Blurry lines of privacy

I’ve been fascinated by a couple articles by Cory Doctorow on the difficulties inherent in the popularity of Social Networking sites like Facebook, and the differences between “Myware” and “Spyware”. There’s a lot of food for thought here, primarily regarding the difficulties in assessing another entity’s intent.

As someone who tries to assess intent for a living, I’m immersed in this difficulty on a daily basis. Even if an application developer has a perfectly legitimate intent, the person who is using the application may have another purpose entirely – is the program built such that it can prevent such unauthorized use? This sort of dilemma is what led to the classification of “Potentially Unwanted Programs” – either a program’s original intent falls too far into the grey area or we see an instance where a clearly helpful administrative application is being used in a way that is clearly malicious in intent.

Instances like the XCP Sony DRM rootkit and Sears’ use of the Comscore application really underscore the problem. From the companies’ perspective, they’re doing something perfectly reasonable and harmless to the user. People who find these applications on their machines may feel otherwise, and they may feel that the applications’ actions are inadequately documented or simply intrude too far into the user’s privacy.

The privacy line gets even thinner and more blurry with Social Networking sites, where a certain lack of privacy is inherently part of the equation and generally considered desirable. You can share personal information, pictures, music taste, etc. with all your friends, in one simple, efficient maneuver. It seems perfectly reasonable and simple, given the assumption that “friendship” is a simple black and white matter. Few things in life are ever so simple.

A friend of mine recently joined a Social Networking site, thinking it would be all about that simple, efficient sharing maneuver. She put all her contact information up, and made it viewable only by her friends. What harm could there be in that? (I talked her into removing it a few minutes later.) Fast forward to a few days later, when she received a friend request from someone in her past that she’d had reason to fear for her physical safety with, once upon a time. She had absolutely no desire to be in contact with this person, but there was no way for her to completely block this person from viewing her profile, and for various reasons she felt unable to reject the request directly. She’s more or less given up on this site as a result of that incident. Thank goodness she’d already removed her contact info!

There really is no simple solution to the problem of the thin, blurry line of privacy. There’s no silver bullet that will magically make everyone’s internet experience totally warm and fuzzy. I think the most important thing to take away from this is that we need to constantly be vigilant about maintaining our right to privacy, and to push companies to give us the granularity that lets us decide when and with whom we’ll share our information.