Privacy: How to Avoid the “Third Rail” of Online Services


Social Security has been called the “third rail” of American politics — the idea being that the issue is so charged anyone going near it risks being severely shocked and possibly electrocuted. The issue of online privacy has arguably become a similar kind of topic; whenever a service like Facebook or Google (s goog) oversteps what users and privacy advocates see as the boundary between data collection and invasion of privacy — something that seems to be happening more and more frequently — all hell breaks loose. If anything, privacy is likely to become an even more explosive issue as the line between our online and offline lives continues to blur. I looked at some of the implications in a recent report for GigaOM Pro (subscription required).

The most recent flash point for online privacy was a series of reports from the Wall Street Journal about sites like Facebook and MySpace sending “personally identifiable information” to third-party service providers. The crux of the issue uncovered by the reports was that some Facebook apps — including popular games like FarmVille and Texas HoldEm Poker — have been transmitting a person’s unique user ID, and in some cases friends’ user IDs, to the likes of advertising networks and data aggregators. This is an issue Facebook has wrestled with in the past.

Personal data mining

Pieces of any given Internet user’s personal information — credit history, shopping profile, criminal records, tax and voting records, etc. — exist in a myriad of different databases; the potential for that information to be aggregated and mined to generate marketing profiles is not new. What makes the online version done by companies such as Rapleaf (which Om discussed in a recent post) different from the real-world version is that in many cases, this data is updated in real-time. In other words, it reflects your behavior right now, rather than taking months to get added to some database, the way similar real-world data does. Facebook’s leaking of user IDs helped companies like Rapleaf do that (although Rapleaf says it did so inadvertently).

The future of online privacy

The kind of profiling Rapleaf and other companies do is just the beginning when it comes to potential digital privacy issues. An iPhone (s aapl) and Android app released this week called Sex Offender Tracker shows what’s possible when databases of public information like criminal records are merged with location-based technology and “augmented reality,” or layering online data onto physical locations. It’s not just augmented reality that has some users of social networks concerned; Facebook got in some hot water recently when it launched Facebook Places, which allows users to tag others at a specific location in the same way they would tag someone in a photo.

How should companies respond?

Dealing with issues of privacy is something every company that has a consumer-facing application or service is likely going to have to do at some point, so it’s worth looking at some of the best practices that have come out of the past behavior of Facebook, Google and other companies that have been in the spotlight. Here are two of them:

  • Make settings visible and easy to use. Facebook has made a series of changes to its privacy settings over the past year, but one of the risks is that the more complex and difficult to find the settings become, the less likely people are to go in and change them.
  • Allow users to opt in. Facebook takes a substantial amount of criticism because it chooses to automatically opt users in to new settings and features. The giant social network can get away with this thanks to its sheer size, but smaller companies and services run the risk of alienating their users.

For more details on recent developments around online privacy and best practices on how to deal with it, please read my full GigaOM Pro report.

Related content from GigaOM Pro (sub req’d):

Post and thumbnail photos courtesy of Flickr user Moonsheep



Their is a third option to address the challenge we have with the current way personal information is handled on the web – change the whole paradigm. Give end-users a way for them to link/connect their own digital profile and have it under their control. New models are being developed at the Internet Identity Workshop ( coming up this week in Mountain View. Vendor Relationship Management (, the Personal Data Ecosystem ( and the Federated Social ( are all key themes.

Mathew Ingram

Thanks for the comment, Kaliya — although it seems a bit promotional. I don’t mind you touting the conference, but it would be nice to get a bit more feedback rather than just a bunch of links.


guys i think the future of social networking is bright. there are new websites such as mycube and diaspora which could pave the way to a safer social networking environment. i will be switching to them when they open and i suggest you guys do the same. unless ofcourse you want your personal information sold to third parties


Mathew: The suggestions you make are totally sensible but remain too blunt a set of instruments. Privacy is not a binary decision, it is an ongoing negotiation. Privacy is not about secrecy as much as it is about data integrity (is what you know about me really about me?) and authentication (who do I agree can have access to that data?).

But when 250 entities can have hooks into one displayed page, who want the responsibility to monitor that? Blunt may be the only answer. Maybe Apple’s controlled environment has it right. Or maybe the law ought to be, if you own the URL, you own what happens on the page.

Privacy is not a problem. Its increasing visibility makes it the key to success.

Mathew Ingram

Yes, I think you are right to describe it as an ongoing negotiation — that’s what makes it so difficult for many companies like Facebook to deal with, because it keeps changing.

miten sampat

Hi Mathew, thanks for outlining some tips for companies. I wanted to ask about your recommendation that companies should make data sharing opt-in.

Given online services are generally free for the user, I would think it would be fair that they are able to learn a few attributes about you in the hope of making some revenues from advertising. I think an opt-out in this case would make more sense, no?

think about it this way: you can use my service for free in case for some advertising, but at the same time if you are concerned about your data you can opt-out and still continue to use the service”


Mathew Ingram

That’s a good point, Miten — and I’m sure some users would be happy to make that trade. I think if you were to make that deal as obvious as possible, then you could probably make it work for most people. But it can’t be implied — it has to be stated up front.

Comments are closed.