Trust is not something you give freely and still expect to survive. I hate it when it appears that my trust in someone or something is being abused. That potential abuse is abundant in Facebook games.
Harsh, I know, but when you give your trust to any Facebook app, including games, you are granting them permissions to pull in your details, write to your wall, hover up your friends list and so on. While Facebook application developers can limit what they have access to, you can create a fully evil application that copies everything from your Facebook account, including private information.
I’m being particularly harsh on Facebook at the moment as I discovered that their Facebook app for Android did not take the contact details my friends on Facebook had publically posted (or granted to their friends) and copy them to my handset, but it copied my entire mobile phone contact list off my handset and uploaded them to Facebook. I never put my phone number in Facebook, and it copied it from my phone and made it public. The iPhone version does something similar.
Google + rolled out their games… their attempt at competing with the highly popular Facebook games. And they did some things right.
Firstly, if someone plays game, their “achievements” don’t appear in your main stream of news, but they appear only in a separate games notification page. This page only shows up if yo want to play a game.
This is useful purely because it stops the people in your circles, who don’t play the games, being annoyed by your updates. I for one block games notifications when they crop up in Facebook, after all, since I don’t trust the Facebook games I’m not about to play them.
However when I start to play any of the Google + games I get a pop-up window asking for permissions.
- View basic information about your account
- View your name, public profile URL and photo. View your gender and date of birth. View your country, language and time zone.
- View a list of people from your circles, ordered based on your interactions with them across Google
- View a list of people from your circles that you may want to engage with
- The list is ordered based on your interactions with these people across Google
- View public profile information for these people
Some of the games also want your e-mail address. That’s a lot of information just to try out a game!
I have issues with this list. Social gaming is sometimes akin to nagware. Nagware was a nickname for free software that kept displaying a message, or advert, before you could play unless you paid for the game (and entered a “stop nagging” code). The difference is that, for many games, you nag your friends with how well you are doing. Sorry, that might be “friends” if you nag them too much.
I can understand a game wanting my name, Google + public profile URL and photo. This stuff is public, and there are probably access reasons they want it for. I can forgive it asking for my gender as its part of the public suite too. My date of birth should only be an issue if I am playing “adult” games, games related to controlled substances (I’m talking about legal drinking age) and gambling. Given the legal limits are different in each country they’ll need the country too. For localization reasons they may want my language preference (if over 50% of the players speak German, do the German version first).
I can’t figure out why they want my time zone.
Actually the “basic information about your account” details aren’t that worrysome.
I object to them wanting to harvest my friends at the start!
Wouldn’t a better option be, ask about me, and only me. Be able to add custom information to the permissions notice. The android apps allow this, and knowing “why” something wants access makes it more acceptable. (Of course they might lie *cough* Facebook sucking my phone book out of my phone *cough*).
Let me try the game. And if I want to get past a certain level, I have the option of leaving or sharing. Its sort of similar to the way arcade games work on Xbox Live. You download a trial and you can only get to the first (or another arbitrary) level. If you want to go further you have to buy the game. Also, only people who have bought the game can share their high scores. I’m sure the download statistics (and maybe some profile information) is shared with the games developers. Something like numbers of bought without trailing, trial downloads and purchases after the trial along with basic demographics.I suspect they also get level information, as in what point you stopped playing the game.
In this case, they get some of my information (some, just the public stuff, if there isn’t a reason for an age limit then they don’t need to know where I am and my age. They may have a good reason to know my language so I’ll grant that one) and is I want to play past the first level / screen / puzzle then I have to grant more permissions.
By then they have earned a bit more of my trust. And lost some of my animosity.
This is a Loose Bloggers Consortium post on the theme of “Animosity”; chosen by Padmini. To find out that the others in the consortium think, check out, Anu, Ashok, Conrad, Delirious, gaelikaa, Grannymar, Magpie 11, Noor, Padmini, Ramana, Rohit, The Silver Fox Whispers, The Student Diaries and joining us this week for the very first time are Nema, Paul & Plain Joe.
I’m not a fan of Facebook
Which is a problem when it comes to Photomeets and Photowalks. And slightly impromptu events and meetings, as the initial invite is sent out via a Facebook invitation. I sort of went off it in the flood of applications, and I’m not surprised that LinkedIn is getting a flood of new users.
The one thing I loved was the friend feed. The quick status updates of “Bob is arriving at three” and “Alice is looking forward to the meeting” and “Eve is still listening”. Of course these are the essential parts of Twitter or Jaiku, or even FriendFeed.com (not the same thing, but I’m intrigued by their rooms to abate noise).
The main use of Facebook I’m doing is trying to track someone I don’t know down and contact them, or as I mentioned, meet-ups (as opposed to Tweet-ups or Meet-kus).
Why all this, it’s because I know about the next photowalk this weekend, (and yes I’m grateful that it e-mails out all messaes and the message contents now) but I have no idea if I’m going yet (and won’t know until that morning). I just don’t want to have to log in to FaceBook to say so.
Since I first blogged about the 4d’s of information loss, I have a few updates.
Source: WikipediaFirstly, what happens to your social network account matters financially. The Irish tax authorities are keeping an eye on Facebook and LinkedIn. And depending on what happens on your account may effect you being audited. In the case of a nasty divorce… its possible to create fake announcements which just might lead to an audit.
In the case of a death, LinkedIn will…
“attempt to gather as much information to make sure that the claim is legitimate. [They] take our members privacy very seriously. Once [they] have sufficient evidence [they] can remove the account. Unfortunately there is no notification that goes out to all of their contacts.”
This apparent network might not even be a true reflection of who-knows-who. Jaiku Invites is an example of this. When Google bought Jaiku they shut down new user registrations. There are a lot of people out there who would love to join and take part in all the great discussions we have there, particularly around events like OpenCoffee and BarCamps. Luckily each existing member was given 10 invites that they could hand out and Ciarán Rooney created a method to do this. However this means that the inviter does not know the invitee despite the apparent connection made. (And hello to those strangers who used my invites).
And it is still easy to loose the information by, loosing the laptop. Just ask the UK government who lost over 1,000 laptops (full of information) over the last few years.
I do have a death update, but that is something for a post of its own.
Death comes to us all. And from a legal perspective, death doesn’t stop data. Data is property. Digital photographs are the same as physical photographs from an ownership perspective.
However, the law and reality split.
Getting your hands on your data
Lets assume that Aunt Bessie has died. What now… well as her only heir you get everything.
All her encrypted files. All her data accounts. All her data is yours, but you can’t get to it.
Unless Bessie provided something for you…
As Ellybabes pointed out in her Death and Divorce in the Digital World presentation, unless you leave someone the password, they are going to stay locked out.
There is a method… as was pointed out in the ‘Security Now!’ podcast (episode 72):
Today, while alive, I don’t want to give my sensitive stuff or passwords to anyone, including my wife. But when I eventually die or become very ill, I need to make sure that my family has access.
But I know my wife wouldn’t be able to figure it out to save her life. If I have TrueCrypted all of my data, have complex unguessable password schemes and so forth, how do I unwind all of that for the benefit of other people I care about in my life?
So what you could do would be give to your attorney who has your will, or in a safety deposit box, something where access will be granted in the event of something bad happening to you without your taking any action.
Here’s what I’m thinking is that you separate the information out. So one of the things TrueCrypt lets you do is have an image file and a password. You need both; right? Maybe give the attorney the password, maybe even put it in your will, and store the image file in a safety deposit box. Separate the two, to be opened on your death or whatever.
But if you change your password regularly… then the copy with the attorney is probably out of date.
You could always try to break in to the machine, or maybe you don’t need to, after all, if the hard drive is not encrypted, you just need to put it in another machine. Right?
What if the machine isn’t local. What if the data is on a remote server. Do you need to go get a wig and break in somewhere.
Well, if you want to keep the data, the answer might be yet.
No right of survivorship
(section 27 Paragraph 4)No Right of Survivorship and Non-Transferability. You agree that your Yahoo! account is non-transferable and any rights to your Yahoo! ID or contents within your account terminate upon your death. Upon receipt of a copy of a death certificate, your account may be terminated and all contents therein permanently deleted.
Or if you prove that she’s dead, you loose access to all her stuff permanently.
For the record, a Flickr.com spokesperson detailed how their system works…
Flickr works with the Yahoo! Legal Compliance team to resolve these types of situations. You’ll need to send them a copy of the death certificate in order to have the Flickr
account closed. Please include their Yahoo! ID as well as their Flickr screen name for removal of the Flickr account. Compliance can be reached [via telephone and fax].
After a death certificate is received we are not able to
give access to the account but we can close it.
Sites like Facebook are a little more accommodating. According to a Facebook spokesperson
When it comes to our attention that a user has passed away, put the profile in a Memorial State. In the Memorial State, certain profile sections and features are hidden from view to protect the privacy of the departed. We encourage users to utilize groups and group discussions to mourn and remember the deceased.
I don’t know what “Memorial State” means, but it does mean that the data is retained.
When I posed the question to Marcus MacInnes of Pix.ie he replied…
We do not have a specific policy dealing with the death of one of our users. Our policy on account access however is as follows:
We provide access to a user’s account only under one of the following conditions:
1.via our automated password recovery method;
2. if instructed to do so by a user’s legal personal representative (which may be the user themselves);
3. if we are required to do so by law.
In the event that the owner of an account dies, upon request, we would be obliged to surrender that account to the user’s legal personal representative (usually the executor of their will). The legal representative would then act in accordance with the wishes of the deceased and may for instance request deletion of the account.
And Joe Drumgoole of PutPlace.com explained that
we haven’t put the legal framework in place yet. Our intention is that all content gets assigned to the probate or estate and the executor gets to do his stuff. In situations where no estate exists or legal structures don’t support it we will allow appropriate next of kin (spouse, children, siblings, parents etc.) with supporting documentation to take over the account. We will support an alternate contact to allow somebody else to recover the account but we depend on the user to keep this up to date.
Its definitely a tricky area and something we will be coming across more and more in the future.
Messages from beyond
Another complicating factor is that with more and more of s spending our lives on line. Frequently out virtual network of friends and “friends” are the only ones that the next of kin cannot contact, because all this data exists on remote servers. Do you have a local or hard copy of all your friends contact e-mail addresses or IM names? (Actually do you have a list of all your accounts?)
If you got access to Aunt Bessie’s social network account, should “she” be the one sending the funeral notice. Is parking the account in a “Memorial State” the answer? Marcus MacInnes of Pix.ie explained
[the] moral issue which until your question, we had not fully considered. How would friends react to receiving an on-line message from someone whom they knew had recently died. We cannot assume that the custodian of the account would act in any given manner and it is not clear whether or not we have a moral responsibility to provide reasonable protection to our users from receiving messages via our platform which are likely to cause distress. An example of this may be when a custodian acts irresponsibly, either intentionally or unintentionally.
Because of my questions, their policies are being reviewed.
I would have loved to include details of the policies of other vendors, but only the above companies contacted my in time. If I get any more details I’ll include them in the comments.
With kind thanks to John Looney of Google (for the tech and social angles) and Simon McGarr of Tuppenceworth.ie (for the legal questions and answers) and for all the people quoted above for providing their perspectives.
tags : 4 Ds of Information loss, 4 ds, Death, legallegal, property, Ellybabes, Security Now, right of survivorship, terms of service, Yahoo, Flickr, death certificate, memorial state, Facebook, PutPlace.com, Pix.ie, Marcus MacInnes, Joe Drumgoole, friend, moral responsibility
Let me tell you about Walter Higgins…
Walter created the Pixenate site which allows you to do online photo editing (so no need to download Gimp et al).
I think Walter explains it better in his interview with Intruders.TV
Well, at 9.30pm last night, after a bit of annoying him, he started working on a FaceBook version of Pixenate. At 3.30pm today he finished the FaceBook edition of Pixenate… yes folks that’s 18 hours later and that time included a full nights sleep and at least on school run.
So now you can edit the photos you uploaded to FaceBook (or like me, failed to upload due to Java incompatibilities with my FireFox)
So please tell me how well it works…
Hopefully I can get to congratulate him in person at tomorrows Open Coffee. unless of course he’s gone off celebrating with the Junior certs tonight.