By now, I assume you have heard the uproar about Facebook and Twitter Connect, a feature of LJ which allows commentors to have their comments on your journal, on your locked post reposted to their Facebook or Twitter. This has
several interesting security ramifications:
1) It betrays the existence of your journal in connection with a named reader. If John Smith under LJ username littlebunnyfroofroo is someone I friend on LJ, his crossposting a comment from my journal to his FB betrays the siderea-John Smith social connection. This is a microcosm of the OpenStalker problem: this sort of thing makes it easier to automate pseudonym penetration, which makes it a lot more likely to happen.
2) It betrays the existence of locked posts. LJ actually goes to great length to not betray the existence of a post to anybody who doesn't have permissions to read it. It doesn't appear on your calendar if the user viewing your calendar it isn't party to it, etc. The id numbers of posts (e.g. 123512.html) are not consecutive so as not to betray the existance of private and f'locked posts. LJ does its level best to keep secret the fact you're having secret conversations. Screw malice: this functionality dramatically increases the risk of someone unwittingly and accidentally betraying that fact to FB. So Alice, Beth and Cara are friends on both LJ and FB, but Alice has Beth on a filter that she doesn't have Cara on. She posts to that filter, Beth comments accidentally cross posting to FB, and when Cara sees the comment, thinks, "Did I see that discussion?, tries to click through, gets the "You don't have permission to view that post" error, and suddenly knows that Alice and Beth are having a conversation to which she was not invited. Note that it doesn't even matter what was in the comment -- the breach was sharing the URL.
3) It potentially betrays the topic of what was being discussed:
"Actually, I think Tabitha is a perfectly nice girl, and you should give her a chance."
"Do you have time before the interview to revise it to a skills-based format?"
"Wait, doesn't that constitute insider trading?"
"Thank god your mom doesn't know."
"My brother says he found it to be a great complementary therapy for AZT and helps quite a bit with the nausea. Not as much as pot, of course. :) If you try it, I'd be pleased to hear how effective it is for you."
4) And, of course, it the commentor quotes anything they are replying to in the OP, an actual passage of the f'locked post would be published to FB.
Please be aware that one of the complaints which has been raised is that the specific positioning of the checkbox for crossposting on the comment form is such that, for users of a particular popular browser (I think on Windows), that box is now in the tab order at the place where the submit button used to be. This means that people accustomed to browsing and commenting mouse-free, by tabbing through fields and links (it's a power-user thing), who have developed a muscle-memory for the keystroke pattern for submitting comments, actually are highly likely to accidentally hit the "crosspost" option, because it is now the thing triggered by their habitual "post this comment" gesture.
So.
I just wanted to clarify to you what and why the privacy policies of this journal are. I have a little confession: I've been keeping you in the dark.
As many of you know, I am a psychotherapist. What some of you know is that, thanks to a juicy government contract that my clinic landed, I now treat incarcerated felons for substance abuse and mental illnesses, in the year prior to their release back into the local community. And yes, some of them are violent offenders, with prior offenses of murder, rape, armed carjacking, assault, etc.
You know the expression "collaterals"? As in "collateral targets" and "collateral damage"? Technically, youse guys are my collaterals.
I'm not so worried about my patients tracking me down here. Hell, I have a listed phone number with my home address and everything. Google is happy to draw you a map to where I live, given my name.
My use of a pseudonym here isn't to protect me.
Think about it. If someone aggressive and aggrieved with me accidentally discovers via something infelicitously crossposted that siderea@lj=$siderea@clinic, and that you are my "friend", do you really want it to be while you're using your real name? Possibly in a context that exposes your home address and a picture of your face?
(You silly, silly children, who think the threat model to worry about is your boss seeing pictures of you drunk.)
If you feel the need to unfriend me, I completely understand.
Here's the link to do so. I keep certain details of my personal life under lock not because they are private, but because they are identifying. For instance, those of you here long enough will recall that my internship schedule was something I kept under lock. Obviously, that's not because my patients shouldn't know my schedule -- to the contrary, getting them to remember what my schedule was was the challenge -- but because a part-time schedule like "T-F, 2pm-8pm, Sa 12-6pm" is a lot like a fingerprint. You can't google on it, but it confirms that someone you suspect is who you think they are.
I keep certain details of my personal life under lock not because they are private, but because they are identifying, and you don't know which details those are. Partially because you haven't thought through the problem in the first place, partially because you are not party to what information is available to my patients that might therefore serve as identifying to them.
If you're thinking, "But, why would a stalker be reading my FB if he were hunting Siderea?" ask me in person some time about the How Siderea Completely Accidentally Found Herself Looking At Her Clinical Supervisor's Husband's Vacation Photos Thanks To Universal Hub. It turns out the the internet is made of this stuff called "hypertext"....
What do you need to do to keep yourself safe on my journal? Don't do any stupid crossposts. Generally speaking, don't violate my security. That's pretty much it. I do the hard work of keeping track of what I need to keep private to pass unnoticed on the internet, you just have to play along. Or put another way, following basic politeness as per LJ custom will entirely suffice to save your ass.
And if you do violate my security, for Pete's sake and your own, don't be doing it to FB or any other forum where you're known by your real name.
P.S. I tried to explain this to the management of DW, for why they should allow account holders to make the People-They-Give-Access-To list on their profile hidden. They proceded to lecture me about why that was pointless and/or unnecessary. They apparently know much, much more about stalkers, violent criminal behavior, and personal security than I do. *coff*