Agreed. But that doesn't mean that LJ needs to go and make it EASIER!
Well said - if you have real secrets, don't put them on other people's servers.
2010-09-02 02:58 am (UTC)
While this is technically true, it's not a point of view I'd promote. The Internet isn't magic. Say you have a conversation with a group of friends, and you tell them things you wouldn't necessarily say to others, and one of them then quotes you in the newspaper. It's technically true that once you told those things to other people, it *could* come bite you in the ass - only your trust in the people you told it to protected you, and you might've made an in the moment judgment based on the context of the conversation even if there were someone present there who you didn't know that well but who seemed safe because of the company and the tenor of the moment.
However, the fact that you have indeed made this information available to others and it could be publicized, doesn't mean they're not doing a bad thing, nor does it mean that you shouldn't be able to generally expect that they won't do it, and feel betrayed when they do. You judged the risk, you judged it to be small, you got bitten that time, bad things happen sometimes, but that doesn't mean they're not bad nor does it mean that you'd be stupid to have
reasonable expectations of privacy.
You also expect that nobody was quietly standing next to the window outside the house, secretly listening to your conversation. But someone *could* have been doing that.
So what you reveal to others isn't necessarily secure either on the Internet or off it. But being upset when your reasonable expectations or privacy are violated by either security breaches or by people you willingly told things to, is perfectly reasonable.
(I realize you're referring to the new twitter/facebook features, but my comment isn't about that. I don't think those new features are horrible.)
I agree with absolutely everything in your comment!
I think people should be able to reasonably assess their friends as responsible, trustworthy people. The one time I did mess that up, it was with someone who had had privacy issues in the past. It was a mutual mistake - it wasn't entirely my fault for trusting the person or entirely their fault for forgetting the information was confidential. Plus, they apologized and I forgave them.
I also agree that I don't have a problem with the facebook or twitter tie-ins. What I do wish is that I could get my friends on facebook to X-post to LJ, but I figure posting my LJ to my internet-identity facebook (indeed, I ONLY have Internet Identity Facebook) would actually be beneficial to my friends. I'm going to wait until they work out the kinks, though. LJ needs to promote itself more with other social media.
I know a lot of people who keep their info minimal on FB but not on LJ, and it's pretty hard to find an LJ if you keep it out of major search engines (which mine is).
I would like to point out that I was expelled from high school based on what was basically hearsay (accurate hearsay, but hearsay none the less) so I am very aware that anything I tell anyone can be used against me.
I also grew up in a culture that was paranoid that something you say to someone else while out to dinner could be overheard by a reporter and end up on the front page of The Post or The Times the next morning. I am acutely aware of those possibilities as well.
I was actually not making value judgments on relaying information said in confidence in my original post. I think deliberate relaying of stuff said in confidence is deplorable. I think inadvertent relaying of such information is inevitable except for the extremely careful. I think a lot of people who use The Internet don't realize how public it really is, even if the readers of my journal are, on average, more aware of the lack-of-privacy online than Joe Q Public.
So I don't pay much attention to this... what does the new facebookiness have to do with subverting people's privacy expectation?
It allows you to easily repost comments you make to facebook, even if those comments are on other people's non-public entries. In some cases, it may even do it by default/without the user noticing, or at least I think that's the fear. It may also include some context from the original post, content of which is obviously not intended to be public.
Having just used this comment to check it, I have confirmed that it only includes the contents of the comment itself, so this is only a problem if:
* People include context from the original (non-public) post in their comment
* They choose to re-post to Facebook (or have the option on by default)
There is also information disclosure that another person posted *at all*, since even if it's friends only, there's a link back to the post (that a non-friend can't see).
There are definitely problems beyond that, which is part of why it's so bad - those problems are entirely non-obvious. What those problems are and how bad they can get is explained in this awesome post
I don't need to start an argument there, but responding to the numbered points there:
1) I publish the fact that my journal-name is crschmidt. Once that's the case, looking up who I have friended and who has friended me is published by LJ. In other words: Unless I keep my journal secret, period (in which case, I wouldn't post to facebook), this information is already available and provided by LJ.
2) This is my secondary point about information disclosure. Though I'll note that anyone who can do math can find out if you're making locked posts: The jitemid (item you see in the URL) is 256*itemid plus a modifier. All you have to do to figure out if you've missed a post is divide by 256 and look at the integer part. If it's one higher than it used to be, then there was a private post you missed.
3) This is a side effect of the point that I was making above, but I'll admit I didn't address it specifically. Insofar as the content that *you* post is identifying to the source content -- common among comments -- it is information disclosure.
4) this is the primary point I was making above.
So, I don't think that there are points in what she said that are substantially different from what I said in her numbered points. (Except in a case where you're saying that publishing your journal username on Facebook is a violation of the trust of people you have friended.)
1) There's a huge difference between "nchanter is a friend of crschmidt" and "Eveline Chanter has posted a comment in crschmidt's Livejournal". The information you can get from the later is much more contextual, in that it has a greater ability to link a livejournal username to a specific real-life individual (going from a John Smith to *that* John Smith).
2) This new "feature" makes it much more likely that someone will find out casually rather than by obsessively keeping track. There's an important difference between "this information is determinable" and "this information is readily available", and the connector turns the former into the later.
3) You're missing that the included information isn't just the content of the comment, but also the title of the post as well as the LJ that post appears in. Again, this increases the contextual information of the content as well as potentially revealing information even beyond what you yourself add to the conversation.
4) See 3.
I think she rather substantially adds to what you have said, by examining how the additional information provided by the connector feature beyond the content of the comments can be misused. She did not directly point out the difference between "can determine" and "is readily available", which is what I have now added.
1) If Eveline Chanter posts, on her facebook account, that her username is "nchanter on livejournal", then I don't think this applies, which is what I was saying, though perhaps less clearly. If I didn't want to say "my LJ is crschmidt" on facebook, I'm not going to post to facebook via LJ (or link the accounts at all). If I am willing to say that, then the fact that I posted a comment on an entry does not, in and of itself, provide additional information about crschmidt, imho.
2) I think that arguing that obscurity provides security is a mistake.
3) When I posted my comment on facebook, it did not include the title of the entry it was posted in in any way that I could see. Maybe I'm missing it, so I'm posting this comment too; I only had it up briefly before deleting it. If it is revealing the subject of the post, that is an additional disclosure of information (like the URL) that I think would be a violation of the trust of the journal owner (not that anyone who links a FO-post comment from LJ to facebook is not already doing that).
I think it comes down to this: Anyone who intends malice is able to achieve the same level of malice via screenshots, copy paste, etc. Anyone who doesn't intend malice seems unlikely to accidentally:
1. Link their account to Facebook
2. Re-post a comment to Facebook.
If the argument is "Users will accidentally post all their comments to Facebook without knowing it!", I just don't see the support for that comment. If they intend to post *nothing* to Facebook, then they won't link the account. If they intend to post things to facebook, nothing stops them from copy pasting.
Now, the only reasonable argument I do see is the "Button is where the submit button used to be" argument. That technical implementation surely could use with re-thinking, and could produce better results. But the hysteria I'm readying doesn't seem to be with the idea that users could accidentally do this, but that users could do something via the interface that they could just as easily do through copy paste, which confuses me.
, for the record. There is a link to the thread, a subject of the comment, and a snippet of text from the comment. The link to the thread, I fully admit is information disclosure.
The fact that my LJ is crschmidt is something that I feel I should be within my 'rights' disclosing. Not everyone is comfortable with it, but if I am, I don't feel that my friends should feel that it's their position to get upset at me for it.
The text of my comment, and the subject of my comment, are within my control. If I was worried that posting them to Facebook would cause negative consequences, it would be my responsibility to keep that in mind.
I don't think that LJ is in the wrong by allowing people to post from LJ to Facebook. I feel that the technical implementation leaves some things to be desired (but what implementation doesn't?). Other than that, I think that this is just people getting upset over nothing.
You're trying to walk a very fine line between "information wants to be free" and "she was asking for it". Information does not exist in a vacuum, and asking that further avenues of connections between bits of information which makes it easier to suss out someone's real-life identity be created with care and concern rather than dropped out of the sky on users is not ignorance of the extent to which the internet is not private. Of course it's not private, but that doesn't mean I won't object to creating context sufficient to figure out my real-life identity much more readily available to any stalker who wants to find me or mine.