You are viewing a read-only archive of the Blogs.Harvard network. Learn more.

Data Privacy Day + 4 Not So Obvious Privacy Tips

Take out your calendars for the new year! Intel is sponsoring its second Data Privacy Day on January 28, 2009. Data Privacy Day, which is sponsored by a combination of tech companies, government organizations, and academic groups, aims to facilitate discussions on privacy, especially with regards to teenagers and social networking sites. The three-part framework includes educational materials, events, and government involvement. It was also nice to see the Digital Natives project, which has been active in all three of the above components, under their resources for data privacy issues.

I was most interested in the educational materials for teenagers that were presented Data Privacy Day. They bring up some important points, and I’d like to add some of my own thoughts to them here. I’ve have tried to pick out tips about privacy that may not come across as immediately obvious. None of them are myth-busting, per se, but they probably aren’t things we think about the minute we hit the tempting “Sign Up” button. Since the material on Data Privacy Day mostly focuses on privacy on social networking sites, I’ll draw on some examples with Facebook, which I have the most personal experience in.

1. Treat what you put online as permanent.
It’s easy to think of digital content as ephemeral, mutable, and easily edited, which is true except for caching. Search engines take snapshots of websites and makes these snapshots, rather than the live website, searchable. That means that anything you post that gets cached will show up in a Google search even if you later remove the content. Google caches are updated every so often – usually in a span of a few weeks – but you have limited control in the intermittent time. Even when pages and Google caches are updated, old webpages may still be archived and accessed on places like the Internet Archive. (Note: Here are Google’s policies on excluding pages from its cache and search results. Most of this information applies to other search engines as well.). Aside from automated archives, other users can of course copy and save your content to display on their own sites. The bottom line is: Once it’s online, it’s out of your hands.

2. Default settings usually allow sharing.
Privacy, as works at almost all social networking sites, is opt-in rather than opt-out process. From the point of view of a social networking site, it’s always in their advantage for their users to share as much as possible. Unfortunately, this means that people who are least aware are also the ones most at risk. Settings can be sneaky or complicated. On Facebook, you can have strong, custom privacy settings enabled, but when you join a new network – a regional network for example, which are often the largest and most open – none of those custom settings apply. It is important to be vigilant and take affirmative steps to be aware of your own privacy settings.

3. Companies usually reserve the right to change their privacy policies without notice.
Remember when Facebook came out with Newsfeed? Or ads that tied your name to online purchases on third-party sites? Facebook didn’t tell its users about the changes until they were live, and these changes were strictly opt-out only. (Not to mention that the initial privacy controls in both cases were either nonexistent or insufficient.) Facebook’s own privacy policy also says, buried in the middle of pages of text, “We reserve the right to change our Privacy Policy and our Terms of Use at any time.” and, “We encourage you to refer to this policy on an ongoing basis so that you understand our current privacy policy.”

4. A closed network is only as private as the people in it.
As I said in number 1, any content that is put online is no longer completely in your hands. To take Facebook as an example again, it’s easy to think of Facebook as semi-private because it requires a log in to access the site and is not indexed by search engines. But that doesn’t mean that photos on Facebook are strictly accessible only to friends or networks based on privacy settings. All it takes is a simple right click and “Copy Image Location,” which gets you an URL linking to a Facebook photo that can be copied and sent to anyone. Essentially, if leaked, anyone can see a Facebook photo.

This post is not supposed to come across as alarmist– it’s just crucial to think of privacy as something for which we have to be proactive. Privacy isn’t the default mode of the Internet – the Internet does, after all, serve to connect people – so it is also important to understand the privacy implications of all our actions online. Data Privacy Day does well to play a part in this educational process.

– Sarah Zhang

Are privacy tools enough?

As I went on Diana’s field trip through Facebook’s privacy controls on Wednesday, I wondered two things: Do digital natives understand the gravity of what and how much information they expose of themselves on the Internet? And secondly, although disclosed information can be filtered, do we ever take into account that our information is owned by the compannies offering the services we are using? Essentially, to what extent are digital natives aware of, and comfortable with, trading off their privacy for online services?

According to Born Digital, “Many Digital Natives incorrectly perceive that their conversations online are far more private than they are. In other words, there’s new incentive to post information about yourself online (social norms suggest that more information about yourself will attract more friends), but less of a check on your behavior (an innate sense of privacy, or someone telling you “don’t you dare go out dressed like that”). The result is that at no time in human history has information about a young person been more freely and publicly accessible to so many others.”

This quote indicates how DNs bring harm to themelves by disclosing information that should be private becausethey naively trust the system they are using to publish their data. In connection with privacy and safety, a great video was created to educate digital natives about the consequences of making information public through online means. This video was posted by AuntLee two weeks ago here at the DN Blog.

However, what about the issue of owning our infomation? True, Facebook enables users to control who is accessing their information, but will Facebook itself refrain from accessing our personal information?

When researching information for this post, I bumped into the Google Privacy Policy. As its publicly known, enterprises such as Google, Microsoft, AOL, etc., have access to all we do on the Internet. By reading the Google Privacy Policy, one understands that this information exists and the purpose of its use can be shifted anytime. So, again, we are obliged to trust in these enterprises to which we offer our personal information in exchange for the use of services. But what if something goes wrong either with the company or with the information?

As Palfrey and Gasser have discussed in Born Digital, DNs leave tracks, or “digital tatoos,” throughout cyberspace. Although the environments in which they do so are meant to be safe places for such procedures, creating a sense of trust between DNs and service providers, it incentivates a disclosure of personal information with no precedents. Meanwhile, means of tracking information gets more accurated, as it happens with this GPS localizer for instance. It is disturbing to observe kids who use this site accept the idea behind it, and have incorported these technologies into their daily lives.

As we can see, technology has been offering various ways of controlling and tagging people with a discourse that makes DNs understand these devices as harmless. What if this information is used differently from what we expect? What if data gets lost? What if a companny that holds your personal information is sold? Would you like to have your personal data sold with it?

Out of Our Hands: Privacy and Internet Gossip

“Thank you for screwing up my freshman year.”
-Addressed to, from a CNN profile of a college student who was a target of posts on the site.

So tempting is a juicy piece of gossip. Despite assurances to the original informer to keep it on the down-low, the juiciest tidbits will always manage to slip out. But there is a tinge of a guilty conscience when one violates the trust of a friend. What happens when even this bit of accountability is entirely removed and anonymity is rule? You’ve got

JuicyCampus is a repository of gossip and rumors; organized by school, it presents information in a way that is maximally useful to gossip-seekers. Hot topics invariably include keywords like “gay,” “sex,” and “sorority.” It prides itself on complete anonymity and even directs users to proxies to mask their IP addresses. When I last JuicyCampus here, the site had just taken off, attracting media and legal controversy. I haven’t been able to find any recent news on the legal developments, so I can only assume they haven’t made much headway.

(A quick legal aside: JuicyCampus is protected by free speech and can claim immunity under Section 230(c) of the Communications Decency Act, which states “No provider or user of an interactive computer service shall be treated as the publisher or speaker of any information provided by another information content provider.” This means that JuicyCampus is not legally responsible for potentially libelous content on its site. What the New Jersey AG was attempted to do was sue JuicyCampus for consumer fraud in misrepresenting how it deals with content removal.)

We generally like to think that privacy is in our hands. We control the information about ourselves – Facebook has robust privacy controls, we choose what we put about ourselves online, etc. We do not, however, have any control over what others say about us. In this way, the existence a public forum like JuicyCampus allows others to invade our privacy. There are really two separate issues here, the posting of true information (invasion of privacy) and the posting of false content (libel). Let’s see how JuicyCampus deals with the former in its FAQs (my emphasis added):

How do I remove a post that someone else made?
You can’t. Only we can remove posts made by others, and generally we don’t. We do remove spam, but otherwise it’s pretty rare.

What if my contact information is posted?
If someone posts your email address, your home address, your home phone number, or other contact information (no, your full name doesn’t count), we’ll consider deleting it if you notify us. Shoot an email to us at with “Contact Info” in the subject, give us as much info as you can about the post so we can find it, and we’ll see what we can do. FYI, we may or may not read your complaint, and we may or may not respond to it. The decision of what action to take, if any, is at the sole discretion of JuicyCampus.

JuicyCampus’s FAQs and privacy policy are remarkably cavalier. I personally find it a little upsetting to see a site flaunt its CDA immunity with such blatant disregard for privacy. So how to deal with something like JuicyCampus? The Colonialist at George Washington University has come up with one strategy to combat JuicyCampus: spam. With spam the downfall of many message boards in the past, there is some poetic justice in fighting the malefactors of the Internet with their own weapons. But the strategy requires a corps of volunteers dedicating their time to….posting spam, not a particularly sustainable enterprise.

Or we can just ignore it. Every controversy surrounding it elevates its profile; every attempt to ban brings more curious visitors. I’m probably doing a disservice by mentioning JuicyCampus here. But there is a distinction I’d like to make. Posting on JuicyCampus is actually quite different from exchanging gossip with friends and acquaintances. Gossip is a kind of social currency – it’s showing off your exclusive knowledge and bringing a select circle into your confidence. These anonymous postings on the Internet, however, have no benefit to the poster, except perhaps the satisfaction of personal retribution. It’s the digital equivalent of nasty messages scrawled in the bathroom, only worse because the potential audience is the entire world. But as any smart student would realize, JuicyCampus really just an outlet for the spiteful and the bored. I’d like to think, anyways, that the site has only limited utility and thus limited appeal. That’s not to say terrible consequences can’t come out of its limited user base, but it’s never going to be the center of our online social live. Or am I being too optimistic?
-Sarah Zhang

Navigating Privacy

cross posted from John Palfrey’s blog

Jonathan Zittrain and I are headed up to seacoast New Hampshire to be the “curators” of the IAPP’s new executive forum, Navigate, for the first few days of the week. It’s a beautifully organized program and a terrific line-up. It promises to be provocative and a lot of fun.

Privacy turned out to be a major part of our research into how young people use new technologies differently from their parents and grandparents. In our book, Born Digital (coming out in the next few weeks; and now the book’s website from the publisher is up), we started with a single chapter on Privacy and ended up with three: Identity, Dossiers, and Privacy. (Berkman summer intern Kanu Tewari made a video rendition of our Dossiers chapter; and the project’s wiki has a section on Privacy.) I look forward to testing those ideas with a bunch of privacy pros who will no doubt help to refine them.

As a special bonus: They’ve partnered with the MindJet people — makers of MindManager, which I love — to document the event and to extract key themes in an organized digital format. I’m looking forward to learning some MindManager tricks.

Digital Shadows

This week we’re taking a break from all the interviews to give you a glimpse of the world of Digital Dossiers. Your dossier is made up of all the digital tracks you leave behind – from your photos on Flickr, to the Facebook messages you send, to all the data your credit card company collects about your transactions. On a daily basis, digital natives are consistently leaving information about themselves in secure or non-secure databases. You probably do this without a second thought in you day-to-day life – but have you ever considered the amount of information being collected about you, or the extent to which this information spreads?

In this video, created by Kanupriya Tewari, we explore this issue from the perspective of a child born today – Andy – and the timeline of all the digital files he accumulates in a life span.

Digital Dossier
Click here to view the video.

Or you can watch it here

To learn more about the topic check out:
– The Digital Natives website and Wiki
Born Digital

Come back every Wednesday for more multimedia on online privacy, cyber bullying, digital activism and more!

Going Loca: Privacy in a digital world

As more and more of our lives become enmeshed in the digital world, more and more of our lives are detected, stored, and compiled by the digital systems that serve us. As we call friends on cell phones, navigate streets with GPS systems, login to Facebook from our notebooks, and swipe our employer IDs at cafeteria cashiers, bits of data are collected about us, stored, and compiled in various databases, owned by diverse entities. This collection of digital tracks that we leave behind add up to form our digital dossier.

Compiled all together, this data can say a lot about us. But who has access to this data? How is it collected, and how is it stored? And what rights do you have over your own data? These are important questions to ask – especially for Digital Natives, who are leaving digital tracks from birth, compiling a digital dossier vaster and more detailed than any generation that has come before.

What does this mean for Digital Natives? What does this mean for the future?

Our research indicates that Digital Natives are often unaware of the data that is being collected about them, and what this means for their privacy. The young people we talked to that were aware of privacy concerns often became so after a “learning moment” – something happened to them that made them uncomfortable, and think twice about their privacy online.

Learning by error can work, but it can also be costly. How do we teach youth (and adults, for that matter) to be aware of the data that is being collected about them, to be wary of privacy issues, and to become informed actors in the debate over the ever growing market of information in our new digital world? This is a question we grapple with here at the Digital Natives project, and at the Berkman Center more widely.

A group of designers – John Evans, Drew Hemment, Theo Humphries, and Mike Raento – have come up with one interesting way. They’ve designed a grass roots surveillance system called Loca.

Loca aims to enable people to question the networks they populate, and to expose the disconnect between people and the trails of digital identities they leave behind.

The creators of Loca used old mobile phones to create a monitoring system that tracks all mobile phone users in the vicinity that have their Bluetooth set to discoverable. The system collects data on individuals’ whereabouts, tracking users’ movements, and sending users messages in response to knowledge of their whereabouts. Individuals in the area with mobile phones, without doing anything, receive messages such as:

We have seen you here five times in the last three days.


You spent 30 minutes in the park and then walked past the flower stall. Are you in love?

After such a message spooks a user, it then challenges people to think. Users also receive a message indicating the whereabouts of the Loca headquarters, where they can scan their mobile phone and receive a printout of the every time and location where the system detected them, providing a physical manifestation of the surveillance of their movements.

As the Loca video below explains,

Messages sent to users make the presence of the network know, and illustrate the types of data that can be gathered, and the inferences that can be drawn from it…[Loca] aims to raise awareness of the networks we inhabit, and provoke people to questioning them.

Loca brings up interesting questions for users who were tracked in San Jose, California at ISEA2006. But what about those of us who will never encounter this provocative system? Reading privacy agreements is boring, and can be very confusing. How can we bring awareness to the privacy issues raised by our ever growing digital dossier – and encourage people to think critically – in fun and educational ways?

Living in a digital world makes many things more convenient, available, and even simply possible to achieve. But often, the very tool that makes something good – like mobile activism – possible, also raises concerns in other areas, like privacy. Privacy laws need to safeguard the individuals whose data is being collected. But individuals – especially Digital Natives, who are growing up in a digital world, and will come to lead us into our digital future – need to take an active role in the formation of a society that deals with information and privacy in a responsible and human-centered way. The first step in addressing the issues of information collection, retention, and sharing – and the concern for the future of privacy – is by raising awareness.

– Miriam Simun

[kml_flashembed movie="" width="425" height="350" wmode="transparent" /]

From Email to Blog: A DN Debate on Cyberbullying

A few weeks ago, a debate was going around on the Digital Natives listserv about bullying and its echoes in the digital world. Among the participants were danah boyd, Miriam Simun, David Weinberger, Gene Koo, and Sam Jackson.

danah boyd kicked off the discussion with this definition of bullying used in a Crimes Against Children Research Center (CCRC) report:

As noted by Olweus (2001), “a student is being bullied or victimized when he or she is exposed, repeatedly and over time, to negative actions on the part of one or more students.” The preceding definition highlights the aggressive component of bullying as well as the associated inherent power imbalance and repetitive nature. There are a wide range of behaviors consistent with bullying, including physical, verbal, and relational manifestations.

But as it turned out, even agreeing on a definition of bullying was tricky. The same study states that 30% of youth in the United States report involvement in moderate or frequent bullying, a number that David Weinberger found shocking. The problem, he surmised, was that bullying is being defined too broadly. Do teasing, social exclusion, and bullying all belong in the same category? Or do they represent starkly different motivations and different levels of severity?

In cyberspace, these distinctions between these behaviors become increasingly blurred. While the word bully most likely conjures up the big, mean kid who beats others up on the playground, cyberbullying is obviously not physical. Relational bullying or relational aggression – essentially emotional bullying that involves exclusion, gossip, lying, etc. Think Mean Girls – is especially prevalent among, not surprisingly, girls. Sam Jackson cited a study that 71.4% of girls and 21.1% of boys who experienced bullying were victims of relational bullying (Henington, Hughes, Cavell, & Thompson, 1998). This is also the same kind of bullying that is made easier online. Add this to the miscommunication implicit in online interactions versus face-to-face ones and you have a problem that is at once unique to the Internet yet grounded in real life social interactions.

The danger of lumping together all different forms of social intimidation like teasing and social exclusion into the serious category of bullying is distorting the severity of the problem. The debate then turned to education about bullying in schools, which both danah and David see as having adopted a loose definition of bullying. There are merits to this, of course, such as stopping teasing before it escalates into something more severe, but it also problematizes policies regarding real bullying. Gene Koo was pointed out that we also need to teach victims to deal with bullying: “Most people only know how to fight back, not how to change the power dynamic.” Kids should be taught conflict resolution.

Not surprisingly, the discussion constantly focused circled back to real world bullying. The Internet introduces new elements to the problem, but many of the basic issues are the same.

Further Reading: Pew Cyberbullying Report

-Sarah Zhang

DN Forum: ID & Privacy Roundup

Today, we at the Digital Natives project held our first Digital Natives Forum. With so many great people in attendance, the discussion was really thought provoking. Check out the video, soon to be posted on the Berkman site.

Andrea Flores and John Francis from Harvard Graduate School of Education’s GoodPlay project started off by presenting some initial findings from their research of young people and ethics online. They described the opportunities online tools give young people to explore their identities in new ways, and how these identities are tied to new norms and conceptions of privacy arising among the digital generation. Also, that young people tend to be concerned about privacy only if they perceive dire consequences to such a compromise.

Judith Donath
responded by pointing out the persistence of the ephemeral. Disclosures that young people make online now may not seem important – or to have dire consequences – but what happens twenty years from now?

With this, discussion got started.

We have the ability to track people’s past to an unprecedented degree, as young people traverse online territories, compiling their digital dossiers

So what do we do?

Spell (or draw) it out: Tools need to be better built, for sure, to help clue users in to just how visible one’s personal information is, how much information is being collected by various parties, how this information moves through space. Donath touched on an idea of exploring what it means to be photographed in public spaces: a hidden camera, vs. a subtle-yet-noticeable camera, vs. a very explicit camera. How might we behave differently in front of each one? How may we build social tools online and in digital space that may visibly reflect the privacy individuals compromise when they engage?

Educate, educate, educate! How do we instill ethics? How do we teach the importance of privacy, both protecting your own, and respecting others?

And finally, John Palfrey pushed things a bit further. Education is surely very important in this arena, to empower youth with the critical skills needed to navigate safely and ethically in the arena. And so are better tools, in order to display appropriate information for us to make good decisions, and to encourage thoughtful engagement with what it is we do when we share personal information online. But, is this enough?

No. Laws need to change. As it stands now, we as individuals have very little rights over our personal information. Once we tick the box of the Terms of Service, we very often give complete and total power to the platform to do what they will with everything we share through these services. John suggests that this needs to change: Individuals must have legal ownership and control over their data. Only then will we be able to both live digitally, and retain some control over our sense of privacy.

– Miriam Simun

Where the Wild Things Are: 8 Links for Parents

The Internet can feel like a jungle to the uninitiated—full of weird sights and sounds, a little terrifying, and very hard to navigate. We gave a talk to parents at the incredible BB&N high school last week, and to commemorate the event, I put together a list of 8 essential links for parents who want to understand their childrens’ world a little better. So: click around! Explore! It’s what all the cool kids are doing these days.

Learning 2.0: 23 Things

This list of 23 services and activities to try out on the Internet provides
a guided, exploratory tour of a small slice of what the Internet has to
offer. The best way for parents to better guide their children through the
ins and outs of the Internet is for the parents to understand it better themselves. Completing these fun digital adventures is a huge step toward understanding the capabilities and dangers of the Internet.

Net Family News
Make sense of the latest developments in children’s privacy and activities online. Net Family News publishes a blog and a weekly email newsletter that address these issues and explain their relevance and implications for

Connect Safely
Great forums where parents can ask questions about children’s privacy and activities online. Also associated with Net Family News. Includes a prominent focus on cyberbullying.

Parent.Thesis Blog
Two tech-savvy parents explore the ways that technology intersects with
their lives and the lives of their children. A great way to learn about
cutting-edge technologies.

Totally Wired
Although Anastasia Goodstein no longer updates this blog, it remains an invaluable resource for parents seeking to understand the online worlds of
their children. Note especially the right-hand list of links; categories
like “Where Teens Blog” provide an unusually comprehensive collection of
sites that parents should be aware of. This list of links serves as an
essential jumping-off point for any parent hoping to delve into
understanding the online realities their children face.

PBS Frontline: Growing Up Online: Parenting in the Internet Age

Frontline’s recent documentary, “Growing Up Online,” provides an essential (if somewhat alarmist) view into the digital world that children encounter on a daily basis. The documentary’s site also serves as a thorough compendium of resources and information on the topic. This particular page offers expert perspectives on how to conceptualize the task of parenting when so much of young people’s activity occurs “invisibly” online.

Why Youth Heart Myspace
This classic talk by Berkman fellow danah boyd provides an essential primer on the appeals of social networking. Though this talk was later expanded into an academic paper, the notes to the original presentation provide an engaging introduction to the matter.

A YouTube Primer for Parents

Short video, from 2006 but still relevant, telling parents what they need to know about YouTube.

Digital Natives in the Press

Today’s New York Times features an article about differences in content creation among girls and boys:  Pew reports that girls in the US are bigger bloggers and upload more photos, while boys are bigger vidders.  Why?

Just follow socializing of gender for generations – it’s still the same, just migrated online.  As quoted in the NYT:

“With young women it’s much more about expressing yourself to others in the way that wearing certain clothes to school does,” said John Palfrey, the executive director of the Berkman Center. “It ties into identity expression in the real world.”

Harvard Magazine reports about Urs Gasser and John Palfrey’s upcoming book, Born Digital.  Here, Palfrey highlights the issue of the digital dossier:

Palfrey believes companies should be required to disclose—either in plain English or on an icon resembling a nutritional label—what they do with the information they collect. “What is it that you collect and store about me?” he would ask. “Is it only what I put in, or is it my browsing habits? Do you share [data] with any third parties? How long do you keep all of [it]?”

– Miriam Simun