebook helps me stay in touch.

But the privacy fiasco of the past few days has left me feeling that I really can’t entirely trust Facebook, even with the limited amount of things I’ve said and done on the site since I got an account several years ago. Maybe I’m over-reacting — and I continue to admire the company’s accomplishments in many other ways — but that’s just the way it is.

Why don’t I feel safe and sound in their benevolent hands? Because although some of the changes they’ve made in their privacy settings are actually helpful, they are suggesting that users share much more of their data and other information, much more widely than ever. Facebook’s extremely smart leaders know perfectly well that the majority of users are likely to accept these suggestions, because most people say yes to whatever the default settings are in any application.

I wasn’t very happy with my Facebook situation in any case. Early on, I said yes to just about everyone who asked me to “friend” them, including people barely knew and some I didn’t know at all.

The privacy changes — and my continuing uncertainty, given the number of pages you have to look at to modify your settings — made me realize I’d rather take fewer chances. So I’ve made a fairly drastic change.

This morning, I deleted my account. Then I started a new one.

Actually, I scheduled the old one for deletion several weeks from now, which is all Facebook allows. The company figures, perhaps correctly, that some people will have made this decision rashly and wants to give them a way to reconsider. And it’s clearly in Facebook’s interest to avoid as many cancellations as possible for business reasons.

It wasn’t easy to figure out how to delete the account, which no doubt is part of the company’s strategy, too. If you go to your Settings page, the only option in this realm is to “deactivate,” not delete.

But a little searching on the site turns up this Facebook Group called “How to permanently delete your facebok account” (more than 35,000 members) — which in turn reveals this link to a delete-account form.

Before I did the actual deletion, however, I went to my Account Settings and opened up the Username option. I’d previously set my username to “dangillmor” so my Facebook URL would be, and wanted to be able to use that again. I changed the username to something else, and only then did I delete the account.

Then I started a new account, using a different email address, and set the username to match the old one.

Next up was a check of the default privacy settings for new users. They’re pretty un-private, in my view, sharing way too much with people you don’t know. I systematically went through the various screens — Facebook makes this chore both annoying and obscure, perhaps on purpose — to ratchet down the settings to something I can live with.

Look, we all know what is Facebook’s best interest: exposing to search engines and advertisers the largest possible number of pages by among the largest number of people willing to create stuff and make it all public. Marketers drool at what they can do at Facebook if the company will only let them, and Facebook’s entirely rational goal, like almost every other Internet company’s, is to make profits in almost any way it can. What’s in the corporate interest, however, doesn’t necessarily match what’s in my interest, or yours.

So I’m still at — though my real Web homebase is — with just two Facebook friends at the moment. I’ll be adding more, but not in any hasty way.

UPDATE: Wired News explains How to UnFacebook Yourself.

And Jason Calacanis asks, “Is Facebook Unethical, Clueless or Unlucky?” I vote mainly for the first.

When Others Delete Your Past

Searching for Thomas Crampton  



Searching for Thomas Crampton

Industries that talk proudly of the “content” they offer — raise your hand, journalism organizations — have a special need to preserve what they’ve created in a consistent and easy-to-find way. Content, in this context, includes the links that people have been using to find it.

You would imagine that the news industry would understand this. If so, you would be overestimating the industry’s collective common sense.

Continue reading When Others Delete Your Past