Today I tried out a new service by one of the smartest guys I know, Michael Geist. It’s called iOptOut and it’s a gateway for Canadians to voluntarily put themselves on do-not-call lists *before* the company contacts you, as well as giving you a legal recourse for when they call you anyways (those bastards). Within hours of signing up for the service I got 8 calls from 1-480-543-1171. Spooky coincidence.

Customer service representative indicated they worked for Fido. Trying to acquire different identification information, such as passport, drivers license, citizenship number, SIN number. Agent was rude the whole time and started asking if any of the information was fake.

They had the nerve to call us back again. Fido has confirmed they are not legitimate for selling Fido phone service. Ottawa Police (Canada) are now launching a fraud investigation. – Jeremy

(1-800 Notes is a great site for looking up the telemarketers before you give them any information — I’m glad I did)

Unfortunately, Rogers (who owns Fido) was one of the companies I chose not to opt out of because I have several services with them. Not that it would have done any good, seeing how these telemarketer scum are only claiming to work for Fido, plus they’re in the U.S.

But still, the coincidence was strange that they started phone spamming me on the same day that I signed up for iOptOut. I absolute trust Mr. Geist and his service, but I’m wondering if some companies are selling their do-not-call lists?

Earlier this week Adam Pash at Lifehacker talked about the IdentiFight web app that lets you put in an email address and find the associated accounts at Digg, Friendster, LiveJournal, StumbleUpon, Twitter, Last.fm, Facebook, MySpace, Digg, Flickr and others. In the comments people were complaining about a marked increase in spam after using the service.

Definitely shenanigans. Gave 2 email addresses, both ones I receive mail for but aren’t very spammy in general (but ones I was willing to sacrifice). They each received the same new spam within 2 hours (same delay on each). — Kangarara

An email address that never had problems before is now receiving lots of “Undeliverable,” “Failure Notice,” and similar messages. In other words, my email address is now the apparent (though not actual) sender of tons of spam. — LHS

My first experience with online communication was bulletin board systems in the early 90s. The more things change, the more they stay the same. The experience of running a blog is almost exactly the same as it was running a BBS 15 years ago. The only difference is the sheer number of channels available for communication.

Where there was once up to 100 to 200 local BBSes there are now so many online forums for communication that it might as well be infinite., New forums for communication are being created all the time. Mainstream sites like the New York Times let you comment on articles, and each person has their own discussion forum thanks to sites like Facebook and MySpace.

“When I was involved in the BBS/IRC scene as a teenager I was surrounded by flame wars; one-upmanship was part of the attraction. I thought it was because of the immaturity of the participants, but now I think it is a natural offshoot of digital communication. We lose all the visual and auditory cues that are a normal part of human dialog and instead focus on words that can be easy to misinterpret (especially if looking for a reason to fight).” quoting myself

Winter is one of the worst for flame wars because environmental conditions make people more irritable and more likely to spend more time online. Here are some tips for navigating online discussions from someone who has been participating and managing public forums for over 15 years.

Tips for Administrators

Tip #1: Disemvowel

From Wikipedia: “In the fields of Internet discussion and forum moderation, disemvoweling is the removal of vowels from text either as a method of self-censorship, or as a technique by forum moderators to censor Internet trolling and other unwanted posting. When used by a forum moderator, the net effect of disemvowelling text is to render it illegible or legible only through significant cognitive effort.

Xeni Jardin, co-editor of Boing Boing says of the practice, “the dialogue stays, but the misanthrope looks ridiculous, and the emotional sting is neutralized.”

This original sentence:

In the fields of Internet discussion and forum moderation, disemvoweling (also spelled disemvowelling) is the removal of vowels from text.

would be disemvowelled to look like this:

n th flds f ntrnt dscssn nd frm mdrtn, Dsmvwlng (ls splld dsmvwllng) s th rmvl f vwls frm txt.”

You can disemvowel any text using this tool. There is also a Firefox extension that lets you disemvowel comments if you’re a WordPress administrator. The same guy has a Firefox extension for handling religious trolls.

Tip #2: Temporarily disable comments for that post

This works well if you’ve been linked to from another site and it’s bringing a lot of tolls (IE: Digg, Slashdot). You can turn the comments on after a day or two without having to wade through the 100+ comments telling you how much of an idiot you are because they don’t agree with some minor minutiae of your argument.

Tip #3: Take the discussion to email

Nothing kills a flame war like removing the audience.

Quoting myself: “There is a different between scrawling messages on a public site and having a one on one conversation. The flame wars that are routine on some sites rarely exist in personal email. People stop being disembodied words and ideas and you remember that there is a person behind all of that typing.”

Comment Ninja is a handy Firefox extension for WordPress blog administrators that makes it easy to respond to commenters on your blog by email.

Tip #4: Never post personal information

Because you are an administrator, you have access to a commenters email address and their IP address. This information is usually enough to find out anything else you want to about who they are. (IE: put their email address into Facebook to find their real name, use their IP address to find out where they work)

It can be tempting to deal with a troll by removing their anonymity, but making it personal can change a one time nuisance into someone with a grudge that won’t go away.

Tips for Anyone

Tip #5: Let it stew

If something really gets your goat, then sit on it. Come back and re-read what bothered you later on and you may find that you were reading between the lines and interpreting an emotional undertone that isn’t there. The human mind is great at adding missing context, but it can also trick you into reading what you want to believe.

Revisiting something that filled you with rage days latter can leave you scratching your head trying to find what it was that pulled your chain.

Tip #6: Leave it where you found it

As I said earlier, it is ridiculously easy to collect personal identifying information about someone and find other parts of their online identity. Other than bringing a public argument to a private means of communication, you should leave the argument where you found it. Letting it spill over to other websites, or worse, following the person on to other aspects of their online identity makes you look like a stalker or a crazy person.

It doesn’t matter how justified you feel your actions are, the simple act of not being able to let go of things hurts your credibility.

Tip #7: Social proof is important

No matter how well reasoned your argument is, trying to convince someone of something they vehemently disbelieve in is next to impossible when they don’t know you from a hole in the wall.

From Wikipedia: “Social proof, also known as informational social influence, is a psychological phenomenon that occurs in ambiguous social situations when people are unable to determine the appropriate mode of behavior. Making the assumption that surrounding people possess more knowledge about the situation, they will deem the behavior of others as appropriate or better informed.”

Every online forum is an ambiguous social situation because you don’t know who you are communicating with. The social proof of who you are in that community will play a bigger role than your actual argument.

Tip #8: Always let a fool have the last word

Slant Six Creative covers this in depth: “Healthy argument and debate only work when everyone’s a willing participant, and no amount of reason or good sense is going to convince someone whose only goal is to throw a monkey wrench. At the same time, trying to dismiss that person or shut him up will usually just make him go that much harder. That and it makes you look like a dictator, which you never want to be.

So, give him the last word on the point and move on. Doing so might mean a short-term hit to your pride, but in the long run it helps you build credibility with the people you’re really trying to talk to.”

Tip #9: Walk away

Communicating online has some clear benefits because you can take as much time as you want to develop your arguments and it is easy to re-read past points without falling into a rehashing of who said what. But it can also be time consuming and pointless when there is no resolution in sight. There’s a big difference between debating a subject and a flame war in the emotional response you feel and the benefit you get from the discussion. The only way you can win a flame war is by turning off the computer and getting on with your life.

Online discussion is easily archived and searchable, so who knows if this discussion will be dredged up years later. Is it really worth it?

Microsoft’s live.com is offering email addresses, and the usual land grab rush is on to “secure” your identity on the service. What most people don’t realize is that securing a “prime real estate” email address is probably the LAST thing you want to do.

An obvious email address suffers from an insidious kind of spam you’ll never be able to properly filter or get rid of: I’m talking about wrongly addressed email.

(photo by planeta)

As a gmail beta tester I was lucky enough to grab several firstname@gmail.com accounts and a couple of firstinitiallastname@gmail.com accounts. It was fine for the first year, but it has rapidly gone downhill as Gmail has risen in popularity. Now when I check my primary email account I’m lucky if one in four emails were intended for me.

I’ll get university class mailing lists, church lists, hotel bookings, and account signups by the handful. [1] It’s the digital equivalent to rifling through the magazine rack for subscription cards to sign up your ex. Except there’s no malice behind it; only ignorance and carelessness.

Possible email address for John Q Public

What makes it doubly-worse is that with many email programs automatically collecting any correspondence to your address book means that telling someone they have the wrong address might be enough to get you added to their address book forever. If you choose an email address with your last name, chances are that the people emailing you might have the same last name — automatic address collection means that you’ll be on the receiving end of each other’s Christmas newsletters for who knows how long.

I know I sound ridiculous, but you really can’t appreciate the number of similar email accounts on services like @gmail, @hotmail, @yahoo and now @live until you get a popular email address and start seeing the effect of several people who give out the wrong account name — yours.

Related Posts

• Password Recovery — The Achilles Heel of Your Online Security
• Why Posting Your Email Address in Plain Text is Never a Good Idea
• How to access Gmail when it is blocked at work or school

[1] And out of all those wrongly addressed emails there was only one mis-sent dirty letter.

Have you ever wanted to send a gift certificate to someone anonymously? One of the problem with electronic transactions is that quite often they tell the recipient exactly who you are. This isn’t a problem when it comes to gifts for your family or friends, but it can be more tricky if you are running an online contest for your blog.

photo by lilit

Why Anonymously?

There are several non-creepy reasons why you might want to send an anonymous gift certificate. Perhaps you are blogging pseudoanonymously? Or it could be that your PayPal / Amazon account is registered to an email address that you don’t want to share/publicize? There are many reasons why you might want to keep your Amazon or iTunes account information private but still send someone a gift certificate.

Use a Proxy

If you wanted to surf the web anonymously you would use a proxy that would act as a intermediate between your web browser and the web sites you are visiting. The same technique works for buying gift certificates. There is an online service called Prezzle that will let you send “wrapped” gift certificates to other people. If you use Prezzle to send someone a gift certificate, the recipient will see the sender as Prezzle instead of your real identity.

There is a small service fee for using Prezzle.

Hot Tip: Make sure the gift certificate matches the country of the person receiving it! Often companies like Amazon and iTunes won’t let them transfer the gift certificate to the store for their country.

Social network site fatigue is when you’re sick and tired of trying to find your friends when everyone jumps ship to the Next Big Thing (Friendster to MySpace to Facebook, Twitter to Pownce, etc). The biggest problem with the web 2.0 revolution of “social network apps” is that there is no universal identifier. In real life, governments use social insurance numbers to tell the different between two people with the same name. If you look at the web as a big database, we’re missing a universal key that lets us know that engtech on Digg is also ninetimessix on StumbleUpon who is also Eric on Facebook and Internet Duct Tape on WordPress.com.This is an epidemic problem with all web services. Even in cases where there *IS* a universal common identifier there is no guarantee that every site will support it. Companies either lack the technical know-how, or they fear sending their customers to their competitors if they make it too easier to move data around.

The Universal Identifier for Movies

Everyone can agree that IMDB is the #1 database for information about movies. They also provide an ID number for each movie and TV show. For example, Six Feet Under has an ID of 0248654 and you can access a lot of information on IMDB directly if you know that number corresponds to Six Feet Under the tv show. Rotten Tomatoes understands that IMDB is the #1 database for information about movies, and you can link to any movie on their site using only the IMDB number.

http://www.rottentomatoes.com/alias?type=imdbid&s=0248654

brings you to

http://www.rottentomatoes.com/m/six_feet_under_the_complete_first_season/

Any web site about movies that doesn’t understand that the IMDB number is the universal identifier is shooting themselves in the foot because they are making it harder for users to mash their new site up with existing sites about movies. IE: If I had a blog about movies where I always linked to IMDB, I could trivially change those links to Rotten Tomatoes for all of my old posts because RT understands the IMDB number.

What is really surprising is that even though Amazon has owned IMDB since 1998, you cannot browse Amazon results using the IMDB number. Sure, there are nice hacks like the Movie Dude script for Firefox that will crosslink the movie sites for you… but it would be so much easier with universal IDs. The same would go for social network sites.

Facebook As a Universal ID?

Facebook hype has been through the roof, with many pundits wondering if the closed garden of Facebook is going to become the official storehouse for online identity (at least for the next few years). Their ingenious apps platform lets other websites piggyback off of the Facebook social web, giving us a hint of social site nirvana: being able to maintain one set of friends on Facebook and use that same set on every other social site. But that is contingent to how well Facebook plays with other sites.

NetVibes has already shot the first volley against Facebook’s bow with their new application that exports Facebook data into NetVibes. It would be nice to see Facebook becoming a social network hub. ClaimID, the bright future of open identity, even has a Facebook application. My hope is that the ClaimID app will let me find the claimed identities of my online friends and act as a hub for my social network activities. One friendlists to rule them all and in the darkness bind them.

But There Already Is a Universal Friendslist!

The silly thing about all this time we waste with friendslist management is that we already have a universal friendslist: our address book. Any social site worth it’s salt will let you batch import all of your existing friends by uploading a file or logging in to your web-based email account. Plaxo has been fighting to become the universal address book, it gives you the ability to automatically push out contact information updates to anyone who has you in their address book. They’ve even gone so far as to implement some killer developer tools like Javascript and REST widgets – I’ve seen a few startups add address book friendslist import to their web app in literally minutes by using the Plaxo tools.

There are definitely some smart eggs at Plaxo, as they’ve been repositioning themselves with Pulse as an open social network where users can share contact information and their web presence easily.

But who will win the battle of the social networks? Will it continue the same cycle of a new network being popular every two years? One thing is certain, as long as there isn’t an easy way to migrate data and contacts between these network, it will be the users who lose.

One of my friends wanted to secure the profile for her 17 year old daughter and she was asking me what the heck all the application privacy settings mean on Facebook. I didn’t have a good answer for her. If I’m asking myself “wtf does that application setting mean?” I figure there’s more than one other person in the crowd with a dim light bulb over their head. Here’s what I could figure out to the best of my knowledge.

Now you too can become one of the 1% of the people on Facebook who understand how their Facebook apps (widgets) are configured.

Adding an Application

I was surprised that Facebook does not give more information on what these options mean when you’re installing an application. I know that designing “simple” user interfaces is hard, but you are doing something wrong when your users have to go to such great lengths to do something as simple as adjust your privacy settings.

Know who I am and access my information

This option has to be checked in order to install ANY application. This is Facebook’s way of covering their ass.

(photo by ambergris)

Put a box in my profile

If this is unchecked then the application won’t show up on your profile at all, but may still spam your mini-feed and news feed.

(photo by ugandan giant)

Place a link in my left-hand navigation

On your left hand menu under Search there is a list of your application that only you can see. Clicking on these links usually shows you cool stuff like recent updates from your friends who use the same apps. This setting controls whether or not this app shows up in that list.

This setting only affects how you see your applications.

Publish stories in my News Feed and Mini-Feed

This is the “spam the crap out of your friends” feature. TURN THIS OFF FOR MOST OF YOUR APPLICATIONS! The mini-feed is that list of things you’ve been doing on your profile page. The news feed is the list of things you’ve been doing that shows up to all of your friends when they log into Facebook. Do you really want to spam them with every single thing you Digg, Stumble or save to Del.icio.us?

You can adjust the mini-feed and the news feed individually by editing your application settings later.

Place a link below the profile picture on any profile

Underneath your profile picture there is a text list of your applications. These links can display additional information like the number of songs you have added, pages you have bookmarked, etc. If you have a lot of applications this list can become unwieldy, so try to limit it to your five favorite applications.

Adjusting the Privacy Settings

Some applications (particularly the ones created by Facebook) have application specific privacy settings that you can adjust from within your “application privacy options” or by editing your application settings. I don’t know why they didn’t make it consistent for all applications.

Editing the settings of an application will give you the following extra option that weren’t available when you first added it.

Control who can see the application on your profile

This is a standard drop down choice between everyone, all your networks, some of your networks, your friends, yourself, or no one. If you chose not to have a box in your profile when you added the application then this will be set to “no one”.

Individual control of mini-feed and news feed setting

When you are adding a new application there is only one setting for mini-feed and news feed. If you edit the application later you will be able to have different settings for your mini-feed and news feed (which is a good thing — have lots of updates on the mini-feed but not as many on your news feed so you don’t spam your friends).

Applications and Limited Profile

You can control which of the official Facebook apps are shown on your limited profile under Privacy Options >> Limited Profile. As far as I can tell unofficial apps never show on your limited profile (or maybe they always show and there is no way to turn them off).

Control the Information Given to Third Party Applications

Under Privacy Options >> Applications >> Other Applications you can control what other applications can find out about you when you don’t have them installed (IE: if your friends have them installed). I highly recommend leaving most of the boxes unchecked. The only way you can disable ANY information from leaking out to your friends’ applications is by removing all of your applications first.

Blocking Applications

Did you know that you can block specific applications from contacting you or showing up in the news feed? You have to go to the application page and then chose Block Application. You do not need to install the application to do this. Yes, this means you can stop people from trying to bug you with those zombie/vampire apps.

• Zombies
• Pirates vs Ninjas
• Vampire
• Superwall
• Super Wall

Removing Applications and the Information Inside of Them

If you remove an application it does NOT delete any of the information inside that application. If you uploaded photos, videos or posted a note then all of that information will still be there unless you delete it inside of the application before removing an application. Good news: you can remove an app and then re-add it later on and be right back where you started. Bad news: it’s harder to get rid of embarrassing/incriminating info than just “removing the application”.

5 Things to Remember

1. Don’t spam your friends — turn off the news feed for applications that update frequently
2. Too many links — turn off profile links for applications other than your favorites
3. Control who can see it — there’s no good reason to share apps with your networks instead of just your friends
4. Delete THEN remove — you have to delete the information inside an app before removing it
5. Stop being annoyed — block the applications you don’t like

The Facebook applications privacy settings are pretty danged complicated, and in usual Facebook style the controls to access them are all over the place. But now you know what the different settings do and have an idea of how you can use them. Blocking annoying applications can make the site a lot less annoying, and you can control your own settings to keep from spamming the crap out of your friends. The only real gotcha is that you need to delete embarrassing information from an application before you remove the application.

Remember:

“Be sure to customize your privacy settings on the Privacy page if you are uncomfortable being found in searches or having your profile viewed by people from your school, workplace or regional network. Remember, unless you’re prepared to attach something in your profile to a resume or scholarship application, don’t post it.” — Official Facebook Safety page

Did you find this page useful? Then help spread the word by sharing it on Facebook, del.icio.us, StumbleUpon or other sites.

Related Posts

• How to use Facebook without losing your job over it
• How to synchronize your iPod to Facebook using Last.FM

StumbleUpon and Tumblr are both interesting forms of micro-blogging, but I’ve been getting more into Twitter. Twitter lets me surf other people’s streams of thought (like a super micro-blog-lite with 140 characters or less per entry). You view all of the your friends/contacts “tweets” as a stream. What’s funny is when completely unrelated tweets can appear connected because of the random positioning of technology.

Just saw this little Twitter zombie mash-up on my screen from Anil Dash and a story-by-twitter account. Two people who don’t know each other forming a conversation for only me to see.

Of course, Twitter has it’s dark side as Steve Rubel of Edelman recently found out. Tim Nash’s excellent post about reputation management had me thinking that perhaps it was time to start merging my personal blog into my professional life. But Mr. Rubel has now reminded me of my initial thoughts of Twitter:

Like all public web communication people will lose their jobs and destroy relationships over Twitter before they realize that it’s all public, it’s all archived, and it’s all searchable.

All of us involved in the internet self-publishing craze can do well to remember that the technology distorts the context of our messages (not to mention how any communication is open to interpretation). It’s impossible to self-monitor all of the information we’re putting out there without turning into a Luddite that uses the web like a television, read-only. All we can do is try to avoid the stupidity of posting a sex tape on MySpace and be prepared for when one moments communication can be blown out of proportion down the road.

ComputerWorld has an article about how recruiters use web anonymity to find more information out about job applicants.

In a 2006 survey by executive search firm ExecuNet in Norwalk, Conn., 77 of 100 recruiters said they use search engines to check out job candidates. In a CareerBuilder.com survey of 1,150 hiring managers last year, one in four said they use Internet search engines to research potential employees. One in 10 said they also use social networking sites to screen candidates. In fact, according to Search Engine Watch, there are 25 million to 50 million proper-name searches performed each day.

They go on to list some tips like starting a blog, joining open source communities, building a web page, creating web profiles. Andy pads it out with some more helpful suggestions like getting a domain name, tips for getting the number one spot for your name and controlling what appears in search results for your name.

I’ve written about privacy, internet usage and real name searches a few times with my Facebook tips, guide to pseudonyms/identity hiding and tips on hiding your LinkedIn profile from searches outside of your LinkedIn network. When I started this blog a year ago it was with the idea that it could help with the job hunt, but then the slew of articles I read about people losing their jobs because of blogging convinced me otherwise.

Building up an online profile *is* important factor in job hunting but the one lesson I’d like people to remember is that the internet is archived and once something is published you lose control over it. My current “like-watching-a-car-crash” fixation is reading the cyber-drama that can happen between women who have dated the same man and have both become mutually obsessed to some degree (not linked because I respect their desire to let it go). I’d hate to have that kind of high school BS showing up as the number one search result when a stranger tried to find out more information about me.

Blogging and building an online identity around your real name can help you create a trail of expertise for people to find. It definitely can be a good tool for networking with people in your business niche. But it also can be littered with personal information that people are so quick to publish these days that shouldn’t be part of a job search (like appearance, political beliefs, religion, and sexual orientation).

I’ve run into this dilemma myself when I’ve wondered if I should release code or a tutorial under my real name for potential future job searches or leave it under //engtech. This would be less of a dilemma if my career had any sort of benefit from the activities I do blogging (other than I’m getting better at organizing my thoughts into the written form).

There is also a wide disparity between talking the talk and walking the walk when it comes to blogging. Like Matt, I notice that most bloggers who are producing software don’t have a lot of time to blog when they’re also working on a project.

I think Dan was right when he said the best answer to the whole question of online identity impacting job search is to work for yourself so you don’t have to worry about what future employers might think about you. You only have to worry about what your customers think.

Identity Search Tips

What kind of information is available about you?

• Search your name on Google as it appears on your resume with and without quotes around it
• Try the same search with your name and city
• Search your public emails addresses on Google
• Try the same searches on Yahoo and MSN
• Try the same searches on Google Groups
• Try the same searches on Facebook and MySpace
• Find out what your IP address is and search it

It’s surprising what you can find.

I’ve followed my friends as they jump around from social network to social network, creating profiles on Friendster, Hi-5, Orkut, MySpace and now Facebook, even though I never use the sites.

Facebook is great networking tool that lets you keep in contact with former friends from high school, university and various jobs. It easily connects people together with tools like registering that you are the owner of a specific cell phone number, keeping track of every email address you’ve ever had, and logging into your email account to find out who you know.

As you can guess from my previous series on online pseudo-anonymity, something that collects as much personal information as Facebook scares the bejebus out of me. From the address book import I can clearly see that everyone I’ve ever even remotely known is already on Facebook, and the default settings mean they’re all sharing all kinds of personal information they may not be aware of.

The potential downside a lot of my friends and acquaintances don’t realize is that Facebook is more like LinkedIn than MySpace and it is “on the radar” of your employers. People have already lost their jobs because of their Facebook activity. Most people don’t think about online privacy concerns like these unless they’ve had a bad experience because of being too free with information.

But Facebook can be used safely and with little impact on the rest of your life by following these tips.

(photo by mmarchin)

Understanding the Relationship Levels

Facebook sucks for not having enough control over how well you know someone. There are nine million ways to define how you know them, but only three levels for how well you know them. By default everyone is a stranger. A network is a group by region/location, school or company. Your friends are people who you’ve mutually agreed that you know each other.

You have the ability to change the privacy of things at the micro-level but it is tedious. Facebook has no global solution in place for “he’s my Friendster but not my friend” — handling acquaintances without giving them the same access as people who are close to you.

Changing The Default Privacy Settings

This should be an obvious tweak but most people ignore it. By default anyone in your networks can see everything you’re doing on Facebook. Click on the My Privacy link to start editing your information. One thing Facebook does very poorly is it always assumes you’re going to want to share all of your information with your global networks for cities, schools and businesses.

HACK: If you don’t join any networks then the default privacy settings aren’t that bad.

Profile

• Profile defaults to All my networks and all my friends when it should be Only my friends.
• Contact emails defaults to Only my friends when it should be No one.
• Profile Features default to All my networks and all my friends when it should be Only my friends, only me, or no one.
• This is where you can do things like turn off your wall, hide your online status and hide your groups.

Search

• Search defaults to Everyone when it should be Only my friends. There is no explicit option to not appear in search results, but in testing when I unchecked all of the options I stopped appearing.
• By default people can see your picture, send you a message, poke you or add you as a friend from the search results.
• UPDATE 2007/09/05: Facebook search results now show up in Google search results. These privacy settings will prevent you from showing up.

News Feed and Mini-feed

This is the most worrisome display of private information on Facebook. Your newsfeed publishes information on everything you are doing on Facebook. I’d turn most if not all of these off. At the very least turn off the Show times in my Mini-feed option — no one needs to know you spent all morning tweaking your profile.

Poke, Message and Friend Request Settings

Whenever you poke, message or friend request someone they are able to see parts of your profile even though your privacy setting may normally prevent them. Change these to whatever you are comfortable with. They are only shown when you initiate contact with someone.

Privacy Settings for Friends, Notes, and Facebook Development Platform

• Friends list. By default Everyone can see your friends list. It should be Only my friends.
• Notes are like a mini-blog. By default Everyone can see your notes. It should be Only my friends.

Don’t forget other privacy settings that are hidden in your Edit Profile like displaying your birthday. That’s also where the email notification settings are tucked away.

Have a Professional and a Personal Profile

Facebook is a good professional networking tool. It is also a fun place to keep in contact with friends using public messages, photos and events. Things you wouldn’t want to show up on a professional profile. So have your cake and eat it too by having two profiles (even though this may be against the Facebook terms of service).

A professional/public profile

• Shows your full name, job history and schooling.
• Only add work-related email accounts / IM.
• Only add industry contacts as friends.
• Only join networks related to school and work.
• Only have one professional looking photo or do not include a photo.
• If “blasts from the past” try to find you this is where they’ll end up and you can add them as a contact without revealing lots of personal information to them.

A personal/private profile

• Shows first name/nickname, and last initial.
• Don’t join networks related to school or work.
• Don’t list your work experience.
• Don’t use your work email address.
• Do whatever you want with it.

Obviously, don’t link your personal and professional account as friends.

Since you have two Facebook accounts that are unrelated to each other you can switch accounts to test how much information is publicly available on the other account.

Friends Not Acquaintances

People use these social networks to connect to anyone they’ve ever remotely known, proudly trying to amass the largest friends list they possibly can. There are people I know that I only keep in touch with when we join a new social networking site.

One of the potential problems with Facebook is that the privacy settings only distinguish between strangers, networks and friends. Once you list an acquaintance as a friend they have the highest level of access to your personal information.

Don’t Use the “Find Your Friends” Feature

The “Find Your Friends” feature grabs a list of all of your email contacts and tries to find them on Facebook. This wouldn’t be a problem except that it uses your entire address book contact list.

Most email software automatically adds anyone you have exchanged emails with as a contact. That list could include ex’s, co-workers and any stranger who sent an email to the wrong address that you politely replied-to to inform them of their mistake.

Don’t Use Facebook at Work

Facebook has a feature called the mini-feed that lets other people see/stalk everything you’re doing on Facebook and logs the day and time. Your profile shows the last ten things you did, and it’s possible to view all activity you have ever done on Facebook and when you did it.

So people can see exactly how often you Facebook at work.

Facebook even makes it very convenient to sort this information to find photos OTHER people have uploaded to you and to track every bulletin board message you’ve ever posted. It’s a stalker’s wet dream.

You can remove/modify this feature by going to My Privacy >> News Feed and Mini-Feed Privacy. At the very least everyone should turn off the Show times in my Mini-feed option. If you’re going to Facebook at work, at least hide the fact.

Hide Your Groups

When using the create a group feature, by default anyone can join, anyone can see the group information, read the discussion board or see the photos. When creating a group set the group access to secret. Be aware that at any point an administrator can change a group from secret to public.

NOTE: If a group is public then you can hide things you’ve posted from showing up on your profile by using the My Privacy >> News Feed and Mini-Feed Privacy settings. You can’t however hide being a member of that group, or prevent someone from browsing the any of your messages in that group.

Identity Theft

The problem with publicizing a lot of information about yourself is that you have no control over how it will be used. While it is unlikely that someone will use that information to apply for credit cards under your name, there is a chance of minor mischief like using the information to impersonate you on another site or for someone to pretend they know you as a fake reference during a job interview.

I have seen both of those happen.

Facebook Privacy Policy

If you read the Terms of Service with a fine-toothed comb, Facebook is allowed to sell/share your information with other companies without asking you for further permission. The Facebook Wikipedia page has more information about criticisms of Facebook’s privacy policies.

Applications

This guide was written before Facebook applications existed, but you can find out about how to configure the privacy settings for your Facebook apps here.

5 Things to Remember

1. People are only friends, limited profile, network, strangers or blocked — those are the only different access levels
2. Privacy settings are frickin complicated — set yourself to have no network to avoid most of the hassles
3. Private messages are better than wall posts — wall posts can bite you in the ass later
4. Turn off times and online status — no one needs to know when you’re Facebooking
5. Adjust your news feed and mini-feed — if people can’t see when you write in groups, or comment on other people’s photos then it avoids a lot of the stalking opportunities

Conclusion

The problem with Facebook is that people use it without giving a second thought to how much information they are publishing and by default they are publishing more information than they may want to. Facebook is used for professional job searches and networking as well as pure socialization and problems can happen when the two meet.

Related Posts

• Why online anonymity should matter to you
• Online pseudo-anonymity tips
• Employees fired because of Facebook
• Facebook application privacy settings
• How to show your iPod playlist on Facebook

External Links

• Stanford Student Newspaper article on Facebook privacy
• Facebook’s Privacy Trainwreck: Exposure, Invasion and Drama by danah boyd
• Career Advice – Don’t spend half your day on Facebook and then brag about it
• How to look good when your recruiter Google’s you by Nick Douglas @ Valleywag

So an Ottawa grocery chain (Farm Boy) has fired employees because of postings they made on Facebook under their real identity (via: Michael Geist). Facebook is a MySpace clone focused on University/College students. Devon Bourgeois and James Wood are now jobless because of messages they posted on a message board on Facebook (although it was not publicly available). The gist I got from the story is that the company fired them for admission of theft based on posts on the Facebook message board.

Devon was the administrator of the “I got Farm Boy’d” group that was decribed as “just for fun – inside jokes”. It has 187 members from the Ottawa and Cornwall area and it is not publicly viewable — you have to be a member to read the messages.

You Got Dooced!

The worst part of Devon’s story is that he doesn’t have a common name. Typing his name into Google only brings up 5 hits, which means that once this news story is indexed it will easily turn up any time someone Google’s his name. Future employers, girlfriends and nosy people in general will be able to find out about his indiscretion.

Hopefully the MySpace generation will take this as a wake-up call and be more careful in what aspects of their life they post online. Here is a series I wrote about online anonymity that could have helped them out:

1. Digital Breadcrumbs – Intro
2. Case Study – Stalking My Friends Online
3. Online Anonymity – Protecting and Masking Your Identity

(this is a follow-up to the Great Firewall of Canada)

spyblog.org.uk notes how “systems like British Telecom’s CleanFeed are inherently vulnerable to reverse engineering attacks, which can reveal the list of censored websites”. While I doubt the technique mentioned in the paper still works, it does give more technical information about CleanFeed than I’ve seen anywhere else.

Dr. Richard Clayton’s paper
http://www.cl.cam.ac.uk/%7Ernc1/cleanfeed.pdf

Michael Geist has thrown in his support with Cybertip on the issue:

More importantly, while some may suggest that this opens the door to other blocking – hate content, defamatory content or copyright infringement to name three – there is a crucial difference with child pornography that should prevent a similar approach. While those forms of content may raise legal issues, in the case of child pornography, it is illegal to even access the content. That is a crucial difference since under current law there are no valid free speech arguments for either disseminating child pornography nor for seeking the right to access it. Given that difference, the right of appeal, and the active involvement of cybertip.ca, the arrival of Project Cleanfeed in Canada looks like a good news story that merits close monitoring.

The comments on his post are well worth reading, particularly those of Cory Doctorow of BoingBoing:

Michael, I think that you’re being entirely too sanguine about a secret blacklist of content. Having had my own material censored by such blacklists at the national and local level, I’m a lot less trusting of these systems.

The idea is fundamentally broken. First of all, it seems to me that keeping a secret list of “evil” content is inherently subject to abuse. This is certainly something we’ve seen in every single other instance of secret blacklisting: axe-grinding, personal vendettas, and ass-covering are the inevitable outcome of a system in which there is absolute authority, no due process, and no accountability.

The appeals process is likewise flawed. If the self-appointed censors opt to block, for example, material produced by and for gay teens about their sexuality (a common “edge-case” in child porn debates), then teens will have to out themselves as gay to avail themselves of the appeals process.

Notwithstanding this, it’s hard to imagine how an appeals process would unfold. How could someone who wanted a site unblocked marshal a cogent argument for his case unless he could see the content and determine whether it was being inappropriately blocked?

Likewise, there is no imaginable way in which such a system could possibly be comprehensive in blocking child porn. It will certainly miss material that is genuinely child pornography. The Internet is too big for such a list to be compiled, and the censorship problems are compounded as the lists grow.

If, for example, Canada were to import Australia’s secret list of bad sites, then Canadians would then be subject to the potential abuses of unscrupulous (or unintelligent) censors in Australia, as well as in Canada. You’d have to trust the Canadian censor-selector process, and the Australian one. The longer lists that would emerge from the merger process would be harder to audit — the haystacks of real porn larger, the needles of censorship smaller.

Worst of all is the problem of site-level blocking for user-created content sites like Blogger, Typepad, Geocities, YouTube, etc. These sites inevitably contain child porn and other objectionable material, because new, anonymous accounts can be created there by people engaged in bad speech. However, these sites are also the primary vehicle by which users express their own feelings and beliefs and are frequently posted to anonymously by whistle-blowers, rape victims, dissidents in totalitarian states and others who have good reason to hide their identities.

Site-level blacklisting can’t cope with these sites. They can try to block by subdomain or directory (e.g. childporn.typepad.com or blogger.com/childporn) but these URLs are very easy to change. The general response of net-censors to these sites is to block them entirely, or demand that they adhere to some imposed code of conduct that calls for eliminating anonymity and close monitoring of content.

Finally, these methods only stop stupid child pornographers from gaining access. Smart child pornographers use Tor, or IRC, or BitTorrent, or Usenet, or email to get their material. Any dedicated child pornography collector will not be stymied by Cleanfeed.

Like so many other systems that “keep honest users honest,” Cleanfeed will only serve to keep honest users in chains, and allow bad actors to skip off without any substantial inconvenience.

Michael Geist responds with:

1. There appears to be some confusion about the nature of the blocklist. First, ISPs will not maintain their own lists nor look to corporate providers. The sole source of the list will be cybertip.ca. Cybertip.ca tries to find middle ground between public and private. It has private supporters, but has been designated by the government as the national tipline for child pornography. This strikes me as a reasonable attempt to avoid charges of state-sponsored censorship and/or commercial incentives to block. Moreover, the suggestions that the block list should be made public is simply a non-starter – to do so would likely violate the Criminal Code.

2. There are several comments that suggest the blocking is government mandated. That is not true. Each ISP has voluntarily adopted Cleanfeed and there remain many Canadian ISPs that have yet to do so.

3. There are several puzzling comments that seem to suggest that the filters should be placed in the hands of individuals so that people can decide for themselves whether they want to access the blocked content. Let me repeat – accessing this content is illegal. I do not understand how people can suggest that they should have the right to access this content when the law clearly states that they do not.

4. There are also some suggestions that the system is ineffective and/or that the problem is exxaggerated. Note that a similar system is run by British Telecom in the UK. Earlier this year, BT reported that the system was blocking 35,000 attempts per day to access this content [[ link ]]. 35,000 blocks per day for a single ISP does not strike me as insignificant. With respect to its effectiveness, there has indeed been some studies of the UK that question its effectiveness. However, an Australian commentary on the BT approach lamented how few sites were being blocked. Far from overbroad blocking of thousands of sites, the Senator noted that there were under 1,000 child pornography sites[[ link ]]. The same criticism (a feature not a bug in my view) can be said of the Canadian approach.

Ultimately, I agree that there are risks with this approach and that Cybertip.ca must become far more transparent about its policies with respect to appeals. However, the risks identified in the comments must be set off against the risks of doing nothing about a very real harm. For now, I remain of the view that this is a risk worth taking.

Other blog posts worth reading:

• TechMeme
• TailRank
• Matthew Ingram

The title of this article is, of course, a reference to the Internet censorship that is rampant in China.

Mark Goldberg pointed me to the press release of “Project Cleanfeed Canada”. Canadian carriers Bell Aliant, Bell Canada, MTS Allstream, Rogers, SaskTel, Shaw, TELUS, and Videotron have all opted in to a blacklist provided by Cybertip.ca, the Canadian tip-line against child exploitation. Mark is an advocate of putting censorship in place against websites that would be deemed illegal by Canadian Law (such as those promoting hate speech or sexually exploiting children).

I first came across Mark’s website when he was filing an application requesting the CRTC to authorize Canadian carriers to block internet content. I morally support blocking hate speech and child porn (who wouldn’t?), but the idea of having a national blacklist sends shivers down my spine. I would always prefer that illegal websites be shutdown rather than putting into power national filters that have the potential to be abused. I’m a pessimist, I believe that any form of censorship will eventually be abused despite its good intentions.

Nart Villeneuve has an excellent article that sums up my fear of government sponsored filters:

“Increasingly, states are adopting practices aimed at regulating and controlling the Internet as it passes through their borders. Seeking to assert information sovereignty over their cyber–territory, governments are implementing Internet content filtering technology at the national level. The implementation of national filtering is most often conducted in secrecy and lacks openness, transparency, and accountability. Policy–makers are seemingly unaware of significant unintended consequences, such as the blocking of content that was never intended to be blocked.

Once a national filtering system is in place, governments may be tempted to use it as a tool of political censorship or as a technological “quick fix” to problems that stem from larger social and political issues. As non–transparent filtering practices meld into forms of censorship the effect on democratic practices and the open character of the Internet are discernible. States are increasingly using Internet filtering to control the environment of political speech in fundamental opposition to civil liberties, freedom of speech, and free expression. The consequences of political filtering directly impact democratic practices and can be considered a violation of human rights.”

Project Cleanfeed Canada is an offshoot of Project Cleanfeed UK. From the Wikipedia entry on Internet Censorship:

“United Kingdom set a deadline of the end of 2007 for all ISPs to implement a “Cleanfeed”-style network level content blocking platform. Currently, the only web sites ISPs are expected to block access to are sites the Internet Watch Foundation has identified as containing images of child abuse. However such a platform is capable of blocking access to any web site added to the list (at least, to the extent that the implementation is effective), making it a simple matter to change this policy in future. The Home Office has previously indicated that it has considered requiring ISPs to block access to articles on the web deemed to be “glorifying terrorism”, within the meaning of the new Terrorism Act 2006.”

Cybertip.ca has been in operation for four years and has led to 20 arrests and 1100 websites being shutdown. From their website:

“Cybertip.ca content analysts review, prioritize and analyze every report they receive. After the report has been reviewed, the content analysts verify the report by collecting supporting information using various Internet tools and techniques. If the web site or other subject matter in question is assessed to contain potentially illegal material, a report is referred to the appropriate law enforcement agency. Cybertip.ca also gathers critical statistics and information for use by law enforcement and in public policy development.

If the subject matter of the report falls outside of Cybertip.ca’s mandate or is assessed to be legal, although perhaps offensive in nature, Cybertip.ca provides Internet safety information to the complainant.”

That’s fine by me. From the Internet Watch Foundation / BT Project Cleanfeed website:

“We believe that everyone is entitled to an abuse free online environment. Our child abuse image database contains details of websites, which if knowingly accessed by UK consumers could lead to them committing criminal offences under UK law. By preventing access to that content, BT are protecting their services and their customers.” – Peter Robbins, CEO, IWF

If the definition of what is blacklisted is limited to “websites which if knowingly accessed by customers could lead to them committing criminal offence”, then I have no issue with it.

What I am afraid of is:

• The list of blocked website will remain secret.
• There will be no way for a site to find out if they’re on the list.
• There will be no way for a user to find out they’ve encountered the list.
• There won’t be watchdogs in place to check what is added to the list.
• Sites will be added to the list without a proper investigation.

If the list is limited to websites that have been deemed illegal after proper legal investigation – websites where the operators would be jailed if they were operated within Canadian jurisdiction – then I have no strong argument against this. My concern is that won’t be the case. From the Wikipedia censorware page:

Frequent subjects of content-control software include web sites that, according to the company providing the control, are alleged to:

• Include illegal content with reference to the legal domain being served by that company.
• Promote, enable, or discuss hacking, software piracy, criminal skills, or other potentially illegal acts.
• Include sexually explicit content, such as pornography, erotica, and non-erotic discussions of sexual topics such as sexuality or human reproduction.
• Promote, enable, or discuss lifestyles which some might consider immoral, including promiscuity, sexual orientations other than heterosexuality, or other alternative lifestyles or sexual activity outside of marriage.
• Contain violence or other forms of graphic or “extreme” content.
• Promote, enable, or discuss bigotry or hate speech.
• Promote, enable, or discuss gambling, recreational drug use, alcohol, or other activities frequently considered to be vice.
• Are unlikely to be related to a student’s studies, an employee’s job function, or other tasks for which the computer in question may be intended.
• Are contrary to the interests of the authority in question, such as web sites promoting organized labor or criticizing a particular company or industry.
• Promote or discuss politics, religion, or other topics.
• Include social networking opportunities that might expose children to predators.

Blocking MySpace on a national level? Maybe I should reconsider my stance.

Michael Geist sums up the issue more eloquently than I ever could:

“[T]here is likely wide agreement that Canada must begin to grapple with the Internet challenge of balancing free speech rights with rules that outlaw certain forms of speech that have been judged harmful to our multicultural society.

A policy framework that addresses these competing goals would likely include complaints mechanisms, a presumption that the content is lawful and must be disproved by a high standard of evidence, an opportunity to challenge blocking requests, appropriate judicial oversight, and full transparency about blocking activities. The job is not the CRTC’s alone – law enforcement and the judiciary must surely be involved in the process of determining what may constitute unlawful content and the remedies that follow – but the regulator can assist in the process.

Critics are quick to draw parallels to Internet censorship in countries such as China. However, those countries involve state-based content blocking, with no transparency or legal recourse. In fact, several democracies – most notably Australia – have established limited blocking rules, while British Telecom, the UK’s largest ISP, voluntarily blocks child pornography as part of its CleanFeed program.

Even with various legal safeguards, many Canadians would undoubtedly find the blocking of any content distasteful. Yet to do nothing is to leave in place an equally unpalatable outcome that silences those would speak out against unlawful hate speech for fear of personal harm.”

Continued in Project Cleanfeed Canada

Related Links

• My series on Internet anonymity (part 1, part 2, part 3)
  • (very, very loosely related)
• Bill Thompson’s take on Project Cleanfeed UK @ BBC News Technology
  • Same arguments, but written better
• The Censorware Project: exposing the secrets of censorware
• Seth Finkelstein’s Anticensorware Investigations (his blog)
• Micheal Geist’s blog on law and technology

This is related to my series on web anonymity and how privacy does not exist online (part 1, part 2, part 3).

It’s a video by Dan Frankowski with wonderful examples of how information can be tied together to find out who you are even when information was supposed to be private.

Very well done, worth taking the time to watch if this interests you. Only starts getting really geeky and technical after around the 13 minute mark. Before that are some great examples of why this is an issue, and why this is important.

(link to the video for RSS readers and search engines)

I recommend reading Web Anonymity 101 – Digital Breadcrumbs as an introduction, and Web Anonymity 102 – A Case Study of how easy it is to find information about a person online.

For most people being anonymous on the Internet is not a life-or-death matter. You aren’t dissenting against a fascist police state, or trying to hide from the secret police or from a crazy ex-lover who means to do you harm. You are anonymous because you want to keep a modicum of privacy. It is an easy goal to achieve if you put some thought into it.

Unfortunately, people don’t put thought into their actions online. As an extreme example a teenage girl “anonymously” posts pictures of her breasts on message board. A friend accidentally reveals her first name and the name of a website she frequents. A shit-storm develops as the forum lurkers go on to post her full name, address, phone number as well as common handles.

Follow these steps to protect your online identity and don’t be that girl.

Be Aware

The first step to online anonymity is to be aware of what information is out there about you. Take some time to google your name, email address, phone number and common pseudonyms. Do you like the results?

Pseudonyms

Be a Needle in a Haystack

Use common words as pseudonyms. The Internet is a big place and the easiest way to be hide is with a low signal to noise ratio. Having a unique alias may seem like a good idea at first. You create an immediately identifiable brand. But it also means that any search will lead straight to you.

Before trying out an alias, google it and see what the results are. The more hits the merrier. Has someone already used that alias? It will create false trails.

Be careful when adding numbers to the end of a name, or taking several common words as a phrase to make a pseudonym. Huggybear1981 is a lot easier to find than Huggybear69 or Huggybear.

Different Names for Different Places

Use different pseudonyms on different sites. It is very easy for someone to find your profile on other sites if the pseudonym is the same. IE: your account name on a dating web site or MSN could lead to your blog, your bookmarks, message board posts, and online photo gallery.

Most people use the same login/password for all sites they visit. Using different usernames at least provides a thin measure of security if you don’t change your password. When you use the same login/password everywhere if security is compromised on ANY site you visit, then it is compromised on ALL sites you visit.

Use a “Real” Pseudonym

The simplest way to hide your identity is to use another identity that seems real. A famous example is Eric Gorden Corley who was the editor of the hacker journal 2600. He went by the alias Emmanuel Goldstein. If you had never read 1984 you wouldn’t have thought twice about the possibility of subterfuge.

Email Addresses

Don’t Use Your Work Address for Personal Email

Your work email account is archived and routinely scanned. If you think email is private because it is addressed to your name you should read the fine print more carefully. Any email sent or received using your work address is property of your employer. If you work for a government agency there may be a policy in place that all email has to be stored for a certain number of years and is available to the public under Access to Information.

Privacy issues aside, you are accountable for the contents of your inbox. Funny email forwards and prejudiced jokes can lead to a permanent mark on your record. Why do employers restrict access to web-based email? It is more beneficial to both parties if a work email address is used strictly for work-related emails.

(Here is information on how to access Gmail even if it is blocked by a firewall at work.)

Multiple Email Address – Be a Spider in a Web

Use multiple email address for professional contacts, friends and acquaintances. It is easy to setup Gmail to send and receive from multiple email addresses using a single account. For professional contacts use an email address with your full name. For friends and acquaintances use an email address that keeps your full name private.

Keep your primary Gmail login that you use for all your mail devoid of any identity. This will ensure your privacy in situations where you accidentally reply with the wrong email address. Don’t use this primary email address for public sites like Google Homepage, Project Hosting, Co-op Custom Search Engines, etc.

Use a Unique Email Address for Instant Messaging

Your instant messaging address goes out to all kinds of people. It is intended for friends and family, but as time goes by you may give it out to strangers (for online dating) or to co-workers (during a deadline crunch). Keep it identity free. Don’t use your real name, your real email address or your regular pseudonym.

Keep your Email Address Off the Web

It takes only four hours for a plaintext email address posted on the web to start receiving spam. That’s annoying, but what you may not realize is that much like a unique pseudonym this email address forms a unique key to search on. Friends, family and co-workers are more likely to know your email address than your online alias. Profiles, newsgroups, message boards and petitions can haunt you forever.

If you have to display your email address online, use an image file.

Friends and Strangers

Leave that Profile Empty

Most online profiles ask for unnecessary information. Do you really want to link your hometown, phone number and MSN messenger handle to that account? You already ignore all of your friends on instant messenger, what do you have to say to a complete stranger? A list of things you are interested in is innocuous, but knowing what schools you went to and the years you graduated is enough information for to find out everything else about you.

Watch What Your Friends are Posting

You can’t control what other people post about you, but you can be aware of it. In the example of the young girl with the “anonymous” photos, it was a friend who accidentally exposed her by posting her first name while he was using the same pseudonym as on another site they both frequented. Make sure your friends understand your feelings on privacy. I have a friend who refuses to have any photos online. It is perfectly understandable and we respect it (and if we don’t she kicks our asses).

Respect Their Privacy

The number one way in which bloggers self-implode and turn an online hobby into something that negatively impacts real life is by not respecting the privacy of others. Bloggers have a bad habit of posting confidential information with enough clues to lead back to real identities. No one likes to find out that information about them was publicized without their consent, especially if it is about their medical illnesses, love life, job performance, or hygiene issues.

Exercise Some Restraint

There is no true anonymity online and the Internet never forgets. Copyright is a figment of your imagination in a digital environment; once information is online you have lost your ability to control it. A video of you shaking your thang on MySpace is going to attract the wrong attention. Be aware that someone can download it, repost it and you’ll have lost the ability to control it’s distribution.

The Dead20 website was deep-sixed because it’s author was writing a blog that put his career in jeopardy. Don’t throw stones in glass houses. He wrote enough discouraging things about enough companies that people went to the effort of finding out who he really was. (It was too bad, because he had one of the more entertaining 2.0 web logs out there.)

Is Online Anonymity Possible?

No, it is not possible to be truly anonymous online unless you do things like use public computers, hide your IP address, mask post/edit times, and use throw away blogs/email addresses. That is too impractical for the average person who has nothing to hide, just things they would like to keep private. The methods I suggest are to prevent yourself from leaving footprints on the Internet; digital breadcrumbs someone could use to follow you around and find out more about you than you think you’ve revealed.

And with that I’m going to put on my tinfoil hat and go to bed.

Related Links

• Electronic Frontier Foundation on blogging anonymously
• News.com on blogging on the job
• Electronic Frontier Foundation on anonymity and privacy
• Electronic Frontier Foundation on how to protect your privacy from search engines (based on AOL leaking user search information)
• Web anonymity for bloggers whose lives might be in danger (earlier draft).

dooced: to lose one’s job because of one’s website.

This is the highest profile case of a Canadian blogger getting fired because of his website. Garth Turner has been ejected from the Conservative Party. Like it or not, when you blog you The irony is that I’ve been a Conservative longer than most people who call themselves that these days, and my beliefs have not changed.”

This is a reminder that blogging does affect your career, your family and your friends.

Alex Saunders gives a good explaination of who Garth is for those of us who aren’t politically inclined.

For those of you who’ve never heard of him, the closest thing to Garth Turner in the world of Tech blogging might be Robert Scoble. Putting aside Turner’s views, which you might or might not agree with, he has relentlessly listened to his constituents, brought those views to Parliament and to his party, and published his thoughts and his constituents thoughts openly on his blog. Moreover, he started a vlog as well, called MP.TV, where he interviewed not just members of his own party, but members of all political parties.

In other words, he’s a blogger, and a darned good one at that.

>> Garth’s blog
>> Alex’s “Canadian Politician Garth Turner Dooced”

I recommend reading Web Anonymity 101 – Digital Breadcrumbs as an introduction.

We are putting more of our lives online with the “social networking” Web 2.0 phenomenon. It is becoming easier to find information about a person. People are building extensive databases about themselves without thinking about the long-term consequences. The Internet is forever; once something is online it is cached and archived.

There is enough information available that it is nigh impossible to hide your identity from someone who is determined to find out more about you, especially if they already have an inkling of where to look.

Case Study – How easy is it to find information about someone online?

Identity searches start with a piece of known information: real name, common pseudonym, email address or IM username. I’m going to see how easy it is to find online information about myself, four friends and a family member who also blogs. Like a true friend I haven’t warned them I am about to do this.

• engtech - Me, the guy who runs this site.
• AJ - Writer from Beats Entropy, guest blogger from last week.
• jaybird - Movie critic from Beats Entropy, we went to University together.
• Kenji - Web comic author from Beats Entropy.
• Dr. Entropy – Another guy from Beats Entropy.
• Anonymous Related Blogger – Is it my father? My brother? My cousin? My cat? The plot thickens.

Originally written using a theme that spanned the entire page. Apologies if it collides with the sidebar on the current theme.

Conclusions

AJ – His fictional work-related posts are hilarious, but may by enough to get him dooced one day. It will probably be my fault.

Kenji – He’s a freelance artist / part-time graphics artist for a game company and all promotion is good.

Jaybird – Dude, you like movies more than I do and that’s saying a lot. I couldn’t find any mention of your performance in “Girls Gone Wild – South Beach” so you’ve at least managed to avoid the really incriminating stuff. Oh, wait, what was that on Usenet?

Doc Entropy – Man of mystery. Pseudonym was created when Beats Entropy started, he’s fairly anonymous because of it. I did manage to uncover that he isn’t a real doctor.

Family member – Uses same pseudonym for del.icio.us account. Del.ici.ous has bookmarks for health related articles that give a clear indication of her medical history (or the medical history of people she cares about). What’s funny is that there were also a lot of links to articles about Internet privacy. Search on real email address leads to home address.

This case study highlighted several things:

• Information is only a quick search away.
• Stuff posted on Usenet lives forever.
• Social bookmarking may reveal things you didn’t intend to.
• In any collection of public photos there are sure to be some embarrassing ones (if you aren’t a complete bore).
• Message board posts and blog entries are a good source of information (I didn’t search in depth though).
• We’re old. Except for The Kenji, he strangles kittens to keep his youthful look.

We fell into two categories: worried about Internet privacy or blase about it. Dr. Entropic is the most aloof. He created an email/handle for his blog and doesn’t use it anywhere else. Kenji was the most prolific. He’s an artist and the publicity is good for him. I have a very public identity that is hopefully devoid of personal information, while AJ lays it all on the line. My Anonymous Blogging Relative has the most personal information easily available.

This wasn’t as interesting of an expos� as I hoped. I blame it on being part of the Web 1.0 generation, not the Web 2.0 generation. We haven’t uploaded any videos of ourselves doing embarrassing things on YouTube, or put together a list of everyone we’ve slept with on MySpace. But there was a fair share of naughty photos, and some of the old Usenet posts will forever be saved as blackmail material.

We’re a web savvy bunch and we don’t put information online that we don’t want to publicize.

This is Part 2 of a series. The first part is Web Anonymity 101 – Digital Breadcrumbs. It conclude in Web Anonymity 103 – Online Privacy where I discuss simple methods to reduce the information interconnections.

We are living more of our lives online. In real life if someone followed you, listened in on your conversations and went through your photo album without your permission you would call the police (or maybe they are the police). Things are different online. That information is easy to find; easier than people think.

One friend posted reviews of local restaurants under a pseudonym. He mentioned two of the co-workers he went out eating with in a review. It got back to them within three months after someone recognized the combination of their names. It was “worlds colliding,” not a serious breach of privacy but still a reminder that digital life sometimes intersects with real life when you least expect it.

Another friend learned the fury of a jealous girlfriend who searched his handle and memorized everything he had every written about a former fling. His personal life got unpleasant for a while, but no long term damage (except for back pain from sleeping on the couch).

Most recently a female friend made the mistake of sharing photos from her Flickr account with co-workers. The infatuated office dweeb used that information to find her Myspace account and her blog. An afternoon freak out followed, but in retrospect his actions were more pathetic than perilous.

Is it cyber-stalking if someone searches for information about you online? It is na�ve to assume that a blind date wouldn’t search Google before meeting you in person. Everyone has Googled themselves at one point or another and snooped on their Google dopplegangers (like engtech.ca, a consulting firm in PEI). But what about when we are Google by people we know, or more importantly, by people we barely know?

People don’t think twice about the digital breadcrumbs they leave behind with every website they join, every photo they upload, and every message they post. You might be comfortable with complete strangers reading your blog, but what about the guy who sits next to you in class? What about your boss?

We aren’t afraid of complete strangers being able to find out details of our lives. It is friends, family, co-workers and the “familiar strangers” we are hiding from.

Continued in Part 2 – a case study of how easy it is to find information on people. Concluded in Part 3 – how to be anonymous online by reducing information interconnections.

Related Posts

• Internet Address Book – Web anonymity down the drain
• >> Web anonymity for bloggers whose lives might really be in danger (earlier draft, via Lorelle)

(Apologies to Chartreuse from behind his self-inflicted Great Wall of Web, because I really bit his style of posting.)

There’s a new search site called the Internet Address Book. Put in a person’s name and town and they’ll try to find them on all of the top social networks: MySpace, Friendster, LinkedIn, Flickr, ICQ, Xanga and Hi-5. This looks like a great resource for digging up dirt on blind dates and job interviewees.

Not only does it do social site search, it also allows you to register for free. You too can join/link your photos of getting drunk with friends and/or artistic nude shots (Flickr) to the web accounts you use for hitting on teenage girls (MySpace) and your job resume (LinkedIn). Why not throw in your high school reunion (Classmates) for good measure? I’m sure they’d love to find out you have a blog (Blogger) where you still talk about that time they pulled down your pants during recess.

(And before the accusations of Pot vs Kettle start being made, I’m aware that I have a blog and I just mentioned that time they pulled my pants down during recess. Let he who is still wearing his pants during recess cast the first stone.)

Of course, that’s just the list of what they let you easily search. If you register yourself on the Internet Address Book they support linking almost any online social application.

AIM	Bebo
Blackplanet	Blogger
Bolt	Care2
Classmates.com	E-mail
Facebook	Facebox
Faceparty	Flickr
Fotolog	Friendster
Gaia online	Google Talk
hi5	Hyves
ICQ	Jabber
LinkedIn	Live Journal
Live Messenger	MSN/Live Spaces
My Heavy	MySpace
Orkut	Parlino
Passado	Photobucket
Reunion	RSS
Shadows	URL
Skype	Wayn
Webshots	Xanga
Yahoo! 360�	YouTube

(Big table stolen from their website, images are hotlinked so leave a comment if they stop showing up)

I’m having flashbacks to 1999 and SixDegrees, one of the first social networking tools I ever tried. More specifically, I’m having flashbacks to the vitriolic hate mail from friends who started getting spammed after I uploaded my address book to “invite my friends to SixDegrees”. Will this be another sms.ac (aka scams)? Time will tell. My guess is that the company is on the up-and-up, but the only thing I could find resembling a privacy statement was from the FAQ:

3.2 What does The Internet Address Book do with my details?

The Internet Address Book will never make improper use of your details and will furthermore do everything within its power to safeguard the safety of your details.

I see the good intentions, but I don’t see the guarantee that they won’t sell the information to third parties.

I think this company will do well. People will enter their information out of the pure joy of having another place they can crosslink themselves in a big bubble of socialization (or perhaps it is as chartreuse says and they are all looking for one friend).

The Internet Address Book will developed a good database of self-provided information on Internet users. That information could be interesting to a lot of companies, especially if they could buy the ability to contact users who are using their competitors services with special deals.

This also serves a real need. People change cellphone numbers and email addresses every couple of years. It is so easy to lose contact, harder to regain that connection (do you have the snail mail addresses of all your friends?).

Anyone who thinks that signing up for a site like this is a good idea has never had a current girlfriend scour the Internet for references to ex-girlfriends and had to live in the aftermath.

I feel sorry for the current crop of teenagers. At least those BBSes with my teenage angst are gone, and not captured on the Way Back Machine forever. I’m sure plenty of people have already felt the pain of UseNet archives being fully searchable.

There something to be said for not signing up to websites with your real name, and not using the same pseudonym on multiple services (or at least use a pseudonym that is a common word). Even though I have accounts on all of the searchable sites on Internet Address Book, the only one I was able to find using my real name was my LinkedIn profile[1].

I was able to remove my LinkedIn profile from the Internet Address Book search results by logging into LinkedIn and setting my Public Profile to None (off).

There was around 100 name-doppelgangers on MySpace, but no me. Perhaps the secret to Internet anonymity is having a common name?

>> Internet Address Book website

[1] I made the assumption that hiding my identity on a website that hosts my resume might be against my interests. Luckily I didn’t give them my real address, phone number, job history or city. You can never be too safe.

Related Posts

• What is LinkedIn?
• Web Too.Many: The Internet has no clothes
• >> Mashable article on Internet Address Book (includes screenshots)

Mark Goldberg doesn’t understand how the Internet works. He thinks that the CRTC can mandate ISPs to block content that originates outside of our borders.

The news will be breaking shortly, so you might as well read about it here first. Late in the day on Tuesday afternoon, I helped in filing the first application requesting the CRTC to authorize Canadian carriers to block internet content.

This won’t work. You can get ISPs to block two website addresses, but they can’t block the content.

The CRTC aren’t technically able to block the content. You can put up temporary measures like the Great Firewall of China and India’s ban of Blogger, but these are only stop-gaps and make work projects.

I’m not in any way supporting the hate speech, I’m saying that it isn’t technically feasible to block content on the Internet.

DARPA designed it 30 years ago to withstand nuclear attacks. It isn’t possible for one government agency to effectively block “hate speech” that is originating from outsite of the country.

You “get this garbage off of the internet” by going after the offender, not by trying to keep people in Canada from viewing it.

This is a huge make work project that has ABSOLUTELY no technical chance of doing anything effective.

As you mention in your post, all anyone has to do to access this content is use a foreign owned and controlled ISP.

Technically, all they would have to do is use a foreign proxy, of which there are numerous free ones available.

ALL THEY HAVE TO DO TO GET PAST THIS IS DO A SEARCH IN GOOGLE AND LOOK AT THE CACHED PAGE.

Here is a cached version of a previous post on your blog: http://72.14.207.104/search?q=cache:JD-Ub32DgAsJ:mhgoldberg.com/blog/2006/08/protect-customers.html+%22If+customers+aren%27t+willing+to+pay+the+cost+for+higher+network+availability,+how+do+we+fund+the+shortfall%3F%22&hl=en&gl=ca&ct=clnk&cd=2

The CRTC could ban ISPs from displaying your blog, and anyone with rudimentary technical knowledge (ie: how to click on a link in a Google search result) can still access it.

If they can’t find it on Google, they can still find it on the Wayback Internet Archive.

And these aren’t even the websites / programs that are designed to circumvent Internet censorship.

And there is nothing the CRTC can do about it.

Please do something EFFECTIVE and go after the owners/ISPs of the two US based websites. Getting rid of the content at the source is the only means to attack problems like this.

Government censorship of the Internet doesn’t work on websites hosted out of their borders.

>> Telecom Trends: Blocking content

More Discussion:

• >> Mark Glaser at PBS MediaShift has hands-down the best write-up on this story.
• >> Alex Saunders reminds us that it’s about “hate” not “net neutrality”.
• >> Michael Geist doesn’t draw a conclusion but there are some good comments.
• >> J. LeRoy thinks this is a slippery slope, and Mark Goldberg has no comment on the technical limitations of his request.
• >> Bill White, the blogger who started all this is enjoying the attention and commenting on how this has drawn 76,000 visitors to his website who would have otherwise never have known about this.

This is an interesting article on blogs from the point of view of people who are interviewing candidates. They talk about how blogs can be easily found by doing a search on the candidates name and how some candidates clearly mention their blog in their resume.

While the article doesn’t go into any true detail, it does cover some salient points like:

• how blogging gives interviewers more information of a personal nature then they would normally have during a job interview
• how the focus of the blog may skew their opinion of the candidates’ experience and/or interests
• how even if the blog is sanitary when talking about previous workplaces, co-workers and dirty laundry that there is the implied risk that may not always be the case
• how there is an underlying suspicion that time will be wasted maintaining their blog instead of working

The overall gist is that interviewers feel that having a blog at all is a negative on a candidate’s application.
Chronicle Careers: 7/8/2005: Bloggers Need Not Apply

Related Posts

• Posts tagged with Dooced
• Dooced: To get fired because of blogging about your company