Protecting Privacy in Fandom
Some of you know that before I became a poor, lowly student, I had a rather nice job with a software company that was attempting to deal with some of the problems surrounding personal privacy and data ownership on the 'net.
There are things I see in fandom, if not on a daily basis, frequently enough to concern me -- just matters of basic privacy that are important to me and I think should be important to everyone, though I understand that they may not be. However, it's not always as simple as that...
The internet allows us to conduct ourselves in many ways, with many personas. Some people are not worried if these personas cross paths, having more than one is a matter of administration rather than an attempt to compartmentalise online, and indeed, offline activities.
Clearly, everyone reading this is at least reasonably familiar with the way the internet works, what can and can't be done, but what I want to do in this post is lay a few examples at your door, not to scare you, but maybe to make you think a little more on the ramifications your 'net dealings have on yourself and those you deal with.
My first example is a very simple one. Email addresses can go out with a name tag -- in Hotmail, Gmail, all the big providers, it's the first name, last name, you enter in your profile information (though obviously you can omit these details). This information can also be disseminated if the person sending an email knows your first and last name and has it in their address book. I have lost count of the number of times an email has arrived in my inbox with a real name attached to an LJ username in an email address -- even from people I've never had previous dealings with. I admit, I'm probably not a very scary person to send such information to, but it worries me that people do, and for this reason:
How many times have each of you received an email from someone that has been sent out to ten, twenty, one hundred, two hundred people? An email of this kind from an RL friend means not a lot; it's a list of names, nothing much you can do with it. A fandom email of this kind, however, takes on a whole new meaning when the (fandom) email address comes along with a name tag. A person may trust another with their real name, communicate with them from a different email inbox to the rest of fandom; they may not worry about the implications of letting one person know their name because they only communicate with a few, so what does it matter? All sorts of reasons. But when a group email goes out to a hundred or so people, with their real name (first and last!) attached to their fandom email address, that becomes a problem. It is an unintentional breach of trust.
Sometimes, with the best of intentions, the utilities of the web mail providers (and, indeed the clients) let us down and fill the tag information in for us, and though I try to be careful, I sometimes do forget to delete it. There is a simple solution to this: BCC. Send the email to yourself and BCC everyone else.
Journals and communities that use IP logging have me running scared at the moment. Did you know that an IP address can be used to track a physical location? It can. Without cost, without any technical knowhow - it's easy, it would take me a couple of minutes. Beyond using an IP address to ban a particular user (and this is limited in effectiveness because many people do not have fixed IPs (variable IPs are still linked to an exchange and therefore still tools for nailing down a physical location) and they can pop down to an internet cafe, anyway) I'm not really sure of the value of IP logging. Beyond conducting a witch hunt, a la The Miss Scribe Affair, what can be done? It's overkill as far as I'm concerned, serious overkill. I can only imagine IP logging to have a genuine use in a police investigation, and I suspect that LJ logs IPs routinely, anyway.
Facebook is an issue that has come up several times in the last year or so. Where LJ is very much in the business of personas, Facebooks are linked to a true identity. Linking those two worlds make me, for one, very nervous. It's not really a matter of distrusting anyone on my flist; the fact that only a handful of you know my real name is nothing to do with a lack of trust in the rest of you, rather it's an attempt to manage and keep as small as possible those who do know the link between the persona and the identity. Here's the problem with Facebook: the network.
It's all well and good saying that you'll just have a few fandom friends on Facebook, and I do, but those you friend there may have other people they're happy to give their full names to, and those people have other people they're happy to give their full names to, and so on, and before long there is a rambling network of people who, potentially, could discover the true identities of others who did not wish to be found out.
Now, I don't know what the answer to this is. First of all, it worries me to see general invites to Facebook sent out on LJ; it makes me concerned that people are not being careful enough with their privacy and their identity (which is something that is with you for life). Second of all, it makes me worried about those who might be exposed who've carefully guarded their privacy to that point.
Facebook is a tool to be careful with at the best of times. Every movement you make on Facebook is logged, traceable and undeletable. There is a forensic department at my university and they routinely use Facebook to profile people, without any assistance from Facebook; the information is just there. The biggest problem there is that you can lock your own Facebook to the hilt, but the minute you start participating in groups, networks, even venturing onto other people's Facebooks, the trail starts. Facebook lets other people put photos up on the internet of me and tag my identity to them. Of course, if I know about the tag I can have it removed, but the photo is still there, on the internet for all their friends, friends of friends and networks -- or even just any old soul -- to see.
I digress, though... I believe, in the next few years the issues of managing our identity online are going to go though some major changes, simply because the internet cannot continue to grow in scope and function efficiently without it. I don't know how important Facebook is going to be in that, but the idea of a 'net-wide aggregation of data about individuals is a possibility that concerns me. There is no precedent for what happens, five, ten, fifteen years down the line to the information we are putting on the web today in ever-increasing amounts -- we are the guinea pigs. Already, employers are routinely checking Facebooks before making the offer of a job. Universities have been known to do the same. We can lock down a lot of what we do online, but we do leave a trail, and frankly, I'd prefer my trail not to lead back to Harry Potter fan fiction liberally sprinkled with light smut. That is not something I want to discuss in interview, and not something that I'm sure a great many of you would want to discuss when and if your big chance at getting published comes along.
There is no need for paranoia, just careful management.
I hope this doesn't sound too preachy, and please be assured that this is not directed at anyone in particular; it's something that has been concerning me for some time now and my week off has given me the opportunity to get my thoughts down.
There are things I see in fandom, if not on a daily basis, frequently enough to concern me -- just matters of basic privacy that are important to me and I think should be important to everyone, though I understand that they may not be. However, it's not always as simple as that...
The internet allows us to conduct ourselves in many ways, with many personas. Some people are not worried if these personas cross paths, having more than one is a matter of administration rather than an attempt to compartmentalise online, and indeed, offline activities.
Clearly, everyone reading this is at least reasonably familiar with the way the internet works, what can and can't be done, but what I want to do in this post is lay a few examples at your door, not to scare you, but maybe to make you think a little more on the ramifications your 'net dealings have on yourself and those you deal with.
My first example is a very simple one. Email addresses can go out with a name tag -- in Hotmail, Gmail, all the big providers, it's the first name, last name, you enter in your profile information (though obviously you can omit these details). This information can also be disseminated if the person sending an email knows your first and last name and has it in their address book. I have lost count of the number of times an email has arrived in my inbox with a real name attached to an LJ username in an email address -- even from people I've never had previous dealings with. I admit, I'm probably not a very scary person to send such information to, but it worries me that people do, and for this reason:
How many times have each of you received an email from someone that has been sent out to ten, twenty, one hundred, two hundred people? An email of this kind from an RL friend means not a lot; it's a list of names, nothing much you can do with it. A fandom email of this kind, however, takes on a whole new meaning when the (fandom) email address comes along with a name tag. A person may trust another with their real name, communicate with them from a different email inbox to the rest of fandom; they may not worry about the implications of letting one person know their name because they only communicate with a few, so what does it matter? All sorts of reasons. But when a group email goes out to a hundred or so people, with their real name (first and last!) attached to their fandom email address, that becomes a problem. It is an unintentional breach of trust.
Sometimes, with the best of intentions, the utilities of the web mail providers (and, indeed the clients) let us down and fill the tag information in for us, and though I try to be careful, I sometimes do forget to delete it. There is a simple solution to this: BCC. Send the email to yourself and BCC everyone else.
Journals and communities that use IP logging have me running scared at the moment. Did you know that an IP address can be used to track a physical location? It can. Without cost, without any technical knowhow - it's easy, it would take me a couple of minutes. Beyond using an IP address to ban a particular user (and this is limited in effectiveness because many people do not have fixed IPs (variable IPs are still linked to an exchange and therefore still tools for nailing down a physical location) and they can pop down to an internet cafe, anyway) I'm not really sure of the value of IP logging. Beyond conducting a witch hunt, a la The Miss Scribe Affair, what can be done? It's overkill as far as I'm concerned, serious overkill. I can only imagine IP logging to have a genuine use in a police investigation, and I suspect that LJ logs IPs routinely, anyway.
Facebook is an issue that has come up several times in the last year or so. Where LJ is very much in the business of personas, Facebooks are linked to a true identity. Linking those two worlds make me, for one, very nervous. It's not really a matter of distrusting anyone on my flist; the fact that only a handful of you know my real name is nothing to do with a lack of trust in the rest of you, rather it's an attempt to manage and keep as small as possible those who do know the link between the persona and the identity. Here's the problem with Facebook: the network.
It's all well and good saying that you'll just have a few fandom friends on Facebook, and I do, but those you friend there may have other people they're happy to give their full names to, and those people have other people they're happy to give their full names to, and so on, and before long there is a rambling network of people who, potentially, could discover the true identities of others who did not wish to be found out.
Now, I don't know what the answer to this is. First of all, it worries me to see general invites to Facebook sent out on LJ; it makes me concerned that people are not being careful enough with their privacy and their identity (which is something that is with you for life). Second of all, it makes me worried about those who might be exposed who've carefully guarded their privacy to that point.
Facebook is a tool to be careful with at the best of times. Every movement you make on Facebook is logged, traceable and undeletable. There is a forensic department at my university and they routinely use Facebook to profile people, without any assistance from Facebook; the information is just there. The biggest problem there is that you can lock your own Facebook to the hilt, but the minute you start participating in groups, networks, even venturing onto other people's Facebooks, the trail starts. Facebook lets other people put photos up on the internet of me and tag my identity to them. Of course, if I know about the tag I can have it removed, but the photo is still there, on the internet for all their friends, friends of friends and networks -- or even just any old soul -- to see.
I digress, though... I believe, in the next few years the issues of managing our identity online are going to go though some major changes, simply because the internet cannot continue to grow in scope and function efficiently without it. I don't know how important Facebook is going to be in that, but the idea of a 'net-wide aggregation of data about individuals is a possibility that concerns me. There is no precedent for what happens, five, ten, fifteen years down the line to the information we are putting on the web today in ever-increasing amounts -- we are the guinea pigs. Already, employers are routinely checking Facebooks before making the offer of a job. Universities have been known to do the same. We can lock down a lot of what we do online, but we do leave a trail, and frankly, I'd prefer my trail not to lead back to Harry Potter fan fiction liberally sprinkled with light smut. That is not something I want to discuss in interview, and not something that I'm sure a great many of you would want to discuss when and if your big chance at getting published comes along.
There is no need for paranoia, just careful management.
I hope this doesn't sound too preachy, and please be assured that this is not directed at anyone in particular; it's something that has been concerning me for some time now and my week off has given me the opportunity to get my thoughts down.