[Log In] []

Exploring the science and magic of Identity and Access Management

Having an exciting destination is like setting a needle in your compass. From then on, the compass knows only one point-its ideal. And it will faithfully guide you there through the darkest nights and fiercest storms. — Daniel Boone

Wednesday, September 17, 2014

Fellow Facebook Users: We are the product Zuckerberg sells.

Identity, Privacy
Author: Mark Dixon
Friday, December 2, 2011
5:08 pm

Buffer

In my recent post, I made this observation:

[Facebook and Google] are essentially advertising channels, whose real customers are not those of us who visit their sites, but the advertisers who pay them money.

That is where Intent comes in.  The most valuable commodity Google and Facebook can sell to their advertising customers is the Intent of the people who visit their sites – the Intent to explore, to examine, and ultimately, to buy. The better either company can be at determining the Intent of their users, the better they are prepared to rake in the bucks from companies who advertise with them.

From that perspective, I have been fascinated by the recent big news that Facebook has settled charges with the FTC over charges the Facebook deceived users about privacy. As reported by the Daily Beast,

… Facebook promises to stop making “deceptive privacy claims” and get users’ permission before changing the way it shares their information. The social-media company must also submit to privacy audits for 20 years. …

Acknowledging this settlement, Mark Zuckerberg posted a lengthy statement on the Facebook blog:

… I’m the first to admit that we’ve made a bunch of mistakes. In particular, I think that a small number of high profile mistakes, like Beacon four years ago and poor execution as we transitioned our privacy model two years ago, have often overshadowed much of the good work we’ve done. … But we can also always do better. I’m committed to making Facebook the leader in transparency and control around privacy. …

Not all pundits accepted Zuckerberg’s contrite response.  Dan Lyons of the Daily Beast posted a cynical article entitled, “The Truth About Facebook Privacy—if Zuckerberg Got Real.”

The social network just settled privacy charges with the FTC, and its CEO posted a lengthy non-apology on the company blog. But here’s what Mark Zuckerberg might have said if he dared to be brutally honest. …

Let’s skip to the meat of Dan’s article (his view of what an truly candid Zuckerberg would have said:

 … The truth is, we have no interest in protecting your privacy, and if you still believe that we do, then you are stupider than we thought, and believe me, we already thought you were pretty stupid. Think about it. The only way our business works is if we can track what you do and sell that information to advertisers. Did you honestly not realize that?

You are not our customer. You are the product that we sell. For us to say we’re going to protect you is like the poultry industry promising to create more humane living conditions for chickens. Sure, they say that. But you know they don’t mean it.

Same with us. We will never, ever stop trying to pry data out of you. How could we? We’re a business. We’re doing this to make money. And our investors would like it very much if we can make absolutely as much money as possible. It’s simply not in our nature to stop. You know the fable about the scorpion and the frog? Yeah. It’s like that. …

Pretty harsh? Yep! But there are glimmers of truth in there. Just remember the next time you visit Facebook (which I have already done several times already today), “You are the product that we sell.”

 

Reputation, Street Cred and Identity Assurance

Identity
Author: Mark Dixon
Friday, December 2, 2011
5:55 am

Buffer

Reputation is what men say about you on your tombstone; character is what the angels say about you before the throne of God.” (William Hersey Davis)

I find it almost magical how seemingly unrelated events can trigger a cascade of intellectual epiphanies …

A couple of nights ago, I watched an episode of “Cold Case” where a man confessed to three murders to protect his “Street Cred” as a really bad guy.  He hadn’t really killed the people, but for some reason, protecting his reputation, evil as it was, was more important that the truth.

Yesterday, I exchanged some email messages about the new service connect.me with Bill Nelson, an Identity Management colleague.  He suggested that some of the vouches he had received on connect.me were more “Street Cred” than identity-confirming reputation.

Could it be that the same desire for “Street Cred” that motivated the cold case guy to admit to something he didn’t do, would drive people trying to game the system on “Connect.me”?

Last night, I read an article suggested on Facebook by Jamie Lewis and Dave Kearns, “How to Force a Friendship on Facebook in Three Easy Steps.”  The article described how a person used a fraudulent Facebook account to secure enough un-suspecting “friends” to convince a targeted girl to friend him.  My Facebook comment: “So much for the much-ballyhooed ‘Identity Assurance by Reputation’ concept Facebook has touted.”

This morning, Drummond Reed, founder of connect.me, provided a more reasoned response to the Facebook thread started by Jamie and Dave: “nothing is completely foolproof, but the top trust level in the Respect Trust Framework is human trust anchors, and it’s designed to provide much stronger protection against this kind of attack. Happy to discuss in more detail.”

I must admit that I hadn’t yet studied Drummond’s proposed “Respect Trust Framework,” upon which connect.me is based, so I looked it up.  I recommend that you read Drummond’s recent blog post, “Trust Levels and Trust Anchors” and the referenced paper, “Building Lasting Trust: The Game Dynamics of the Respect Trust Framework.”

I found it particularly interesting to read the five basic principles upon which the trust framework is based.  It is clear that the Cold Case guy, the connect.me gamers and the Facebook charlatan had violated at least four of the basic principles:

  1. Promise (We will respect each other’s digital boundaries). Every Member promises to respect the right of every other Member to control the identity and personal data they share within the network and the communications they receive within the network.
  2. Permission (We will negotiate with each other in good faith). As part of this promise, every Member agrees that all sharing of identity and personal data and sending of communications will be by permission, and to be honest and direct about the purpose(s) for which permission is sought.
  3. Protection (We will protect the identity and data entrusted to us). As part of this promise, every Member agrees to provide reasonable protection for the privacy and security of identity and personal data shared with that Member.
  4. Portability (We will support other Members’ freedom of movement). As part of this promise, every Member agrees to ensure the portability of the identity and personal data shared with that Member.
  5. Proof (We will reasonably cooperate for the good of all Members). As part of this promise, every Member agrees to share the reputation metadata necessary for the health of the network, including feedback about compliance with this trust framework, and to not engage in any practices intended to game or subvert the reputation system.

Respect, Good Faith, Trusted Protection, Freedom and Cooperation.  I agree that these fundamental principles will engender trust among people and allow people to interact in a safe, trusting way.  It reminds me of one of my favorite quotations from one of our Founding Fathers, James Madison:

To suppose that any form of government will secure liberty or happiness without any virtue in the people, is a chimerical idea.

I propose that success of the Trust Framework will be based on essentially the same foundation – the moral virtue of people who participate.

The Trust Anchor concept and Complaint process within the Trust Framework are safeguards against the bad apples who will inevitably try to game the system, just like police officers and the justice system attempt to enforce the rule of law in our society.  However, as there will never be enough police officers, lawyers and judges to enforce the law unless the people of our society are largely trying to act, on their own accord, in civil, moral ways, I suspect that success of the Trust Framework will depend on the vast majority of people voluntarily acting in accordance with the basic principles outlined above.

So, what about Reputation, Street Cred and Identity Assurance?  A few parting thoughts.

  1. I like the idea of connect.me.  It would nice to have some sort of badge on my blog that shows my connect.me “score” – my living tombstone, as it were – an indicator of my reputation.
  2. I will always try to abide by the foundation principles of the Trust Framework, just like I try to live the underlying moral principles of our civil society. I like to think that someday, angels will declare that Mark Dixon was an upright kind of guy.
  3. I will always be wary of the “Street Cred” or so-called reputation of someone I don’t know, unless I receive a positive assurance from “Trust Anchors” that I personally know and trust.
  4. I will keep my eyes wide open for people who try to game the system.
  5. Will connect.me emerge as a viable solution to the elusive demands of a universal Identity Assurance system?  We’ll wait and see.

My two cents for the day …

 
 
 
 
 
Copyright © 2005-2013, Mark G. Dixon. All Rights Reserved.
Powered by WordPress.