July 2nd, 2008 | Uncategorized | Reputation Whiz
Until recently, the Internet has been an open playground: You could do whatever you liked, and if you did something wrong you got in trouble after the fact. But now politicians and others are pushing to make intermediaries, like ISPs and auction sites, filter content before it gets to users. The Internet of the future might be an Internet with limits on what you can do.
As always, I’m guest-blogging and I don’t represent the views of ReputationDefender.
Most recently, three major ISPs–Verizon, Sprint, and Time Warner Cable–recently bowed to pressure from the Attorney General of the state of New York and agreed to stop carrying Usenet newsgroups that contain child pornography and other reprehensible content.
First, a brief history lesson: “Usenet” is a throwback to the early days of the Internet. It is a set of discussion areas–”newsgroups–that were very popular in the 1990s as a way to discuss everything from programming to politics. In more recent years, the popularity of Usenet has fallen the Web (what you’re using right now) became more important. But, some people still communicate through Usenet. And a small fraction of those people use it to send child pornography and other illegal material to each other.
Verizon, Sprint, and Time Warner Cable stopped “hosting” some Usenet newsgroups on their own servers. As a result, the ISPs are no longer providing access directly to subscribers. It’s still possible for subscribers of those ISPs to access the newsgroups, such as by paying $10 to $20 per month for access through a web-based Usenet gateway (a service that shows Usenet through a web browser). A good analogy to what these ISPs did would be if your ISP no longer provided email service and you had to pay another company for web-based email.
This is one of the first times that a major ISP has limited its services on the basis of content. While any customer can still access any newsgroup they want, the ISP has made it substantially more difficult to access newsgroups that contain illegal content. Some think this is the first step toward ISPs enforcing content controls based on other forms of illegal content, like music or video file sharing and possibly even going as far as restricting the transmission of libelous or false information online.
Current laws, combined with the nature of the Internet, put a lot of pressure on ISPs to filter content. Because the Internet is global, harmful and illegal content can easily be found overseas. U.S. politicians can’t control what overseas websites do, since U.S. courts lack jurisdiction over many foreign websites, and even if there were jurisdiction it would be a nightmare to try to try to enforce the laws overseas. But, U.S. politicians know that every web user has to use an ISP to get online. And they know that ISPs that serve the U.S. are subject to U.S. law and can easily be dragged into U.S. courts. Even more importantly in this case, it’s a lot easier to go after a handful of ISPs than it is to try to track down and locate many anonymous Usenet users who posted the original illegal images. Thanks to anonymity services like TOR, it may be completely impossible to locate the people who first put the underage images on Usenet. But, the government can find the major ISPs just by looking in the phone book. It’s a lot easier to go after the known intermediary than it is to chase down foreign or anonymous wrongdoers.
The same is why the RIAA hopes to filter music file sharing before it reaches customers. If ISPs block file sharing, then the RIAA won’t have to chase anonymous or overseas file sharers.
The U.S. isn’t the only country where intermediaries–like ISPs–are being held liable for wrongdoing by other users. A recent court case in France held eBay liable for fake handbags sold by independent sellers on eBay.
Again, the reasoning went that it’s easier to force eBay to solve the problem than it is to chase down many small-time sellers of fake handbags.
Is this the first step toward extensive filtering, going as far as ISPs stopping the transmission of sites that contain libelous or hurtful materials? It’s technically possible for this to happen. Spam blacklists already exist. And lots of programs — like McAffee’s “SiteAdvisor” — already detect some forms of malware and provide warnings to users before proceeding. Google already warns users about pages that might be dangerous, based on their own internal blacklist. And some ISPs already block certain emails under the guise of being viruses or spam.
Adding another filter for sites that have been ranked as hurtful or libelous by enough users would just be another simple step, nothing more than a Digg-like button “bury as inaccurate” for the world. It’s entirely possible that ISPs could display a message that “this site has been marked as inaccurate by 40% of visitors.” We’re really not that far away from having this capability: sites like StumbleUpon use a Firefox extension to rate literally millions of websites.
Of course, what about the First Amendment? After all, the government can’t just censor all speech that it doesn’t like. But, the Supreme Court has repeatedly held that child pornography is not protected under the First Amendment. 
The Supreme Court has also held that libel–malicious lies about a private individual–is also given not protected under the First Amendment. So, under current law, it’s at least theoretically possible for a state government (like New York in the case of child pornography on Usenet) to threaten ISPs to stop providing access to some kinds of objectionable content. Of course, if government-mandated web filtering ever became common then we’d likely see another challenge in the Supreme Court, possibly with a different outcome.
In the end, it’s not clear whether this is a good thing or a bad thing. There’s plenty of things, like child pornography, that is so disgusting that something needs to be done to stop its spread. And, this most recent move by the New York ISPs suggests that illegal images are still prevalent, despite many attempts by law enforcement to find and prosecute the people who take them. And ISP warning for libelous or hurtful content might save thousands of reputations from unfair But, ISP filtering is also dangerous if it’s applied overzealously to things like file-sharing: there are plenty of forms of file-sharing that are legal (for example, many downloads of the Linux operating system use file-sharing networks to speed up downloads and to allow many users to download updated versions at the same time). Filtering could also be abused for political purposes, but it’s unlikely that the Supreme Court would allow it.
What do you think? Is this the end of the open playground? A step toward moral responsibility for ISPs? Or plain old censorship?
* As always, I’m guest-blogging by invitation, I don’t necessarily represent the views of ReputationDefender or any of its headcount, and I hope to start a discussion rather than providing definite answers.
June 22nd, 2008 | Online Reputation Management | Reputation Whiz
* A political blogger has announced that he is attempting to “Googlebomb” John McCain in an attempt to influence the 2008 presidential election. By “Googlebombing,” he’s attempting to manipulate the Google search engine so that certain negative links about John McCain appear higher up in a search for “John McCain” and similar searches. He’s doing this by placing links around the Internet in an attempt to make the negative articles appear more popular than they actually are, in the hope of getting Google’s search algorithm to rank them higher than positive articles about John McCain. He hopes to change the results enough that the first page of Google will be filled with negative links about John McCain, instead of the mixed positive and negative links that appear there now.
[Editor’s note: Since we don’t want to impact his campaign one way or the other, we’re applying the “nofollow” attribute to any link related to his Googlebomb. The “nofollow” tells Google to ignore the links and not consider them in its rankings.]
This is a pretty big development. It’s not the first time that Google has been an important part of a presidential campaign. For example, Ron Paul’s supporters tried very hard to keep positive information about their candidate at the top of a Google search for “Ron Paul.” They were so confident that they would be able to keep positive information about their candidate at the top of a Google search that they rented a blimp that instructed viewers to “Google Ron Paul.” And it’s not the first time that the White House has been the subject of a Google bomb; there was once a rather famous googlebomb that tried to make George W. Bush appear at the top of a search for “miserable failure.”
But, this is the first time that there has been a public attempt to influence a presidential election by artificially inflating the negative publicity surrounding a candidate through a Googlebomb. Some people think it’s a dirty trick. Other people think it’s a natural part of a modern political campaign. Either way, it’s a trend we haven’t seen the end of.
The idea of a Googlebomb is especially powerful given how important the first page of Google results are. Google has around an 80% market share for search. In other words, 80% of people get their search information from Google. And we’ve talked about how most users only read the first page of Google search results, and then focus most of their attention on the first three results (”power hits”). This kind of technique allows politicians and their supporters to control the first page of Google, and thus control what information the world discovers about a candidate.
It’s also especially powerful because it allows candidates to campaign negatively without looking like they are running a negative campaign. It’s possible to launch a completely anonymous Googlebomb, unlike most other forms of negative campaigning. Candidates can get all the benefits of a negative campaign without having to face the backlash that usually follows attack ads.
It’s also possible that this will lead to an arms race on the Internet between campaigns. Right now, opponents of John McCain are dropping a negative Googlebomb against him. It’s possible that his supporters will respond by trying to bomb positive results back to the top of Google and by attacking Barrack Obama through a negative googlebomb of their own.
Is a campaign tactic that will become commonplace in the future, a dirty political trick, or both?
If you’ve been a target of a Googlebomb, it’s not too late to restore your online image. Services like MyEdge can be a first step toward getting your good name back.
* As always, I’m proud to be guest-blogging and my views don’t necessarily represent those of ReputationDefender or its employees.
June 16th, 2008 | Identity Management, Online Reputation Management | Reputation Whiz
* Google users want instant gratification when they’re searching. How instant? The top 3 Google results get 79% of all clicks. The remaining 7 results share just 21% of the clicks. In other words, more than three quarters of Google users never click past the first three results.
(Source: Cornell University study - see full size Google results chart here.
The data are similar for AOL’s web search: the top 3 results in an AOL search get 63% of the clicks. (Source: AOL mistake)
Of course, you could explain this because search engines tend to deliver relevant results in the first three hits. But most websurfers wouldn’t know: Most websurfers don’t look past the first three results at all. Scientific eye-tracking studies used cameras to track exactly where volunteers were looking when they were searching for various topics. The vast majority of people looked only at the first three Google results, the power hits. They never looked at the rest of the results to know whether they were better.
(click to enlarge — Source: Eyetools promotional material)
The diagram above is a “heat map” of a Google search. Hotter colors represent areas where people spent more time looking; gray areas are places where nobody ever glanced. The “x” marks on the picture represent areas where people clicked.
The short attention span theory continues by comparing different pages. Almost 90% of clicks come from the first page of Google results, up from 80% a few years ago. (Source: Enquisite) And, 76% of French websurfers look only at the first page of Google results. (Source: French study).
There are many possible explanations for this sudden short attention span. The New York Times blames it on intrusive technology, like constant email, text, and instant messaging interruptions when trying to work. Web surfers make lots of fast queries and just go with whatever comes up first. Very few people examine their search results in close detail, and very few will ever find results buried beyond the first page.
What does this mean for you? If you’re trying to sell a new product, or to get information out about a cause, or do anything else in Google, you need to be in the top three results. You need to be one of the power hits. If you’re not in the top three Google results, you might as well be invisible. Some blogs have estimated that the difference between a #1 result and a #5 result is the difference between 50,000 monthly visitors and 6,000 monthly visitors. If your statement about a political candidate isn’t in the top few results, nobody will ever know about it. Ron Paul’s supporters knew this: Their motto was “Google Ron Paul” because they controlled the top three hits in Google (the power hits) for any search related to Ron Paul. They knew the top three hits in Google were positive and that they could keep them positive. That’s all it took for them to be comfortable sending traffic to Google.
The lesson: If you can control your name on the first page of Google, you can control your image. If you control the first page of Google for your political cause, you can make a difference.
Others have covered similar topics. In future posts I’ll share more information about making the most of your power hits. Of course, commercial services like MyEdge can help you get started in managing your image. MyEdge helps you to move positive content about you to the top of a Google search result for your name. Or, at the least, monitor your reputation using a service like MyReputation that will tell you what people are seeing when they search for your name in the “deep internet.” If you have need a custom reputation management service for a unique situation or for faster results, this is also available.
More interesting reads: Political dirty tricks and Google - The 2008 Election and Faces of MySpace (video)
* As always, it’s a pleasure to be guest blogging and this post doesn’t necessarily represent the views of RepDef or any of its defenders employees.
June 12th, 2008 | Legal Issues, Online Reputation Management | Reputation Whiz
* In Vancouver, Canada, the magazine Maclean’s is on trial for allegedly publishing hate speech against Muslims. Back in 2006, the magazine published a controversial article called “The Future Belongs to Islam.” The article, an excerpt from the book America Alone, argued that Islamic countries will control the world by the end of the century. It sparked a flurry of responses and political debate in Canada about the confrontation between Middle East and West. Two members of the Canadian Islamic Congress charged that the magazine violated local human rights law by publishing the article, and the British Columbia Human Rights Tribunal is currently holding hearings to determine if the magazine will be fined or censured.
Many blogs (more and yet more) have covered the free speech aspects of the case. The result is clear: In the United States, for better or for worse, the article and the magazine would be protected by the First Amendment.
But it does raise a more important issue: What is the line between personal harassment and political opinion online?
In the United States, the First Amendment, has long been understood to protect all forms of political speech. There’s no doubt that bloggers are protected by the First Amendment when discussing Obama and McCain. (See our offer to Obama here, and our coverage of McCain here). (Note from the lawyers: the First Amendment doesn’t protect malicious libel of public figures, but there is an extremely high standard for malice –just because a blogger has said something false doesn’t mean that it’s malicious under the First Amendment. The courts have always been very protective of political speech and usually respond that the right answer is to spread the truth rather than to sue people who are getting it wrong. Anyway, very few politicians would ever bring a lawsuit.)
But, many forms of personal harassment are not protected by the First Amendment at all. For example, the First Amendment doesn’t give you the right to slander a private individual by saying false things about them. And the First Amendment doesn’t make it okay to publicize personal secrets, like medical history or a concealed sexual orientation, even if the information is completely true.
Until now, it’s been pretty easy to figure out what’s protected speech and what’s unprotected speech: If a magazine published an article about the politics of Islam, it would be protected under the First Amendment, even if the article wasn’t accurate. If a magazine published an article about a random private citizen that contained false information, it would not be protected. And, thanks to the massive staff it took to run a newspaper or magazine, the vast majority of publications were very careful about fact-checking: They had the resources to do it, and a lot to lose in court if they got it wrong.
But, what happens online? Now, anyone with a computer can publish a website attacking anything. There’s no requirement to check facts, and many bloggers have very little to lose. And any blog post is instantly available worldwide, unlike a dead-tree newspaper or magazine with a limited circulation.
Right now, the courts have said that the normal First Amendment rules apply. If the target of the attack is big–like an entire religion or government–then the First Amendment should still protect them. And if target of the attack is one person–like a neighbor or co-worker–then the normal rules for harassment under the First Amendment apply. But what if the target is somewhere in between? For example, if the blog falsely attacks the members of a particular church congregation, or falsely accuses the teachers at a school of wrongdoing.
In the case of an attack on a small group, the harm of false statements will be be felt by the members of that group. Google is incredibly powerful, and has a habit of bringing up negative information near the top of search results. Someone looking for information about the group or its members online is likely to see the false information, and it’s likely to be repeated across other blogs and websites until it fills the top search positions.
The answer isn’t clear. But we need to think about where we draw the line between protected political speech and unprotected personal attacks. The courts in the future will have to draw these lines in an age of instant global anonymous publishing. This is a conversation that will continue for many years.
* I thank ReputationDefender for letting me continue to guest-blog. The views in this column don’t necessarily represent those of RefDef or its employees.
June 9th, 2008 | Online Reputation Management | Reputation Whiz
Here’s a story that carries an important lesson for professionals, artists, and anybody else who relies on their reputation for business: If you’re not in Google, you don’t exist.
The story is pretty straightforward: A new mall, called the “Americana at Brand” recently opened in Glendale, a city just outside Los Angeles, California. The developer spent $400 million building it and he thought that he had everything figured out. He had all the right permits, he had great anchor tenants, he had a concert and fireworks show at the grand opening, he had a professionally-designed website for the mall, and there was plenty of parking.
There’s only one problem: The mall opened more than a month ago and Google still doesn’t know the mall exists. The address of the mall is 889 Americana Way, Glendale, California. But if you enter that address in a Google Maps search, it says that the address doesn’t exist. Same for MapQuest; it doesn’t know that Americana Way exists at all. Even the Google search engine doesn’t come up with great results: Try searching for “Glendale mall” and the Americana mall doesn’t show up on the first page. Or search for “Glendale shopping” and you again get nothing related to the Americana.
To be fair, the mall does come up on the first page of Google search engine for searches like “Americana Mall“, but it’s not even the first result. That’s pretty bad for a $400 million investment.
How can potential customers find the mall if Google doesn’t know that it exists? And how can they get to the mall if neither Google nor MapQuest know where it is?
The same is true for any kind of professional individual–how can a solo practitioner lawyer get new customers if they can’t search for her name online? How could an aspiring filmmaker get new leads if he isn’t in Google? How could a plastic surgeon manage her online identity if she is nowhere to be found in any search engine? How could an artist sell more pieces if word-of-mouth doesn’t lead customers to his website?
It’s a simple fact that Google is the number one source of information for customers these days. It’s especially true for customers who know somebody’s name but not their telephone number or email address–unless they can use Google to find that information then they are likely to move on.
Concerned? The first step to fixing the problem is to make sure you have a full Internet presence. Read other entries in this blog for tips on how to do so. Or, if you need fast and professional results, there are services like ReputationDefender’s MyEdge that will help create an online presence for individuals and move positive results to the top of your results. If you need more serious help, try a fully customized online identity solution. Feel free to post more tips in the comments — how can individuals help maintain their online identities so that customers can find them?
* Kudos to the LA Times for breaking part of the story.
April 22nd, 2008 | Privacy, Social Networking | Reputation Whiz
I’m happy to continue to guest-blog, and as always my posts don’t represent the views of Reputation Defender or any of its defenders employees (the lawyers still say I can’t use that word).
Want to remove your images? Skip ahead.
Today’s post is about unintentional ways in which Internet users might be opening themselves up to having their privacy violated. This isn’t a case where anybody has done anything wrong, but rather a case where not everybody realizes that their pictures are automatically spread all over the Internet.
The social blogging site LiveJournal is pretty neat: It lets people write their own social diaries, or connect with others and blog in communities. One of the most popular features of LiveJournal is that it’s possible to limit access to a particular blog entry (or an entire journal) to “friends only” (commonly called “FOB” for “friends only basis”). A lot of other people just rely on obscurity to keep their journals private; they don’t advertise the URL or direct anybody but their friends to the site.
LiveJournal does a pretty good job with privacy overall. But many users don’t realize that a common “feature” might be compromising their privacy. LiveJournal publishes a feed (RSS here) of all the most recent updates to any public journal on the site. One application that has been written to take advantage of it is a web page that allows any user on the Internet to see the most recent 250 images posted to any journal on LiveJournal by any user (other versions have the “Last 100 LiveJournal Images” instead).
The most recent images feed is interesting in that it gives a very quick overview of the zeitgeist of the site. A lot of the images are references to TV shows, LOLcats, current events (today was the Pennsylvania Presidential primary, so there are no shortage of Clinton and Obama images), and other benign trivia. A social anthropologist could spend years deconstructing the feed to identify what people care enough about to post to LiveJournal.
But, there’s a dark side. A few of the images revealed by the Last 250 LiveJournal Images feature are clearly things that were meant to be kept private. There are candid photos of intimate moments, illustrations of private confessions, revelations about body image issues, pictures of drug use, and more. Many users put these very personal photos on their LiveJournal pages thinking that only their friends will see them, and don’t realize that they’ll be broadcast to anybody watching the image feed. They just don’t know that by posting an image to their personal journal it’s instantly broadcast to anybody watching.
Even worse, a malicious (or at least juvenile) user could take any very private image from the Most Recent Images feed and spread it to others. It’s possible to copy any image and republish it across the Internet. Any image can be spread by message board, by email, or even by another LiveJournal page. One LiveJournal user’s very private confession or intimate moment could instantly become fodder for web mockery; all too many Internet memes started with something personal that became a topic of mockery. For example, look at what happened to the “Star Wars Kid”: A fourteen year old student filmed a silly (and somewhat embarassing) video of himself swinging a fake lightsaber, his classmates found the tape and published it on the Internet, and the student became the subject of worldwide mockery. The video has been viewed more than 10 million times on YouTube alone.
It could happen just as fast with an image posted to LiveJournal that’s accidentally revealed through the image feed.
If you’re a LiveJournal user, here’s how to prevent (”turn off” or “opt out” from) your images from appearing in the image feed:
- Log into LiveJournal
- Go to the LiveJournal command console (this is different than your “settings” page)
- Enter the command:
set latest_optout yes
- Press “execute”
This will remove your images from the Most Recent Images feed.
One of the dangers of these social sites is that, by default, they tend to share a lot of information about you. It’s great if you’re interested in meeting new people, but it also creates a huge risk that your privacy is being violated without you even knowing it. Check to make sure that other sites aren’t also using your information in ways that you don’t expect.
April 6th, 2008 | Uncategorized | Reputation Whiz
I’m pleased to be still be guest-blogging here. Again, nothing in this post reflects the opinion of ReputationDefender or its employees (they said I couldn’t call the employees “reputation defenders” for trademark reasons — so don’t do that).
On to the good stuff:
There’s just one easy question: Does Google* know too much about you?
*If you use Yahoo! (and Yahoo!Mail) or Microsoft Live Search (and Hotmail) then just substitute “Yahoo!” or “Microsoft!” for “Google” and the same question applies to you.
Think about it. Let’s assume you use Google for your web search and for your email. Google knows every single search that you’ve run, and it has access to every single email you’ve sent. If you use GChat then it knows that too. Or if you use Google Documents then it has access to all of yoru documents too. From that much data, it can deduce just about anything about your personal life. Looking for a date online? Cheating on your spouse? Have an embarassing medical condition? Made a drunken mistake at a party? Google knows it all.
Google’s unofficial motto, of course, is “don’t be evil.” And that’s a wonderful goal. But goals and policies didn’t stop rogue employees at a hospital from looking over every celebrity medical record they could get their hands on.
But, let’s assume that Google has appropriate internal controls on all of its data. Assume that it has some way to make sure that no database technicians can look at data they’re not supposed to look at. But that doesn’t help if the US government forces Google to open its records. Or if a different country, without all of the protections offered by US courts, forces Google to open its records as a condition of doing business. This isn’t some abstract fear: Think about what Yahoo went through in China.
But, still, let’s assume that the government doesn’t misuse this massive collection of data for political purposes. We’re still not off the hook. If you’re charged with a crime, or sued in a civil court, the other side can still subpoena your records. Maybe most of your searches are pretty boring–looking for info about “Baltimore Orioles” or “Frank Thomas” is pretty boring stuff. But maybe there are a few completely innocent but embarassing searches — for “jock itch” or “STD transmission” or things far more embarassing than that. The lawyers will paw through all of that, looking at every record to figure out if they can get leverage over you.
The solution? One step forward is clear data destruction policies for search engines. Three years is too long — six months might be better. Destroying data makes it inaccessible. Another step forward is stronger privacy laws in the US and EU. Another step forward is encouraging other countries to adopt similar strong privacy protections. Western norms of privacy are still evolving, but we’ve happened upon a lot of good stuff.
There’s hope yet for our data.
~Fortune favors the well-prepared.
April 2nd, 2008 | Identity Management | Reputation Whiz
Hello! I’ve been invited to guest-blog here for a little while and I’m excited about the prospect. As an initial matter, anything expressed in this blog post is my own view and not necessarily that of ReputationDefender or any of its employees.
On to the good stuff:
We’ve all heard a lot about the big data brokers like Experian, ChoicePoint, Lexis-Nexis, and others. They collect massive amounts of data about individuals, and then sell it to the highest bidder. Some of it is pretty harmless: I don’t terribly mind a day care center being able to ask job applicants for permission to check that don’t have any outstanding warrants, especially for child abuse or the like.
But, today, I want to discuss data breaches at the big data brokers. Of course, they take a lot of steps to make it hard for data to accidentally leak out. But, they are also such big targets that they are incredibly tempting targets for hackers and identity thieves. Take, for example, what happened at ChoicePoint a few years ago. A crafty hacker was able to get access to detailed reports, ranging from income to FBI background checks, by circumventing ChoicePoint’s privacy controls. Since then, ChoicePoint has dramatically increased the security on its accounts, but is it enough? Around the same time, Lexis Nexis admitted that it released 32,000 data records, including social addresses and security numbers, to a hacker. Lexis Nexis has also increased its security, but the data brokers are still an incredibly tempting target for hackers.
There’s an obvious privacy problem with having your name, social security number, and FBI background check in the hands of a hacker. But, there’s also a much more direct problem too: Identity theft. With your name, address, social security number, and employment history, an enterprising criminal could pretty easily apply for credit cards. Beyond the expense to you, there’s another problem: What happens if those credit cards are used for an illegal purpose?
One man in England found out the hard way. His credit cards were ripped off, and then used on websites featuring photos of underage girls. The police tracked the credit cards back to him and started a criminal investigation. He insisted that he was a victim of identity theft, but he lost his computer, his job, and six months of his life before he could set the record straight. Eventually, a jury found him innocent, but the damage had already been done.
What should an individual do? Reducing the data available to thieves is one thing. You can take your name, address, and phone number out of some databases. If you know what’s out there then you can take the first steps toward making your identity crime-resistant. If you make it harder for identity thieves to steal your personal information then they’ll just move on to another, easier target. Why would they waste time trying to figure out your name and address if there are so many targets out there?
There’s a lot more that can be done, and I hope to touch on more of it in future posts.
~Fortune favors the well-prepared.
