

Ask HN: I don't get this privacy awareness outburst, can anyone please explain? - rick_2047

Really, I don't get it. For a few months now everybody on HN, reddit, slashdot, stackoverflow or any other god-damn hacker hangout is talking about how everybody is ripping us off off our privacy. Facebook has been crucified already, maybe they will target google as here on HN I can see people moving to DDG just for the privacy (and not for the excellent programmer friendly results it gives). Every morning I log into HN and see a new article from someone's blog which tells how everyone and their uncle can attain more privacy. We have had privacy scanners and fixers we have had intense discussions on this topic.<p>I read all of this, understand most of it but I could never comprehend the idea of "privacy" online. I always assumed that whatever I put on the internet would be public now or in the future. Come to think of it, I put most of the stuff on internet just so a large mass of the world population can see me. My blog, my twitter, my facebook account all are there just so people who want to find me (or someone like me) can find me easily.<p>Google knows where do I live from my IP, so what? Facebook knows who I am friends with, so what? All this stuff was put up there just to make it public. If I don't want anything to be found I won't put it on the internet. It's not like they would steal my identity by knowing whom do I friend on the internet or what TV shows I like to watch. Nor would it harm me if webmasters know what word I searched to get to there website. All they want to know is what makes people want to come to there website. Where is the harm in it?<p>Maybe most of the people here would develop a deep seeded hatred for this post (maybe for me), but I just need to ask this question. Everyone I like from Cory Doctrow to the HN community wants to talk about something which I don't get. I know its a matter of principle to most of you. But I even can't understand that principle. So can you please explain all the privacy awareness outburst to me (without,preferably, flaming me)?
======
jdietrich
We all have a vague, intuitive sense of what the appropriate degree of
publicness and privateness is in a given situation. Although vague, our sense
of privateness is incredibly fine-grained and what is perfectly normal in one
context can be a massive violation in another, almost identical context. While
some of us geeks might think of "public" and "private" in a binary,
cryptographic sort of way, most people have a much more nuanced approach.

Consider for example the difference in privateness between two people sitting
on a quiet park bench and two people sitting on a bus seat. They are both
obviously public places, but there is a subtle but significant difference in
our expectations of privacy. In one context, eavesdropping is perfectly normal
(within certain bounds), in another it is quite sinister.

On the internet, these intuitions are frequently confounded. Someone who
assumed that their facebook feed was fairly private discovers youropenbook.
User 927 assumed that his search terms were just noise in the crowd until AOL
published them all. Countless iPhone users didn't know that their photos
contained their exact geographic location until 4chan had a go at ruining
their life.

The problem isn't the level of privateness or publicness of a particular
service, it's not even particularly about leaks or breaches; it's about people
being completely unable to judge the level of privateness of anything digital.
I expect most people simply would not use a 100% public medium for their
private communications, so the "if it's on the internet, it's public" mantra
isn't a great deal of use. I think this is one of the reasons why Twitter has
been so successful - it provides a platform that implicitly communicates its
privacy or lack thereof. Twitter's simplicity makes it easy to understand and
integrate into your existing model of social appropriateness.

I think we come back to a very old and very simple principle of interface
design - don't surprise the user. We should be trying wherever possible to
design systems that are as private in practice as they would seem to be
intuitively. Users don't read much of anything, so we need to think about
other ways of communicating "publicness" and "privateness" in our software. We
need to recognise that designing social spaces is not a primarily technical
problem. Small differences in architecture, interface and even general
ambience can create enormous differences in how a platform is used. This stuff
is really hard and really easy to completely cock up and I think we need to
think much harder about it. Nod to PG here - HN is IMO a great example of a
subtly, intelligently designed social platform.

------
mechanical_fish
This is what you are looking for: Danah Boyd's SXSW keynote:
<http://www.danah.org/papers/talks/2010/SXSW2010.html>

It's important to realize that "privacy" actually means "control over how your
personal information is presented and revealed". Because having a magazine
photographer with a telephoto lens take a naked picture of you and post it on
the web sends a different message than posting that picture yourself, which in
turn sends a different message than mailing that picture directly to a younger
member of the opposite sex. Even if the pixels are exactly the same.

This is about the important social meanings encoded in the way you present
something: Steven Pinker on "indirect speech as a window onto social
relationships":

<http://fora.tv/2007/10/15/Steven_Pinker_Games_People_Play>

It's a bit abstract and academic, but this is HN, right?

------
brazzy
One problem is that not everything people put on the web is intended to be
public for everyone in the world to look at. Especially Facebook is seen as
(and used to be) a way to communicate with people you know, not to be stalked
by people you don't. It's a mix of broken implicit promises and false (but
absolutely natural) expectations.

Another, perhaps bigger problem that you seem to have completely missed is
that Facebook, Google & Co. don't just collect information about what you
_put_ online, but also about what you _do_ online, and can correlate it to a
frightening and potentially harmful degree:

"Dear Rick,

By analyzing your search and websurfing profile we are able to offer you
products that are tailored to your personal interests. Included is your
personalized catalog: "Kingsize anal dildoes".

Christmas is near, and you still haven't found the right presents for some of
your family friends and colleagues? No problem! Just send us the name and
address of the person you want to surprise with a special present and for only
$5 you get a personalized gift catalog tailored to that person's interests!

42 of your acquaintances have already asked us about special presents for
you."

------
retube
In some respects you are right. However most people have, to date, assumed
some level of privacy. The issues can probably be summarised as:

1) Lots of people using these services assume only friends can see/access
their data. They don't realise that much of their stuff is actually visible to
a much wider audience, or if it wasn't before, it is now, due to privacy
policy changes. This problem is exacerbated by extremely complex and lengthy
privacy options.

2) It's not just about what you are putting out there, it's what others are
putting out there about you. Whilst you might be happy for a friend to post a
picture of you puking at the prom, or smoking a fat reefer, and to have that
image accessible by only your friends, you probably wouldn't be so happy for
your prospective employer to see it, and would, I imagine, be pretty hacked
off if an image like this became accessible through some privacy change.

------
kenjackson
There are different levels and types of privacy, and people believed they had
certain types of privacy, while understanding they didn't have others.

For example, I fully get that Google has my IP address and search queries. But
I fully expect that you do NOT have that information. Likewise for my email on
gmail. If Google were to take my old emails and post them on a public site I'd
be upset.

Likewise, I'd be upset if Google went around my neighborhood gathering wifi
data. Unencrypted or encrypted (which given their computing power, they could
likely break, given the state of current implementations) I'd not be happy --
it breaks the unwritten assumption I have about what data is private.

And the relationship with advertisers is another issue. This is more an issue
that I have finite time to deal with things and the last thing I need is for
Facebook giving my name and email address to thousands of advertisers. And
companies like Apple probably even have your credit card info. You probably
don't want them giving that info away to advertisers either.

And lastly, there is also a component, at least in the US, of fear of
intrusion by the government. If for some reason, the government wants to start
auditing supporters of gay marriage, they could use the Patriot Act to narrow
down the real name of Jack_2099@yahoo.com. The less info Yahoo and other sites
have on you, the more difficult this becomes.

The fundamental question is why give up your privacy? What are you getting out
of it? What do you potentially have to lose? Not today, tomorrow, but what
about in ten years? There's very little upside to losing privacy, but
_potentially_ huge downside.

------
edw519
It's not about privacy. It's about trust.

People aren't upset that their data is publicly shared.

They are upset because they understood that it would remain private.

Tell everyone my favorite color and I don't care.

Tell everyone I have an STD after you promised me that you wouldn't, and we've
got a problem.

It's that simple.

~~~
iamelgringo
I agree, Ed.

I'd also argue the it's not really about geeks being upset that their own
privacy is being violated. It's about other people's privacy. A huge
percentage of normals don't understand the difference between a desktop app
and what's inside a web browser. That ignorance can put them in very awkward
if not dangerous positions. Here's why I've been part of the privacy
propaganda mob on HN (without the flaming)

1\. My niece and my geek friend. She's a very sweet, naive 15 year old girl
who is the daughter of a conservative pastor. She loves to post pictures of
her and her friends going to the beach, and camp, looking cute and goofing
off. For the brief month that I tried Facebook out seriously, I had my niece
posting pictures of herself in a bathing suit as well as geek friends posting
comments like "MySql sucks dog cock" on my wall. Those online "friendships"
needed to remain separate and in different circles of friends. And, I
certainly don't want the "suck dog cock" friend ogling my niece in a bathing
suit. I needed to have those relationships compartmentalized and kept private.
Even had I figured out how to maintain that separation, Facebook could change
that at will. I opted out, but my family still doesn't understand why.

2\. My mother. She's now 74 and she bought her first laptop last year. She's
on "the Facebook" because her grandkids are on Facebook. There is no way to
easily explain how to maintain private/public information on Facebook. While
she wants a tool to share status updates about medical conditions with
friends/family, she doesn't want those broadcast to the world.

3\. Rafael. I work with Rafael at my hospital. He worked in a 3rd world
country as an agricultural minister before he got a visa to work in the US.
After he got his green card, he packed up, moved to the US and changed careers
to work in the health care field. He's been homesick so he's been catching up
with old friends via Facebook. He went to a university 20 years ago with very
communist leanings, and he's been talking to his friends/intellectuals about
the political situation in that country. He personally knows several
journalists who have been killed because of what they've written in the press
about government corruption and drug cartels. He was shocked when I told him
that his wall posts/conversations with his friends on Facebook were publicly
searchable.

4\. Alan. A former coworker of mine is a nurse, and he has issues. For a
while, our hospital administration was in a tail spin about missing narcotics.
Alan didn't show up for work one day, and I haven't seen him since. Another
friend said that he was friends with Alan on Facebook, and several weeks
prior, Alan had posted a status update on Facebook: "Vicodin, Valium and
Vodka... the Holy Trinity".

I think you're right, Ed. It's about trust. But, for me it's not just that
Facebook is changing their privacy policy. I, as a geek, know that anything I
do online is inherently public. I use online tools with open eyes. Many
Normals intuit wrongly that they are having private conversations when they
interact with friends in a dark room via a laptop. That wrong belief can cause
no end of problems for people.

That's why I'm on the privacy propaganda bandwagon.

~~~
waterlesscloud
What's weird is that it would be pretty easy for FB to make it easier to keep
your stuff in the circles you'd like to keep it in.

They have deliberately chosen not to do so, and I don't really understand why.
There's no advantage to them in making it hard, and significant risk. All
that's needed to bring them total disaster is one good nationally publicized
horror story. The groundwork for that story is being laid now.

I just don't the the upside of their choices. They could get away with selling
anonymized data to advertisers. They could get away with letting marketers
target you as long as they didn't sell your identity along with it. That's all
stuff people will tolerate.

But why make your information public by default? What's the real gain there? I
see a reason they might think it's of use if they think really shallowly, but
sure they've put more than 10 seconds of thought into their core business.

FB can't go public while they maintain this approach. The investors would
raise havoc over the risk it poses to the company. And rightfully so.

One good sensationalized story. That's all it takes at this point.

~~~
randallsquared
_But why make your information public by default? What's the real gain there?_

The more public data there is, the stronger the network effects can be? There
are a bunch of decently supportable practical and principled reasons for this.

Since there are going to be leaks anyway, reducing the expectation of privacy
is in their interest.

Getting more data searchable and public means people are more likely to
consume more facebook time/data (alluded to above).

In the medium term, privacy for things people put on the internet is dead, and
spending a lot of effort fighting a rearguard action seems pointless if you've
already accepted where this is going. I think this is actually where most of
this is coming from: Zuckerberg, Schmidt, and others _have_ spent a lot of
time thinking about privacy and the implications of a basically open internet
(largely unused SSL, DNSSec, public key crypto), and they understand that the
battle for keeping things private was lost more than ten years ago. We could
have all been using encrypted-by-default everything by now, but the fact that
we're not, and the fact that there's no movement on the horizon to do
encrypted-everything, means that we're just not going to be able to put the
privacy genie back in the bottle.

~~~
waterlesscloud
There's all sorts of private content available to approved people via the
internet that's not available to the public.

Entire organizations use it as such.

The idea that everything on the internet must be public simply ignores reality
and is shallow thinking.

~~~
randallsquared
_There's all sorts of private content available to approved people via the
internet that's not available to the public._

It's not how much oil _hasn't_ leaked that concerns people.

~~~
loup-vaillant
If I surrender data to a big corporate server like Facebook, Amazon, or
Google, even when they promise you privacy, I'd better assume it's public.
There, privacy _is_ dead, and information _will_ leak. I think everyone on
this thread will agree with that.

Now don't forget that the internet is not limited to the web of cloud
computerized big servers. E-mail, file sharing and social networking are not
that, for instance. They are decentralized by nature. They do not require
Gmail or Mega Upload or Facebook. Such services can't last. They are a fad
that will fade…

…If we do things right. We just need ubiquitous, easy to use personal internet
servers. They are technically and economically possible right now. We have
cheap hardware, and cheap software. We just need to wrap that up together, and
massively sell them.

With a suitable propaganda about privacy and independence on the internet, the
dream of a mostly decentralized internet may come true in less than 3 decades.
And at that point, privacy on the internet won't be a problem any more.

------
mahmud
It doesn't matter until you're denied a loan application or a job interview
because of what is out there about you.

~~~
slyn
This is something people have been saying since long before facebook when
myspace was the undisputed king of social networks. As early as my freshman
year of highschool nearly 8 years ago teachers and administration were telling
us to be careful what we put on the internets and the myspace because our
prospective colleges and jobs would be looking at them.

I hate to generalize and single out a group, but of the people I know I feel
like the only people who didn't understand that facebook had very little
privacy were the older parents and family and such who all joined after they
saw all their kids doing it.

------
proexploit
It's currently a trend like any other trend. There's a huge amount of the
public (specifically the younger generations) both content to follow and eager
to conform and fit in. It's my guess that a huge amount of people are doing
that. Of course, the whole privacy debate started because of what was viewed
as an actual issue that was uncovered. While you may have the common sense to
think what you post online might not remain private, many people do not
understand that. When Facebook made a conscious decision to make privacy
options essentially off by default, a lot of people had a problem with that.
They felt tricked that they didn't have a say in the matter.

As any other popular topic, it's going to have a long wind because any blogger
or news outlet wanting a little extra attention is going to rewrite posts,
come up with new accusations, and highly publicize every development.

I'm for privacy, not because I expect it, but because I prefer to control what
other people can learn about me. The real issues with privacy are situations
like an abusive ex-husband being able to relocate his wife due to a privacy
breach or a private matter publicized.

I hate those posts too, I'm tired of them but it's not going to go away and
the best you can do is ignore. When this issue is over, there will be another
equally unreasonable issue making headlines.

------
jacquesm
When you become a member of some website, you look it over, you weigh the
advantages and disadvantages, and maybe after reading their various policies
(ok, probably the majority of the people doesn't read them) you decide to sign
up.

You do that with the website as it is at that moment.

If at a later date the website owners decide to use the data that you gave
them under your previous image of that website in new, creative and unexpected
ways they are effectively breaking the unwritten contract between their users
and themselves.

This will usually cause a backlash, but only in a small portion of the
userbase because most sites are too small to get significant mainstream press
coverage.

When sites like facebook get involved in this sort of thing the media will
latch on to it immediately because of the potential audience for the
information. This will then piss off more people that otherwise would not even
have realized something has changed and so on.

It's a side-effect of the network effects that facebook profited from when
they established themselves, I don't think it is possible to have the one
without the other.

------
Dysiode
As I see it i's just part of the elastic bouncing between extremes.

Just 10-15 years ago privacy was a huge issue between parents and their
children. People assumed -any- personal information made their kids targets
for predators (which isn't necessarily untrue, but that's another discussion).

That view morphed into people blindly shouting personal details of their lives
at the Internet.

The natural trend is to become more privacy aware. As more people use the
Internet those people are more concerned with who see their content (my
addition to the examples is Daughter: O_O I'm pregnant. Mom: WHAT). Sure,
people argue to only post what you want everyone to know; however, Facebook is
artificially stretching the concept of privacy from blind shouting into
radical openness.

This artificial manipulation in one direction causes the opposite side to
recoil (perhaps violently) in an attempt to maintain a sort of homeostasis.

That and people don't like having some faceless corporation take control from
them.

------
y0ghur7_xxx
It's probably to late to care anyway. Google probably has your searches of the
last 10 or so years, your email, it knows the places you have been, your
parents, your friends, the pages you visit every day, the kinds of porn you
like, what disgusts you, what you really like, what you buy, how much money
you can dispose of, and so on.

I don't like that. I probably would give that information only to some of my
best friends, and maybe not even all of it. I don't intimately know google
enough to trust it with all that data, google is not my friend. The only thing
I know about google is that they make cool online webapps, and that they have
a great search engine, but that does not make them my friend, so they don't
have my trust. That's why I try not to give it too much info about me. The
same holds true for facebook, and every other online service I give info about
me.

But this is just me, and what I think is probably not what the majority
thinks.

~~~
loup-vaillant
When you are right about something, people tend to eventually share your point
of view. Don't give up.

------
lucasoman
People don't comprehend how insecure the Internet is. They take for granted
that their information will remain private unless they explicitly wish to
share it publicly. This may be naive, but ideally this is how things ought to
be.

The reason these issues have been at the forefront lately is that mainstream
media has picked up the story. Facebook has, to use a cliche, reached critical
mass. Everyone and their dog has a Facebook profile, so when something
involves Facebook, even if it's a slightly more technical topic than usual,
people are interested and want to understand.

Combined with other coincidental events, like Google being compromised by
Chinese hackers, and people start thinking about it.

------
rue
I disagree that it is just about "trust", as someone above asserts, although
that is a big part of it. Many people indeed are upset mainly about the
violation of trust rather than the underlying privacy issues. (The intrusions
are not advertised, explained clearly, and the amount of interconnectedness is
quite beyond most people's understanding.)

However, one component of all this I find distasteful is the more or less
explicit coercion into revealing private information to use a service which,
in some cases, is perceivedly or _de facto_ necessary for one's livelyhood,
social life or whatever. In particular because the offline equivalents or
predecessors never needed such. You can argue that a teen does not _need_ to
use a virtual (no pun intended) monopoly like Facebook, or that no-one really
_needs_ to use unencrypted e-mail but that is just not realistic.

The (soon-to-be) ubiquity of the WWW or internet in general means that it
cannot for long be allowed to go so radically against people's privacy
expectations (some countries already offer better protection than others). The
solutions may well be created by the private sector - say, making HTTPS and
encryption for e-mail or equivalent the defaults.

 _Disclaimer: For this and other reasons I have avoided Facebook, MySpace et
al., do not exclusively use Google's services, handle my own e-mail and so on.
I am under no illusion that I am particularly secured against a concentrated
effort, but I am satisfied I have limited my exposure somewhat._

------
bbsabelli
You're right, there is no problem with privacy. At least, for me & you.

That's because we know that our facebook data went from private to public a
long time ago, and we have modified our behaviour accordingly.

However, you should also therefore know that not everyone in our social
network understands the implications of these default changes.

So, the geeks are upset on behalf of the non-geeks they know and love.

And they should be. If you don't think so, I challenge you to question 5 of
your less techie friends and family on this issue. You will be amazed at how
few of them (a) understand what the hell you're on about, and (b) care.

------
known
[http://en.wikipedia.org/wiki/Physician%E2%80%93patient_privi...](http://en.wikipedia.org/wiki/Physician%E2%80%93patient_privilege)

------
jarek
Out of curiosity: when did you start your Facebook account, at what age
(approximately), and were you in school at the time?

~~~
rick_2047
I started facebook when I got into freshmen college, which was this year. I
mainly started to use it as people like to share assignments on there fb
accounts(we are not emailed our assignments)

~~~
jarek
Right. Here's my experience. While I obviously don't speak for everyone --
steveklabnik is an obvious example of someone who would disagree despite his
seniority on the site -- I'd like to think I'm not the only one thinking along
these lines.

I created my Facebook account in late 2005, in my first semester of
university. (This was a couple of months after Facebook was first opened up to
non-American schools, including ours. My user ID was #1714 in our network.)
You might know the history. Only secondary and post-secondary students were
allowed to register, and _by default_ your profile was only visible to people
in your school. I seem to recall allowing friendships between people in post-
secondary and secondary networks was a big deal. There was no newsfeed and
there was no API.

It was a very walled garden, but for better or for worse, it was walled
reasonably tightly. Bugs were definitely there, but they were usually bugs,
not deliberate action. At the time, Myspace was king, and Facebook was
definitely presented as a less cluttered, more closed, more elitist, safer,
cleaner version of that. You felt like what happened on Facebook would stay on
Facebook, and people behaved accordingly. It's sort of like email -- you might
realize that it's pretty trivial to eavesdrop, but few people who do realize
that will write emails as if everyone could read them. It's more like a real
conversation if you don't. There _was_ no sense that whatever we put on
Facebook would be public, now or in the future. This was a campus
conversation: people might eavesdrop occasionally, but the walls don't have
ears or eyes.

Then Facebook realized they want to make money and started to slowly turn up
the heat on the frog cauldron. You've likely followed the story -- opening up
to registration for everyone, loosening defaults, Beacon, applications,
'likes', instant personalization. All along, it started feeling a bit less
like a dorm common area where you might chat with friends and more like the
internet, where you have to watch what you say. Less like a BBS and more like
a job application.

Should we have realized Facebook would eventually become what it is now?
Probably, but we were eighteen and enthusiastic and idealistic and more than a
little bit stupid. To be honest, I don't think even Zuckerberg knew in 2005
what he would do with Facebook in 2010, and we implicitly hoped it wouldn't
change _that_ much.

Now, I understand why Facebook is doing this. I mostly stay on top of the
developments. I started gradually removing the personal of information from my
profile a while back. (When signing up, I gave a fake birthday, left gender
blank, etc. Still, there is room for feeling betrayed when you realize that
no, you simply can't stop people from seeing your profile picture at 200 px
wide. That doesn't leave a lot of room for optimism as to what will happen to
walls and status updates in a year or two.) At this point, my profile is
nothing I wouldn't want or care about the internet at large seeing -- and
that's a lot less than it once was. The most recent thing to go were 'likes';
I don't like being described by foreign keys in a database, not to that
degree. Call me picky.

I'm not even outraged. By now, I've come to expect Facebook to fuck up when
implementing new things, to change defaults on me without notice, to open me
up to the internet. I conduct myself accordingly. That's probably not the
reaction they are hoping for.

Still, there is a sense of sadness. I _care_ , because Facebook of yore was
_better_ for us. It didn't make money, but that doesn't change the end user
experience. I miss having complete control of everything I trust Facebook
with. I miss being able to put "post-beat-power-puff-dance-punk-youthloud-
romantic-garage-pop extravaganza" as my favourite music without some dumb
script trying to make sense of it. I miss the four whimsically named groups I
belong to that were unceremoniously removed from my profile in a not-so-subtle
attempt to get me to 'like' things instead. I miss being able to name my
hometown as Trójmiasto, rather than having to name one of the cities belonging
to the metropolitan area known by an informal name because Facebook wants a
link to a database of all municipalities on earth. I miss what I once had.

------
butterfi
How much of this is perpetuated by 'echo chamber' I wonder?

~~~
qw
As someone who can be described as a Gen X'er, I have the same position now,
as I did when I first saw Myspace and Facebook - I don't want to be part of
it. The lack of privacy is a huge problem, and the worrying part is that it
seems that the younger generation has a much lower threshold than others. I
guess they are not old enough to have fully experienced or thought about the
potential risks.

I take great care in how I present myself on the web. I have blogs and share
photos online, but only on personal sites that I have full control of.

------
ahoyhere
The bottom line is, other people don't have the attitude you do about online
privacy. That explains it all.

And maybe they didn't think about it, or they trusted it, and they just woke
up and realized how much dirt there is to put together on them. They weren't
consciously deciding that online = open.

They're realizing that these free "tools" aren't tools at all; they are big,
nasty companies. And their user data is the product.

Nobody likes waking up and realizing they're a product.

Also, trends come in waves. The 'privacy' thing comes in waves. The 'openness'
thing comes in waves. Everything in life is a pendulum, from boom & bust
economies to the level of religious fundamentalism.

Nobody seems to put that all together, but these waves of trends are largely
BS, almost totally ineffective, nothing will happen, and it will disappear,
only to reappear again in a year or two when the next big co. sells its user
data without warning.

~~~
buro9
I don't think the author has the attitude he says he does. No-one truly can
stand by the statement that everything they put online they expected to be
public at some point.

So, your banking is online, your email is online. Clearly you expect some
things to not be public. The question is about where that line is and whether
someone moves it without your say so.

People would indeed freak at Google and banks if they revealed what they
promised they wouldn't. And that is the issue with facebook, they told people
they wouldn't share this stuff and so people used facebook to tell their close
friends stuff and facebook moved the line, repeatedly.

~~~
derefr
You're not putting your banking online—you're accessing a private service on
an individual computer using a cryptographically-secure protocol. That's
basically no different than having a direct hard line to the company's
servers; there's no "Internet" involved, and therefore no "public" involved.

Email is public. It is hugely vulnerable to MITM attacks at every step of the
process, not in the least by the postmasters of Alice and Bob's companies or
ISPs, both or which are subject to police search as well as social engineering
under the guise of police search. Unless you create a secure channel _over_
email, you should always treat everything you say in an email as if, well, it
was posted on your facebook wall. No sending email to your human trafficking
buddies, in other words.

~~~
logic
I'm late to replying to this, but your response is the reason why many geeks
don't get the problem here. None of what you just said makes any sense to my
sister or my wife's aunt, both heavy Facebook users. "Cryptographically-
secure", "MITM", and "social engineering" are meaningless phrases to them.

They hear the word "email", and they think, "the Internet version of the
letter I used to stick in a mailbox", and they make assumptions about the
level of privacy their communications enjoy. They log on to Facebook, see a
list of updates from people they know, and immediately have a feeling of
close-knit community; it simply doesn't occur to many Facebook users that
something like YourOpenBook could possibly exist.

You and I understand and appreciate the subtleties of online communication.
They don't.

------
rick_2047
As promised I am back with a longer post explaining what I learned from this
thread of interesting discussions (after studying and taking a 6 hour sleep).
First of all I thank again all the people who explained things so well and
enabled me to infer things which otherwise I would have overlooked.

In my first year of engineering I took a course in communication skills. Our
second lesson was titled "Barrier to communication" in which we studies what
type of inter, intra and organisational barriers are there to communication. I
read whatever was written here with an open mind I tried to infer what went
wrong in terms of those intra-personal barriers. I found myself guilty on 4
counts of barriers. Let me list them all out.

1)Wrong Assumptions: As I had stated in my original post, I always assumed
that internet == public. To me posting something on the internet was like
posting it on the bulletin board of the classroom or college. Thus, when all
this concern over privacy started I had incongruent thoughts from the privacy
aware people.

2)Varied Perceptions: Due to my wrong assumptions, I perceived whatever I read
in a very wrong way. It felt like people were suddenly and randomly picking up
on something to argue about and hate. This was not so. People had different
notions of what to keep to certain circles and what to make entirely public.
Thus this barrier further confused me.

3)Differing Backgrounds: Now this is perhaps the most strong and significant
barrier that I had. I failed to understand that most of the people who are
writing such essays do not have the same cultural background as me. Most of
these people were from a developed country and there is certain culture of
independentness there. People have different circles of people who are
oblivious to each other. But this is not true for me. I grew up in a liberal
Indian family. Now a "liberal" Indian family knows everything about each
other. And I am not talking just about my nucleus of mother father and sister.
I am talking about relations till first cousins. I meet these people every few
weeks and they know all about me. Thus everyone in my FB stream knew something
or the other about each other and had a actually posted keeping in my that
those people would be seeing all this stuff.

4)Impervious categories: I must be ashamed of my self that I fell for this
trap, a trap which I like to avoid like a disease. I didn't come in to this
discussion with an open mind, I only responded to notions which were congruent
with mine. This way I was not able to get to grips to all these thing before.

When I posted this question I had decided keep my mind open and try to
understand what happened here. I think I got to grips with most of the
problems people have been talking about. Here is a list of what people claim
to be the problem with them

1)They do not have total control over there data. So they cannot separate
things among groups.

2)Sites like FB violated there trust when they made things public. I read some
history and found that when the site was started people joined up so they can
share things in private, but now that is very hard to maintain.

This is all I have learned from this brief discussion here. And I again thank
you for explaining this to me.

------
kapauldo
Facebook's biggest demographic is 30 something women with kids. They are
_unknowingly_ putting pictures of their kids in public. Young bachelors don't
understand the outrage, but one day you will.

~~~
bbsabelli
A citation on this pretty please?

~~~
mahmud
His remark might not be 100% accurate, but it's pretty damn close:

[http://www.insidefacebook.com/2009/02/02/fastest-growing-
dem...](http://www.insidefacebook.com/2009/02/02/fastest-growing-demographic-
on-facebook-women-over-55/)

The majority of facebook users are women 26-44: no word on their maternal
status though.

------
rick_2047
First of all I thank all of you to post such a nice explanation (without
flaming me). I don't have much time to put all my thoughts but I must tell you
I have realized that the confusion I had was due to my differing background
and some wrong inferences of the topic at hand itself simple barriers to
communication which led to this catastrophic failiure of communication. I
always assumed online means public and that was a wrong assumption.I will
elaborate this as soon as I can.

------
J3L2404
I remember an IT guy telling me that the extent of privacy when sending an
email is roughly equivalent to talking loudly on a public streetcorner.
Hyperbole I hope, but everyone assumes that email is private - Hypothetically
maybe, but realistically I doubt it. The only thing truly private is the
inside of your head. Tin foil hat aside, the problem the OP misunderestimates
is the boundaries of marketing. Every ad agency would love to have realtime
data of your BP and heartrate when viewing their commercial, and if they
could, without your knowledge, they certainly would. Of course no one would
sign an opt-in clause.

~~~
mahmud
_Hyperbole I hope_

You can stop hoping. The great majority of email is sent in plain text (SMTP)
and as the datagrams are routed from machine to another, they're open to
interception, and in fact, are routinely logged.

SSL/TLS are cryptographic extension that attempt to secure messages in a
socket communication, and by extension, application layer protocols such as
SMTP.

~~~
J3L2404
Is it really that easy to hack emails without getting caught? Judging by the
Sarah Palin hacker, the risk if caught seems pretty high.

~~~
sbarre
It's not even about hacking emails. Some people have legitimate access to the
information and abuse this by simple snooping or eavesdropping.

Back in the early 2000s a friend of mine worked for a large consultancy in
Canada and often had to work on equipment in the Bell/Sympatico (largest ISP
in Canada at the time) data centers.

While he was there, he said the network techs would routinely snoop the
traffic of the customers at the router level to see what web pages they were
looking at, and grep'ed mailboxes on the servers looking for funny/dirty
pictures or private information (credentials for porn sites were a big one)...

I'm sure this isn't a common thing, but you can bet it happens..

------
mattmcegg
hey zuckerberg..... LURK MORE

------
mansr
People like complaining and crucifying. For many years, Microsoft was the
obvious target, but the last couple of years they've become ever harder to
fault on principle (they still produce bad software), so the pitchfork mobs
need a new bad guy. Someone started drumming about privacy at the right time,
and the mob latched on. That's about all there is to it.

