There is an old saying that when you sit down to a poker game if you can’t spot the rube, you’re the rube.
Given the recent news that Instagram has announced that they now have the rights to sell your photos, perhaps that should be good advice for online services. Here is a good hint; if you aren’t paying for a service, then at a minimum you aren’t a “customer”. Oh the service has customers all right, you’re just not in their number.
Update: of course XKCD nails this one better than I ever could.
Here is a story about a school district that is being sued for punishing students based on information gleaned from Facebook after demanding the students login credentials:
In what may be the latest example, a suit was filed in Mississippi that alleges a school official—more specifically a teacher acting in her capacity as a cheerleading coach—demanded that members of her squad hand over their Facebook login information. According to the suit, the teacher used it to access a student’s account, which included a heated discussion of some of the cheerleading squad’s internal politics. That information was then shared widely among school administrators, which resulted in the student receiving various sanctions.
As we noted when Bozeman, Montana attempted to obtain login credentials from anyone applying for a municipal job, it’s easy for anyone to view pictures and text that a Facebook user has chosen to make public simply by signing up for an account with the service. By demanding login credentials, authorities gain access to materials that users have chosen to keep private. Whether this is done because people intend to get access to private data or because they are simply unfamiliar with how Facebook operates isn’t always obvious, and probably varies from case to case.
Here is a hint to school officials everywhere: anytime you undertake a course of action that involves demanding login credentials for a service unrelated to school activities, it will ultimately end badly for you. Although you have been granted the power by the supreme court to regular violate student’s privacy (unwisely in my opinion) there are limits. Even if the school wins ultimately wins this case the damage to its relationship with the students and parents is not worth whatever you think you are accomplishing. Which in this case seems to be punishing a student for gossiping.
Students are going to insult you behind your back. Get over it. Grow up or find another profession.
Ian Glazer of the Burton Group has created a Facebook app called Privacy Mirror that explores Facebook app privacy behavior. His results are quite interesting:
Imagine that Alice and Bob are friends in Facebook. Alice decides to add a new application, called App X, to her profile in Facebook. (For clarity’s sake, by “add”, I mean that she authorizes the application to see her profile. Examples of Facebook applications include Polls, Friend Wheel, Movies, etc.) At this point, App X can see information in Alice’s profile. App X can also see that Alice is friends with Bob; in fact, App X can see information in Bob’s profile. Bob can limit how much information about him is available to applications that his friends add to their profiles through the Application Privacy settings. In this case, let’s imaging that Bob has only allowed 3rd party applications to see his profile picture and profile status.
After a while, Alice tells Bob about App X. He thinks it sounds cool and adds it to his profile. At this point if App X, via Alice’s profile, looks at Bob’s profile it will see not only his profile picture and status but also his education history, hometown info, activities and movies. That is significantly more than what he authorized in his Application privacy settings. What is going here?
Facebook needs to clarify their privacy policies. Or fix them.
One theme I have harped over the last year of so is that it means little for the big content providers to become OpenID providers if they don’t also become relying parties. You can’t build a highway with nothing but on ramps.
So far the vast majority of OpenID announcements by the big players have been to be yet another OP, or just signing up for the OpenID Foundation. It looks like the game is finally changing. Apparently Facebook is getting ready to become an OpenID Relying Party. From Inside Facebook:
Less than three months after joining the OpenID Foundation’s board as a sustaining corporate member (i.e. putting its weight and financial support behind OpenID), Facebook has just announced at the “technology tasting” event this afternoon at its Palo Alto headquarters that users will soon be able to log in to Facebook with their OpenID.
This could be huge for OpenID adoption, if it really happens.