This reminds me of a quote from Eric Schmidt (disclaimer: I work for Google) from last year. The full quote [1] is:
> I think judgment matters. If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.
which is entirely reasonable, yet he gets lambasted in the press as being "creepy" [2] based on a sensationalist snippet.
If you really want something to remain hidden, you have to remember that any services you use are subject to law enforcement, security breaches, bankruptcy procedures (there was a case not too long ago where a bankruptcy court judge ruled that the creditors' interests overruled the TOS and allowed the sale of information otherwise prohibited by the TOS; I can't find a link right now), etc.
With the ever-decreasing cost of mass computing, you will increasingly see just what an illusion online privacy really is.
Another example: some sites use shared avatar sites like Gravatar. I've often thought it would be trivial to crawl the Web and link identities from various forums based on using the exact same Gravatar image. In fact, someone's probably already done this.
Facial recognition is just one obvious way this will manifest itself. Another that I don't think has even been explored yet is what I would probably call "textual fingerprinting" meaning that the more you write in one post the more likely you can extract some identifiable style, choice of words and so on and that can be linked to other things you've written.
While I don't disagree that Eric Schmidt's quote was taken out of context, "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" is bullshit.
There are plenty of things you and I don't want anyone to know. I don't want the world to know when I'm on vacation. I don't want my neighbors to know I left my balcony door open and I just have the screen door closed so I conserve energy. I don't want every girl I meet to know that I collect comic books. The idea that I shouldn't be doing any of those things is completely absurd.
In the same fashion, would you like everyone to know what parking spot your teenage daughter parked in, in the back of a mall parking lot Friday night? Or where your kids go to daycare? (hypothetical, I don't have kids but you bet I'd be concerned about them using foursquare) Could we change Eric Schmidt's quote to, "If your kids are doing something you don't want everyone to know, may be they shouldn't be doing it in the first place?" I don't think so. Your kids aren't that much different than your 60 year old mother or 70 year old dad. That is a lot of people.
It was hardly 10 years ago that the message was - never meet anyone you first met online. What happened to that? Now the message is, share all your personal private information with the entire world, you have nothing to worry about. We are Facebook/Google and these features are amazing. That is a lie.
Perhaps the parallel increase in information access by law enforcement has made us feel safer. The same technology criminals use to exploit us is used to track them. When something bad happens to someone we know more about what happened, quicker. While this may be an acceptable trade off in a first world country I do not believe the same applies in one such as Mexico.
Yeah online privacy is nearly non existent. Especially so when you are reckless and use connected identity systems. That doesn't mean the message should be "give up." That is the message Google and Facebook's PR machines are sending because they can make a lot more money from advertising when they do it.
As soon as hacker news switches to facebook's commenting system or any other public id, I'll never make another post here again. I have left communities I've been active in because of this. The message to our friends and family, and if we own businesses, the world, should be stop sharing all of this information publicly. There is no reason to. Its not safe for you and its not safe for your family.
> There are plenty of things you and I don't want anyone to know. I don't want the world to know when I'm on vacation. I don't want my neighbors to know I left my balcony door open and I just have the screen door closed so I conserve energy. I don't want every girl I meet to know that I collect comic books. The idea that I shouldn't be doing any of those things is completely absurd.
The point is that if the world really wanted to find out about these activities, there is someone in the world with the information who knows of it.
Just taking one of your examples: comic books---you buy them from some source, and that source likely knows who you are.
Absolute privacy is impossible unless no one is interested in your activities, and your activities don't involve any other human being or leave any trace.
I hear this reasoning all the time -- that your desire to keep X private is null and void because some fringe Y case would expose you. The world isn't black and white and privacy isn't binary.
There are already privacy protections for doctor/patient and attorney/client, so clearly a legal precedent has been set in those cases -- why not others?
The comic book example, just because the source knows who you are doesn't mean it's for them to plaster your picture up on every internet site and telephone pole.
Consider this analogy: Before Google and Wikipedia, to find out about some subject, you'd have to find an encyclopedia, journey to its location, and spend time paging through it to get info.
While that was possible, the price in time and effort was very high compared to an internet search.
That same change affects our privacy. Before, a scammer could single you out, look through your information, and visit people to make connections. Today, a scammer in a foreign country can search through millions of public records to find the connection he knows he can exploit every morning, while laying in bed.
My point is, more of what happens on planet Earth is determined by ease than possibility. And ease makes new things possible. This fact is especially relevant in terms of computation.
> Yeah online privacy is nearly non existent. Especially so when you are reckless and use connected identity systems. That doesn't mean the message should be "give up."
I don't think the question is over whether it is worth it to fight for online privacy, but rather if online privacy is the right end goal to begin with.
People are very uncomfortable with radical openness and transparency of their personal lives because it is a radical departure from the way life used to operate. People have always been uncomfortable with technologically driven cultural changes (easy examples would be the original Luddite movement or luddites today), and probably always will be. Online privacy gives an ironic twist on the situation since many hackers, the people who should be pushing the world forward, are disturbed by this change and want to hold it back.
Facebook, and more recently Google (with their real name push), have moved to envision this different mode of human interaction. In its extreme incarnation, your digital and 'physical' lives are inextricably merged. I don't think this is a trend that can or should be fought: it would mean fighting the integration of technology with day to day life, and so would eventually be analagous to fighting the benefits technology can bring to human life. With this integration, though, your personal life accessible to those who want it. Yes, having everything be open is very different and uncomfortable. But look at the environment created by allowing total anonymity: 4chan /b/. I feel comfortable saying that I would rather see human interaction move in a direction where you are responsible for all of your actions, rather than one where you can avoid all responsibility.
> "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" is bullshit.
No, it's fact.
> There are plenty of things you and I don't want anyone to know.
What good does that do us though?
> I don't want the world to know when I'm on vacation.
But they can easily. A webcam watching the street could make it easy to tell whose lights are on a timer, or not on at all. Google not needed.
> I don't want every girl I meet to know that I collect comic books. The idea that I shouldn't be doing any of those things is completely absurd.
No, it's perfectly reasonable. After all it's the only way you'll get what you want.
And if you find a girl who doesn't know you collect comics she'll be disappointed when she figures it out. Wear it on your sleeve and be happy. Ditto porn, whatever.
> It was hardly 10 years ago that the message was - never meet anyone you first met online.
That's what FOX and CNN were telling you to panic about, yes. Do you really live your life in so much fear? Never physically meeting people you met online because they might be serial killers?
> In the same fashion, would you like everyone to know what parking spot your teenage daughter parked in, in the back of a mall parking lot Friday night?
Think of the threat vectors. There are a lot of pretty girls out there so this one specific girl isn't going to be sought by online creeps around the world. Everyone knowing doesn't change anything, except perhaps to let me keep an eye out for her.
If anyone hurts her it'd be a random attacker who spotted her in the mall or a friend/family who had stalked her. The first wouldn't care where her car was - she'd lead them to it. The second would recognize the car.
> Or where your kids go to daycare?
Oh yes. Because your crotch-fruit are so special that perverts would see them online and have to have them, specifically. Again, the only threat to your children specifically is from your family, and they know which daycare you use.
> Perhaps the parallel increase in information access by law enforcement has made us feel safer.
Hah! Those snoops are the problem. Technology is making us safer by letting us finally know what our 'servants' are really up to.
>But they can easily. A webcam watching the street could make it easy to tell whose lights are on a timer, or not on at all. Google not needed.
>There are a lot of pretty girls out there so this one specific girl isn't going to be sought by online creeps around the world.
>Because your crotch-fruit are so special that perverts would see them online and have to have them, specifically.
Besides being unnecessarily rude, you're arguing that since everyone is vulnerable to an opportunistic thief, you are not entitled to protecting yourself from a thief that specifically targets you.
Since you're just like everyone else, you're not entitled to take reasonable precautions to protect your family.
There are PLENTY of situations where complete candor will get you fired or worse. Proclaiming you're gay in the U.S. Military during DADT. Holding unpopular religious faiths or marrying someone of the 'wrong' race or sex. Perhaps you had an abusive ex-partner that you're concerned about.
If my privacy is so worthless, then why do companies like Google and Facebook go to such extreme measures to collect, retain, hide, and protect 'their' data about you?
your privacy is your own responsibility, not google's. there are services you can pay for that will erase your online identity and there are programs you can use to ensure you won't have to use them again.
> >Because your crotch-fruit are so special that perverts would see them online and have to have them, specifically.
> Besides being unnecessarily rude,
If calling your hypothetical children crotch fruit is rude you've got another lesson coming to you in the outside world, Susan. The point is that your little bundles of joy aren't everyone else's, and the world is full of them. For an attacker they're fungible.
> you're arguing that since everyone is vulnerable to an opportunistic thief, you are not entitled to protecting yourself from a thief that specifically targets you.
No. I'm not arguing entitlement. I'm saying you're paranoid, as in need to take medicine, for fixating on such non-issues. It's like stranger-danger and everything else our media has scared us with. A non-problem.
> Since you're just like everyone else, you're not entitled to take reasonable precautions to protect your family.
I sure am. Try threatening me and you'll end up with a four-pound steel bar upside the head. But that's protection, not the net-nanny fixation on it.
> There are PLENTY of situations where complete candor will get you fired or worse.
Yup. And none of them involve pretty girls and comic books.
> Proclaiming you're gay in the U.S. Military during DADT.
Being fired from an organization that went on to murder over a million people during that time seems like a benefit, not a loss...
> Holding unpopular religious faiths or marrying someone of the 'wrong' race or sex.
Yeah, and these usually aren't secret, even without the internet. If you were in an interracial marriage in the US south (or select other places) you'd want to keep a gun in the house and shoot anyone you see carrying an oversize cross onto your lawn.
> Perhaps you had an abusive ex-partner that you're concerned about.
You know, detectives were tracking people before the net. It's almost as easy but requires more phone calls. If you're worried about danger, protect yourself from danger. Don't uselessly cower.
> If my privacy is so worthless, then why do companies like Google and Facebook go to such extreme measures to collect, retain, hide, and protect 'their' data about you?
Their marketing value is unrelated to your privacy value. And your false privacy - that sense of security you get by curating cookies or hiding which preschool your kids go to, is useless.
Anyways, in the outside world, the big blue room so to speak, if you brought up something irrelevant like someone's characterization of children as crotch fruit as if you were personally insulted you'd get a laugh, then as your seriousness became apparent, a scoff, rolled eyes, and the conversation would continue without your input. It's not an insult so don't get bent out of shape. This isn't me being rude, it's you being hypersensitive.
I'm not saying your child - Timmy, age 6, blonde, missing tooth, slight lisp - personally is a worthless being. I'm saying that as far as availability, children are a dime a dozen. There's no neighborhood in the world without an over-abundant supply of them. While everyone is a wonderful snowflake, each one of us is just someone's inadvertent crotch-fruit. This attitude of "perverts are just waiting for me to let my guard down" is ridiculous. It's unlikely a kidnapper will ever look at a given child, let alone that children are routinely stalked.
>And if you find a girl who doesn't know you collect comics she'll be disappointed when she figures it out. Wear it on your sleeve and be happy. Ditto porn, whatever.
Some things of this nature are illegal, socially unacceptable, or simply result in constant harassment by the authorities regardless of their legality. It is unreasonable, I think, to expect every homosexual man in Iran to wear his pink triangle on his sleeve. Considering that we live in a country in which young people are assaulted by police officers for standing around in public in New York City, I can hardly imagine what would happen to an American who proudly announce to strangers that he or she really enjoys using opium, is occasionally attracted to people who haven't yet turned 18, or believes that the government should be overthrown.
If you have something that you don't want anyone to know, maybe the problem isn't you.
> Some things of this nature are illegal, socially unacceptable, or simply result in constant harassment by the authorities regardless of their legality. It is unreasonable, I think, to expect every homosexual man in Iran to wear his pink triangle on his sleeve.
No. In fact, if those homosexual men in Iran want not to be oppressed they have to do something about it. Shoot a local police officer or religious leader or something. (Only sort of joking - who would order or carry out their death if they were caught?)
> Considering that we live in a country in which young people are assaulted by police officers for standing around in public in New York City, I can hardly imagine what would happen to an American who proudly announce to strangers that he or she really enjoys using opium, is occasionally attracted to people who haven't yet turned 18, or believes that the government should be overthrown.
Everyone enjoys opium, that's the point. People younger than 18 are very attractive, that's why we have so many laws against taking advantage of them. And the government should be overthrown if it harms the people.
> If you have something that you don't want anyone to know, maybe the problem isn't you.
No, but if you live in fear because of it, it is.
You're confusing what I'm offering, practical life advice, with me saying I think it's better this way. Realize what the world is like and, if getting caught scares you too much, don't do things you can't get caught doing.
>> "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place" is bullshit.
>No, it's fact.
No, its bullshit. Or should I really refrain from scratching my ass right now because the internet would say "at 3:40 pm 11/9/30 John Doe scratched his ass"? Or should that not be published online?
"Another that I don't think has even been explored yet is what I would probably call "textual fingerprinting" meaning that the more you write in one post the more likely you can extract some identifiable style, choice of words and so on and that can be linked to other things you've written."
Forensic textual analysis predates the internet, actually, and I can say with near certainty that someone out there is working on this right now. (Probably the CIA, and/or another agency involved in analyzing communications between persons of interest).
Back in undergrad, I was involved in a project that used textual analysis to surmise authorship of "anonymous" works of fiction from Shakespeare's day. Additionally, the authorship of a lot of works attributed to Shakespeare is often called into question, and so we tried to map for consistency or inconsistency in his works. (Spoiler alert: he turned up pretty clean; he -- or at least someone using his name -- is most likely the author of his works).
Now, obviously, this project was a bit high-touch and involved a lot of attention lavished on a single body of work by a handful of presumed authors. But that was a long time ago, and I'm sure that the technology has grown more scalable and sophisticated by now.
Forensic textual analysis predates the internet, actually, and I can say with near certainty that someone out there is working on this right now.
Plagiarism detection software is increasingly common in education. I've actually been looking for something similar to filter news commentary systems, to get a sense of what %age of comments on political stories are actually astroturf.
You know, I've just recently started studying law, so I really don't have the time to work up the required scraping/webdev skills from scratch. In fact, I don't have as much time to post on HN either, and should probably be posting less :-) But I would love to collaborate on this part-time if there's anyone in the Bay Area for whom scraping and hashing would be trivial tasks. Same name at gee mail.
Generally, people who subscribe to the ridiculous notion that "If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.", either lead extremely pedestrian personal lives, or are rich enough to be able to buy their way out of repression. Most big company CEOs are a little of both, in my experience.
I usually just take it as a more PC way of saying "If you have something that you don't want anyone to know, either learn to cover it up or don't do it in the first place".
I mean, since when has it been somebody else's problem that you couldn't hide your secrets well enough?
That reads the exactly the same. Who are you (rhetorically, not 'you' :-)) to decide that I shouldn't be doing something? It's authoritarian and creepy.
Eric's misstep is precisely that addendum. If he said something to the effect that "If you have something you don't want anyone to know, don't put it on the internet". OK, fine -- that's reasonable. The paternalistic addition of an implied judgment on someone's behavior is unneeded.
I think it comes from being a top-level employee at company or any nominal leadership position. You get used to speaking with authority in one context -- and sometimes you think you can speak with authority in a larger context -- and you really can't.
Because there is no action -> consequence chain in that phrase. All you have to do to see this is make the private information involuntary -- not the result of an action. The canonical case is not some horrible thing you might have done that you want to keep private. The typical case is something out of your control that you don't want everyone to know.
My argument is not that the subsequent phrase about putting things on the internet is false. It's not. That has a consequence. My argument is that the quote includes two basically unrelated parts and the statement about putting things in reach of google is only one part of it.
When people say the first phrase was taken out of context, I know they apologizing for google, whether they realize it or not -- because it wasn't taken out of context. It's obviously how Eric really feels -- and I think it shows how incredibly dangerous it is to trust people who have no obligation to you with your information.
I don't understand what the alternative is. If you insist on doing something you don't want people to know about, and you refuse to learn to cover it up,... then what!?
Lots of people lead far-from-pedestrian personal lives but don't feel compelled to hide them. It wasn't too long ago that merely being gay was a horrible secret you hid from people; do you really think society is going to grow less rather than more tolerant as time goes on?
Re. "textual fingerprinting" -- this is a well-established field (decades old), especially in forensics. It more commonly goes under the name "authorship attribution".
Even worse, Gravatar images are generally linked via MD5 hash. If you see two Gravatars with the same hash on two different sites, you've found the same person. Combine that with a large spam list of email addresses, or brute force simple addresses from common suffixes like @gmail.com and @hotmail.com and you've got identities.
Or combine with another service which uses MD5 hashes differently. You used to be able to copy a Gravatar hash into a Disqus url and see the email address, if that person had ever made any Disqus comments on any blog anywhere using their email address.
And worse again, I just discovered that there's no way to delete a Gravatar account. Even if you unlink your email address from the account it still keeps it linked behind the scenes (you can sign in with your "deleted" address).
Well, it is kind of creepy. I wouldn't want a "social network helper tool" to out me if I was still in the closet. Some things should be your own decision.
Thats just it. It's not for someone else to decide what information you project about yourself.
Types of information that are of little consequence for one person (eg. religion, sexuality, political-affiliation) could have devastating real world consequences for another if made accessible.
All good points. Where do you stand, on an ethical basis, with how far is too far for any entity to knowingly take this kind of info and manipulate your life for your (and their) 'benefit'. I like Google, but when you mention 'textual fingerprinting' it's already the case that Google does some of this when you search, and for use in Adsense, right? Maybe not reading your texts/posts yet but Google has 100's of millions of people's search and browsing fingerprints, whether they know it or not...
> which is entirely reasonable, yet he gets lambasted in the press as being "creepy" [2] based on a sensationalist snippet.
The creepiness factor in his comment, and in the way advertisers and those selling us to advertisers operate, isn't really about the information being out there. It is about being followed by an entity you don't know and have no particular reason to trust.
We don't like being followed like that, there is something in us that takes it as a threat. It is something we share with most animals and is a sensible reaction that evolved by making animals with that reaction less susceptible to certain threats (in the wild, being followed usually means you are a target for something you are not going to like, probably involving claws and teeth). Even in modern life it can be a useful reaction - if someone follows you down an alley you get ready to take action just in case that person turning down the alley after you isn't a perfectly innocent coincidence.
Being followed by Facebook/Google/any-one-else-on-the-planet-who-wants-to-sell-info-about-my-life is not the same as the physical risk that being followed in RealLife(tm) could imply, but our brains are not wired to see the difference. Anyway, people knowing more about you that you know about them can be a threat in some circumstances, or at least could put you at a disadvantage.
A secondary issue is that people sometimes want/need to hide things because other people's reactions could have unreasonable negative repercussions. If you were a gay man in a place where being so could get you strung up for what local laws (or local vigilantes) consider to be moral deviancy, "just stop being gay then you'll have nothing to hide" simply isn't an option and you wouldn't want the information "leaking" out by virtue of services giving you personalised adverts relevant to it while using facebook (or any other ad funded service) in public. That may be stretching the point a little far, but there are reasons to want to keep things about yourself to yourself (without wanting to completely disconnect that part of yourself from your private online activities) other than it being illegal, which if I remember rightly was what Eric Schmidt was talking about when he said that oft-quoted-out-of-context phrase, and sometimes something being illegal doesn't make it wrong (morality being a lot more subjective than peopel like to think - what is wrong to me might be fine to you).
The maturation of this technology has additional implications even in the absence of an open social graph. Imagine sophisticated FRT used to track individual customer activity at retail locations. Timestamps could be used to map customers to their precise purchasing behaviors with infinite granularity. It's not far out to imagine a world where average profitability per visit is calculated upon arrival, now imagine an employee with a bug in her ear, marking you down as the guy with a 3 year history of strolling into Best Buy to browse TVs with the saleswomen, but never actually buying anything.
"Timestamps could be used to map customers to their precise purchasing behaviors with infinite granularity."
Between debit cards and loyalty cards, this is pretty much already happening. In the US, I see few people using cash without the loyalty card (because the loyalty card gets you a discount.)
Of course, the remainder of your comment would require this new technology. And would be creepy as hell.
The difference is you could be identified when you arrive versus when you are checking out. Your experience within the store would change. For example, if you spend a lot of money then you might be greeted with VIP welcome wagon. If you don't, you might be greeted with a cold shoulder.
The granularity I'm referring to is in the nuanced behavior of an individual in the act of shopping. Apparently, the algorithm has established that you follow a pattern of contemplating Cadburry chocolate bar purchases on every visit, well now your Inbox contains a buy 2 get 1 Free Cadburry coupon that only works for you.
Once this is cheap enough that anyone with a high def webcam can consistently track/identify faces, this technology is going to be used by everyone.
This has major implications for loss prevention as well. External theft counts for about .5% of total revenue for the average retailer, which translates directly to a large percent of profit lost since margins are so low for many of them.
There is a lot of money to be made for someone who perfects a machine learning technology to detect shoplifters.
i figured a while ago that any notion of online privacy was silly. i said 'fuck it' and decided to just be totally open about who i am and what i think online. i talk openly about having bipolar disorder and experiencing psychosis, about beliefs i have that are considered unusual or downright insane, and about whatever i'm feeling at the moment.
it seems to work out pretty well for me. i was even thinking of publishing everything i buy for the world to see, both as an exercise to control my spending and for fun.
So you've now attached your name to admissions of psychosis. I understand your motivations on some level, but I sincerely hope that you don't regret doing so in the future. You wouldn't staple your medical information on your business card, but I feel you've done just that here. Good luck, and I mean that sincerely.
i've done this so many times it's not funny. it hasn't stopped me from getting a job yet. my thinking is that this stuff will come out eventually anyhow, so it's better to be up front about it.
Do you feel like you might be enjoying a privileged freedom that many can not hope to take advantage of?
For example, I bet you enjoy both a solid competency in your field, and a relatively free or permissive social environment.
Things may be a lot different if an unskilled worker in a repressive society were put in a situation where their social life was highly exposed. I don't know what the exact balance is here, but I feel wary of taking your example as an all-clear on the privacy alarm.
i agree that you're probably a right. a lawyer probably couldn't get away with it like i've been able to do.
my naive hope is that by being open like this i'll encourage others to do the same - if everybody was open about the struggles they faced as human beings, i think we'd all be struggling a lot less than we are.
Unfortunately, in many walks of life, admission of one's struggles is seen as a sign of weakness, and there are lots of people who want to prey on the (perceived) weak.
Ive done the same myself. To me, the real issue was how time consuming it was to "cover my tracks", so to speak. After taking a look at it, I decided there wasnt much to hide. Sure, you may not want everyone to know you were at the movies last night, or that youre a regular at dubstep shows, but what are the possible negative outcomes? Having people know more about me hasnt been as dangerous some make it out to be. On the other hand, its given me plenty of opportunities to connect with similar people. Also, the idea of activities in your personal life interfering with your work image is outdated. Everyones got a personal life, why should we back away from that? Its who you are.
What's more unsettling is the fundamental fact that any kind of social norm or expectation based upon the limits of our present technology is unsustainable.
“His very first story, he told me as he was dying, was set in Camelot, the court of King Arthur in Britain: Merlin the Court Magician casts a spell that allows him to equip the Knights of the Round Table with Thompson submachine guns and drums of .45-caliber dumdums.
Sir Galahad, the purest in heart and mind, familiarizes himself with this new virtue-compelling appliance. While doing so, he puts a slug through the Holy Grail and makes a Swiss cheese of Queen Guinevere.”
― Kurt Vonnegut, Timequake
I don't think it well be that bad, eventually. It's already creepy to walk into someone else's home uninvited, or enter a public bathroom marked for a different gender, or even just stare at someone for a while. None of these social norms are based on limitations of technology.
Even if you are careful, all it takes is a kind friend on a site like Facebook to tag you in a photo (you don't even have to be a member to be tagged) and you are back to square one.
On the upside, I am super excited for Facebook Goggles. Augmented reality profiles shown for everyone you look at. Out in the dating scene? Know who is single and who is not just by looking at them. Business convention? Find out who everyone works for at a glance. Okay, maybe it isn't an upside, but it is bound to happen anyway.
It's exciting and also deeply disturbing. I agree with all the positive benefits.
But after a while I think there's a real tendency to just reduce people to a set if metrics in your mind. It seems scary to me that the more "connected" we are we are often just self-selecting or being selected into some group based on patterns.
Is anyone watching TechStars on Bloomberg? When I saw the Wiji guys and their adaptive advertising, I was immediately thinking of the implications if you can do this good of a job of facial recognition. Imagine if every ad screen you came near knew as much about you as Google or Facebook do. In some ways I'm kind of excited about it - it's like living in the future - but it's scary as heck for privacy concerns.
Reminds me of the TV series Lie To Me (03x13) called "Killer App" where the Zuckerberg character's social network uses cell phone camera technology to point one's phone at anyone's face in order to get their profile info.
Equally unsettling is the potential of people tracking enabled by the government's increased use of surveillance cameras and large database of photo ids.
tldr: study shows that it's easy to find you on social networks based online on pictures. Experiments were done to show that you can be found between sites (e.g. a picture on an adult dating site can be used to find you on Facebook) and by taking pictures of random students on campus.
"Unsettling" might be a overstating it a bit. The first slideshow[1] explains (on slide 38, Limitations) that face recognition techniques still have a long way to go. More clearly stated on slide 39:
"Face recognition of everyone/everywhere/all the time is not yet feasible.
However: Current technological trends suggest that most current limitations will keep fading over time"
However: Current technological trends suggest that most current limitations will keep fading over time
I'd say that is pretty unsettling, but then I worry about privacy. Given how facial recognition has advanced in the last 5 years, it's plausible that you could have an Android app to do their SSN trick with, say, 50% accuracy in the next couple of years - certainly 5.
No that really isn't plausible. Read their original SSN prediction paper [1] and you will see that the highest they got their SSN prediction (with < 1000 attempts, which is quite a few) was 8.5% for SSN's assigned after 1988. For 1979-1988 that number was 0.8%. Only in the smallest states with issuance after 1996 do they get their best numbers of +60% matches.
That's only the SSN portion. When you add in the facial recognition, the requirement of a facebook account with pictures and a correlation to place of birth, you're going to see those numbers plummet.
At best this is a clever hack that highlights the risks inherent with publicizing your life on places like facebook.
You're still only talking about current technical limitations though. Cameras are getting better, the recognition is getting better, and the trend is for people to have more and more information publicly available online. Maybe it won't happen in 5 years, but I can't see how it won't happen relatively soon.
I think you're missing the fundamental limitation of this: the SSN identification.
Even if I give you the ability to go from picture to real name (which to many is still fairly jarring) given only "open" databases at 100% accuracy you still can't come near your 50% mark. The leap from real name and place of birth to SSN is the limiting factor, and the reason for this is the randomness inherent in the assignment of the last 4 digits of one's social security number. Given the ability to guess > 10% of that range (they have access to all SSNs who are deceased as well), the researchers could still get only 8% nationwide accuracy on recent SSNs.
You would need a fundamental change in that algorithm to get close to the numbers you want. This isn't a technological limitation, it's a algorithmic limitation, and you can't really put time frames on these kinds of breakthroughs.
Remember that this is done using clear full-frontal pictures, FRT drop significantly in accuracy with even the smallest change in angle. Not to mention sunglasses, (facial) hair obscuring parts of the face and different lighting conditions.
Current techniques that try to deal with such variation need several (clear) pictures from different angles to build a model of a face to be able to recognize a face.
I'd go with decades rather than years before the limitations mentioned are resolved.
Try installing Picasa and spend a little time tagging your family photos. It's a little startling how good it is. It consistently tags me regardless of whether I have a beard or my glasses in any given picture. Likewise, it quickly IDed my parents in 40 year old family photos that they scanned and sent, based on recent images. Mrs. Browl and I enjoy photography as a hobby, I'm pretty sure Google could ID either of us with 90%+ accuracy from a photo taken on the street. With Facebook you have both the computers and the crowdsourcing at work, so their tagging may be even better.
I don't have iPhoto, but I'm a little scared by how good Picasa is. I have about a prosumer level of knowledge - not enough to develop image-processing SW, but enough to enjoy reading SIGgraph papers.
They fund a lot of things, but yes, I don't think I'd like to be on the receiving end of "You bear a distinct resemblance to someone we'd like to explode."
Current technological trends suggest that most current limitations will keep fading over time"
That may be so, but history and theory both tell us that the remaining issues (after eliminating "most current limitations") are going to be hard-ass bugs that prevent the technology from actually working, and that isn't even accounting for the Red Queen Syndrome.
So basically, we aren't far from turning Flickr and Facebook photos into a surveillance system? Someone could be found that way without even having an account.
Except, of course, for those few SSNs and addresses that Paul the grad student sold so he could play with a botnet. Oh, and we gave the database and algorithms over to the DoD who sponsored our work. I'm sure they won't harm any SSNs or faces either.
It will come sooner or later. Point your smartphone at any person in the street and know who he or she is in a second. The technology is too trivial to stop it.
More important would be to now begin thinking about regulations to limit abuse of that technology.
But most likely governments will wait (again) until the system has been abused by big business before limiting regulations are enacted.
Its going to become very difficult to commit all kinds of crime.
And that is worth some loss of anonymity, provided we still have individual rights and the rule of law. Without those it won't matter what technology can do.
How do you ensure that? Recall that the person who uploads the photo controls how widely it is shared, and that you can be tagged in a photo even if you're not subscribed to Facebook.
> I think judgment matters. If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place. If you really need that kind of privacy, the reality is that search engines -- including Google -- do retain this information for some time and it's important, for example, that we are all subject in the United States to the Patriot Act and it is possible that all that information could be made available to the authorities.
which is entirely reasonable, yet he gets lambasted in the press as being "creepy" [2] based on a sensationalist snippet.
If you really want something to remain hidden, you have to remember that any services you use are subject to law enforcement, security breaches, bankruptcy procedures (there was a case not too long ago where a bankruptcy court judge ruled that the creditors' interests overruled the TOS and allowed the sale of information otherwise prohibited by the TOS; I can't find a link right now), etc.
With the ever-decreasing cost of mass computing, you will increasingly see just what an illusion online privacy really is.
Another example: some sites use shared avatar sites like Gravatar. I've often thought it would be trivial to crawl the Web and link identities from various forums based on using the exact same Gravatar image. In fact, someone's probably already done this.
Facial recognition is just one obvious way this will manifest itself. Another that I don't think has even been explored yet is what I would probably call "textual fingerprinting" meaning that the more you write in one post the more likely you can extract some identifiable style, choice of words and so on and that can be linked to other things you've written.
[1]: http://www.schneier.com/blog/archives/2009/12/my_reaction_to...
[2]: http://latimesblogs.latimes.com/technology/2011/01/animation...