Social Media Goals for the New Year

Every year I think people will start to get the hang of social media. After all, it's really not much different from what we've done as a society forever, just more rapid-fire. Every year I am proven wrong.

Perhaps we need to consider better behavior on social media as a New Year Resolution for it to take effect. So here's my attempt at guidance.

Background

When I got to college, few people had heard of email and even fewer used it. Usenet was a foreign concept to nearly everyone I knew in meat-space, but with so much traffic I knew it wasn't hurting for users. Before there was a web, I understood the notion of choosing my words carefully. Archives of all my posts would surely stick around for many years, I thought, and so they have. I can still find stuff I posted back in 1992.

As the web happened and it became easier for anyone to share anything, and as email flourished (back when we had time to read it instead of filtering it), I adopted a variation on an old idea of how to behave in email — never write something in an email you wouldn't want to be posted on the front page of The New York Times. Nowadays maybe it's a tweet on the front page of the Fail Blog.

I think we should all accept that with the ubiquity of cell phone cameras, let alone all the surveillance cameras, web cams, and soon airborne drones made by 12-year-olds, everything you do runs the risk of being scrutinized and posted online for the world to judge. By posting your own contributions to social media sites, you (and I) continue to drive it.

When Facebook's co-founder's sister (who is also Facebook's former marketing director) posted a photo to Facebook and was surprised to see it tweeted by someone she didn't know, claiming it as an invasion of privacy, the collective web laughed at her. She became the holiday poster child for how confusing Facebook's privacy settings are to understand and implement — and she's the sister of the face of the company.

It also makes her follow-up tweet all the more laughable, partly because I doubt she asked the permission of her family members before posting their photos online:

Digital etiquette: always ask permission before posting a friend's photo publicly. It's not about privacy settings, it's about human decency

— Randi Zuckerberg (@randizuckerberg) December 26, 2012

What You Can Do as a Social Media User

Most importantly, don't think that just because you have locked down your social media accounts, no one that you haven't authorized can see it. An errant retweet or a misunderstood setting are all it takes to make that notion come crashing down. Just look at Zuckerberg's sister — she clearly doesn't understand either of the platforms she uses despite what she thinks.

I have my own set of rules I follow and I try to lead by example. That doesn't mean all mine are right, but I had to start somewhere.

• For the most part, I do not post photos of people without their permission. Exceptions include crowd shots.
• I don't post photos of children, though when there are exceptions I do not post names with the photos.
• When I do take general place or crowd photos, I avoid posting ones with the faces of children visible.
• I avoid posting photos with faces visible when I am making fun of a particular fashion choice.
• I don't create venues for homes.
• I don't post photos with street addresses visible.
• I don't embed GPS information when tweeting from someone's home.
• I don't retweet tweets from a protected account (unless I have permission or it's a particularly good insult to me).
• I don't tag people in photos without permission or prior experience that it will be fine.
• I don't tag friends in places when I am out, which is also why I don't auto-tweet my Foursquare check-ins (on top of the fact that it's annoying).
• I don't include information about friend or family schedules in posts, especially when they are travelling.
• I do not sync my phone with any cloud service or allow any auto-posting. I'd rather pick and choose than run the risk of the wrong image making it to the wrong place.

It's worth noting that I have violated all of these at least once, sometimes by accident and sometimes by stupidity. In a handful of cases I have been rightly chastised.

When it comes to kids (anyone's kids), I work to make sure I don't put enough information out there that a motivated offender couldn't just drive up to a kid on the street and spout enough information to make the kid think it's safe to get into his car. I wish more parents on Facebook made that effort.

What You Should Do as a Person in the World

Accept that everyone has a camera and can post photos and videos of you at any time. Accept that you may appear unintentionally in crowd photos that appear on everything from locked-down Facebook pages to the local news to band fliers and so on.

When you have a friend who keeps posting photos of you that you don't want posted, you should confront him or her. At some point you'll have to decide between how cautious or uptight you want to be versus how much that friendship means to you.

If you are a Facebook user, you can control whether or not you get tagged in photos (as a link to your Facebook page only) and you can even un-tag yourself.

Either behave or own your pile of crazy.

Related

• Facebook security hole allows anyone to view private New Year's Midnight Delivery messages and photos, December 30, 2012.
• How much data did Facebook have on one man? 1,200 pages of data in 57 categories, December 28, 2012
• Zuckerberg's Etiquette Sham, December 28, 2012.
• Mark Zuckerberg's Sister Complains Of Facebook Privacy Breach, December 26, 2012.
• Yes, Randi Zuckerberg, Please Lecture Us About 'Human Decency', December 26, 2012

Social Media Spam Sorta-Infographic

Today's sorta-infographic contains four pie charts, one of which is supposed to show a range, and the other three are ostensibly based on 12 hour clocks. Despite it's clip-art-style graphics, it does provide some pretty interesting factoids and comes with accompanying text to explain the graphics and provide more details. You can read the commentary, and comments, at the original post: Debut Impermium Index Reveals Surprising Trends in Social Web Spam Attacks.

Some of the trends Impermium outlines:

• Online ID signup fraud.
• "Sleeper cells" of social web abuse are a ticking time-bomb.
• Social media exploitation techniques are evolving fast.
• Uggs was the #1 most exploited brand.
• Porn got stripped.
• Mom & Pop are spammers.

Much of this isn't news to many, but it is validating to those of us who wonder if what we are experiencing is in line with current trends. I suggest reading the comments to see some of Impermium's responses to criticism — ok, really just read the comments for the criticism.

Color Has a Gray Pallor

Color is the newest social media application on the block, launched just after SxSW and relying on proximity-based media sharing instead of a friend model. Founded by names from other successful ventures along with $41 million in funding, Color seemed poised to storm the social media market.

One day after its launch, Color Labs, Inc. released an update to the Color app. Originally launched to support a 100 foot radius to find people for sharing, its new update was released to adjust that radius on the fly based on nearby activity. Considering the app is essentially useless without others who participate, this update is necessary to gain users (and necessary given it missed a great geek-dense SxSW event). When you read the opening statement in the product description in the Apple App Store and Android Marketplace, you can see that this need for others using the app nearby isn't exactly a surprise for Color:

WARNING: DON'T USE COLOR ALONE.

With so little activity visible to a user, users might look to the interface to provide some clues to using the app. After all, knowing if you are even using it correctly can manage your expectations one way or the other. Once installed, the app immediately asks for your first name, then prompts you for a photo of yourself, and then drops you right into its interface with some inexplicable icons (notwithstanding the tiny "Next" text-link-like buttons that move you along in the process). With no activity, it's hard to know what those icons do. This company-provided screen shot shows the app with its confounding icons in an ideally-active stream of content:

You might be motivated to look for a help screen in the application, but you'll have no luck. You might even be motivated to go to the Color web site to look for a tutorial or some form of documentation, but no luck. It turns out that there is a demo video available on Vimeo, but Color doesn't even link it from the site — you have to find it somewhere in the copious industry press coverage, which is something the typical user won't be doing.

When the Color Labs CEO says that the company is much more of a research company and a data mining company than a photo sharing site, it seems fair to question if the technology led the product rather than a tangible business model taking the lead. Given Color's reception so far, that seems like it may very well be the case.

In the Apple App Store product page for Color, the highest rated review of the product is really a parody, comparing it to a puzzle game (images of the full description):

You conquered Myst. You understood the end of Lost. You can do this! You're not going to let this new adventure game genre get the best of you! You will master this if it takes all weekend. You discover a button to create a group! You wonder what a group is. Progress, of sorts.

Given how easy it is to spoof GPS locations on a phone, even though the Color Labs CEO says that Color doesn't rely on GPS, it's a matter of time before a method to spoof locations is widespread. Let's not forget that Color is essentially anonymous, too, requiring no validation beyond location. It won't be long before you can expect to see Color turn into nothing more than a spam outlet or Chatroulette variant. I can assure you, I would not be letting my children (non-existent though they may be) install this app on their phones.

Related

• Color's Ambitious Photo App Seeks to Reinvent Mobile Social Networking
• Color CEO: The Tech Justifies the $41 Million
• Color to Get Major Update, Fix 'Loneliness' Problem
• PR Case Study: Where Color Went Wrong
• Color: Is it just the latest useless social media app?
• GPS check-ins taking off

Facebook Likes…Your Data

Developers are starting to lean on the features of Facebook outside of the walled garden of Facebook itself, and there are implications for us as users that we might not be considering.

The current trends of web design include giant footers, social media icons, extensive background images, and the omnipresent Facebook Like button. This Like button is the eye of Facebook, watching our slow march across the web from its tower at the heart of Menlo Park. At least that's how it feels to me given its great potential to track my activity.

The use of the Like button on a site involves using Facebook's Open Graph Protocol, essentially allowing a site owner to publish updates to a user's feed. Facebook has realized that site owners aren't taking advantage of this feature as much as they could, so Facebook even reminded developers of this feature a couple weeks ago on its developer blog. If a site that has been liked by visitors decides it wants to start promoting heavily on Facebook, visitors might find their Facebook feeds being overrun with spam.

But that's not all. The Like button has just gone through a transformation, incorporating the more invasive features of the Share button, as the Share button itself gets phased out. Soon when you click the Like button on a page, you may find that your Facebook profile page (your own wall) will get the headline/title of the page, an abstract of the content and a thumbnail.

But wait, there's more. Facebook has just updated its Comments Box plug-in to make it available to outside developers with more features than previously offered. Users can leave comments that appear both on an organization's web site and on its Facebook page. Third-party commenting services like Disqus might be looking for a new business model if this takes off.

And that's just the last few days. You may recall back in January when Facebook decided to make a user's address and phone number available to developers. While this did not go over well with the community at large, all that angry tweeting and blogging (like this one?), along with some inquiries from Congress, have done nothing to keep Facebook from moving ahead. You may want to read today's post at Mashable, which includes some links to the letter from two US Congressmen and Facebook's response: Facebook Will Continue To Share User Addresses & Numbers.

As an aside, you may want to follow the advice from this tweet:

Since Facebook will now let apps access your address & number, I have set my no. to 650-543-4800 (FB Customer Service) http://bit.ly/gkJvYD

Facebook already contains the personal information of millions of users to varying degrees of detail. Add to that Facebook's recent moves to take over commenting and linking services, pushing third party content into its own walled platform, and tracking everything you do within Facebook itself, and you can see it is quite a pile of data waiting to be mis-used and abused by anyone who has access. Factor in Facebook's history of privacy problems and missteps, and we as end users should all be cautious about using all these features popping up across our favorite sites.

Perhaps in time we'll come to think of sites that incorporate Facebook features as phishing scams or as simply being out of touch. For now we need to be cautious consumers and responsible developers when it comes to the lure of the ease of use.

See the image in context at its source.

Related

• How to publish updates to people who like your Open Graph Page
• Whenever you hit Facebook's "Like" button you're signing up for a subscription.
• Facebook Like Button Takes Over Share Button Functionality
• Facebook 'Like' button replacing 'Share,' world domination next
• Facebook Comments Box
• Facebook Brings Its Comments Plugin to Outside Publishers
• Rogue Facebook apps can now access your home address and mobile phone number
• Facebook Now Shares Phone Number & Address With Third-Party Apps
• Facebook Will Continue To Share User Addresses & Numbers
• Securing Facebook Places (from Your Friends) (on this blog)
• Facebook Privacy UI Redesign Ideas (on this blog)

I'm not proud to admit this, but if Facebook could somehow expand the Grammar Filter (scroll to bottom) to the entire web, I might be more willing to succumb to Facebook's rule.

Update March 3, 2011

Some time ago I heard about the Facebook limit of 5,000 friends. I had long since forgotten about it and the complaints people posted. Apparently so did Facebook. Jeffrey Zeldman ran into this limit and found it affects his ability to Link anything. This may be a blessing, at least from my perspective. Regardless, read his post Like and Friend are broken in Facebook for more info.

Chrome and Mozilla Announce Tracking Blockers

Last month Microsoft announced that Internet Explorer will be adding a "tracking protection" feature to its browser, allowing users to prevent advertising sites from tracking their activity on the web (ad targeting, really). This move was partly to stay ahead of an FTC push to mandate that browser makers add that feature. If you spent that few days between Christmas and New Year's hiding from computers and family, then perhaps you missed my post, Browsers to Add Tracking Blockers.

In that post I mentioned how Firefox had started the work, pulled it, and then brought it back. Well now it's official. You can read up on how it works at the Mozilla Wiki, where they were kind enough to put together a DoNotTrack FAQ. The FAQ helps readers understand that this is not the solution that will ultimately be implemented, since it relies on an HTTP header.

Google is relying on a cookie-based approach via a browser add-on. The only real difference from the voluntary Network Advertising Initiative that allows users to opt-out, which relies on cookies, is that the Chrome add-on won't blow away those cookies when a user clears all other cookies on his/her browser. You can read up on the confusingly-named Keep My Opt-Outs on one of the Google blogs (there are so darn many).

I suggest that if you plan on using these new features, which are not enabled by default and require some level of configuration to be useful, that you take a few minutes to read up on them:

• Mozilla, Google take different approaches to ad tracking opt-out at ars technica.
• Mozilla & Google Announce Browser "Do Not Track" Features at Mashable.
• Firefox and Chrome Add "Do Not Track" Tools To Their Browsers at ReadWriteWeb.
• Web Tool On Firefox To Deter Tracking at Wall Street Journal.
• Protecting Consumer Privacy in an Era of Rapid Change, preliminary FTC staff report (PDF).
• Self-Regulatory Program for Online Behavioral Advertising
• Network Advertising Initiative
• chrome-opt-out-extension at Google code blog.
• Keep My Opt-Outs from the Chrome web store.
• More Choice and Control Over Online Tracking from the personal blog of the Global Privacy and Public Policy Leader at Mozilla.
• Thoughts on Do-Not-Track from Michael Hanson, Mozilla Labs.

Updates

• Big browsers hop aboard the 'Do Not Track' train at New Scientist, Jan. 27, 2011.

Browsers to Add Tracking Blockers

This may be somewhat old news by now, but given the hubbub last night that Apple and some makers of apps for the iPhone are getting sued over tracking users without consent, it seems that the struggle between privacy and features will never be old news.

Back at the dawn of the web, the notion of surfing anonymously was pretty compelling. Users in the early days had enough technical know-how to understand that privacy could not be guaranteed and at the very least a combination of IP logging and old-fashioned real-world tracking could often get an interested party the identity of someone engaging in nefarious activity. The key benefit to that process (for users) is that for most organizations it wasn't worth the bother (either time or money). Privacy was maintained simply for lack of effort.

Fast forward to today's world where online ads can track your habits and preferences, where Facebook is regularly lambasted for sharing too much information, where mobile devices can track where you are at any time, where people use social media with the curious expectation that they are guaranteed some privacy, and so on...

Microsoft sees this as an opportunity to push its coming web browser, Internet Explorer 9, to the fore by offering a new feature called Tracking Protection. Microsoft will be rolling this feature out in the next beta release due early in 2011. In Microsoft's words, the feature will do the following:

1. IE9 will offer consumers a new opt-in mechanism ("Tracking Protection") to identify and block many forms of undesired tracking.
2. "Tracking Protection Lists" will enable consumers to control what third-party site content can track them when they're online.

This is a little different from the Federal Trade Commission's request that browser makers implement a "do not track" feature. In the FTC's world, this feature sets a flag for all sites you visit asking the web site and/or ad service not to track you. The FTC cannot force anyone to honor that, however, so it's a mostly empty request. This is where the IE9 feature is so compelling — it's intended to just block the tracking outright.

Mozilla isn't missing the boat on this. Even though a similar feature was in development in June, it was pulled (for conflicting reasons) but made its reappearance just a few days ago. Mozilla's chief executive stated in an interview that [t]echnology that supports something like a 'Do Not Track' button is needed and we will deliver in the first part of next year. He was speaking about Firefox 4, which is still in beta. This puts Firefox's offering out there around the same time as IE9's.

Now that two major browsers will be developing a feature in parallel with a similar name and set of functionality, it will be interesting to see how it is implemented. While the features both Microsoft and Mozilla are discussing have mostly been in both browsers in some form since the last full release, activating those features isn't exactly intuitive for the novice user. Now comes the struggle of creating a user interface that is simple, still provides enough detail and control, and isn't so far removed from the other browser's interface that users who use both aren't horribly confused.

Whether these features are enough to satisfy the FTC, consumers, or even the ad networks is still up in the air. Whether these features will be easy to use, however, seems unlikely given browser configuration options over the years. If that happens, it may end up protecting ad networks for now.

Related

• Apple, App Makers Sued Over User-Tracking at Wired, December 27, 2010.
• 'Do Not Track' Coming to Firefox 4 at PCWorld, December 21, 2010.
• Firefox backs "Do Not Track" with online stealth at Google News, December 18, 2010.
• Privacy and the Web's 'signal-to-noise ratio' at CNN, December 15, 2010.
• Microsoft Builds Online Tracking Blocking Feature Into IE9 at Wired, December 7, 2010
• IE9 and Privacy: Introducing Tracking Protection at Microsoft's IE9 blog, December 7, 2010.
• IE9 "Do Not Track" Feature Prone to User Error at PCWorld, December 7, 2010.
• FTC Staff Issues Privacy Report Offers Framework for Consumers, Businesses, and Policymakers at FTC.gov, December 1, 2010.
• Hiding Online Footprints at Wall Street Journal, November 30, 2010.
• Question of the Day: Would you use an Internet “do-not-track” tool if it were included in your Web browser? at Wall Street Journal.

Related on this blog

• Google Analytics Opt-Out Add-On Is Out, May 26, 2010.
• Google to Let Users Opt Out of Analytics Tracking, March 19, 2010.
• Google Dashboard: What Google Knows about You, November 5, 2009.

Updated: January 24, 2011

• Firefox and Chrome Add "Do Not Track" Tools To Their Browsers

Securing Facebook Places (from Your Friends)

Facebook Places is out. It's the Foursquare / Gowalla / Brightkite / Loopt / etc.-killer. Or so Facebook hopes. All of those services have some pretty clear controls in place to limit how much information you share. Granted, you can mess up even their simple privacy controls and share the address of your Mom's house with the town crazy (assuming he/she is technical enough to use the software, and cares), but at least the model is simple. Facebook, on the other hand, has gotten (earned) quite the reputation for having convoluted security screens that make it way to easy for the average user to expose more than intended. Facebook Places takes it a step further and can allow your own Facebook friends to announce your location to the world.

Instead of reformulating something I've already written (making smart choices about what you share from the physical world), I'll just link you there (Don't Let Social Media Get You Robbed (or Stalked)) and instead outline how you can change the security settings in Facebook to protect your information. To be fair, Facebook just launched this feature yesterday, so you can expect it to change over time. You may want to review your security settings in Facebook on a regular basis.

There are two sets of instructions below, each with a set of screen shots. Make sure you go through both. Click the screen shots for the full size image.

Adjust Check-in Visibility, Disable "Friend Check-Ins" and "Here Now"

1. Choose Privacy Settings from the Account menu (upper right).
2. Choose Customize Settings.
3. Adjust Places I check in to what you prefer (I suggest no more than "Friends only").
4. Uncheck the box next to Include me in "People here now" after I check in.
5. Choose "Disabled" from the Friends can check me in to places menu.

Preventing Your Friends' Apps from Accessing Your Places Info

1. Choose Privacy Settings from the Account menu (upper right).
2. Choose Edit your settings from under the "Applications and websites" section on the bottom left.
3. Click the Edit settings button from the "Information accessible through your friends" section.
4. Uncheck Places I've visited.
5. Don't forget to Save Changes.

And with that you should be locked down. Remember, though, check it now and then. Make sure new items haven't been added or things haven't changed.

Related

• Don't Let Social Media Get You Robbed (or Stalked) on this very blog.
• Facebook Places: Your Friends Are Here, But What About Your Privacy? from the ACLU.
• A Field Guide to Using Facebook Places at Mashable.
• Facebook Places Makes Location a Commodity at ReadWriteWeb.

Google Analytics Opt-Out Add-On Is Out

That title was more fun to write than I thought it would be.

Back in March I mentioned that Google had decided that it would let users opt out of being tracked by Google Analytics (Google to Let Users Opt Out of Analytics Tracking). That day is here. News sites all over the web lit up today with the news that the Google Analytics Opt-out Browser Add-on (BETA) is now available for download. And yes, that is its real name. It's still listed as a beta product, and it's only available for Internet Explorer (versions 7 and 8), Google Chrome (4.x and higher), and Mozilla Firefox (3.5 and higher).

There does seem to be a little something odd about adding more cruft to your browser to disable the cruft people have added to their sites to see how you surf their cruft. And this is assuming you believe that Google would release a free product to the end user that disables a free product targeted at site developers that also supports their paid Adwords product. Considering all the privacy flack Facebook has felt lately, however, it makes sense that Google wants to be able to say they are staying ahead of these issues. Google's download page explains... not much:

To provide website visitors with more choice about how their data is collected by Google Analytics, we have developed the Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics.

To repeat myself from March, if you really want to surf anonymously, run Netscape Navigator 2 or version 3 with JavaScript disabled through an anonymous proxy. From a cave.

Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village

Facebook Privacy UI Redesign Ideas

Facebook has been taking a (well-deserved) beating lately for all its privacy (or lack of) controls. No longer is Facebook getting beat up in the world of blogs and tech journals, now it's taking fire from the likes of The New York Times, The Wall Street Journal, and even has the cover of Time magazine. The New York Times took the time to display all of Facebook's privacy options as one flow chart, attempting to display how 50 settings with 170 options, bolstered by its 5,830 word privacy policy.

See the image in context at The New York Times.

Fortune magazine gathered a few user experience designers and asked them to prototype some revisions to Facebook's privacy settings. Fortune made a gallery of a dozen samples, consisting of a brief description for each sample. While the gallery could have been a bit more robust, the teaser-style images certainly provide some interesting perspectives on how to minimize the massive confusion the current Facebook privacy screens create. Simple suggestions include embedding the privacy options inline with the items to control, and showing numbers next to grouping options (how many users does "friends of friends" encompass?). A couple samples are below.

This morning Facebook CEO Mark Zuckerberg addressed privacy concerns in a column in The Washington Post (From Facebook, answering privacy concerns with new settings). From the column:

The biggest message we have heard recently is that people want easier control over their information. Simply put, many of you thought our controls were too complex. [...] In the coming weeks, we will add privacy controls that are much simpler to use.

The column goes into more detail on the overall privacy debacle, but I'll leave that up to you to read, I'm just looking at the UI options today. Whether or not anything we see in the sample UIs will make its way into the screens on Facebook is anybody's guess, but from the column, we should know in a few weeks.

Additional Stories:

• Facebook and Privacy: What a Mess at PC World.
• How Facebook Is Redefining Privacy at Time Magazine.
• Facebook, MySpace Confront Privacy Loophole at The Wall Street Journal.
• Facebook Open Graph: What it Means for Privacy at Mashable.
• Price of Facebook Privacy? Start Clicking at The New York Times.

Update (May 25): Mashable reports New Facebook Privacy Controls Arrive on Wednesday. That's tomorrow for those not near a calendar.

Update (May 26): It's Wednesday, and no new privacy controls. Although Facebook did announce them, show a screen shot, and say they'd be coming in the next few weeks. Mashable reports BREAKING: Facebook Announces New Privacy Features.

Mozilla to Modify How CSS :visited Works

If you know CSS, then you know that the :visited pseudo-class is a method to determine if a user has already been to the link it targets. For example, you may have styles for a:link and a:visited in your CSS file to help users see a difference between links they've clicked and links they haven't. Combine this with the getComputerStyle method in JavaScript and an author can conceivably figure out all the sites you've visited. This issue has prompted Mozilla to announce changes to how the :visited selector will work.

The Mozilla Hacks blog outlines how these changes will affect web sites and web developers. At the high level:

• getComputedStyle (and similar functions like querySelector) will lie. They will always return values as if a user has never visited a site.
• You will still be able to visually style visited links, but you're severely limited in what you can use. Mozilla is limiting the CSS properties that can be used to style visited links to color, background-color, border-*-color, and outline-color and the color parts of the fill and stroke properties. For any other parts of the style for visited links, the style for unvisited links is used instead. In addition, for the list of properties you can change above, you won't be able to set rgba() or hsla() colors or transparent on them.

They also note some subtle changes to how selectors will work. Mozilla acknowledges that these two items might be confusing and has promised some examples in the near future.

• If you use a sibling selector (combinator) like :visited + span then the span will be styled as if the link were unvisited.
• If you're using nested link elements (rare) and the element being matched is different than the link whose presence in history is being tested, then the element will be drawn as if the link were unvisited as well.

The blog post points out a couple of areas that will probably require changes to existing sites:

• If you're using background images to style links and indicate if they are visited, that will no longer work.
• Mozilla won't support CSS Transitions that related to visitedness (I think they made that word up). There isn't that much CSS Transition content on the web, so this is unlikely to affect very many people.

Right now Mozilla cannot say what version of Firefox will get this change, but the post is intended to get us all ready for the impact in advance of that release.

Mozilla does admit that this won't fix all the potential security leaks of your browsing history (see the bug report). They do offer an option for minimizing your exposure to the other leaks, or to minimize yourself in your current release of Firefox until they get the fixes out:

...[V]ersion 3.5 and newer versions of Firefox already allow you to disable all visited styling (immediately stops this attack) by setting the layout.css.visited_links_enabled option in about:config to false. While this will plug the history leak, you'll no longer see any visited styling anywhere.

Read more:

• privacy-related changes coming to CSS :vistited
• Plugging the CSS History Leak
• Preventing attacks on a user's history through CSS :visited selectors
• Bug 147777 - :visited support allows queries into global history
• What the Internet knows about you. This page checks your browser history and determines which of the 5000 most popular Internet websites you've recently visited.

Google to Let Users Opt Out of Analytics Tracking

Given all the flak Google has taken recently (see my post yesterday, More Social Media Privacy News), I wasn't too surprised to see this headline come through from ReadWriteWeb: Google Will Soon Allow You to Opt Out of Google Analytics Tracking.

In a blog post from yesterday (More choice for users: browser-based opt-out for Google Analytics on the way), Google announced that it will be offering a browser plug-in to opt out of having their data tracked by Google Analytics. From the blog post:

...[W]e have been exploring ways to offer users more choice on how their data is collected by Google Analytics. We concluded that the best approach would be to develop a global browser based plug-in to allow users to opt out of being tracked by Google Analytics. Our engineers are now hard at work finalizing and testing this opt-out functionality.

I suspect this is more of a PR move than anything. Google Analytics is really just a method to track how anonymous users access your site — from what search terms or related site they came, what pages they visited, how long they spent, their click path, etc. None of this information exposes personal details and is even forbidden by their privacy policies. Check out the Google Analytics product tour for a quick overview.

What Google Analytics offers is not much different than what you get from a WebTrends report. And that data already exists in your own web server logs. In fact, Google Analytics cannot track anything if you don't have JavaScript enabled on your browser, making it impossible to track many mobile devices. Granted, you can get an overlay view of a page showing where users clicked in Google Analytics, which you cannot get in products that rely solely on the web server logs, but that isn't necessarily the key selling point. The fact that it is free is its strongest point. It also has swell reports.

The user who cares enough to download and install the plug-in may come from one of two camps:

1. He/she is already concerned about privacy and may even use anonymous proxy services to surf with an alternate IP address;
2. He/she has been told that Google is tracking his/her every move (again, recent press) and perhaps grabs this as a response (or has it installed by a friend or family member).

These users make up such a small portion of the surfing world that it probably won't impact the typical site. I doubt there will be a noticeable drop in data points in the Analytics reports of many sites. Others have posited that this move might make it easier to block internal users data from a company site (which can skew results) as opposed to blocking the IP range in the Analytics configuration screen. They fail to take into account how unpleasant it will be to administer (install and support) all those random plug-ins. No IT guy should be interested in that model at all.

The paranoid out there may feel that Google is tracking enough information about everybody, and while I don't disagree, trusting Google to release a plug-in to stop Google in Google's tracks seems like a flawed and circular argument. The truly paranoid shouldn't trust the plug-in to do what it says. I genuinely hope those conspiracy theorists aren't running Google Chrome, because the same argument applies.

If you really want to surf anonymously, run Netscape Navigator 2 or version 3 with JavaScript disabled through an anonymous proxy. From a cave. Perhaps Google will release a plug-in for those browsers?

ReadWriteWeb included this Onion parody in their story, and I just had to steal it to post here. It's too good to pass up (sorry about the scaling).

Google Opt Out Feature Lets Users Protect Privacy By Moving To Remote Village

More Social Media Privacy News

Yesterday the Wall Street Journal technology blog posted an article titled Google Buzz Exemplifies Privacy Problems, FTC Commissioner Says. The outgoing FTC Commissioner said that technology companies, specifically Google, are being too cavalier with the personal data of consumers. While qualifying her remarks as not official FTC comments, she said that the launch of Google Buzz was irresponsible conduct on the part of Google.

If you don't know to what she is referring, here's the greatly simplified breakdown. When Buzz launched, Google wanted to get people into it quickly and get them connected to their friends. To do this, Google essentially scoured your Gmail contacts and set them up as "friends" in this new service, allowing them to be seen as such by the general public. The awkward social case where this is a problem is when you use your Gmail account to court someone who isn't your spouse or significant other. In the professional world, reporters could instantly have their connections to otherwise anonymous sources or informants exposed. There was a firestorm of anger from users and Google quickly scrambled to close that gaping hole, as well as some others.

That the FTC commissioner specifically calls out Google, so recently in the news for this fiasco, doesn't let others off the hook. Facebook has been through its share of privacy dust-ups with users as it keeps pushing to make everything public.

Google Buzz also got its share of abuse at the SXSWi keynote speech by Danah Boyd, a Social Media Researcher at Microsoft Research New England and Fellow at Harvard University's Berkman Center for Internet and Society. SXSW is precisely the event where a product/service like Buzz should be shining, as was the case for Foursquare last year, and not getting panned. Facebook got its share of a thumping in her speech, too, as she cited users who inadvertently adopted more public settings.

Meanwhile, in the world of sharing too much for robbers and stalkers, the world of geo-tagged and location-aware services saw a bit of a jump. Mashable reports that Foursquare Adds Almost 100,000 Users in 10 Days. To be clear, there weren't 100,000 people at SXSW, and many of those people already had Foursquare accounts anyway.

Apparently people have no problem sharing personal, potentially risky, bits about their lives. Just as long as they pick and choose what to share, that is. The FTC cannot regulate poor decision making skills by consumers, but it can at least step in when a company goes too far and just burps out lots of private data. For everyone else, I recommend you read the safety tips in my post Don't Let Social Media Get You Robbed (or Stalked) from earlier this month.

Related news bits:

• Google Buzz: Privacy nightmare at Cnet on February 10, 2010.
• WARNING: Google Buzz Has A Huge Privacy Flaw at Silicon Alley Insider on February 10, 2010.
• Facebook's Privacy Changes Draw More Scrutiny at the New York Times technology blog on December 10, 2009.
• Facebook Privacy Complaint Ignites War of Words at PCWorld on December 17, 2009.
• Google Buzz Gets Some Serious Privacy Tweaks at Mashable.
• FTC on Google Buzz: Consumer Privacy Cannot Be Run in Beta at Mashable.
• SXSW 2010: Google and Facebook failed on privacy, says Danah Boyd at the Telegraph blogs on March 14, 2010.
• Facebook To Pay $9.5 Million in Privacy Settlement at ReadWriteWeb on March 18, 2010.

Don't Let Social Media Get You Robbed (or Stalked)

If you are one of the millions of people using social media to report where you are, you may have been tuned in to all the buzz lately about the site Please Rob Me. The concept is very simple, when you use applications like Gowalla, Foursquare, Brighkite, Loopt or anything else that broadcasts your location, you run the risk of telling the world that you aren't at home and it's ripe for the picking. You can compound it by advertising to potential stalkers (not much of an issue for me, but certainly if you're popular).

The geolocation features built into these applications not only tell people where you are, but if they have any familiarity with you, the area, or just spend a few minutes reading your history, they can pretty quickly posit for how long you will be away. This isn't limited to just geolocation-broadcasting services — you can just as easily use Twitter or Facebook (among others) to inadvertently tell people you are away from home or at a particular place.

That it took all the press around the Please Rob Me site to cause people to consider this is almost laughable. Granted, the site is pretty overt in how it conveniently aggregates all the data for visitors, but it's not doing anything that an interested party couldn't do on his or her own in a few minutes. All the site does is show all the Tweets from Foursquare users as they check in — not very complex. To quote from its Why page:

The danger is publicly telling people where you are. This is because it leaves one place you're definitely not... home. So here we are; on one end we're leaving lights on when we're going on a holiday, and on the other we're telling everybody on the internet we're not home.

So how can you enjoy social media with geolocation features and still minimize your risk?

Techniques for Safe Check-ins

These are just three options. I employ each of these and find them fairly easy to follow. None of these will stop the old fashioned thief (who doesn't use social media), but they can make it a little harder for those casing you online.

Time Shift

Remember, you don't have to check in to a location as soon as you get there.

Let that sink in for a moment. I see people check in to locations as soon as they walk in the door, but they don't need to. Sure, you may not get the immediate benefit of knowing which of your friends might be nearby, but maybe you should sort that out in advance.

For example, I am known among my friends for posting photos of my meals through Brightkite. What many of them don't realize is that I often check in to a location after I have already left or (if it's near my house) as I am leaving. This has caused a couple awkward moments when a nearby friend is notified of my proximity and comes looking for me.

Hide Your Check-ins

Hide your check-ins from all but your trusted friends. And I don't mean those Facebook friends who you met once while in a mosh pit or that you haven't seen since second grade.

You don't need to Tweet to the entire world where you are. Sure, if it's a major event and you want to brag then go for it, but understand the risk. If you Tweet or check in for every morning visit to the local coffee hut, not only will people know where you are right now, you will be telling them where you are tomorrow or next week. Establishing a pattern of behavior makes it easy for someone to predict your moves.

Consider hiding your Foursquare check-ins and not Tweeting every one; you can still participate in the overall game. Lock down your Facebook profile from the general public. Consider disabling the geotagging from third-party applications that feed to Twitter.

Get a House Sitter

Some of you may be aware that I was just in Houston speaking at a conference. I was more than happy to post my progress via Foursquare check-ins, Brightkite photos, and an assault of Tweets. Anybody could have wandered over to my house for some pillaging, but would have been surprised to find that someone was already there. In fact, I was able to split the duties across two people, so it was better populated than when I am in town.

If you have the luxury of a roommate, house sitter, guard dog, militia, etc., then you may be in good shape already. But consider whether that person at your house is someone you want to put at risk (granted a rather remote risk), or if that person is comfortable with being on watch.

Related articles:

Continue to read up, you may come up with some ideas that work better for you than my suggestions.

• The dark side of geo: PleaseRobMe.com at CNET.
• Are We All Asking to Be Robbed? at Mashable.
• Google Buzz: Privacy nightmare at CNET.
• Facebook Privacy Complaint Ignites War of Words at PCWorld.
• Twitter Your Way to Getting Robbed at Mashable.
• HOW TO: Make Your Small Business Geolocation-Ready at Mashable.
• How Robbers Did Their Dirty Deeds Before Foursquare at Mashable.
• Friday Poll: Do Location Check-In Services Freak You Out? at Mashable.

Google Dashboard: What Google Knows about You

Google announced a new service/feature today, Google Dashboard. Given all the services Google offers and all the ways you can interact with Google, it's not surprising many people have privacy concerns and conspiracy theories (do enough people watch The Simpson's for me to make an MLB joke here?). Google announced it in a blog post today (Transparency, choice and control — now complete with a Dashboard!) and included a handy video to walk users through the process of accessing Google Dashboard. Dashboard essentially offers a one-stop view of all the data in your Google account across 20 of its services, including Gmail, Calendar, Docs, Web History, Orkut, YouTube, Picasa, Talk, Reader, Alerts, and Latitude. If you are interested in privacy policies for each of Google's services, head over to their Privacy Center.