(This article has been cross-posted in Medium) Privacy is hitting the headlines more than ever. As computer users are asked to change their passwords again and again in the wake of exploits like Heartbleed and Shellshock, they're becoming aware of the vulnerability of their online data — a susceptibility that was recently verified by scores of celebrities who had their most intimate photographs stolen. Any of us could have our privacy violated at any time… but what does that mean exactly?
A blog on social software, collaboration, trust, security, privacy, and internet tools by Christopher Allen.
With Google+ almost two weeks into its test phase, conversation about this new social network service seems to be going in circles. Literally. That’s because Circles is the Google+ feature that users are generating the most buzz about. It’s Google’s answer to the problem of organizing your social graph online. If you’re not familiar with a social graph it’s a map of everyone you know and how they are related to you.
I've been thinking about the nature of privacy a lot lately. I've long been associated with issues of preserving privacy. I helped with anti-Clipper Chip activism in the early 90s and supported various efforts to free cryptography such as PGP and other tools built with RSAREF from export control. However, my efforts in these areas wasn't really focused on privacy -- instead my focus was on issues of trust. I've always tried to be precise here.
I spent most of last week at the RSA Conference in San Francisco. Like last year, I found little that excited me. I overheard from a convention staffer that they had 30% more attendees, so the conference is growing again, but my week there also reinforced my opinions regarding the industry as a whole as I describe in my previous blog posting The Bad Business of Fear. I asked a number of random people what they thought of the conference.
As I head out next week to the RSA Conference I realized that it has been 13 years since I attended the first one. I remember fondly the potential and power of cryptography technology in 1991 -- public keys, digital certificates, new possibilities for privacy, digital cash, etc. After 8 more years I left the compujter security industry on March 15, 1999. The computer security industry also seemed to be filled with as much potential as it did back in 1991.
I have now had CEOs of three different social networks send me emails asking me to compare Orkut to their service. I've not had a chance to dig deeply into good answers for each specific one, but I did have some general advice that I wanted to offer given my recent experiences with Orkut.com, and my evaluation and followup on various social networking services in December. Privacy First, be extremely careful about privacy issues.
Another Orkut user and I have confirmed a privacy hole in Orkut whenever you send a message to someone via Orkut. For instance, whenever I send a message to anyone in the system that is forwarded by email, in the message headers it will read: From: "Christopher Allen" <firstname.lastname@example.org> Reply-To: "Christopher Allen" <email@example.com; When someone reads the message in their email software, the "From:" line will be my name but the fake email of <member@orkut.
I've read of emails, Orkut messages, and blog postings since my post yesterday, so I thought I would share some with you. There have been a number of good posts, as well as user comments at Danah Boyd's blog Apophenia. Danah Boyd writes Correcting Marc Canter's Perception of My Views Marc - i don't believe that users should take these relationships more seriously; i believe that YOU should. Users will do whatever they damn well please, and i think that we should learn from them.