All posts by Julian Ranger

About Julian Ranger

Please see http://www.jranger.com/

DSC_7813

digi.me’s start-up story

“Digi.me started life, as many of the best ideas do, as an aside in another conversation that led to a lightbulb going off in my head.

“I was at a board meeting for my innovation hub iBundle in 2009, and one of the directors mentioned he had a friend who had just lost three years’ worth of Facebook interactions after a glitch while changing password wiped his account.

“What a shame, we said, all those posts, photos and comments just gone – and then, realising that there was nothing out there to help you back up your social media, we decided there and then to create an app that did just that.

“And so SocialSafe (digi.me’s original name) was born – a great and easy-to-use social media tool that allowed you to save information and pictures you had posted to your various social media accounts and search them and see the original comments and likes, as well as make your own collections of content and export what you wanted, see your most popular posts and followers and much more!  A key decision was to have this data stored locally on the user’s own device – not on our servers; this was to ensure privacy and also because it was the only way to comply with Facebook’s terms and conditions.

“We got a company in to get it working and made it paid for but cheap, when we probably should have gone for free to grow the user base faster, but regardless it ticked along nicely and got some traction and a bit of press from big industry names like Mashable and Hermione Way.

“But in all honestly my attention was on other products and it was little more than a hobby for the first year, not least because my developers and finances were spread among many projects.

“Then users started asking if they could include Twitter as well and view all of this data they had gathered, so we built a viewer that normalised and aggregrated all the data together so you could look back across all your posts and photos across networks.

“Then I thought it would be great if you could search for something by date, so we built the journal functionality, where you can jump around any dates you choose and find out what you posted on any given day across all your linked networks.

“Demand came from users for back-ups for other social media networks as well, so we started adding the functionality for Instagram, LinkedIn, Google+, Viadeo and many more – and suddenly it became clear there was massive demand for this kind of service, where people could get their data back somewhere they could see it and then use it how they wanted.

“The defining moment came when I realised that what we were doing was similar to what I had done for the military for 20+ years – bringing disparate data from multiple sources together, normalising and aggregating it and making it available for reuse. Because data was being stored locally, this would allow us to extend the data captured for a user across their entire life whilst retaining privacy, ensuring security and providing control over that data, as we never see, touch or hold it.

“With this lightbulb moment, we started moving development towards the direction we are focused on now – which is gathering the data for the benefit of the user, first and foremost, but also looking to see if we could help them do something with it, over and above selling it on which was (and in many ways is) the most common user data model.

“In 2013, I decided to focus full-time on building digi.me as a business, as it was clear to me that how people viewed personal data and how they felt about companies taking and using it for their own means was undergoing a seismic shift, and I could see that our app spoke to those deeply-held concerns, giving people back control of the data they posted.

“I was excited for the possibilities, particularly after we won Le Prix d’Argent at the Le Web start-up competition later in the year from more than 700 entrants, but as ever when you’re pushing a new idea or concept, things don’t always take off quite as you’d hoped, and correspondingly development and major investment wasn’t always as quick to happen as we’d like.  We had the idea, the team and the product, but we were still early to market – and timing is a key component to success.

“But over time our Permission Access model, which is due to come into being later this year, was developed and evolved – and this impending expansion saw us change our name from SocialSafe, which was well-known but really related only to the (excellent) social media back-up tool it is currently, to digi.me, which reflects the whole-person-and-life-data tool it will soon be.

“Our app will retain its social media back up and aggregation functions, which have already been used by over 350,000 people in over 140 countries, but users will also be able to add their own data from other areas of their life, starting first with financials and health, and moving on to other such as shopping.

“The Permissioned Access aspect will then allow businesses, who want access to these rich, deep datasets that our users will soon hold, to approach them directly and offer them personalised offers (for service, convenience or reward) in exchange for seeing some slices of that data.

“With investment from both the UK and US from people who understood we were doing something important, I started to build a team, bringing more developers on board at the same time as a CEO and CMO – and with them came new opportunities and ideas. Our CEO, Rory Donnelly, lives in France, for example, and got us in as partners on the FNAC security pack over there, which is very popular and where we’re in our third year.

“Then things began to snowball in 2015 as we started looking to the future, and what the personal data economy would look like in another five years. It was clear to us that there had to be a cultural shift, from individuals having things done to their data but unable to access it themselves, to becoming the centre of their connected world, back in control of their data and able to use it as they wished.

“This Internet of Me is the future of the personal data economy, a new model that the current stand-off between ad-tracking and ad-blocking will help create, as businesses and consumers seek a third way that offers universal benefits.  We think this is so important for the whole personal data industry that we are sponsoring and supporting an independent forum to look at the issues surrounding it and to try and build momentum as quickly as possible. http://internetofme.info/

“Meanwhile our app continues to go from strength to strength, with partnerships with Toshiba, Lenovo and Evernote with more to come, and other exciting developments with major players in various industries including health, insurance, banking, telcos and FMCG.

“We’ve also just appointed an EVP, Jim Pasquale, in the US as we continue to grow and expand – so there are exciting times ahead – and I’m delighted to be part of them.

“It all started with a simple comment, burst into life as a result of user comments and a flash of inspiration and now the journey continues with what I believe is a very promising future ahead.”

social-media

4 reasons why SAAS is not right for digi.me – or your personal data

We’re often asked why digi.me is designed to store data locally, rather than on our own servers, and the answer is as simple as it is complex – you owning and controlling your own aggregated data is the only solution that makes sense.

Privacy is the critical reason behind this, control, security and cost are others – but our whole business rationale is that gathering all your personal data securely in one place is vastly more valuable to each and every one of us than having it scattered around.

But crucially, it’s a decision based firmly in the reality of what is best for our users – so here’s the background behind our key reasons in a little more detail:

1) The privacy reasoning is relatively obvious – if you’re pulling everything about you into one big online library, you don’t want to leave the door open. As digi.me grows to become a full inventory of your life, covering all your social media updates and pictures as well as data from every area of your life including financial, health, purchase, travel and positional and even from the Internet of Things – would you really trust all of that to be held externally by one company?

Studies show that most of us have – rightly, given the continuing major upturn in hacks and security breaches – trust issues when businesses have a large proportion of a single area of that data, let alone all of it – so the obvious person to trust with it all is you.

As the owner, you store this data where you choose – digi.me never sees it and never stores a copy – and it’s yours to do what you want with. Cloud-based syncing with future releases will allow you to access this secure library of you from multiple devices, but you choose the cloud and your data is still encrypted within it. Whether you go with this option or solely local storage, we can’t see it, nor can anyone else.

2) Control is also important – if you’re in charge of your own data, then accessing it and deciding what happens with it is naturally your decision. A SAAS service will usually have terms and conditions (T&Cs) nominally placing you in control – but what happens if the company could no longer provide the service or if you wanted to take it elsewhere- could you actually do that in reality?

Your data today is held by many companies under terms governed by their T&Cs. Most allow you to retrieve your data yourself- and upcoming Data Protection acts (DPA), such as the new EU DPA, are making this an absolute right.

But because data – your information, often provided by you, about you – is so valuable, many of these companies such as Facebook and Twitter do not allow 3rd party companies to access and keep that data, even with your permission –  they can access it but must then throw it away.

This is, of course, because your data is valuable to them, because they can sell it on and profit from it. They don’t want another company to hold that commodity as well – but digi.me overcomes that because you yourself gather the information after downloading our app, we do not do it for you. (Of course, this is another layer in how your data is kept private, as we have mentioned before, because we provide the means to get your data, not your personal information itself.)

3) Security is another major issue with SAAS companies – servers full of valuable data from millions of people that has a significant financial worth are a very attractive honeypot for hackers and criminals in general.

It takes time and money to bypass modern security protocols so it makes sense to target servers storing huge amounts of data rather than going after one person at a time. And, as recent breaches show, even huge multi-nationals have weaknesses that can be – and increasingly are – exposed.

4) And if a company does go above and beyond in their efforts to keep your data safe, such as by adding individual encryption, then you run into the final issue – cost.

If a 3rd party service is going to perform all the sync processing to retrieve your data, organise, store and manage it and then provide services on top then the cost associated with this as well as the relevant processing storage and bandwidth is substantial.

But each of these key issues is completely and emphatically overcome if you retrieve and process your own data locally or in a cloud of your choosing.

You get guaranteed privacy and control, because only you have your data. Because it’s yours, you can retrieve it from other companies and store it. Because it’s all in one place, it’s safer and by using resources you have already paid for you avoid extra cost.

Digi.me therefore, precisely because it is not SAAS, brings vast and ongoing benefits to the personal data economy and to each individual. Additionally, it puts you at the centre of your digital life and gives you the base layer of the Internet of Me, where the power of data becomes centered on the individual rather than being held elsewhere.

exporting-is-great(5)

Why digi.me knows that Exporting is GREAT!

As the Government launches its Exporting is GREAT campaign to encourage 100,000 new UK exporters into the market by 2020, our founder Julian Ranger explains why having access to a worldwide market has been great for digi.me

Physical exports have been a way of life for centuries – the trading of things that one country didn’t have with another one that did, but these days digital exports are growing in popularity and digi.me is in the vanguard.

Here at digi.me, our ground-breaking app is helping thousands of people take back control of their personal information – but why should that be restricted to the UK?

We have an international team and believe firmly that our product has merit around the world – and our current stats, which show we export both physically and digitally to over 150 countries, with our app content localised in 11 languages, bear this out.

Of course, shipping overseas in any form has its challenges, but we’ve had (and continue to have) a lot of support from UK Trade and Investment (UKTI) and are getting a lot of help from a European embassy overseas at the moment for an ambitious country-wide project we’re hoping to run there.

Clearly, there are some obvious ground rules to follow – you need to be clear on what your product or service brings to your target market, and what marks you out from your competitors. Do your research on what an individual country needs, and then go from there.

My previous experience of selling to the US Air Force and US Navy gave me confidence to know that anything is possible, and we started exporting with digi.me digitally immediately from set-up, with direct exports to France and the US following afterwards.

Now Toshiba has joined forces with us to distribute our market-leading personal data software across Europe, North and Latin America, which sees them partnering and promoting us through their marketing and social media channels, as well as pre-installing our app in a number of laptops and tablets in the Latin America marketplace. We’re also in our third year with the FNAC security pack in France, so are becoming well known over there as well.

As for our future exporting plans, we hope to be able to announce that European project soon, as well as open a US office, with US locals, to explore possibilities for digi.me there.

So our advice to anyone wavering about joining the international market would be to get out there and do it – you really won’t regret it.

*Exporting is GREAT will run for five years and provide advice and expertise to support businesses at every step of the way, from initial interest to market. This will include the year-long EIG Roadshow that will travel the length and breadth of the country, reinforcing the campaign’s core messages, giving face-to-face assistance to first-time exporters and using the latest technology to connect these businesses with live export opportunities. Online help will be available via www.exportingisgreat.gov.uk

iom-blog

Online privacy – is there a simple route to the ‘Internet of Me’?

Privacy concerns continue to grow over personal data use and leaks, and this week those concerns were highlighted in the New Scientist in their editorial (29th August – https://www.newscientist.com/issue/3036).  From reflecting the opinion of many that “Privacy is dead”: to asking how we got here, “Data has become currency”; to thinking about solutions, “Such systems are complex”; to worrying that if the effort to restore privacy doesn’t start soon then “vested interests may become too deeply entrenched to overturn”.

If we think the solution is complex as suggested by the New Scientist, then it is less likely we’ll find the right answer; however, I would like to suggest that there is in fact a very simple solution.

To see what that simple solution is we need to think why our data is so valuable and therefore why businesses are trying to track us. The answer is because the businesses believe they can provide better services , better convenience or sell more to us if they know who we are in many different dimensions.  If this were not true then there would be no value in our data and no value in tracking us.

But how good is the data they get? – not very is the actual answer. This is why of course ever more complex and invasive methods of tracking and associating data are being deployed – at great cost.  Even then the best anyone gets is a thin slice of you which can be 30-50% wrong.

Even this poor performance is threatened by the new ad blocking, do not track and other privacy ‘solutions’ now being deployed.  No one is winning here: not the individual nor the businesses.

Is there a better way? – to use the marketers phrase a “win-win” for both consumers and businesses? The answer is yes there is and what is more it is straightforward.

If I own, hold and control all my own data then businesses can come direct to me and ask for that data.  They get access to Rich data: data which covers a much wider set than they can get by tracking; which is deeper in time; which is 100% accurate, with no association errors (it is about me because it comes from me); which is fully permissioned; which is simple to get – just one person to come and ask.  If a business can get Rich data easily and very cheaply then why would they pay more for worse data obtained through tracking? Not only would they pay more for less they would also not get our trust.

By coming direct to us they get Rich data, cheaper, easier and with our trust.  When more and more businesses start to do this the market for tracked data will diminish and then disappear – a better solution for everyone.

How do we get there? We need software in place which gathers and holds our data for us on our own devices and cloud infrastructure, and which enable businesses to come to us for data which we can authorise (or not).  Luckily this process has started already, for example our company digi.me – see http://digi.me/video, and there will be others joining the party too.

Privacy is not an insoluble problem, nor a difficult win. You just have to look at the motives of everyone involved and fashion a simple win-win solution.

Oliver Wendell Holmes, the famous 19th century American physician and writer said: “I wouldn’t give a fig for the simplicity this side of complexity but I’d give my life for simplicity on the far side of complexity”.

With regards to privacy that simple solution the other side of complexity exists – it is that we own and control our own data on our own devices.  An “Internet of Me”, where I am truly the centre of my data world.

control

Sharing – change in control needed

Sharing today is generally seen as positive, but is also associated with negative aspects around privacy. If the negative aspects are not fixed sharing will slow and cease to the detriment to everyone, but there is a solution that will increase benefits to individuals, businesses and society as a whole IF there is a change in control – from business control to individual control.

Sharing is positive because it creates new services and functions that can help individuals, businesses and society as a whole. Sharing has grown through database marketing in 80s/90s; social media in the mid-00s; wider Software as a Service (SaaS) services since; and will grow exponentially more as individuals embrace the Internet of Things (IoT) – provided the “bad” can be controlled.

The negative is privacy; along with the increased sharing of information has always come concerns with regard to privacy. If we look back to the introduction of what might be termed database marketing in the 80s, increased privacy concerns led to the introduction of check boxes on forms stating whether businesses could use the information for other purposes. Today we have dramatically increased the personal data that is shared, both explicitly and hidden, whether that is social media, other web/SAAS services, monitoring of clicks and the like – and with that has come heightened privacy concerns.

The web related privacy concerns have grown ever more over the last 6 years, with greater numbers of people reducing/changing their social media use (or using more private channels), using Do Not Track, Ad blockers, ’going dark’ and other methods. The concept of the “creepy line” is well embedded now within society. Unconstrained and uncorrected, this will lead to a reduction in sharing, curtailing the positive benefits, and crippling new concepts such as IoT, which depends on greater levels of sharing.

This reduction in sharing leads to a discontinuity with dramatic effects. Not only will the Internet of Things be stillborn, but innovation in providing services based on personal data will stall across all domains (personal communications, commerce, health, etc). This will have a dramatically negative effect on businesses, but also individuals and society as a whole.

A BCG report “The value of our digital identity” states “The quantifiable benefit of personal data applications can reach €1 trillion annually to EU-27 by 2020  – with private and public organisations reaping about a third of the total, and consumers the rest” and then on goes on to say ““BUT much of this potential value will fail to materialise if consumers act to restrict the flow of personal data.”

How do we solve this problem and allow, even encourage, greater sharing? The current trajectory MUST be broken and restarted following a different approach in order for the full promise of personal data, inc. the IoT, to be realised

Change in control

There is a perception that there is so much data that it is currently infeasible for individuals to control it in a meaningful way with the information technologies available today, but our aim must be to provide that much needed control.

There are many suggestions for “personal data stores’ or “personal data lockers” and similar, hosted by third parties, to help individuals gain some control over their data. However, these all suffer from a number of issues: control is still via third party; the stores only hold a subset of data which means there is no overall control, no interoperability between different stores and no single point to access; holders of individual’s personal data (e.g. Facebook et al) often don’t allow access for retention by third parties. At best these systems are a band aid to the control issue and provide limited immediate benefits to individuals, severely limiting take up.

However, there is another approach – one in which the overall architecture is different, but at the same time familiar. By approaching the issue of privacy from an alternate architectural viewpoint, it is our contention that many of the problems are mitigated and contrary to there being an additional cost to privacy, there is in fact the reverse: an additional benefit to everyone involved with the new architecture, individuals, businesses and society alike – and at reduced cost.

The fundamental architectural difference is to return ownership and control of personal data to the individual, rather than the control being held exclusively by business

Personal control – the ultimate solution

Personal control is a simple change in perspective:

– Others don’t own your data – you do.

– Others shouldn’t hold your data – you should hold it yourself

By changing the view, this simple insight solves the privacy issue for individuals and the ability of businesses to access that data through user permissions.  This view, and the understanding that underpins it, has been developed by the company digi.me (formerly SocialSafe) in the UK, in a program of work that was initiated in 2009.

Having first downloaded the digi.me software to your device, the software works by retrieving your data directly to your digi.me library on your device – not touching anything else along the way, not the digi.me servers, not anything. A 100% private library of all your data, fused and normalised – social, financial, utilities, purchases, health, leisure and much more.

The digi.me user interface then allows the user to do more with their data, 100% privately, never losing it, and keeping access forever. It helps them be more engaged, have more fun, and to do more things, better – all locally and immediately, thereby giving that crucial incentive to start the process of regaining control of their data.

So digi.me is your librarian, but also extends to being your postman. The postal service is where digi.me controls a certificate system that allows other apps, web sites, etc. to ask the user for permission to see aspects of their data for a specific and permissioned purpose. If the permission is given by the user based on their perception of the offered value proposition, the digi.me app sends the permissioned portion of the ‘rich data’ to the requesting entity. This is summarised in the diagram below and in more detail in a video at http://digi.me/video

(Note: Whilst this architecture is different in that the individual owns and controls all their data, it was noted above that it was also familiar – that is because it is exactly what businesses do. Businesses hold all their own data – and then use local and remote apps to extract greater value. The individual is like a business with all the data available today – it should therefore not be a surprise that the solution is a familiar one!)

Conclusion

So by holding all their own data, individuals regain control and can do more with their data themselves and importantly can decide who they share that data with, what elements are shared, when, for what purpose – in this way the sharing economy can overcome the discontinuity posited above.

(Note: In my previous post I noted that we should define Privacy in the digital age as the “Ability to control your personal data, including who you share it with, when and for what purpose”. By owning your data you are then in control of your own privacy.)

control

Definition of Privacy in the Digital Age

We seem to be caught between two stools of thought on Privacy – either Privacy is dead (aka Mark Zuckerberg and more recent posts such ashttp://www.washingtonpost.com/blogs/innovations/wp/2015/02/11/privacy-is-following-chivalry-to-the-grave-heres-why-thats-a-good-thing/) or the Go Dark movement. This seems to be looking at issues incorrectly, because we haven’t defined what Privacy is.

Specifically, being private doesn’t mean not sharing anything – it means being in control of what you share, to whom and when. For example, I am a private person, but I share sex with my wife, I share family issues within my family group, I share my finances with my financial advisor, I am happy for my supermarket to know what I buy. The point is that in the physical world I am largely (but never completely) in control of my privacy and that includes what I share and with whom.

So privacy does NOT mean no sharing. This is important as sharing is the grease to the future economy – combining different data sets that I share will enable radically new services and experiences that I have yet to even think of.  Privacy equates to controlled sharing. There is a spectrum of sharing for data items: from items I keep solely to myself, to items I share with one or a few people and ask not to be shared further, to data I may share more widely and allow to be re-shared, to data which I share with the world (either as me or in anonymised form).

We should include “for what purpose” in the above definition of what privacy implies re control and to most people they would. If I disclose to a close friend a secret so I can get feedback for example, I do not expect that secret to be disclosed to others – it was only for the purpose of our conversation. However, I can’t control my friend directly and he may tell others. In which case of course he has lost trust and I probably won’t share with him again – or at least will share more carefully. This is of course the same in the digital world. If I share with you for a purpose and you use for another purpose then I am unlikely to want to share with you again.

So, I propose we define Privacy as “The ability to control your personal data, including who you share it with, when and for what purpose“.

(Note: the dictionary defines Privacy as the “condition of being secret”. In my digital privacy definition we propose this is equivalent to “being in control of who is in on the secret”).

Facebook join SocialSafe by promoting data portability


Yesterday Facebook announced a new feature which allows users to download the data they have in Facebook to their computers – sound familiar? For too long Facebook has been a walled garden where you can put your data in, but couldn’t get it out without using a tool like SocialSafe, so we heartily welcome Facebook’s conversion to the data portability camp.

SocialSafe is all about data portability and reuse and this has been our core mission since our launch in June 2009. We believe that if you create content or enhance your content using a service, program or tool that you should be able to reuse it elsewhere. For example, many of us have spent time tagging friends in photographs – wouldn’t it be nice to be able to use this information elsewhere and not just be restricted to using Facebook forever to see this information (and of course Facebook data is easily lost as friends move on, change accounts, etc). At SocialSafe we capture this information and allow you to see and reuse it.

As we develop SocialSafe the reuse aspect of your social data will increase dramatically. In just a few days we will release SocialSafe v2 which gives you a full digital diary view of all your Facebook data – want to know what you did this time last year? – easy just jump to that date in the calendar. No spending 20 minutes going next page, and the next page ad infinitum to access that data. This is what data reuse is about – because you have your data on your PC/Mac with SocialSafe we can add extra services and integration that are not part of the core Facebook mission. Another example with V2 is a search capability that looks across all of your Facebook data and an export capability to save your photos to any location.

As we proceed on from V2 we will be adding Twitter and other social networks to the stream you can download, view and reuse within SocialSafe – allowing you to get your hands around all of your social interactions in one place, enabling you to have the full picture and providing open data portability.

Not everyone needs all of SocialSafe’s current and future features, just as not everyone finds Facebook the answer to their social networking needs. A variety of solutions is always better than just one and therefore to have Facebook providing a basic download feature so everyone has access to their Facebook data is a significant step forward to achieving greater data portability across all services.

Facebook ‘Places’ More Privacy Concerns On Us

Facebook Places ConcernsWell Facebook Places is here and you can now check-in to places (only for US customers at present) with the Facebook App, so friends and others can see where you are.  Useful? – probably.  A privacy concern? – most definitely.

The use of geo-location apps has been growing with the likes of Foursquare and Gowalla taking the lead.  Having used Foursquare at SXSW in Texas earlier this year I recognise that there a use for a general public check-in in order to identify the ‘happening’ places. However, for me this very public announcement of where I was had marginal value. In addition, I feel that there are significant obvious drawbacks that I believe outweigh the advantages.

I do understand that using Facebook in order to check-in to places so my friends (and for me, only my friends) can see where I am, might be useful to help link up.  An immediate problem though is that my Facebook friends include very close friends, close-ish friends and others from sports clubs and the like that I know, am friendly with, but are not that close with.  As we know, the issue with Facebook is that I can’t restrict who knows where I am.

So onto privacy: why am I concerned?  The Facebook blog makes it clear that my Facebook friends can check me in somewhere without me doing it.  OK so what’s the problem – I can set a privacy control to stop this being broadcast after all.  Yes, but why is the default set so that others can do it. Surely the responsible, ethical default setting should be that only I can control my check-ins? Anything else is a breach of my privacy and right to controlling that privacy.

Three further things worry me.  Firstly, Facebook seem to have invented quite a few new privacy settings to control various features of the new Places function.  These are not all in one place, not set to protective defaults and are not eminently clear as to what they do.  I’ve said it before and I’ll say it again, if Facebook can make their overall user experience so good and so easy, then they should be able to do the same for their privacy settings.  The very fact that they don’t can only be a deliberate policy to fool people into being more open than they would otherwise opt-in to be.

Secondly, this quote from the Facebook blog is priceless: “If you don’t want to share your check-ins with your friends’ applications, just uncheck the new box in your Privacy Settings under ‘Applications and Websites’”.  So if I do nothing and my friend uses a dodgy application that abuses their check-in data, mine can be abused too – without me having any idea whatsoever what application my friend is using or what that app is doing with the data!!  This is horrendous.  Facebook should definitely set the default for that option to disable, but they haven’t – and they’ve neatly buried the privacy option so most users won’t see it. This is unethical and wrong.

Finally, nowhere in the Facebook announcement clearly states what Facebook is going to do with all this rich new check-in information they are getting (we’re providing them).  Are they going to use it only internally or are they going to share with and sell to partners? Is the data going to be anonymised or will I be identifiable? Facebook have a duty of care over the data we share with them and the first duty is to tell us what they do with the data so we can make informed choices as to how we use Facebook.

Overall Facebook Places will be a well received addition to the Facebook toolset. However privacy concerns over the new feature are not just noise nor are they carping comments from those not sharing in the Facebook success story. These are legitimate concerns and have very real adverse effects for the majority of Facebook users who are just not aware of what they are letting themselves in for.

Another Facebook scam – The “Official” Dislike Button

'Official' Dislike Button getting access to your dataSophos has reported on a Facebook Dislike Button and the story has been picked up by major sites such as the BBC and Mashable.  Essentially some nefarious folk have created an application which pretends to be the official Facebook Dislike Button, asks for access to your FB profile and asks personal questions on a survey which then point you to a Firefox download from an unrelated company.  Why do they do this? – because they want your private data that’s why; they can sell this on to others for a profit.  Sophos, BBC, Mashable and a host of others point out that you should be careful about what apps you allow access to your Facebook data and to be careful in answering surveys.  This is self-evidently true, but there is a deeper issue here – should Facebook control their application environment or not?

The advent of the Apple iPhone, the Google Android mobile phone system and Facebook has created a whole new application (App) marketplace where useful and/or fun apps can be downloaded for free or very low cost.  This has stimulated great innovation which has enriched all of our lives, but there are dangers to this free/low cost world.

we have forgotten the dangers inherent in any computer program which has access to our machine and our data

Over the years we have all become wary of downloading programs on our PCs/Macs without first checking they come from reputable companies or have reputable reviews on the web about them.  We see many such checks happening before people download SocialSafe – and quite right too.  However, because iPhones, Android phones, Facebook et al are immediate devices with many, many exciting apps available we have forgotten the dangers inherent in any computer program which has access to our machine and our data – we need to be just as careful with these small free/low cost apps as we have been and are with more major programs on our PCs/Macs.

Apple largely avoid the problem by managing their App store thoroughly.  This has the upside that you can download with confidence, but the downside that it can take a while for apps to be authorised – and presumably it costs Apple a lot of money for their staff to do the verification process.  The Android and Facebook systems are unmanaged app stores – anybody can post something in and it is available immediately – this is open to abuse.  Yes rogue apps can be taken down if they are shown to cause harm, but this is usually after the harm has been done – a true case of shutting the stable door after the horse has bolted.

Ideally, I believe that both Facebook and Android should include an element of management into their app stores – a verified tick or similar.  This would highlight that unverified apps are potentially risky and that “buyer beware” principles should apply.

Until this happens please do ask yourself why an app needs access to your data, why they are asking you personal questions, why they need to post to your wall and check out whether there are any comments relating to an app before you download it.  We at SocialSafe adhere to the highest levels of privacy and integrity with regard to our app – we know that, but please do check it out for yourselves.

Julian

Facebook Privacy Changes – a step forward?

Over the last few weeks there has been mounting criticism of Facebook’s privacy rules and changes.  I have been one of those – my point being that Facebook is so easy to use, yet the privacy controls so complex that I felt this was a deliberate policy to effectively trick users into greater openness than they realised.  Today Facebook announced changes in their privacy settings through their blog and with an updated privacy explanation page. So have Facebook done enough to counter the criticism?

My first reaction, and with only the two references to go on, is that they have moved to a simpler system which is good – though it is not as simple as it could be.  First the good bits:  It appears we do now have a one click ‘Master Control’ to set “your commonly used items” such as posts, photos, etc to Friends only, Friends of Friends, or Everyone – this is much, much better and is to be applauded.  Also in his post Mark Zuckerberg states “this control will also apply to settings in new products we launch going forward” – what this means is that if I set the ‘Master Control’ to ‘Friends only’, then future Facebook privacy control settings changes won’t override this – this is also a very good change (albeit one that should have been there before).  Finally, on the positive side Facebook now state that Friends Lists and Pages no longer HAVE to be public – I can set them to be Friends only – another long overdue change.  So in summary on the good parts, Facebook have listened and have moved to a simpler system.

Despite these very positive changes, I still have some reservations.  Facebook have listened (they had to!), but if you look just a little at the detail you can see that Facebook’s desire for you to make all your data open to the world and to lull you into ignoring privacy, is still as strong as it was.  This is most clear if you look at the “Recommended” settings in the diagram at the top of the privacy explanation page.

Why should it be recommended that all my posts and photos and family and relationships be open to “Everyone” on the internet?  Clearly most people will just click the recommended settings, which will also no doubt be applied by default for users, thereby giving up their privacy.  My issue here is that for the non-tech savvy they are being pushed in a direction which causes them to be more open than they are aware – I think this is not following the duty of care for their users that I would expect of a truly ethical company.  Nonetheless I can’t argue that it isn’t clear(ish) so, as Mark says in his post that this is the last change they are going to make to the privacy settings, it is now a case of if you like the constraints then use Facebook and if you don’t then quit.

There are a couple of other minor negatives such as the need to go to subsidiary privacy settings for some features (why???) and some other default settings that are questionable (e.g. do we really need our activities to be visible by default), but Facebook have at least been clear on their direction.  You may like it or may not – it is now up to the market to decide.  I suspect that with 400M+ users Facebook is still going to be a driving force on the internet for a while yet.  Will their radical approach to openness become the norm, or will users (eventually) drive back to a more private exchange of information with just their friends.  I am in the latter camp, but time will tell if I am in the minority or the majority.