ReadWriteWeb

PostSecret, the beloved weekly blog that allows anyone to anonymously share a postcard containing a personal secret, has launched an iPhone app that expands the project out onto the social and mobile Web. In addition to viewing the regular Sunday Secrets - the physical postcards - featured on PostSecret.com, users can create and share digital secrets and browse them by time and location.

The idea of broadcasting your darkest secrets across the Internet might sound counter-intuitive, but the app does an amazing job of reassuring users of their privacy and security. Not only has PostSecret built a heartfelt, loving application, it has raised the privacy bar for app developers everywhere.

Yesterday the Mozilla folks released numbers and a "field guide" with sample code, tutorials and additional resources on Do Not Track (DNT). How's DNT doing so far?

According to a post by Anurag Phadke a bit less than 5% of Mozilla users have turned on DNT. This might be a bit low because the tracking for DNT is by IP address. So users that are behind a firewall that exposes only one address shows up as only one user – even if 5,000 users are behind the firewall.

United States law enforcement officials have been utilizing data provided by global positioning satellite systems to track down individual suspects, without having to demonstrate probable cause before a judge first - that much is known. Rights groups such as the ACLU have wondered, just how much of that goes on?

The rights group's investigation of this practice has inadvertently triggered a renewal of the debate over privacy policy versus public disclosure, and whether it's possible for an agency or other entity to reveal data that could lead to further revelation of personally identifiable data (PID), without officially violating privacy. The final outcome could set a new precedent for privacy policy, not just by the government but for enterprises as well.

Flickr will announce a new feature this morning called Geofences, forward- and backward-looking place-specific privacy settings for the location data of the geotagged photos you upload. The feature is live right now and is really well implemented - this is something that every social network ought to enable.

Geofencing is a term typically used to refer to the drawing of a line on a map where some kind of pre-determined action is triggered, it's most established in the business of transporting goods in trucks and triggering tracking actions when those trucks enter into certain geographic zones. Flickr's new privacy geofences are something everyone is likely to enjoy using though. I, for example, have already set up a geofence around my house prohibiting anyone but my approved contacts from seeing the photos I upload from home. Thanks, Flickr! Update: Turns out I got that wrong, the photos are subject to my previous privacy setting - it's just the location of my house that's now more private due to the geofence. That's cool too!

The latest round of privacy controls improvements from Facebook - widely perceived as a response to competition from Google+ - let members select per-item policies for literally everything they post. It's a simple, but very pervasive, set of controls that let users set limits on everything, and preview their published assets as friends and the general public would see them.

But do these changes have any effect on what apps running on the Facebook Platform will be able to see? The way the Platform works now, a Facebook app runs with the permissions of its user. That makes sense, because how else can an app such as a game gain access to the list of friends with whom the user might want to play? Still, although it's officially against Facebook policy, apps are capable of collecting that data for servers that may store it for other purposes.

Ever since Google's latest social platform, Google+, began limited testing in late June, the question among both prospective developers and prospective members has been, how will it compare to Facebook with respect to privacy? Although Facebook has taken incremental steps to help its users protect the data they may intentionally or inadvertently share with other people directly, Facebook has been notorious for the degree of frankness its platform presents to its applications.

Google has been particularly careful about demonstrating its concern for protecting its members' personally identifiable information (PII), and an update late Friday to its engineering director, David Glazer's Google+ stream was no exception. Giving the first technical details about the forthcoming Google+ Games platform - the first apps platform for Google's new social network - Glazer said end-user information would only be obtained through direct user consent.

Research firm Gartner's release earlier this week of an update to its venerated "Hype Cycle" cast a long shadow that hid a startling prediction: At least half of all organizations that host data on behalf of clients will change, or be forced to change, their privacy policies by the end of next year.

The increased awareness of security breaches among cloud providers, especially Amazon, is one reason. The rest, according to Gartner research director Carsten Casper, center around the changing legislative landscape, especially among multiple countries where the disparities between data protection laws appears only to be growing.

It's a little bit amazing that any social networking site could pull what many posts are calling "a Facebook" at this point in history. Nevertheless, LinkedIn has made news by creating an opt-out account setting to use member names, photos, and information in "social advertising" on the site. Facebook made this strategy infamous, although there's no way to opt out of many of Facebook's social ads.

Still, no one likes surprise opt-out uses of personal data. Complaints about this perceived breach of privacy have made the rounds over the last day or so. LinkedIn has just posted a response to the backlash offering some clarifications.

The Electronic Frontier Foundation and The Tor Project have officially released a Firefox plugin called HTTPS Everywhere, which enables encrypted, secure browsing on some Websites.

The plugin, which came out of beta today, works with a list of sites that support HTTPS, but may be doing so in an incomplete or limited fashion. If a site defaults to unencrypted HTTP or links to unencrypted pages, the plugin will rewriting requests so that true HTTPS is utilized. It currently works with a number of big sites, including Google Search, Wikipedia, Twitter, Facebook, bit.ly, PayPal and all Wordpress.com blogs.

The first-ever technology promising to give consumer and corporate end-users a dashboard to control access to the data they store online will take its first step this month toward standardization.

The User-Managed Access (UMA) protocol is an authorization engine for individuals. It lets users selectively share data, via a set of policies, instead of being at the mercy of social, government or other sites that often have less than complete concern for the data owner's privacy, safety or reputation.