Entries from April 2008 ↓

I’m happy to continue to guest-blog, and as always my posts don’t represent the views of Reputation Defender or any of its defenders employees (the lawyers still say I can’t use that word).

Want to remove your images? Skip ahead.

Today’s post is about unintentional ways in which Internet users might be opening themselves up to having their privacy violated. This isn’t a case where anybody has done anything wrong, but rather a case where not everybody realizes that their pictures are automatically spread all over the Internet.

The social blogging site LiveJournal is pretty neat: It lets people write their own social diaries, or connect with others and blog in communities. One of the most popular features of LiveJournal is that it’s possible to limit access to a particular blog entry (or an entire journal) to “friends only” (commonly called “FOB” for “friends only basis”). A lot of other people just rely on obscurity to keep their journals private; they don’t advertise the URL or direct anybody but their friends to the site.

LiveJournal does a pretty good job with privacy overall. But many users don’t realize that a common “feature” might be compromising their privacy. LiveJournal publishes a feed (RSS here) of all the most recent updates to any public journal on the site. One application that has been written to take advantage of it is a web page that allows any user on the Internet to see the most recent 250 images posted to any journal on LiveJournal by any user (other versions have the “Last 100 LiveJournal Images” instead).

The most recent images feed is interesting in that it gives a very quick overview of the zeitgeist of the site. A lot of the images are references to TV shows, LOLcats, current events (today was the Pennsylvania Presidential primary, so there are no shortage of Clinton and Obama images), and other benign trivia. A social anthropologist could spend years deconstructing the feed to identify what people care enough about to post to LiveJournal.

But, there’s a dark side. A few of the images revealed by the Last 250 LiveJournal Images feature are clearly things that were meant to be kept private. There are candid photos of intimate moments, illustrations of private confessions, revelations about body image issues, pictures of drug use, and more. Many users put these very personal photos on their LiveJournal pages thinking that only their friends will see them, and don’t realize that they’ll be broadcast to anybody watching the image feed. They just don’t know that by posting an image to their personal journal it’s instantly broadcast to anybody watching.

Even worse, a malicious (or at least juvenile) user could take any very private image from the Most Recent Images feed and spread it to others. It’s possible to copy any image and republish it across the Internet. Any image can be spread by message board, by email, or even by another LiveJournal page. One LiveJournal user’s very private confession or intimate moment could instantly become fodder for web mockery; all too many Internet memes started with something personal that became a topic of mockery. For example, look at what happened to the “Star Wars Kid”: A fourteen year old student filmed a silly (and somewhat embarassing) video of himself swinging a fake lightsaber, his classmates found the tape and published it on the Internet, and the student became the subject of worldwide mockery. The video has been viewed more than 10 million times on YouTube alone.

It could happen just as fast with an image posted to LiveJournal that’s accidentally revealed through the image feed.

If you’re a LiveJournal user, here’s how to prevent (“turn off” or “opt out” from) your images from appearing in the image feed:

1. Log into LiveJournal
2. Go to the LiveJournal command console (this is different than your “settings” page)
3. Enter the command:
   set latest_optout yes
4. Press “execute”

This will remove your images from the Most Recent Images feed.

One of the dangers of these social sites is that, by default, they tend to share a lot of information about you. It’s great if you’re interested in meeting new people, but it also creates a huge risk that your privacy is being violated without you even knowing it. Check to make sure that other sites aren’t also using your information in ways that you don’t expect.

ReputationDefender is pleased to be exhibiting at the Cool Product Expo at Stanford University today. We look forward to spreading the word about online reputation management and our cutting edge suite of products.

If any of our Loyal Readers are in the area, we invite you to come down and say hello to your friendly neighborhood startup. Admission is free and there is plenty of RD swag to be had.

So far I’ve seen a futuristic airplane and a James Bond like Pen.

Look for photos and videos soon.

I’m pleased to be still be guest-blogging here. Again, nothing in this post reflects the opinion of ReputationDefender or its employees (they said I couldn’t call the employees “reputation defenders” for trademark reasons — so don’t do that).

On to the good stuff:

There’s just one easy question: Does Google* know too much about you?

*If you use Yahoo! (and Yahoo!Mail) or Microsoft Live Search (and Hotmail) then just substitute “Yahoo!” or “Microsoft!” for “Google” and the same question applies to you.

Think about it. Let’s assume you use Google for your web search and for your email. Google knows every single search that you’ve run, and it has access to every single email you’ve sent. If you use GChat then it knows that too. Or if you use Google Documents then it has access to all of yoru documents too. From that much data, it can deduce just about anything about your personal life. Looking for a date online? Cheating on your spouse? Have an embarassing medical condition? Made a drunken mistake at a party? Google knows it all.

Google’s unofficial motto, of course, is “don’t be evil.” And that’s a wonderful goal. But goals and policies didn’t stop rogue employees at a hospital from looking over every celebrity medical record they could get their hands on.

But, let’s assume that Google has appropriate internal controls on all of its data. Assume that it has some way to make sure that no database technicians can look at data they’re not supposed to look at. But that doesn’t help if the US government forces Google to open its records. Or if a different country, without all of the protections offered by US courts, forces Google to open its records as a condition of doing business. This isn’t some abstract fear: Think about what Yahoo went through in China.

But, still, let’s assume that the government doesn’t misuse this massive collection of data for political purposes. We’re still not off the hook. If you’re charged with a crime, or sued in a civil court, the other side can still subpoena your records. Maybe most of your searches are pretty boring–looking for info about “Baltimore Orioles” or “Frank Thomas” is pretty boring stuff. But maybe there are a few completely innocent but embarassing searches — for “jock itch” or “STD transmission” or things far more embarassing than that. The lawyers will paw through all of that, looking at every record to figure out if they can get leverage over you.

The solution? One step forward is clear data destruction policies for search engines. Three years is too long — six months might be better. Destroying data makes it inaccessible. Another step forward is stronger privacy laws in the US and EU. Another step forward is encouraging other countries to adopt similar strong privacy protections. Western norms of privacy are still evolving, but we’ve happened upon a lot of good stuff.

There’s hope yet for our data.

~Fortune favors the well-prepared.

Just a quick note to let everyone know that ReputationDefender will be at the Cool Product Expo 2008, being held at Stanford University on April 9th. Owen Tripp and Paul Pennelli from ReputationDefender will be there at our tradeshow booth from noon to 6pm.

There should be a lot of, well, cool products and companies on exhibit (besides us, of course) and admission is free, so what else have you got to do? If you don’t want to take our word for it, how about this article from CNET.

Hope to see you there!