All posts by Julian Ranger

About Julian Ranger

Please see


4 reasons why SAAS is not right for – or your personal data

We’re often asked why is designed to store data locally, rather than on our own servers, and the answer is as simple as it is complex – you owning and controlling your own aggregated data is the only solution that makes sense.

Privacy is the critical reason behind this, control, security and cost are others – but our whole business rationale is that gathering all your personal data securely in one place is vastly more valuable to each and every one of us than having it scattered around.

But crucially, it’s a decision based firmly in the reality of what is best for our users – so here’s the background behind our key reasons in a little more detail:

1) The privacy reasoning is relatively obvious – if you’re pulling everything about you into one big online library, you don’t want to leave the door open. As grows to become a full inventory of your life, covering all your social media updates and pictures as well as data from every area of your life including financial, health, purchase, travel and positional and even from the Internet of Things – would you really trust all of that to be held externally by one company?

Studies show that most of us have – rightly, given the continuing major upturn in hacks and security breaches – trust issues when businesses have a large proportion of a single area of that data, let alone all of it – so the obvious person to trust with it all is you.

As the owner, you store this data where you choose – never sees it and never stores a copy – and it’s yours to do what you want with. Cloud-based syncing with future releases will allow you to access this secure library of you from multiple devices, but you choose the cloud and your data is still encrypted within it. Whether you go with this option or solely local storage, we can’t see it, nor can anyone else.

2) Control is also important – if you’re in charge of your own data, then accessing it and deciding what happens with it is naturally your decision. A SAAS service will usually have terms and conditions (T&Cs) nominally placing you in control – but what happens if the company could no longer provide the service or if you wanted to take it elsewhere- could you actually do that in reality?

Your data today is held by many companies under terms governed by their T&Cs. Most allow you to retrieve your data yourself- and upcoming Data Protection acts (DPA), such as the new EU DPA, are making this an absolute right.

But because data – your information, often provided by you, about you – is so valuable, many of these companies such as Facebook and Twitter do not allow 3rd party companies to access and keep that data, even with your permission –  they can access it but must then throw it away.

This is, of course, because your data is valuable to them, because they can sell it on and profit from it. They don’t want another company to hold that commodity as well – but overcomes that because you yourself gather the information after downloading our app, we do not do it for you. (Of course, this is another layer in how your data is kept private, as we have mentioned before, because we provide the means to get your data, not your personal information itself.)

3) Security is another major issue with SAAS companies – servers full of valuable data from millions of people that has a significant financial worth are a very attractive honeypot for hackers and criminals in general.

It takes time and money to bypass modern security protocols so it makes sense to target servers storing huge amounts of data rather than going after one person at a time. And, as recent breaches show, even huge multi-nationals have weaknesses that can be – and increasingly are – exposed.

4) And if a company does go above and beyond in their efforts to keep your data safe, such as by adding individual encryption, then you run into the final issue – cost.

If a 3rd party service is going to perform all the sync processing to retrieve your data, organise, store and manage it and then provide services on top then the cost associated with this as well as the relevant processing storage and bandwidth is substantial.

But each of these key issues is completely and emphatically overcome if you retrieve and process your own data locally or in a cloud of your choosing.

You get guaranteed privacy and control, because only you have your data. Because it’s yours, you can retrieve it from other companies and store it. Because it’s all in one place, it’s safer and by using resources you have already paid for you avoid extra cost. therefore, precisely because it is not SAAS, brings vast and ongoing benefits to the personal data economy and to each individual. Additionally, it puts you at the centre of your digital life and gives you the base layer of the Internet of Me, where the power of data becomes centered on the individual rather than being held elsewhere.


Why knows that Exporting is GREAT!

As the Government launches its Exporting is GREAT campaign to encourage 100,000 new UK exporters into the market by 2020, our founder Julian Ranger explains why having access to a worldwide market has been great for

Physical exports have been a way of life for centuries – the trading of things that one country didn’t have with another one that did, but these days digital exports are growing in popularity and is in the vanguard.

Here at, our ground-breaking app is helping thousands of people take back control of their personal information – but why should that be restricted to the UK?

We have an international team and believe firmly that our product has merit around the world – and our current stats, which show we export both physically and digitally to over 150 countries, with our app content localised in 11 languages, bear this out.

Of course, shipping overseas in any form has its challenges, but we’ve had (and continue to have) a lot of support from UK Trade and Investment (UKTI) and are getting a lot of help from a European embassy overseas at the moment for an ambitious country-wide project we’re hoping to run there.

Clearly, there are some obvious ground rules to follow – you need to be clear on what your product or service brings to your target market, and what marks you out from your competitors. Do your research on what an individual country needs, and then go from there.

My previous experience of selling to the US Air Force and US Navy gave me confidence to know that anything is possible, and we started exporting with digitally immediately from set-up, with direct exports to France and the US following afterwards.

Now Toshiba has joined forces with us to distribute our market-leading personal data software across Europe, North and Latin America, which sees them partnering and promoting us through their marketing and social media channels, as well as pre-installing our app in a number of laptops and tablets in the Latin America marketplace. We’re also in our third year with the FNAC security pack in France, so are becoming well known over there as well.

As for our future exporting plans, we hope to be able to announce that European project soon, as well as open a US office, with US locals, to explore possibilities for there.

So our advice to anyone wavering about joining the international market would be to get out there and do it – you really won’t regret it.

*Exporting is GREAT will run for five years and provide advice and expertise to support businesses at every step of the way, from initial interest to market. This will include the year-long EIG Roadshow that will travel the length and breadth of the country, reinforcing the campaign’s core messages, giving face-to-face assistance to first-time exporters and using the latest technology to connect these businesses with live export opportunities. Online help will be available via


Online privacy – is there a simple route to the ‘Internet of Me’?

Privacy concerns continue to grow over personal data use and leaks, and this week those concerns were highlighted in the New Scientist in their editorial (29th August –  From reflecting the opinion of many that “Privacy is dead”: to asking how we got here, “Data has become currency”; to thinking about solutions, “Such systems are complex”; to worrying that if the effort to restore privacy doesn’t start soon then “vested interests may become too deeply entrenched to overturn”.

If we think the solution is complex as suggested by the New Scientist, then it is less likely we’ll find the right answer; however, I would like to suggest that there is in fact a very simple solution.

To see what that simple solution is we need to think why our data is so valuable and therefore why businesses are trying to track us. The answer is because the businesses believe they can provide better services , better convenience or sell more to us if they know who we are in many different dimensions.  If this were not true then there would be no value in our data and no value in tracking us.

But how good is the data they get? – not very is the actual answer. This is why of course ever more complex and invasive methods of tracking and associating data are being deployed – at great cost.  Even then the best anyone gets is a thin slice of you which can be 30-50% wrong.

Even this poor performance is threatened by the new ad blocking, do not track and other privacy ‘solutions’ now being deployed.  No one is winning here: not the individual nor the businesses.

Is there a better way? – to use the marketers phrase a “win-win” for both consumers and businesses? The answer is yes there is and what is more it is straightforward.

If I own, hold and control all my own data then businesses can come direct to me and ask for that data.  They get access to Rich data: data which covers a much wider set than they can get by tracking; which is deeper in time; which is 100% accurate, with no association errors (it is about me because it comes from me); which is fully permissioned; which is simple to get – just one person to come and ask.  If a business can get Rich data easily and very cheaply then why would they pay more for worse data obtained through tracking? Not only would they pay more for less they would also not get our trust.

By coming direct to us they get Rich data, cheaper, easier and with our trust.  When more and more businesses start to do this the market for tracked data will diminish and then disappear – a better solution for everyone.

How do we get there? We need software in place which gathers and holds our data for us on our own devices and cloud infrastructure, and which enable businesses to come to us for data which we can authorise (or not).  Luckily this process has started already, for example our company – see, and there will be others joining the party too.

Privacy is not an insoluble problem, nor a difficult win. You just have to look at the motives of everyone involved and fashion a simple win-win solution.

Oliver Wendell Holmes, the famous 19th century American physician and writer said: “I wouldn’t give a fig for the simplicity this side of complexity but I’d give my life for simplicity on the far side of complexity”.

With regards to privacy that simple solution the other side of complexity exists – it is that we own and control our own data on our own devices.  An “Internet of Me”, where I am truly the centre of my data world.


Sharing – change in control needed

Sharing today is generally seen as positive, but is also associated with negative aspects around privacy. If the negative aspects are not fixed sharing will slow and cease to the detriment to everyone, but there is a solution that will increase benefits to individuals, businesses and society as a whole IF there is a change in control – from business control to individual control.

Sharing is positive because it creates new services and functions that can help individuals, businesses and society as a whole. Sharing has grown through database marketing in 80s/90s; social media in the mid-00s; wider Software as a Service (SaaS) services since; and will grow exponentially more as individuals embrace the Internet of Things (IoT) – provided the “bad” can be controlled.

The negative is privacy; along with the increased sharing of information has always come concerns with regard to privacy. If we look back to the introduction of what might be termed database marketing in the 80s, increased privacy concerns led to the introduction of check boxes on forms stating whether businesses could use the information for other purposes. Today we have dramatically increased the personal data that is shared, both explicitly and hidden, whether that is social media, other web/SAAS services, monitoring of clicks and the like – and with that has come heightened privacy concerns.

The web related privacy concerns have grown ever more over the last 6 years, with greater numbers of people reducing/changing their social media use (or using more private channels), using Do Not Track, Ad blockers, ’going dark’ and other methods. The concept of the “creepy line” is well embedded now within society. Unconstrained and uncorrected, this will lead to a reduction in sharing, curtailing the positive benefits, and crippling new concepts such as IoT, which depends on greater levels of sharing.

This reduction in sharing leads to a discontinuity with dramatic effects. Not only will the Internet of Things be stillborn, but innovation in providing services based on personal data will stall across all domains (personal communications, commerce, health, etc). This will have a dramatically negative effect on businesses, but also individuals and society as a whole.

A BCG report “The value of our digital identity” states “The quantifiable benefit of personal data applications can reach €1 trillion annually to EU-27 by 2020  – with private and public organisations reaping about a third of the total, and consumers the rest” and then on goes on to say ““BUT much of this potential value will fail to materialise if consumers act to restrict the flow of personal data.”

How do we solve this problem and allow, even encourage, greater sharing? The current trajectory MUST be broken and restarted following a different approach in order for the full promise of personal data, inc. the IoT, to be realised

Change in control

There is a perception that there is so much data that it is currently infeasible for individuals to control it in a meaningful way with the information technologies available today, but our aim must be to provide that much needed control.

There are many suggestions for “personal data stores’ or “personal data lockers” and similar, hosted by third parties, to help individuals gain some control over their data. However, these all suffer from a number of issues: control is still via third party; the stores only hold a subset of data which means there is no overall control, no interoperability between different stores and no single point to access; holders of individual’s personal data (e.g. Facebook et al) often don’t allow access for retention by third parties. At best these systems are a band aid to the control issue and provide limited immediate benefits to individuals, severely limiting take up.

However, there is another approach – one in which the overall architecture is different, but at the same time familiar. By approaching the issue of privacy from an alternate architectural viewpoint, it is our contention that many of the problems are mitigated and contrary to there being an additional cost to privacy, there is in fact the reverse: an additional benefit to everyone involved with the new architecture, individuals, businesses and society alike – and at reduced cost.

The fundamental architectural difference is to return ownership and control of personal data to the individual, rather than the control being held exclusively by business

Personal control – the ultimate solution

Personal control is a simple change in perspective:

– Others don’t own your data – you do.

– Others shouldn’t hold your data – you should hold it yourself

By changing the view, this simple insight solves the privacy issue for individuals and the ability of businesses to access that data through user permissions.  This view, and the understanding that underpins it, has been developed by the company (formerly SocialSafe) in the UK, in a program of work that was initiated in 2009.

Having first downloaded the software to your device, the software works by retrieving your data directly to your library on your device – not touching anything else along the way, not the servers, not anything. A 100% private library of all your data, fused and normalised – social, financial, utilities, purchases, health, leisure and much more.

The user interface then allows the user to do more with their data, 100% privately, never losing it, and keeping access forever. It helps them be more engaged, have more fun, and to do more things, better – all locally and immediately, thereby giving that crucial incentive to start the process of regaining control of their data.

So is your librarian, but also extends to being your postman. The postal service is where controls a certificate system that allows other apps, web sites, etc. to ask the user for permission to see aspects of their data for a specific and permissioned purpose. If the permission is given by the user based on their perception of the offered value proposition, the app sends the permissioned portion of the ‘rich data’ to the requesting entity. This is summarised in the diagram below and in more detail in a video at

(Note: Whilst this architecture is different in that the individual owns and controls all their data, it was noted above that it was also familiar – that is because it is exactly what businesses do. Businesses hold all their own data – and then use local and remote apps to extract greater value. The individual is like a business with all the data available today – it should therefore not be a surprise that the solution is a familiar one!)


So by holding all their own data, individuals regain control and can do more with their data themselves and importantly can decide who they share that data with, what elements are shared, when, for what purpose – in this way the sharing economy can overcome the discontinuity posited above.

(Note: In my previous post I noted that we should define Privacy in the digital age as the “Ability to control your personal data, including who you share it with, when and for what purpose”. By owning your data you are then in control of your own privacy.)


Definition of Privacy in the Digital Age

We seem to be caught between two stools of thought on Privacy – either Privacy is dead (aka Mark Zuckerberg and more recent posts such as or the Go Dark movement. This seems to be looking at issues incorrectly, because we haven’t defined what Privacy is.

Specifically, being private doesn’t mean not sharing anything – it means being in control of what you share, to whom and when. For example, I am a private person, but I share sex with my wife, I share family issues within my family group, I share my finances with my financial advisor, I am happy for my supermarket to know what I buy. The point is that in the physical world I am largely (but never completely) in control of my privacy and that includes what I share and with whom.

So privacy does NOT mean no sharing. This is important as sharing is the grease to the future economy – combining different data sets that I share will enable radically new services and experiences that I have yet to even think of.  Privacy equates to controlled sharing. There is a spectrum of sharing for data items: from items I keep solely to myself, to items I share with one or a few people and ask not to be shared further, to data I may share more widely and allow to be re-shared, to data which I share with the world (either as me or in anonymised form).

We should include “for what purpose” in the above definition of what privacy implies re control and to most people they would. If I disclose to a close friend a secret so I can get feedback for example, I do not expect that secret to be disclosed to others – it was only for the purpose of our conversation. However, I can’t control my friend directly and he may tell others. In which case of course he has lost trust and I probably won’t share with him again – or at least will share more carefully. This is of course the same in the digital world. If I share with you for a purpose and you use for another purpose then I am unlikely to want to share with you again.

So, I propose we define Privacy as “The ability to control your personal data, including who you share it with, when and for what purpose“.

(Note: the dictionary defines Privacy as the “condition of being secret”. In my digital privacy definition we propose this is equivalent to “being in control of who is in on the secret”).

Facebook join SocialSafe by promoting data portability

Yesterday Facebook announced a new feature which allows users to download the data they have in Facebook to their computers – sound familiar? For too long Facebook has been a walled garden where you can put your data in, but couldn’t get it out without using a tool like SocialSafe, so we heartily welcome Facebook’s conversion to the data portability camp.

SocialSafe is all about data portability and reuse and this has been our core mission since our launch in June 2009. We believe that if you create content or enhance your content using a service, program or tool that you should be able to reuse it elsewhere. For example, many of us have spent time tagging friends in photographs – wouldn’t it be nice to be able to use this information elsewhere and not just be restricted to using Facebook forever to see this information (and of course Facebook data is easily lost as friends move on, change accounts, etc). At SocialSafe we capture this information and allow you to see and reuse it.

As we develop SocialSafe the reuse aspect of your social data will increase dramatically. In just a few days we will release SocialSafe v2 which gives you a full digital diary view of all your Facebook data – want to know what you did this time last year? – easy just jump to that date in the calendar. No spending 20 minutes going next page, and the next page ad infinitum to access that data. This is what data reuse is about – because you have your data on your PC/Mac with SocialSafe we can add extra services and integration that are not part of the core Facebook mission. Another example with V2 is a search capability that looks across all of your Facebook data and an export capability to save your photos to any location.

As we proceed on from V2 we will be adding Twitter and other social networks to the stream you can download, view and reuse within SocialSafe – allowing you to get your hands around all of your social interactions in one place, enabling you to have the full picture and providing open data portability.

Not everyone needs all of SocialSafe’s current and future features, just as not everyone finds Facebook the answer to their social networking needs. A variety of solutions is always better than just one and therefore to have Facebook providing a basic download feature so everyone has access to their Facebook data is a significant step forward to achieving greater data portability across all services.

Facebook ‘Places’ More Privacy Concerns On Us

Facebook Places ConcernsWell Facebook Places is here and you can now check-in to places (only for US customers at present) with the Facebook App, so friends and others can see where you are.  Useful? – probably.  A privacy concern? – most definitely.

The use of geo-location apps has been growing with the likes of Foursquare and Gowalla taking the lead.  Having used Foursquare at SXSW in Texas earlier this year I recognise that there a use for a general public check-in in order to identify the ‘happening’ places. However, for me this very public announcement of where I was had marginal value. In addition, I feel that there are significant obvious drawbacks that I believe outweigh the advantages.

I do understand that using Facebook in order to check-in to places so my friends (and for me, only my friends) can see where I am, might be useful to help link up.  An immediate problem though is that my Facebook friends include very close friends, close-ish friends and others from sports clubs and the like that I know, am friendly with, but are not that close with.  As we know, the issue with Facebook is that I can’t restrict who knows where I am.

So onto privacy: why am I concerned?  The Facebook blog makes it clear that my Facebook friends can check me in somewhere without me doing it.  OK so what’s the problem – I can set a privacy control to stop this being broadcast after all.  Yes, but why is the default set so that others can do it. Surely the responsible, ethical default setting should be that only I can control my check-ins? Anything else is a breach of my privacy and right to controlling that privacy.

Three further things worry me.  Firstly, Facebook seem to have invented quite a few new privacy settings to control various features of the new Places function.  These are not all in one place, not set to protective defaults and are not eminently clear as to what they do.  I’ve said it before and I’ll say it again, if Facebook can make their overall user experience so good and so easy, then they should be able to do the same for their privacy settings.  The very fact that they don’t can only be a deliberate policy to fool people into being more open than they would otherwise opt-in to be.

Secondly, this quote from the Facebook blog is priceless: “If you don’t want to share your check-ins with your friends’ applications, just uncheck the new box in your Privacy Settings under ‘Applications and Websites’”.  So if I do nothing and my friend uses a dodgy application that abuses their check-in data, mine can be abused too – without me having any idea whatsoever what application my friend is using or what that app is doing with the data!!  This is horrendous.  Facebook should definitely set the default for that option to disable, but they haven’t – and they’ve neatly buried the privacy option so most users won’t see it. This is unethical and wrong.

Finally, nowhere in the Facebook announcement clearly states what Facebook is going to do with all this rich new check-in information they are getting (we’re providing them).  Are they going to use it only internally or are they going to share with and sell to partners? Is the data going to be anonymised or will I be identifiable? Facebook have a duty of care over the data we share with them and the first duty is to tell us what they do with the data so we can make informed choices as to how we use Facebook.

Overall Facebook Places will be a well received addition to the Facebook toolset. However privacy concerns over the new feature are not just noise nor are they carping comments from those not sharing in the Facebook success story. These are legitimate concerns and have very real adverse effects for the majority of Facebook users who are just not aware of what they are letting themselves in for.

Another Facebook scam – The “Official” Dislike Button

'Official' Dislike Button getting access to your dataSophos has reported on a Facebook Dislike Button and the story has been picked up by major sites such as the BBC and Mashable.  Essentially some nefarious folk have created an application which pretends to be the official Facebook Dislike Button, asks for access to your FB profile and asks personal questions on a survey which then point you to a Firefox download from an unrelated company.  Why do they do this? – because they want your private data that’s why; they can sell this on to others for a profit.  Sophos, BBC, Mashable and a host of others point out that you should be careful about what apps you allow access to your Facebook data and to be careful in answering surveys.  This is self-evidently true, but there is a deeper issue here – should Facebook control their application environment or not?

The advent of the Apple iPhone, the Google Android mobile phone system and Facebook has created a whole new application (App) marketplace where useful and/or fun apps can be downloaded for free or very low cost.  This has stimulated great innovation which has enriched all of our lives, but there are dangers to this free/low cost world.

we have forgotten the dangers inherent in any computer program which has access to our machine and our data

Over the years we have all become wary of downloading programs on our PCs/Macs without first checking they come from reputable companies or have reputable reviews on the web about them.  We see many such checks happening before people download SocialSafe – and quite right too.  However, because iPhones, Android phones, Facebook et al are immediate devices with many, many exciting apps available we have forgotten the dangers inherent in any computer program which has access to our machine and our data – we need to be just as careful with these small free/low cost apps as we have been and are with more major programs on our PCs/Macs.

Apple largely avoid the problem by managing their App store thoroughly.  This has the upside that you can download with confidence, but the downside that it can take a while for apps to be authorised – and presumably it costs Apple a lot of money for their staff to do the verification process.  The Android and Facebook systems are unmanaged app stores – anybody can post something in and it is available immediately – this is open to abuse.  Yes rogue apps can be taken down if they are shown to cause harm, but this is usually after the harm has been done – a true case of shutting the stable door after the horse has bolted.

Ideally, I believe that both Facebook and Android should include an element of management into their app stores – a verified tick or similar.  This would highlight that unverified apps are potentially risky and that “buyer beware” principles should apply.

Until this happens please do ask yourself why an app needs access to your data, why they are asking you personal questions, why they need to post to your wall and check out whether there are any comments relating to an app before you download it.  We at SocialSafe adhere to the highest levels of privacy and integrity with regard to our app – we know that, but please do check it out for yourselves.


Facebook Privacy Changes – a step forward?

Over the last few weeks there has been mounting criticism of Facebook’s privacy rules and changes.  I have been one of those – my point being that Facebook is so easy to use, yet the privacy controls so complex that I felt this was a deliberate policy to effectively trick users into greater openness than they realised.  Today Facebook announced changes in their privacy settings through their blog and with an updated privacy explanation page. So have Facebook done enough to counter the criticism?

My first reaction, and with only the two references to go on, is that they have moved to a simpler system which is good – though it is not as simple as it could be.  First the good bits:  It appears we do now have a one click ‘Master Control’ to set “your commonly used items” such as posts, photos, etc to Friends only, Friends of Friends, or Everyone – this is much, much better and is to be applauded.  Also in his post Mark Zuckerberg states “this control will also apply to settings in new products we launch going forward” – what this means is that if I set the ‘Master Control’ to ‘Friends only’, then future Facebook privacy control settings changes won’t override this – this is also a very good change (albeit one that should have been there before).  Finally, on the positive side Facebook now state that Friends Lists and Pages no longer HAVE to be public – I can set them to be Friends only – another long overdue change.  So in summary on the good parts, Facebook have listened and have moved to a simpler system.

Despite these very positive changes, I still have some reservations.  Facebook have listened (they had to!), but if you look just a little at the detail you can see that Facebook’s desire for you to make all your data open to the world and to lull you into ignoring privacy, is still as strong as it was.  This is most clear if you look at the “Recommended” settings in the diagram at the top of the privacy explanation page.

Why should it be recommended that all my posts and photos and family and relationships be open to “Everyone” on the internet?  Clearly most people will just click the recommended settings, which will also no doubt be applied by default for users, thereby giving up their privacy.  My issue here is that for the non-tech savvy they are being pushed in a direction which causes them to be more open than they are aware – I think this is not following the duty of care for their users that I would expect of a truly ethical company.  Nonetheless I can’t argue that it isn’t clear(ish) so, as Mark says in his post that this is the last change they are going to make to the privacy settings, it is now a case of if you like the constraints then use Facebook and if you don’t then quit.

There are a couple of other minor negatives such as the need to go to subsidiary privacy settings for some features (why???) and some other default settings that are questionable (e.g. do we really need our activities to be visible by default), but Facebook have at least been clear on their direction.  You may like it or may not – it is now up to the market to decide.  I suspect that with 400M+ users Facebook is still going to be a driving force on the internet for a while yet.  Will their radical approach to openness become the norm, or will users (eventually) drive back to a more private exchange of information with just their friends.  I am in the latter camp, but time will tell if I am in the minority or the majority.

Facebook Privacy – A deliberate deception?

Over the last few months the number of people who have been complaining about Facebook’s privacy policy have been rising.  What are they complaining about? – the fact that slowly the default Facebook privacy options are being made more and more open so that, unless you take specific action, more and more of what you write and exchange on Facebook is available to anyone on the internet.  There is a great site by Matt Mckeon which illustrates this change and how the pace of change (of default openness) is growing.

First of all is this an issue?  I would contend it is, and a very big one at that.  If I came to the Facebook site knowing that everything was open I would use it differently than if I came to the site knowing everything was private – where in this case private means shared only with those I choose, i.e. my friends.  What has happened is that the default privacy settings have been changed and many people don’t realise this.  What was once private is now open.  This is like you buying a mobile phone for private conversations, only to find a year later that your phone company is making all your calls available to the whole world – not good I would suggest!

Maybe you think its obvious that if you don’t change your privacy settings what you post will be public?  Well clearly this is not well known – if you’re in doubt have a look at this site – do you think people really wanted their DNA test discussions open to the world?

If I go back six months I thought the Facebook privacy issue was about education.  Facebook has privacy settings which anyone can use to restrict the openness of their information so surely it was only a matter of educating people to use them?  However, now I am not so sure – not only have I been caught out once or twice with privacy changes imposed by Facebook, I now think that Facebook have made it very hard to manage even for the IT literate and that this is directly opposite to the rest of the site.

Why has Facebook got 450M+ users – not only because it provides useful features that many of us want, but also because it is easy to use – so easy that one really doesn’t need much computer expertise at all.  But the privacy settings? – they are complex and difficult to use.  This is stretching my belief system too far – I can only conclude that Facebook have deliberately made it difficult and confusing.  They have the expertise to make them easy as the rest of the site shows.  At the end of the day how difficult would it be to have a single override box – “only share my stuff with my Friends”?  I am forced to conclude that Facebook are deliberately making it hard so that they can benefit from the disclosure of their users data (and benefit they do – massively).  I am therefore, albeit reluctantly, only able to conclude that Facebook are operating unethically – saying one thing and doing another.

It is a big step to go from the thought that all that is needed is some awareness to the statement that Facebook are operating unethically; however, there seems no other conclusion that can be reached.  There are clearly many others who think the same as the recent Facebook Suicide campaign for 31st May attest to.  The question is, are those complaining only a drop in the ocean or are they sufficient for Facebook to have to do something about it? – I await Facebook’s future communications with interest.  I am skeptical and think they will probably try some further obfuscation, but I’ll give them the benefit of the doubt for a little while.

But is Facebook really any different from Google and other web sites which hold your personal data and/or haven’t we all changed, so as Mark Zuckerberg says, the default is social (which in his mind means 100% open)?  Let me take the last point first – the default for humans is indeed social, we like to interact with other people, but that doesn’t mean that we’re not private nor does it mean we want everybody to know everything about us.  The internet has not changed this any more than it changed basic business fundamentals of profit/loss (as people seemed to believe in the millennium internet bubble).  I do like to share my status and pictures with my friends, but not with the world.  I share different things with different groups of friends and acquaintances – deeper with my family, some other stuff with close friends, different again with my sports mates, with work colleagues, with those I drink with in the pub, etc.  I may share a lot, but that doesn’t make me 100% open and nor does it make me not care about privacy – I am a very private person too.  The bottom line is I choose what to share with whom – and I don’t want my choices overruled by someone else and especially not without my knowing.  That’s why we tend to get cross when friends betray our confidences.

Haven’t we all got a little more relaxed though in reality over the last decade?  Well yes to an extent I suppose we have.  In the era of big databases, we have got relaxed about our local supermarket recording everything we buy and our credit card company knowing our spending patterns.  They have an enormous amount of data on us and could probably tell us more about ourselves than we would really want to know – but they don’t.  More importantly, they don’t tell anyone else about that data except in big dataset terms – meaning they look for patterns amongst many people, and not the one.  Sure they use that knowledge of ourselves to target us with specific offers and adverts, but no one individual is looking at my data saying, “ah ha he buys too much of this” or whatever.  We’ve become comfortable with this data acquisition and use because it provides a benefit for us and no harm (provided data protection rules are followed) – it is a second level of privacy if you like.  Google with the data they collect from us are similar (apart from their Buzz debacle) , as are Apple with their iTunes library feature on which the Genius function is based, and so on.  The companies make more money by collecting this data on us, but we benefit to.

So why is Facebook different? – because they have an AND in their model.  They collect and use all the data we enter on their site and use it to make money by selling targeted adverts, games, etc – this is fair and reasonable because we get a free service and they have to make money somehow.  So what is the AND?  The AND is they do what the others do AND they share out data with the world because this gives them even more revenue streams.  It is this AND which they have got wrong – they are forcing it to happen instead of us allowing it to happen in a knowledgeable manner.  They are not only forcing it to happen, but I contend doing so in an underhand way, because I suspect they know we their users would not agree en masse if we all understood what they were doing.  It is this underhand deliberate forced disclosure which makes me believe they are being fundamentally unethical.

I would welcome your comments on this issue, for example am I right?  Are Facebook being unethical or have they inadvertently misunderstood the mood of their users?  Please do take the time to express your opinions below.

(I talked about this subject yesterday on the BBC Radio 4 programme “Today” )

Open disclosure: iBundle, the team behind SocialSafe, are launching a new product, DAD (, in late June which will have a private, secure sharing feature that can be used as an alternative to Facebook.  This product has been in production since early 2009 and is not the reason for this post – though the thoughts that led to the creation of DAD are apparent above.