Path was uploading iPhone users' address books to its servers without asking. Today's update, version 2.0.6, now prompts users to opt-in to the "Add Friends" feature, which is not mandatory. Path has deleted all the existing contact info from its servers.

There are some additional security measures Path could use with this contact information, as Matt Gemmell suggested in yesterday's thread with Morin. The app could hash the information locally and then upload it. Path hasn't taken that step yet, but it assures users that the connection is encrypted, and the data are stored behind a firewall. And now that it's all opt-in, users are in control again.

So Path recovered as gracefully as possible. Do you accept its apology? Or did yesterday's revelation do too much damage for you to trust the company again? It's important to remember that you pay for free apps with your data. They're going to do what they can to collect it, because that's how they make money.

They should always ask the user for permission first. Apple requires app developers to ask the user for permission before gathering location data, and perhaps it should do the same for contacts. But the bottom line is that responsibility for user data starts with the user.

How much do you care about privacy when it comes to data like this? Is the price of free apps worth it? Share your responses in the comments.

The need to keep people from being exploited on account of violations of their privacy is clear, well-known, intuitive and amply articulated by highly capable people. The up-side of making use of peoples' data is far less so. The two concerns are closely tied together. That's something Bill Gates is likely very aware of, if his comments 10 years ago are any indication.

Bill Gates got this about the last era of computing, the first instances of e-commerce and the web. He wrote a famous company-wide memo ten years ago this month all about the importance of what a controversial hardware-based security paradigm called Trusted Computing.

"If we don't do this, people simply won't be willing -- or able -- to take advantage of all the other great work we do. Trustworthy Computing is the highest priority for all the work we are doing. We must lead the industry to a whole new level of Trustworthiness in computing."

Regarding Privacy in particular, the Gates memo put some things in ways we can relate to today, but other things seem antiquated.

"Users should be in control of how their data is used. Policies for information use should be clear to the user. Users should be in control of when and if they receive information to make best use of their time. It should be easy for users to specify appropriate use of their information including controlling the use of email they send."

Users should be in control of when and if they receive information to make best use of their time! Can you imagine that? Info overload as privacy violation. It makes sense, yet it seems hopelessly antiquated too.

"In the past, we've made our software and services more compelling for users by adding new features and functionality, and by making our platform richly extensible," he wrote.

"We've done a terrific job at that, but all those great features won't matter unless customers trust our software.

"So now, when we face a choice between adding features and resolving security issues, we need to choose security. Our products should emphasize security right out of the box, and we must constantly refine and improve that security as threats evolve."

Here's how the International Data Privacy Day organization puts it today.

"In this networked world, in which we are thoroughly digitized, with our identities, locations, actions, purchases, associations, movements, and histories stored as so many bits and bytes, we have to ask - who is collecting all of this data - what are they doing with it - with whom are they sharing it? Most of all, individuals are asking 'How can I protect my information from being misused?' These are reasonable questions to ask - we should all want to know the answers.

"Data Privacy Day promotes awareness about the many ways personal information is collected, stored, used, and shared, and education about privacy practices that will enable individuals to protect their personal information.

Robert Siciliano, an Online Security Evangelist at McAfee, paints a much more negative picture in a blog post yesterday - probably even about the companies participating in International Data Privacy Day. McAfee is owned by the primary sponsor of the event, though, Intel. Siciliano speaks for many people when he says:

"Lately, it seems that barely a day goes by when we don't learn about a major Internet presence taking steps to further erode users' privacy. The companies with access to our data are tracking us in ways that make Big Brother look like a sweet little baby sister.

"Typically when we hear an outcry about privacy violations, these perceived violations involve some apparently omnipotent corporation recording the websites we visit, the applications we download, the social networks we join, the mobile phones we carry, the text messages we send and receive, the places we go, the people we're with, the things we like and dislike, and so on.

"How do they do this? By offering us free stuff to consume online and infrastructure for the online communities that tie us together. We gobble up their technologies, download their programs, use their services, and mindlessly click 'I Agree' to terms and conditions we haven't bothered to read."

It's a cynical perspective that refers to all the glory of the Interwebs as simply free stuff to consume with mindless clicks.

I think I prefer the description Gates might have offered. The global computer is now rich with features and opportunities, but those will be put at risk if people don't trust the network. Please, Mr. Zuckerberg, don't spoil this opportunity.

But it's not true. Everyone watching should have seen this change coming. Google executives have maintained for so long that their new direction is one unified Google product. The new policy doesn't track any new data. It doesn't change the user's settings. Users can still export all their data and leave Google forever. All this does is change perception.

It's Nothing New

Before, every Google service was a different website. After March 1, they'll all be treated as one. The old arrangement meant that each service had its own privacy policy. That doesn't mean it was more private. Google still tracked users. It still shared data from some of its services with others.

On March 1, the rules become much simpler: Google is all one thing. If you use it, it tracks your usage, it stores your data, and it uses your activity to personalize its services for you. Every single way in which it will do so is clearly laid out.

Today, members of Congress sent a letter to Google CEO Larry Page about the policy. They said it raises questions about whether consumers can opt-out of the new data sharing system either globally or on a product-by-product basis." That is crazy talk. You opt out "globally" by not using Google. That's how privacy policies work. It's true that you can't opt out of the privacy policies for individual services anymore. You know what you can do? Stop sharing things you don't want tracked.

Reflexively Reacting

To make sure I wasn't crazy for thinking this way, I spoke to Colin Zick, a partner at Boston law firm Foley Hoag and contributor to its blog, Security, Privacy And The Law.

"From a legal perspective, I'm not seeing anything that's much different in what's being proposed to take effect on March 1 and what's in place right now," Zick says. "In particular, the language about sharing across services has been in [Google's policies] for a long time."

Zick points out that all the past versions of Google's privacy policies are on the website, and the last two versions offer line-by-line comparisons to the previous version. Zick expects that Google will do the same with the new policy once it's officially issued.

"What we have is not a reaction to a change in legal language," Zick says, "but it's a change in perception. ... People are just reflexively reacting to the idea that Google is big."

Google Is Not Off The Hook Here

There are perfectly good things not to like about Google's new direction. For example, its community management strategy for Google+ is broken. Its names policy is only designed around appearances. As long as your name looks "real" to robots and engineers, you can go nuts. But you still can't use a handle, nor can you use a pseudonym unless it's "established," and you can prove it with some form of identification.

"Identity is prismatic," as Chris Poole so eloquently told us at Web 2.0 last year. Google (and Facebook) want to lock users into a single identity on the Web as far as their services are concerned. There's no question that Google's new direction is to be a bigger part of its users' lives.

You Don't Have To Like It

The idea of what Google is has grown. This month, Google unveiled Search plus Your World, its integration of Google+ social results into Web search. Google+ had already been integrated into YouTube, Gmail and so many other Google services. But search was the Google we used to know. The change upset people, myself included.

Google has been accused of breaking a promise about how it should work. Its founders used to pride themselves on the fact that Google search didn't favor its own services. Google has been scrutinized for years for backpedalling on that stance, but Search+ has been treated as a last straw. For people who don't use Google+, Search plus Your World doesn't work.

google social search - I hate this: mlkshk.com/p/BZOU

— David Jacobs (@djacobs) January 26, 2012

But this is the new Google. You don't have to like it. If you don't like Search plus Your World, you can opt right out. You can opt out of sharing browser history by using incognito mode. You can also opt out of targeted ads. You can't opt out of Google's new privacy policy, because that's how Google's business is going to work from here on out. The data you create anywhere on Google are available to the rest of Google. Google is one big service for better or for worse. You don't have to use it.

No One Is Making You Use Google

The new privacy policy changes the way it feels to use Google, but it doesn't change the way it works. What are people afraid of Google tracking? Their name and address? Their location? The contents of their email? Their Web browsing habits? Google already tracked these things. So does Facebook. So does everybody. These are things you choose to share with Google. Who said you had to use Google? It's not the power grid. It's not the sewer system.

You have a choice. You can choose between Google's new direction, an all-in-one, twice-a-day everything-service its executives want you to use like a toothbrush, or Google's competitors. There are plucky start-up search engines out there that might remind you of classic Google. Microsoft also has a social search engine, a free email service and a suite of cloud-based office software. Oh, you don't like them as much? Boo hoo!

Google is making its move. It's changing its nature. Some changes are bad, and other changes are good. Users who like the changes will be happy, users who hate them will be sad. Google offers more tools than anybody else to give its users control over their data. As it says in the overview of its new privacy policy, users who don't like the new direction are welcome to export their data and take it elsewhere.

What do you think? Has Google gone too far? Will you take your Web activities elsewhere? Share that with us in the comments.

The move is being widely condemned in the press as a violation of privacy but if Facebook would do this right, it could be a huge win for everyone. Facebook could be the biggest, most dynamic census of human opinion and interaction in history. Unfortunately, failure to talk prominently about privacy protections, failure to make this opt-in (or even opt out!) and the inclusion of private messages are all things that put at risk any remaining shreds of trust in Facebook that could have served as the foundation of a new era of social self-awareness.

We, ok I, have long argued here at ReadWriteWeb that aggregate analysis of Facebook data is an idea with world-changing potential. The analogy from history that I think of is about Real estate Redlining. Back in the middle of the last century, when US Census data and housing mortgage loan data were both made available for computer analysis and cross referencing for the first time, early data scientists were able to prove a pattern of racial discrimination by banks against people of color who wanted to buy houses in certain neighborhoods. The data illuminated the problem and made it undeniable, thus leading to legislation to prohibit such discrimination.

I believe that there are probably patterns of interaction and communication of comparable historic importance that could be illuminated by effective analysis of Facebook user data. Good news and bad news could no doubt be found there, if critical thinking eyes could take a look.

"Assuming you had permission, you could use a semantic tool to investigate what issues the users are discussing, what weight those issues have in relation to everything else they are saying and get some insights into the relationships between those issues," writes systemic innovation researcher Haydn Shaughnessy in a comment on Forbes privacy writer Kashmir Hill's coverage of the Politico deal. "As far as I can see people use sentiment analysis because it is low overhead; the quickest, cheapest way to reflect something of the viewpoints, however fallible the technique. Properly mined though you could really understand what those demographics care about."

Several years ago I had the privilege to sit with Mark Zuckerberg and make this argument to him, but it doesn't feel like the company has seized the world-changing opportunity in front of it.

Facebook does regularly analyzes its own data of course. And sometimes it publishes what it finds. For example, two years ago the company cross referenced the body of its users' names with US Census data that tied last names and ethnicity. Facebook's conclusion was that the site used to be disproportionately made up of White people - but now it's as ethnically diverse as the rest of America. Good news!

But why do we only hear the good news? That millions of people are talking about Republican Presidential candidates might be considered bad news, but the new deal remains a very limited instance of Facebook treating its user data like the platform that it could be.

It could be just a sign of what's to come, though. "This is especially interesting in terms of the business relationships--who's allowed to analyze Facebook data across all users?" asks Nathan Gilliatt, principal at research firm Social Target and co-founder of AnalyticsCamp. "To my knowledge, they haven't let other companies analyze user data beyond publicly shared stuff and what people can access with their own accounts' authorization. This says to me that Facebook understands the value of that data. It will be interesting to see what else they do with it."

I've been told that Facebook used to let tech giant HP informally hack at their data years ago, back when the site was small and the world's tech privacy lawyers were as yet unaroused. That kind of arrangement would have been unheard of for the past several years, though. Two years ago, social graph hacker Pete Warden pulled down Facebook data from hundreds of millions of users, analyzing it for interesting connections before planning on releasing it to the academic research community. Facebook's response was assertive and came from the legal department. Warden decided not to give the data to researchers after all. (Disclosure: I am writing this post from Warden's couch.)

"Like a lot of Facebook's studies, this collaboration with Politico is fascinating research, it's just a real shame they can't make the data publicly available, largely due to privacy concerns" bemoans Warden. "Without reproducability, it loses a lot of its scientific impact. With a traditional opinion poll, anyone with enough money can call up a similar number of people and test a survey's conclusions. That's not the case with Facebook data."

"Everyone is going 'gaga' over the potential for Facebook," says Kaliya Hamlin, Executive Director of a trade and advocacy group called the Personal Data Ecosystem Consortium.

"The potential exists only because they have this massive lead (monopoly) so it seems like they should be the ones to do this.

"Yes we should be doing deeper sentiment analysis of peoples' real opinions. But in a way that they are choosing to participate - so that the entities that aggregate such information are trusted and accountable.

"If I had my own personal data store/service and I chose to share say my music listening habits with a ratings service like Neilson - voluntarily join a panel. I have full trust and confidence that they are not going to turn on me and do something else with my data - it will just go in a pool.

"Next thing you know Facebook is going to be selling to the candidate the ability to access people who make positive or negative comments in private messages. Where does it end? How are they accountable and how do we have choice?"

Not everyone is as concerned about this from a privacy perspective. "There are many things in the online world that give me willies for Fourth-Amendment-like reasons," says Curt Monash of data analyst firm Monash Research. "This isn't one of them, because the data collectors and users aren't proposing to even come close to singling out individual people for surveillance."

Monash's primary concern is in the quality of the data. "There's a limit as to how useful this can be," he says. "Online polls and similar popularity contests are rife with what amounts to ballot box stuffing. This will be just another example. It is regrettable that you can now stuff an online ballot box by spamming your friends in private conversation."

It doesn't just have to be about messages, though. Social connections, Likes and more all offer a lot of potential for analysis, if it's done appropriately.

"We need trust and accountability frameworks that work for people to allow analysis AND not allow creepiness," says Hamlin.

Two years ago social news site Reddit began giving its users an option to "donate your data to science" by opting in to have activity data made available for download. Massive programming Question and Answer site StackOverflow has long made available periodic dumps of its users' data for analysis. "You never know what's going to come out of it," StackOverflow co-founder Joel Spolsky says about analysis of aggregate user data.

The unknown potential is indicitive not just of how valuable Facebook data is, but potentially of the relationship between data and knowledge generally in the emerging data-rich world.

That's the thesis of author David Weinberger's new book, Too Big to Know. "It's not simply that there are too many brickfacts [datapoints] and not enough edifice-theories," he writes. "Rather, the creation of data galaxies has led us to science that sometimes is too rich and complex for reduction into theories. As science has gotten too big to know, we've adopted different ideas about what it means to know at all."

The world's largest social network, rich with far more signal than any of us could wrap our heads around, could help illuminate emergent qualities of the human experience that are only visible on the network level.

Please don't mess up our chance to learn those things, Mr. Zuckerberg.

Whereas submissions to the PostSecret blog are curated by hand, the app was an experiment allowing any iPhone user to generate secrets instantly and anonymously. Warren says that users shared over 2 million secrets, and that "99%" of them "were in the spirit of PostSecret." The app launched in September, becoming the best-selling app in the U.S. and Canada overnight. It is now gone from the iTunes store, the Android version never arrived, and the PostSecret App website no longer loads.

"The scale of secrets was so large," Warren says, "that even 1% of bad content was overwhelming for our dedicated team of volunteer moderators who worked 24 hours a day 7 days a week removing content that was not just pornographic but also gruesome and at times threatening." In my experience, that 1% figure sounds a bit conservative. The chances of seeing something gross were pretty good on any given night.

Warren says that he had to remove the app from his own daughter's phone weeks ago. Bullies and creeps overloaded the app, and Warren and the moderators were unable to find a solution. At one point, the moderator team tried pre-screening 30,000 secrets a day, but they couldn't stem the tide of unsavory secrets.

Warren calls the now-defunct PostSecret app a "good faith experiment," but it's also an unfortunate lesson in the necessity of curation. It raised the privacy bar for app developers, but it opened up a Pandora's Box of backwardness in doing so. The app was rife with penis pics, vicious attacks and other disturbing messages. It was a valiant attempt to allow millions more to share their secrets, but for now, the PostSecret project will go back to its roots as a hand-curated blog.

Those who paid for the app can take comfort in the fact that their $1.99 supported an organization with good intentions.

Did you use the PostSecret app? What did you think of the experiment? How do you feel about the app shutting down? Share your thoughts in the comments.

We believe that Google will preview a major new social service called Google Circles at South by Southwest Interactive today. Update: Google has now officially denied that Circles will launch here, but not that it exists. See final update below, as of afternoon Texas time Google does now deny that Circles exists. If what we've heard is correct, the service will offer photo, video and status message sharing. Everything users share on Circles will be shared only with the most appropriate circle of social contacts in their lives, not with all your contacts in bulk. Circles may be shown off at an event co-hosted tonight by the ACLU, an organization focused on privacy and the liberties it affords. It may not be a big public launch yet, but it's clear that this is a major product in the works at the very least. Please see below the fold for what I hope will be the final update on this for now.

The service has been developed with extensive participation by Chris Messina, the co-creator of numerous successful social and software phenomena online, from BarCamp to Hashtags and much more. Messina declined to comment for this story. Jonathan Sposato, CEO of the photo editing service Piknik that Google acquired last year, is working on Circles as well. Sposato may be the only entrepreneur to have sold not one but two startups to Google - having founded Phatbits, a service that was acquired by Google in 2005 and became Google Gadgets. These are heavy hitting tech leaders and the service should be very interesting.

Editor's note: This story is part of a series we call Redux, where we're re-publishing some of our best posts of 2011. As we look back at the year - and ahead to what next year holds - we think these are the stories that deserve a second glance. It's not just a best-of list, it's also a collection of posts that examine the fundamental issues that continue to shape the Web. We hope you enjoy reading them again and we look forward to bringing you more Web products and trends analysis in 2012. Happy holidays from Team ReadWriteWeb!

Google's response. Google is now telling Liz Gannes at the technology blog All Things D that there is no product being developed. That's a real shame, if that's the truth of the matter.

Gannes writes:

When a report emerged this morning of a new social network focused on nuanced sharing called Google Circles, the company said it was not launching anything this week at SXSW. But such a product is not even under development, according to the people supposedly developing it.

Google's Chris Messina, who had been pegged as one of the leaders of Circles, told me directly today that he "didn't know what [the story] was talking about."

A trusted source with credible information, among several conversations I've had, lead me to draw the conclusions I did. I tried to frame them with some cautious caveats, but now Gannes is being told something different. To be honest, this wouldn't be the first time I've been told that a story I broke "was not based in fact" only to see something pretty darned close get confirmed later. I guess we'll see about this one.

There's plenty of evidence indicating that Circles is very real, of course. For example, one RWW reader found that if you look at the Buzz tab on a Google Profile with no linked media accounts, the page reads "nothing shared, try adding more people to your circles."

And now to return to our previously posted report. These details may in fact be a picture of what Google is going to do. They may instead be simply what Google ought to do. Take your pick, we'll know in time, I suppose.

A Matter of Personas

With Circles, I believe that Google will attempt to accomplish something critics from the blogosphere, academia, SXSW 2010 keynoter danah boyd, privacy watchdogs and others have all called on the social networking world to do: to allow our online communication to respect the same boundaries that our offline social lives do.

School and work, friends and family, the sacred and the profane; we've always been able to communicate different things to different people in different circumstances. Facebook, Twitter and other online social networks have collapsed all those contexts into one big bucket. We speak to our "friends" all at once, no matter what we might want to say to one group of people or another. And thus we often feel less comfortable than we might saying anything at all.

This fundamental discomfort has been, many people argue, a limiting factor in the growth, reach and depth of online social interactions. If that problem could be solved, there are big new ways that the online world could grow and evolve. This has been a more sophisticated understanding of privacy, not just as a public/private dichotomy but as a matter of contextual integrity of communication, that we and others have been calling on Facebook to adopt for almost two years.

The development of Circles is likely heavily influenced by the work of ex-Google social technology researcher Paul Adams. Adams has written a book called Social Circles, which will be released this Summer and he published a widely read slide deck about what is wrong with social networking: specifically the lack of respect for context and personas. (The Real Life Social Network) Adams worked on User Experience at Google for four years, but just months after publishing his influencial presentation he left Google for Facebook.

Courting Developers

Given who is working on it, I expect that Google Circles will be as developer friendly as other Google social products, but with a much greater emphasis on design and usability.

Messina and Sposato both have strong backgrounds in working with developers and APIs. Messina was trained as a visual designer and created the full page ad in the New York Times announcing the launch of Firefox, then went on to become a leader in the open web community. His work has included co-creating the international unconference phenomenon called Barcamp, helping build OpenID federated identity system, leading the Activity Streams movement for an interoperable social network user activity data system and initiating the use of #hashtags on Twitter. When he joined Google in January 2010, we wrote extensively about his life and career.

Right: Messina posted this photo on Foursquare today of posters promoting Google's hacker event at SXSW.

It is nearly inconceivable that Messina would be involved and the effort wouldn't be a standards-based platform play. If Circles is unveiled at SXSW, the timing couldn't be better from a developer relations perspective. Google can position itself as going exactly the opposite direction Twitter is. Twitter saw its biggest outpouring of criticism yet when it told developers on Friday that they should not build any more basic interfaces, clients, for using Twitter. It remains to be seen how that will play out, but if a major social network wanted to try to lure developers to build on their platform, this could be a good time to start talking about it.

Google Tries Again

Google has launched many different social efforts over the years but has remained far behind Facebook and Twitter in its efforts. Social networking is an important technology for Google to find success with as it's a key way that people spend time online and that targeted advertisements are delivered to those people.

Google Buzz felt overbearing and bolted on. It also got privacy terribly, terribly wrong. Google Wave was more confusing than collaborative. Google's Open Social interoperable widget platform was hugely hyped as a distributed Facebook killer, but it now primarily focused on enterprise social networks.

Reports emerged last June that Google has been working on a secret social project called Google Me.

In December a screenshot was leaked to TechCrunch showing a new toolbar item on Google.com called "Loop." (Loop seems similar to Circles - I think Circles is better.) I believe that Circles will be a toolbar level service as well.

It's hard to think of a stronger angle to take than support for contextual integrity of communication and conversation, of personas in social networking.

Google has tried and failed in many other (though not all) social efforts. Bringing some of the best thinking and the best innovators in the world to a new effort to tackle one of the world's biggest problems is very ambitious.

Presuming that the things we're hearing are true (I believe they are), then we'll follow up with in-depth coverage of Google Circles once it's launched. That may be tonight, it may be as far in the future as the Google IO developer conference in two months - but I believe we are going to see at least some parts of it today. More clear than the timing is that this is definitely happening: Google is putting some of its most innovative social thinkers behind a major product called Circles and focused on personas.

It's an incredibly feature-rich new type of social network profile. It's a re-imagination of what a profile can be. It makes me want to use Facebook more, to share more data with Facebook so that it can be preserved and displayed so nicely, years into the future. While other Facebook features have pushed users into posting publicly by default, or posted their activities from other places they didn't understand would become part of the public record, I think Timeline is a genuine value add to incentivize users to share more. I think it's great.

It's one thing to see this data all in a News Feed as Facebook has long showed it, it's fundamentally different to see Yourself and Others presented like a work of art in this new Timeline layout.

By highlighting the content you've published that has received the most social engagement, in the form of comments and Likes, your Facebook Timeline takes its best shot at presenting your Best Self to the world. The mundane updates are hidden in the background and the highlights of your life, if you posted about them on Facebook, are programmatically discoverable and now displayed in an attractive page layout.

It doesn't work perfectly, my Timeline says that I married my wife 3 times on 3 different dates, but generally speaking it works really well. It looks great on m.facebook.com too.

The Facebook Timeline represents the Instrumentation of Your Life, making things measurable and then building on top of those measurements. It's a big deal in the world of social software.

That Facebook launched such a bold new implementation of every user's data about themselves just months after getting slapped with a 20 year privacy audit requirement from the US government is bold.

As Not Seen on Twitter

Meanwhile, over on Twitter, that competing social network can't remember what you did two weeks ago. It does remember, it just won't let you remember. Historical content on Twitter is severely limited.

The company has said officially that's because Twitter is all about the here and now, it's real-time. Unofficially it's said though that the root of the problem was in a series of database creation decisions that were made years ago. It would now be super expensive to change that.

There is something about Twitter that's more conversational, more News focused and less conducive culturally to something like Timeline.

For the vast majority of its users, I'd also guess that Twitter accounts post fewer messages and get fewer responses that can be measured to determine highlights than is the case on Facebook.

Facebook also has a lot of structured data in the user's profile and changes to that become events, which social activity swarms around and which then become notable points in your life. You changed your marital status? That's probably going to get a lot of discussion. There is no equivalent on Twitter. Were Twitter to highlight your biggest tweets, they would likely be the wittiest quips you've made over the years, not the real life events.

Twitter is working on convincing people that tweets are great for reading, that it's largely a reading experience. Facebook, on the other hand, has always wanted you to share, share, share.

Many of us are doing things outside of Facebook, though. A lot of that is being shared back into our Newsfeed, but not all of it. I am very impressed with what Facebook has done, but I wish there was some more effective competition out there. There are various startups who have tried to do this, though none anywhere near as well as Facebook's hired and acquired team of world-beating design pros.

I joined Facebook 5 years ago this Fall, according to my Timeline. It's cool to see all that history presented so nicely and it makes me want to put more content into Facebook so I can see it later. I imagine that's the point.

We're all awash in a sea of data, we have been for some time, but as we meet that data we learn that it is made of people. We've met the data tsunami and it is us. That's bound to make a lot of people uncomfortable. If a future based on that data unfolds in the wrong way, it could end up a major hindrance to the quality of human life.

What is Carrier IQ? It's software that delivers data about peoples' cell phone use to the cellular network carriers. Dropped calls and call quality people can understand, when it comes down to app usage patterns and individual keystrokes, as it discovered last week the company is tracking and transmitting, that's data many people feel very uncomfortable with.

Apple says it's stopped using Carrier IQ, but millions of Android phones continue to use it. Senator Al Franken has started asking questions.

"Don't Track Me, Bro!"

It's easy to understand why all of this makes people uneasy. I was just thinking about how cool the apparently semi-functional Jawbone Go personal data bracelets were last week when I thought, "but I don't need some futuristic Logan's Run style tracking fashion object around my wrist everywhere I go!" Then I looked down at the hand holding my beloved iPhone.

The future is already here. Our phones pump geo-tagged transaction data into the network at a rate that's 7,000 times the volume of all the blathering in the Twitter Firehose. Data is being understood, according to some leading analysts, as an economic input of equivalent importance to capital and labor. My phone lights up whenever I'm within 50 yards of a historically significant place off-line.

It's awesome and it's terrifying, both.

What's Black, White and Read All Over?

If the future of data is built well, though, then the upside for all of us is huge. The controversy around Carrier IQ, runs the risk of throwing a very precious baby out with the bathwater we're uneasily coming to understand. The ultimate question is not whether or not this data will be collected and used - the question is who will control that process? Will it be us, or will it be mysterious corporations we never knew existed?

It's your phone, it's your cloud tablet, it's the invisible framework that keeps the internet accessible and fast - our activities in the networked digital realm are almost always inherently measured and transmitted as a matter of course in delivering the services we love.

But that doesn't mean that all tracking is done right. "It's astounding that a company thinks they can still get away with these always-connected devices," says Scott Kveton (right), CEO of mobile push notification infrastructure and mobile analytics service Urban Airship. "You have to always do the right thing when it comes to your product and services; thinking you can dupe or work outside of the regular rules of engagement is just plain nuts. Do you really need to do key logging to get network performance information? C'mon!"

Kaliya "Identity Woman" Hamlin (left, CC Doc Searls), Founder Personal Data Ecosystem Consortium, puts it this way.

I think all of this is a huge opportunity for the personal data ecosystem. Because clearly there is value in this data...but you can't get to it if you do it the way Carrier IQ appears to be getting it.

For one thing, it is totally out of alignement with European privacy law. In Europe they have purpose binding so you can collect data for 'a purpose' and you have to tell the user what it is and then keep the purpose with the data. It is illegal to store data with without the purpose binding.

The point is though, the data has value. It could be accessed ethically in new market places, oriented around people's control and management - not just this 'opt-in' to us stalking you. Put it in your personal data locker/store/vault/bank and use it as you see fit. Where the user can choose wehre they store it who can help them get value from it and how they are protected from others seeing and poking at it or manipulating and using it for things the user doesn't want.

This is also where accountability frameworks will start to come in - because right now there are really none asserted by people or anyone - but it is reasonable for a carrier to have data on where calls are dropping. So can you have 'frameworks' where that kind of data is available but not the Personally Identifiable Information and tracking bits...and can we audit this?

We want these systems and networks to get better...but 'trust us' isn't really going to work.

Messy, Secret, Private Freedom

Beyond the value of improved network performances and application features, Hamlin also emphasizes the need for people to control their own data and share it selectively in order for us to have the freedom to express different parts of ourselves in different contexts. If our whole lives are thrown into one big data bucket being peered into by robots from all over, that's going to constrict our freedom of movement and action.

Hamlin says that companies in this space are identifying your email, street adress, real name and from that are able to "look you up in the databases in the cloud that are tracking everyone and know all about you...without 1) having to ask you 2) respecting your different contexts you may not want linked 3) then they decide they know things about you that are 'inferred' from all that data...(the My TiVo thinks I'm gay problem writ large) and 4) has no sense of decency or relationship that is 'human'."

That all makes sense to me. I know I want the freedom to make decisions without robots lumping all the decisions I've ever made into one giant bucket without my permission. I'll happily share a lot of my data with people I trust and who deliver value to me. But it's not really Carrier IQ's world I live in, this is my life.

The controversy initially swirled around Android-based smartphones from a variety of manufacturers. Last night, iPhone hacker Chpwn reported that he had found traces of CIQ in Apple's iOS operating system, although what he found looks less alarming than what Eckhart initially saw elsewhere.

The only data Chpwn could see being accessed by CIQ on the iPhone were things like the carrier, country, active phone calls and physical location (assuming location services are turned on). He did not find things like message content or any keystroke-logging type of activity. Whatever the app does log, it appears that it only works when the phone is in diagnostic mode, so preventing the data from being transmitted is no insurmountable task.

Chpwn's findings were verified by the Verge, who said they located a file called IQAgent and spotted references to the URL collector.sky.carrieriq.com on an iOS device. Exactly what kinds of data the iPhone is collecting or transmitting is not exactly clear, but so far it looks like it's fairly minimal.

After the scandal heated up for about 24 hours, Apple put out a statement saying that they haven't logged personal information using Carrier IQ and that they're actually in the process of removing the software from iOS. Whether or not that decision had already been made, now looks a good time to axe the program, especially considering Apple's history with iPhone privacy controversies.

What Exactly is Carrier IQ and Why is it a Big Deal?

In all the freaking out going on about Carrier IQ, it would easy to assume that this is some kind of large-scale espionage program targeted at consumers for the benefit of large corporations or even curious government officials. In reality, Carrier IQ is intended to be used a diagnostic tool to help carriers and device manufactures optimize their networks and hardware.

That may well be true, but what Eckhart discovered last week goes well beyond diagnostics and may even constitute large-scale wiretapping of the type that citizens and government officials could be prosecuted for.

This is an evolving story and as the EFF and Senator Franken have made clear, Carrier IQ has a list of questions to answer. We trust that between those inquiries and the continued diligence of hackers and mobile security experts, a more thorough picture will be painted over the days and weeks to come.

Find His Porn is cynically exploiting the paranoid and freaked-out, violating privacy, jeopardizing security and taking people's money. It has been created under a total veil of secrecy. Oh, it's also "perfect for ✓ Boyfriends, ✓ Husbands and ✓ Kids" with the "goal of empowering women everywhere." With its marketing finely tuned, Find His Porn profits off of people's engrained norms, broken trust and technical ignorance.

How evil is Find His Porn? Let us count the ways.

"I told all my girlfriends about it!"

We'll start with the marketing. "We started Find His Porn with the goal of empowering women everywhere," says the About page. "With over 1 million adult websites being visited by males on average 15 minutes per day, it's naive to think he's not watching porn behind your back too." Hm. How is this empowering anyone? We asked them via info@findhisporn.com, their only public point of contact. We can't wait to see what they say.

"Technology has advanced to the point where traditional ways for women to keep track of their guys just don't work anymore." That is the attitude of Find His Porn. Heterosexual relationships have a "tradition" of spying and distrust, and you - the straight female customer - need this Web service to keep up with the times.

"As opposed to typical monitoring software..."

Not only does Find His Porn exploit people's relationship problems, it also takes advantage of their technical naïveté. "No downloads!" boasts the Learn More page. It just "scans your computer hard drive" with its "advanced algorithm," creating "a much deeper and more complete search then [sic] you could ever do by yourself."

"No downloads," of course, but it is only compatible with Windows computers with Java. If you're not sure "if have Java," as the FAQ page eloquently says, you can click a link to go download it. No downloads, though. ;^)

This is a one-time thing. You PayPal it some money, and it runs the scan on the computer you're using. You get a thorough rundown of the porn on the disk and in the Web history, and then it's gone. You have to pay to see it again. The site says Find His Porn does not store the results of the search.

We've reached out to our contacts at Sophos to see if they can help us get a detailed rundown of what this software really does. But Find His Porn doesn't want you to worry about all that. Just fork over the cash and let the thing go to work. It's so easy. There's a demo video on the Find His Porn homepage. Warning: It contains some explicit filenames, and it's exploitative and NSFW for a few seconds at the end.

Find His Porn is taking too much money, offering a dubious technical solution to an emotional problem. If you're having trouble in your relationship, this is not a solution. It's a scam.

Try Communicating Instead

We're not taking a position on the propriety or impropriety of porn, whether consumed in a relationship or not. However, if you're in a relationship and have concerns about your partner's viewing habits, we strongly recommend that you consider talking to your partner rather than overpaying for a one-time application to spy on your partner.

Aside from the obvious concerns about the safety and efficacy of the application, if you don't trust your partner to discuss this with you honestly, the relationship has larger issues than whether someone's looking at porn.

Now then. Let's lighten up a little, huh?

If this seems objectionable from the standpoint of U.S. citizens, imagine how it looks to outsiders who are storing their data there. Some European companies who do business with U.S. technology companies are concerned enough to start looking elsewhere for infrastructure.

The new service allows companies to easily deploy and manage database instances in the cloud while still delivering products to consumers in such a way that complies with EU data protection laws.

A recent survey indicated that 70% of Europeans have concerns about their online data and how well companies secure it. A statement issued by two European politicians said that companies wishing to do business with consumers in Europe should abide by local data privacy laws, including social networks.

Cloudnines and City Network are pushing the privacy angle when marketing their services, as well as the notion that hosting data nearby (as opposed to across the pond) will improve latency and performance.

Considering growing concern over U.S. privacy developments, some of which are quite reasonable, we can realistically expect to see other firms in Europe and elsewhere follow suite with this type of branding effort.

The depth of the allegations are startling. Does CIQ really have the ability to key log everything that a user types? The fight has now gone legal with CIQ sending Eckhart a cease-and-desist letter and removal of his research while the Electronic Frontier Foundation (EFF) has come to his aid. CIQ claims copyright and false allegations of Eckhart's research while the EFF says the researcher is protected under Freedom of Speech and Fair Use doctrines. Make no mistake, this battle is more than just about copyright and the free speech. It is the first step of unveiling exactly what companies know about their cellphone customers and how they use that data.

See the fax from the CEO of CIQ to Eckhart himself here.

Research: Root Code, Device Access & System Admin

It appears that the initial cease-and-desist letters from CIQ have worked. The original material from Eckhart's research, posted in various Android security and file hosting sites, are no longer published. (here and here you will find the 404 not found to those articles). Eckhart also published the companies training manuals. All of this information was found for free on open sources, according to Eckhart and the letter sent to CIQ on his behalf from the EFF.

What Eckhart found was a series of code used by CIQ to track the behavior of users baked into the root and skins of HTC smartphones. Research on Samsung devices was done by XDA member k0nane. Both instances foundn that CIQ had code that had device access with the purpose of tracking data that can be accessed by a system administrator. Essentially what that means is that all the data in a device, including all personal data, messages, input methods, calls received (and dropped), media usage (app) statistics and more can be accessed by an admin with access to the CIQ data. That means that CIQ and its partners basically have access to your entire smartphone.

Image: Capabilities found in the CIQ code. Source: XDA Developer blog.

The outcry over mobile data tracking has been heard loud and clear this year. We saw that with the iOS/Android/Windows Phone location tracking "scandal" earlier in the year and other flares ups through the summer. Yet, that does not mean that what CIQ does is inherently wrong. It may have a little too much access to the device but the service it provides is helpful to the OEMs and carriers in creating better user experiences.

What Does CIQ Actually Do?

In a media advisory posted to CIQ's website, the company defends its practices. The note, posted from the company's headquarters in Mountain View on Nov. 16 is titled "Measuring Mobile User Experience Does Matter!" and outlines what the company does and does not do. Here are the pertinent paragraphs:

Eckhart's research is basically saying that CIQ is lying in that it does not track some of the functionality that it denies tracking and believes he has found the source code to back up those claims.

CIQ is a venture-backed company that raised its Series C funding in 2009. It was named as an Innovative Business Analytics Company Under $100M to watch by IDC in late October of this year. In addition to Samsung and HTC, CIQ has published relationships with Nielsen, Vodafone Portugal, Huawei and the entire Android platform among several others.

This is an ongoing story. What does CIQ really know about users? What is it sharing with the OEMs and carriers? We will attempt to follow up with pertinent parties to get a more accurate view of what CIQ is up to and report our findings as soon as we have more information.

Critics say that Seamless Sharing is causing over-sharing, violations of privacy, self-censorship with regard to what people read, dilution of value in the Facebook experience and more. CNet's Molly Wood says it is ruining sharing. I think there's something more fundamental going on than this - I think this is a violation of the relationship between the web and its users. Facebook is acting like malware.

The Way it Works Now is Wrong

Facebook's seamless sharing doesn't just happen without notice. The way it works is that the user logs in to Facebook and finds news stories or other links from off-site posted to the top of their news feed. If they click those links, they are prompted to add a Facebook app from the publisher of the story so that their activity on other sites, be it the Washington Post, Yahoo News, or somewhere else, will also be posted back onto Facebook.

There are options available right away, like limiting who can see all those posted links, or opting to cancel addition of the app at all. If the user clicks cancel, they will be taken to the link they intended to click on anyway - they'll just opt-out of adding the seamless sharing app to their Facebook account.

Got that? In order to do what you originally wanted to do when you clicked on a link, you have to click cancel on the menu that popped-up when you clicked on that link. That's not unintuitive, that's counter-intuitive. That it's proven so wildly effective and feels like it caught people unaware makes it feel like an action taken in bad faith by Facebook - like you were tricked.

These options are no doubt skimmed over quickly by hundreds of millions of people who aren't even familiar enough with their own computers to enter Facebook.com into their browser's address bar without Googling for it and clicking on the link.

Violation of reasonable user expectations is a big part of the problem. When you click on a link - you expect to be taken to where the link says it's going to take you. There's something about the way that Facebook's Seamless Sharing is implemented that violates a fundamental contract between web publishers and their users. When you see a headline posted as news and you click on it, you expect to be taken to the news story referenced in the headline text - not to a page prompting you to install software in your online social network account.

That hijacking of your navigation around the web is the kind of action taken by malware. It's pushy, manipulative and user-hostile.

A Loss of Opportunity

In the near-term future, almost every action that you take at home or out in the world will be tracked and measured. Hopefully it will happen in aggregate and anonymously, with extensive privacy protections in place. In exchange for the instrumentation (making measurable) of everyday life, the world will be able to be managed in ways that are more efficient, hopefully more just, and more conducive to new innovations. When the traffic on every road is tracked in real time, for example, then new applications will be created to help drivers select the best route to work and for cities to manage vehicle emissions. Billions of devices will be connected to the network in the future and publishing data into a platform for application development - it's important that those systems be built in a way that people can trust or else the whole scenario is going to be ugly and under-utilized.

Likewise, our activities online are already being tracked all the time - but in most cases it's not our social selves that are attached to that data. We're just numbers tied to history that gets referenced when it's time to serve us up a personalized advertisement. Though some people find that frightening, I don't think it's a very big deal.

Where the new developments come in online is when that data is used to offer us value, not just advertisers who would track us. It's nice when our music social networks, for example, can easily surface the albums that we listen to the most so they can be played with a click. It's cool that music popular with our friends is surfaced as well. It might not be quite so cool when every song we listen to is pushed out to all our friends with our names attached. It is even less cool when those are articles we're reading around the web, pushed out without our choosing to share a particular item. I'd like to see what articles are popular among my friends, but I don't want particular friends self-censoring what they themselves read out of fear they'll be associated with all of it individually.

"I'm afraid to click any links on Facebook these days," says CNet's Molly Wood. That's one of the world's top technology journalists talking; even she seems unclear on how the system works and would rather just avoid the entire thing.

There are good ways and there are bad ways that our "data exhaust," the cloud of data we emit when we engage in everyday activities online, can be used to our own benefit. That data could be used to deliver us new recommendations for discovery, analytics showing us things about ourselves we never knew before because we couldn't see the forest for the trees. When a giant social network does it wrong though, that puts the whole opportunity for everyone to do it well at risk.

I don't know why the world's leading designers on social media user experience would have made something as creepy feeling as the way this new seamless sharing was instituted, but I wouldn't be surprised if it's because behind the scenes Facebook is built by arrogant young people living charmed lives and sure they know what's best for the rest of us. There's something about new features like this and the way the company talks about them that feels fundamentally patronizing. Looking at the user comments that get posted on Facebook announcements, it's not hard to imagine why, though. (They are really dumb.)

I think Facebook ought to put a greater emphasis on acting in good faith and helping its users make informed decisions, in line with their reasonable expectations, as the company seeks to experiment with building the future of media.

Enter Covert Browser, which was approved by Apple earlier this week. It uses Tor to encrypt Internet traffic and route it through three different servers to ensure data about users cannot be intercepted by third parties. Such data would include browsing history or, more commonly, one's geographic location.

Common use cases for Tor include activists wishing to elude authorities, journalists hiding their sources and even law enforcement encrypting their own online communication. Wikileaks has also used Tor to transfer documents.

In this case, Tor's infrastructure is being used to reroute and strongly encrypt Internet traffic, something that previously wasn't possible on non-jailbroken iOS devices, at least not to this extent.

The initial release of Covert Browser has some stability issues, with a few users noting that the app crashes frequently. As one commented in the user reviews, "I can't order my drugs, tiger meat and rhinoceros horns with a browser that crashes all the time!" Hoffman has already submitted an update to the App Store that attempts to fix these problems.

Normally, requests for this type of information are not particularly controversial, but in this case a warrant was not required and the subjects of the data inquiries have not yet been charged with any crimes. The government is able to make such warrantless requests thanks to a 1994 law known as the Stored Communications Act.

"We are gravely worried by the court's conclusion that records about you that are collected by Internet services like Twitter, Facebook, Skype and Google are fair game for warrantless searches by the government," said Electronic Frontier Foundation Legal Director Cindy Cohn.

If the name of Jacob Appelbaum sounds familiar, it's because he's the Tor developer whose Gmail data was handed over by Google to the U.S. government as part of the latter's ongoing investigation into WikiLeaks and its supporters. Initially, Twitter had resisted requests to hand over its users' data without notifying them. With this ruling, the government essentially tells technology companies that if the government comes asking for information about its users, they'd better give it up, warrant or not.

A Slippery Slope For Online Privacy?

As the W3C and tech companies continue to hammer out consumer privacy standards for things like browser-based user tracking, it appears that the real battleground for online privacy isn't between companies and consumers, but rather at the point at which governments start demanding user data without a warrant.

The reason so many privacy advocates object to what Google and Twitter are doing isn't so much out of sympathy for WikiLeaks, but rather because of the precedent that these rulings set.

The U.S. government is seeking information about WikiLeaks and supporters of the organization as part of an effort to build a legal case against it. Individuals like Appelbaum and Icelandic parliamentarian Birgitta Jonsdottir may appear to be logical targets in the quest for that information, but many wonder where the government's right to access private data without a warrant begins and ends.

Collaboration, Support and Sympathy: Where Are the Lines?

In the case of WikiLeaks, the line between providing material support to the organization and simply being sympathetic to its goals can be very thin. Helping Julian Assange store or release classified diplomatic cables is one thing. What about donating money to WikiLeaks? Writing something sympathetic? What about the news organizations who have partnered with WikiLeaks to release information?

Some may counter that such an argument approaches logical fallacy. Yet students of U.S. history need look no further than the 1960s and 1970s for examples of law enforcement investigating and tracking citizens based on their political sentiments.

Certainly, much as changed since then, both politically and technologically. Perhaps most significantly, we are now generating and storing more data about our lives, relationships and intentions than at any point in human history, and we're doing so largely on server farms owned and operated by people other than ourselves.

As the ruling judge himself wrote, users of online services have "a lessened expectation of privacy" when they agree to the terms of service for sites like Twitter and Facebook. That may or may not have been the understanding of the millions of users who have clicked that "OK" button, but it's certainly good to know.

Photo of Jacob Appelbaum by Threat to Democracy