I’ve been concerned about privacy online for a while. There is an implicit trade that occurs on most “free” internet sites, your private information in exchange for some service – and it is not in the best interest of the sites to be transparent with the trade.
Chances are, you’re already on a few data-broker lists, have shared something embarrassing out of context online, and have no idea how many different accounts you’ve signed up for.
I’m hoping to get some feedback on a site I’ve put together that is working toward solving this problem. It’s called Identity.io and it tires to makes privacy online automatic and simple for everyone. So far, the site does the following.
1) Sends you an alert if a site you use materially changes the way the site works which reduces your privacy (i.e. auto-opt-in on linkedin to using your face in adds)
2) Detects all the online accounts you register for, or have ever registered for in the past. It (optimally) does this by connecting to your gmail and running lots of regular expressions against subject lines, sort of like tripit.com.
3) Provides video tutorials and a checklist of what you should do to lockdown your privacy online for all the account types you have + how to opt out of data brokers and other spammers.
It would be great to hear your thoughts and feedback.
EDIT: We are aware we haven't posted up a privacy policy or an about page - trying to get some feedback on the concept and technology at this point. For the privacy policy, we expect to use one similar to our other site's http://www.privacyparrot.com/privacy.
It looks good so far. It seems it found quite a few of my accounts, but when it stopped scanning Gmail, it said it found 2 accounts. Going to the dashboard shows it found 23.
I don't know if it's possible (or if it already does), but it'd be nice to see why it thinks I have an account with a place. It says I have a Bank of America account, but I use a local credit union.
Will this recognize if I've installed Ghostery? I have it installed, but have only installed it just a few days ago, before I joined this site. How does it know if you need to install it, or does it just say that for everyone? I also have Adblock installed and have since 2007, but it's telling me to install it.
I like that I can add multiple email addresses, but it did seem like it hung when I added new addresses, and no accounts showed up when I added my other gmail accounts and it didn't ask me for authentication for them. I'm not sure they got added properly. I'll check again when I get home.
Also, this:
>In August of 2011, professional social network Linkedin quietly introduced a new feature called social ads. It allowed companies to use photos of any of your contacts, with whom they, had a connection, in their adverts, effectively allowing your contact’s to endorse their products.
Excessive number of commas, I think.
Overall, though, it's given me a list of things I would never have known about. I have not followed any of the suggestions yet but I'll run through them when I get home from work. Very nice design, it works quick, and it found a good number of accounts. Are there plans to add more sites to the list or more sources for scanning accounts?
We are likely saying you have a BoA account because of an email which they sent you. Showing "how we know" is a good suggestion but would involve us storing some info from your email (which I imagine people who care about privacy are against)
no, it doesn't know if you have ghostery or adblock installed, just tells everyone to do this
multiple addresses: we thought we had this bug squashed, apparently not. Shouldn't be an issue in the future
Glad you find the suggestions useful. If there is pickup, we'll add more account types (currently we scan for about 250) and tutorials.
Honestly, the biggest problem I have with this site right now is that I don't know how you're paying for it - or how you intend to keep doing so. That's pretty much the exact problem with the sites you're monitoring - if I'm not paying for the service, someone else is.
I'd pay for a service like this - hell, I'd _rather_ pay for a service like this.
Interesting, would you really pay for it? Quite a few of the folks we've interviewed & surveyed say they'd use it, only if free. What kind of demographic do you think would be happy to pay for this kind of service.
That's about half of what got us into this mess, isn't it?
If you do this well, Yeah, I'd rather pay for it - we're not talking bank, but for a couple bucks a month, if you do what you say you'll do and I stop having to worry about whether Facebook's decided to loot my underwear drawer while I wasn't looking, I'll happily pay.
You could also consider a Cloudblaze-type model - some stuff for free to get the aggregated data you need, and some pay services. I just want to make sure I know which side your bread's buttered on.
Also, if you're at NYU - talk to the folks at ITP. Lot of interesting, privacy concerned people connected to that group.
You might consider building some kind of API that lets site owners "opt in" to this. You could theoretically act as a stamp of approval for sites that would like to be a little more transparent about what they're doing.
Yep - wonder if sites would try it, however. The credibility stamps most sites display are verisign + some hacker safe stamp + TRUSTe (a privacy seal). Do you think owners would show a "easy and transparent privacy" stamp?
You may want to check your front page links. Having most of them direct to http://www.identity.io/comingsoon while your virtualhosts file is out of whack (so prompt to download a httpd/unix-directory) doesn't inspire confidence that you will protect my identity.
Personally, I think it's a huge problem that a service that claims to help protect my online privacy does not have a working privacy policy on its site.
Looks good. Always wondered about all the sites that I have signed up for.
Signed up for it and added an email. The discovering part takes a lot of time and I couldn't do much during this time. How about doing the discovery in the background and let the user explore or do other stuff on the site?
I applaud the effort but the one thing that really irks me about things like this is the same think that irks me about the no-call list, i have to put my name on a list to prevent my name from going on a list.
Identity.io is by run by computer security and privacy experts who are serious about putting you in control of your information. We work out of the NYU-Poly Bloomberg Technology Incubator in New York City.
My browser is not seeing that the content at that link is an html page, so it downloads it instead of displaying it. This is a symptom of a MIME-type misconfiguration on your webserver.
Thanks for the heads up, I actually haven't seen this site until now. We haven't gone after the "search for your data out on the internet and send opt-outs" piece of puzzle. Some of them require you to submit a copy of your driver's license. Also, it seemed like the reputation.com service is on top of this currently.
Chances are, you’re already on a few data-broker lists, have shared something embarrassing out of context online, and have no idea how many different accounts you’ve signed up for.
I’m hoping to get some feedback on a site I’ve put together that is working toward solving this problem. It’s called Identity.io and it tires to makes privacy online automatic and simple for everyone. So far, the site does the following.
1) Sends you an alert if a site you use materially changes the way the site works which reduces your privacy (i.e. auto-opt-in on linkedin to using your face in adds)
2) Detects all the online accounts you register for, or have ever registered for in the past. It (optimally) does this by connecting to your gmail and running lots of regular expressions against subject lines, sort of like tripit.com.
3) Provides video tutorials and a checklist of what you should do to lockdown your privacy online for all the account types you have + how to opt out of data brokers and other spammers.
It would be great to hear your thoughts and feedback.
EDIT: We are aware we haven't posted up a privacy policy or an about page - trying to get some feedback on the concept and technology at this point. For the privacy policy, we expect to use one similar to our other site's http://www.privacyparrot.com/privacy.