The Privacy Problem: We Have Met The Enemy And He Is Us

This morning I was ready to bust some heads. I got a text message at about 8:39 from Highlight, the hot new social network thing that will disappear once everyone digests the last of their brisket on the plane ride home from SXSW. The SMS was pretty innocuous (“Download the app!”) but it included a list of 141 phone numbers. Had iOS been able to handle sending messages to 141 people at the same time, I could have made a lot of fun new friends this morning by texting a bunch of ridiculous stuff to strangers.

More important I was about to rail against Highlight exposing my phone number so egregiously, throwing a few “How dare you”s and “This is mindrape”s into the old cesspool that is modern tech blogging. But then I did some digging.

Convinced that Highlight was behind this, I contacted the sender. After some discussion, it turned out that the Highlight app had sent the SMS on behalf of a PR guy a know, a person I trusted with my contact information (if trust is the right word here) and who, in a sense, did a data dump with the help of a standalone iPhone app. He selected 141 phone numbers to SMS and the app did his bidding, albeit on behalf of Highlight. Had he selected 3,000 phone numbers, I’d have a list of 3,000 free numbers right now, but he was the one who pressed the button that sent me the message, not Highlight. Highlight put the gun in the room. He pulled the trigger.

I don’t want to go all EFF on you here, but it’s clear our privacy is being eroded by nefarious corporations that understand that we are all morons. We are more than willing to spam our friends via Facebook, Twitter, mail, and text. We’re more than willing to send our entire address book to some server in Sunnyvale. We’re totally down with offering up our real names, birth dates, and bank accounts to sites like Mint and we’ll probably upload our health records to future sites.

Arguably we gain some utility. Foursquare allows me to broadcast my location if I’m in a strange city and sometimes people can get in touch with me that way. I post a lot of dumb stuff on Twitter sometimes and I can send baby pictures and stuff via Facebook. Good fun. But now apps are connecting us just to connect us, allowing us to share just for sharing’s sake. It’s an odd time to be alive.

And we allow them unfettered access to our information in exchange for the new new thing. I wish Matt hadn’t posted that Louis C.K. bit because it feels like I’m biting, but I’m not.

That’s why privacy crusaders seem so stridently out of touch: they are smarter than us, or at least they pretend to be. To be completely fair, I don’t personally mind that Highlight sends my phone number to potential strangers. After all, it’s on countless bathroom stalls already. However, when apps like this scrape contacts and then email or text them on my behalf, bad stuff can happen. People who wanted to remain hidden can be discovered, telemarketers gain a few hundred new targets, and trust is eroded. Worse, stuff like this makes me advertise junk in the name of virality.

Dave Winer posted an open challenge to submit an entire contact list and make it freely available on the Internet. His is a valuable thought experiment: if you don’t want to dump your entire contact list on the Internet, why are you using this junk? The possibility of your contacts escaping Path or Highlight’s clutches is quite high and given the rash of break-ins recently, it’s almost guaranteed.

I posit another train of thought: that these services owe us at least the decency of good encryption or, at the very least, obfuscation. Here’s my contact list – but you’ll notice I encrypted it and if you tweet me at @johnbiggs and explain what you’re going to do with it, I’ll direct message the password if I see fit to allow it. I also understand that you can ask me for the password and then post the unencrypted file yourself, but that is akin to a security breach and I can sue you or whatever. I won’t have a very strong case, but that’s what it’s like to play fast and loose on the Internet and I’ve set up some rules to address potential problems.

What I described above is the minimum level of service I expect from these social networks, and even that seems like too much to ask. It’s a simple exchange: “Here is my info, good sir, I assume that robots, not humans, will see it and that you’re essentially using it to create a relational database of my relationships with other people.” However, once that data is exposed, even a little, guys like Winer can act all highfaluting and guys like me can send dick jokes to 141 people and Highlight will be to blame.

In a perfect world that data is never exposed. In a perfect world my data would be as secure as it is in the file above (susceptible to brute force attacks and social engineering, perhaps, but little else). In a perfect world we don’t share as much. But this isn’t a perfect world and we go around blithely dropping each other little notes about various apps and sharing our locations with strangers. These apps take advantage of our primal human need for companionship and status. As Alexia notes, Highlight is apparently an engine designed to power the acquisition of sexual partners in the real world. They’ll say it’s about “meeting cool, interesting people who like what you like” but I doubt that’s what most people will use it for. All social networks are a permutation of Grindr and only Grindr has to cojones to admit its true nature.

So why should we get up in arms about contact lists blowing through the ether when we put them there? Why should I be upset at a bunch of guys in San Francisco SMSing me at 9am when I would have probably done the same to my own friends. I have no right to expect privacy if I don’t police my own actions and the vast majority of us are too lazy, too flip, or too ignorant to follow through, myself included. Pogo, sadly, is always right.