Introducing Cryptstagram

[This is the long version of a post I wrote for The Barbarian Group’s tumblr.  We also got written up in Wired’s design blog, Laughing Squid, and PSFK, my first time getting such large coverage!]

Periodically at The Barbarian Group, a small team of new employees and veterans with varying skill-sets are brought together to work on Project Popcorn, a side project that embodies the inventiveness, technical skills, and values of the agency.

Within my first week as a developer for the agency, I was assigned to Project Popcorn, along with a senior art director, a senior copywriter, a creative director, and a technical director.

Cryptstagram is the resultant product of our teamwork. Cryptstagram is a web site that lets you steganographically encrypt a hidden message into any image, unlockable only with a specific password, and then apply glitchy Instagram-like filters to that image.

The National Security Agency whistleblowing story had just broken, and as a result we quickly became fixated on doing something involving cryptography and, to fulfill our artistic ambitions, on doing something involving the glitch aesthetic.

Cryptstagram-5

The glitch aesthetic is popular amongst our creatives and developers because it requires technical knowledge of formats and methods underpinning systems in order to then manipulate, pixel-push, and distort those systems towards the artist’s ambitions.

As a team we spent a lot of time discussing what tone we wanted to convey with Cryptstagram. How secure should it be end-to-end to pay respect to citizens’ cryptographic requirements and expectations of privacy? Should Cryptstagram’s filters create aesthetically-pleasing images or should they reflect entropy of input and interaction from the user? To what degree did we want Cryptstagram to be a statement about the NSA and privacy in general or just a reaction to the state of our relationship with technology?

In the end we decided on a reflective tone for Cryptstagram, emphasizing a common public desire to share stylized parts of ourselves in public but other parts of ourselves in private or semi-private. We should empower ourselves with stealth and style.

Cryptstagram-2

Cryptstagram-4

The Project Popcorn team also wanted to keep Cryptstagram open-ended, taking advantage of the fact that JavaScript is pervasive in users’ browsers and that most computation, SHA-1 encryption and decryption, and glitching can now be done with open source libraries, entirely on the client’s side, and using HTML5 Canvas. A JavaScript stack (Node.js/Express, MongoDB, and good ol’ jQuery) cached and served up via cloud services allows for rapid app development and easy deployment for a small creative team.

So, easily, a citizen could choose to encrypt her image with a message and save it without it ever touching an external server, then send that image via private means to intended recipients with a password that could be distributed in any number of ways. Or the citizen could share the image on Cryptstagram’s wall for others to see and even try to decrypt!

A perk of this open-ended design is that we can extend its utility: we (or you, via jsfiddle sandbox!) can add seasonally- or topically- themed filters for specific clients, a celebrity can release images with a password known only to fans, or people can use the Cryptstagram wall to create puzzles or scavenger hunts or just post encrypted messages publicly without drawing suspicion.

At The Barbarian Group, we’re invested in making things that are gonna be awesome, and in order to do so, we need to be just as able to wade through the technical limitations of CORS and CSRF as to create something people love to use and share online.

So, what creative uses can you come up with for Cryptstagram?

Social Networks are Boring

A common refrain. People will complain that Facebook, or Twitter, or whatever, is boring. What’s usually going on is

  1. their friends are boring,
  2. they’ve reached mental exhaustion,
  3. they try to use social networks less as a social pulse or passive awareness and more as active entertainment,
  4. they reached exhaustion of new content, or
  5. they’re boring.

In a previous job, I’d do 12-hour shifts watching social media, 2 or 3 days in a row. Like, say, on overnights on a weekend. By 6AM on Monday morning, I wanted nothing to do with looking at a computer, and I say that as a completely internet-wired junkie. Sometimes there’s just nothing going on at all. No news. Even the Associated Press wires are just posting baseball recaps. Even the most loserish folks online aren’t busy bashing something on Sunday evenings.  Social media on Sunday overnights is dead.

So hearing from anyone else that one needs to unplug for a while is understandable. What isn’t understandable is the lack of recognition that your boring feeds reflect boring friends or your boring interpretation of what your friends do.

There are variations of this problem: sometimes people don’t follow a critical mass of content creators, so that when they try to view a stream or feed, they barely see any new content, and what content is actually there is boring as fuck.  Some present evidence that Facebook or whatever is dying — well, if you want to cast your widest social net, what’s better than Facebook?  What will possibly be better than Facebook any time soon?  Best place for photos?  Instagram has got that locked up tight, with several derivative competitors trying to offer alternatives (Snapchat).  Social networks are entrenched.  The verdict is still out on video, private social networks, etc.  Maybe reddit is the least secure of the large social media companies.  But I guess what I’m trying to say is that if you claim you’re bored, then your only alternative is to opt-out and go offline, or maybe go underground.

Self-Censored Data

Another variation of the problem, and the main one I want to talk about, is that the types of content that we want to and are able to post lead to limited and boring outcomes, as a result of our ambivalence about personal privacy online, legal norms for data, corporate apprehension toward data liability, etc.

I took some time off working on Galapag.us after thesis presentations ended — I was handling personal matters including moving to a new place with my girlfriend, graduation from school, parents visiting, job interviews, and so on — but I’ve recently started wading back into my code again.

For Galapag.us, I created tons of categories for data for people to enter the moments that occur in their lives every day, such as memories, interactions, loves, hates, etc. Making the data entry part as accessible and as fluid as possible is key since I think anyone who’s done any quant selfing has tired of entering in what food they ate, where they checked in, etc. constantly every day.

My logic is that while physically-generated data is easier to quantify, even the results (aggregation and charting) of it are not very exciting. What good is it to know the flawed number of steps or relative activity level we achieve per day, without further context like diet, circumstances? (sitting at a desk at work, traveling in a plane, skydiving)

Qualitative Data

And so, perhaps as an alternative to that physically-generated data, what we really find meaningful over time might be when and where we had an interaction with someone else, or how our preferences change over time.  Those are the things we remember for years afterwards.

I grew up in a command line interface type world, one of BBSs and MUDs and prompts.  So I started working on an API for Galapag.us so one could access JSON responses via curl, via the web site, or via a command line on the web site (similar to github’s).  The command line on the site let me use angular.js for two-way data binding and for making a nice interface for commands to output.

I started having to think about what new data I could make reachable through the API.  I don’t have a large user dataset yet, so I was considering external APIs. APIs are bad enough these days, as the former best one (Twitter) has been jailed, and most APIs expose almost no interesting public data. It’s cool that data.gov releases a bunch of government data but to be honest 99% of that data is completely fucking boring.  The rest of it is most likely useful only to some NYTimes data scientist who will make some sexy d3 or raphael dataviz that people will cream their pants over.

Facebook, Twitter, etc. are most useful through the data exposed within their networks’ metadata — tracking how circles of friends and followers are related — but the rest of their content is fairly boring. One could say the same about the data that the NSA is collecting.

Instagram is the beneficiary of being the leader for photos, which are the king when it comes to immediate gratification, entertaining content, and pageviews/clicks/PR. The photos we take power today’s social media, now that our networks algorithmically have been around long enough that they’re reaching adolescence (I would think our networks will reach “adulthood” when most of the userbase is old enough that network graph sizes begin to shrink from old age deaths, and the social network providers begin to change their site designs to reflect that contraction in connection to the external self).

Unoffensive and Boring Data Schema

The data itself being exposed for public consumption is fucking boring. The most exciting stuff you might see (outside of, once again, awesome photos from life-changing events that people post, and those swimsuit pics of those people you just friended) are who viewed your profile on LinkedIn (imagine if you could see that on Facebook), or an occasional drunk post signalling the rare chaos added to the polite, custom-filled order of our normal social feeds.

If you need an analogy, the personal data we disclose on our social networks is the equivalent of reading some small midwestern company’s corporate site.  Our front pages (Facebook and LinkedIn) are using, I guess, some shitty flash animation interstitial.  We probably have a shitty about page that barely contains any actual timeline info.  There’s no contact info available.  Check-ins on FourSquare?  A little racier, but maybe that’s just some scantily-clad photo we posted as a camgirl.  Most of the links on our shitty sites are broken or old.  Altogether it’s just a whole shitty experience.

At the same time, we can barely accept this “free use in exchange for using your data to advertise off you” compact we have with large siren servers like Google and Facebook, and we’re scared we’ve already contributed too much data online.

But it’s all so, so boring.  Few of us have the talent and courage to share what’s most dazzling and interesting and inspiring about our personalities and deeds online.  Those who do succeed because they are fulfilling their potential and fulfilling the powerful medium of expression that the internet was supposed to give us.  The rest of us hide our personalities and flaws and desires and failures and weaknesses because that would diminish our carefully curated statures online.

Few of us have enough details online to verify our reputations or trust, show proof of temperament or sound judgment under different bad circumstances, etc.  At the very least, most of us contribute nothing yet consume a lot every day.  People are afraid Facebook and Google and the rest know too much about us, but in reality, we’ve all agreed to some sort of social norm where we conceal what’s really interesting about us and only post the most fluffy, superficial information about ourselves.  We’ve all signed up to a social norm that we must be safely boring.

Dangerous Data

What I envision one day is seeing, over time, how other people and groups of people changed their body types after they had children, or as a result of increased work hours, or seeing the patterns of their lives through the 24 hours of their days.  What I envision is seeing hard data on failed dates vs. attempted dates, aggregated opinion of participants at concerts, sexual data, tracking peoples’ young potential vs. their older outcomes.

You know.  All the data that can be embarrassing to share — the data that often defines us more than any other data.  The data that shows when we’re vulnerable, emotional, petty, impulsive, breaking our own habits and patterns.

And what if the schema, API, and backend architecture also encouraged more scandalous insight? What if the data we collected, and the representation and sharing of it, did, as Jer Thorp wrote in his article “Art and the API”, bring us closer to what we really want to express?

[The] conceptual API. A piece of software architecture intended not only to bridge but also to question. The API as a software art mechanism, intended to be consumed not only by humans, but by other pieces of software. (Promisingly, the API also offers a medium in which software artists can work entirely apart from visual esthetic.)

Burnham wrote in 1968 that ‘the significant artist strives to reduce the technical and psychical distance between [their] artistic output and the productive means of society’. In an age of Facebook, Twitter & Google, that productive means consists largely of networked software systems. The API presents a mechanism for artistic work to operate very close to, or in fact to live within these influential systems.

There’s a reason people love to read the gossip sites all day.  The stories are glitches in the matrix regarding people we know (celebrities).  When order breaks down, we get interested.  Within our digital networks, order rarely ever breaks down.  People tailor their content to fit an identity, maybe not to improve their reputation, but very rarely to degrade it, unless they sacrifice some of it to pursue an issue worth it to them, like politics or sports.

If you want to know why social networks are “boring”, it’s because we’ve censored ourselves into being safe, and boring.

Identity

If anything, this is a stark argument for virtual identities, pseudonyms, and anonymity.  They allow us to act out in ways that we can’t within our main imprisoned identities.  They allow us to interact and experiment without the shaming that could come back to our physical identities.  The inference here is also that our other identities are inherently dangerous.

To me it is not shocking that the government can collect on any of us.  One should always assume that the US keeps the blade of its sword sharpened, and if it chooses to target you, anything you have linked to you is compromised.  What is shocking is the breadth for which the government is trying to piece together disparate datapoints together.  A huge piece of that puzzle is linking random datapoints collected online back to a MAC ID on your network card, so that it knows that “Xeus” and “Ben” are the same person.  Google is trying to do the same thing to get better data on pageclicks vs. pageviews across sessions and page transitions.  This is the key data.

If you want your social networks to be more interesting, you’re going to have to give more online.  You’re going to have to play more, experiment more, fail more.  You’ll have to expand your friend networks to areas you’re not as comfortable in.

And of course you can argue: hey, who gives a shit?, it’s just an online waste of time.  But I wonder how many peoples’ lives are not actually enriched at least a tiny bit by the passive awareness granted by online networks. I actually consider it beneficial knowing almost subconsciously that distant friends and acquaintances are busy raising that newborn or are changing jobs and moving to another country (you know, the heavy lifting of our timelines) even though we haven’t talked.

I think everyone’s going to have to suck it up a bit and realize that a digital life is one worth living to the fullest. The digital life can no longer be neglected or made fun of.

One of the more recent influential articles for me was by Nathan Jurgenson, who wrote about the IRL fetish:

Every other time I go out to eat with a group, be it family, friends, or acquaintances of whatever age, conversation routinely plunges into a discussion of when it is appropriate to pull out a phone. People boast about their self-control over not checking their device, and the table usually reaches a self-congratulatory consensus that we should all just keep it in our pants. The pinnacle of such abstinence-only smartphone education is a game that is popular to talk about (though I’ve never actually seen it played) wherein the first person at the dinner table to pull out their device has to pay the tab. Everyone usually agrees this is awesome.

Completely fetishized.  The reality:

Facebook doesn’t curtail the offline but depends on it. What is most crucial to our time spent logged on is what happened when logged off; it is the fuel that runs the engine of social media. The photos posted, the opinions expressed, the check-ins that fill our streams are often anchored by what happens when disconnected and logged-off. The Web has everything to do with reality; it comprises real people with real bodies, histories, and politics. It is the fetish objects of the offline and the disconnected that are not real.

Publicy vs. Privacy

The power of the people is publicy whereas the power of siren servers, cartels, etc. stems from privacy.  I would argue that we’re fighting a losing battle if we try to pursue even more privacy, government data retention laws, and oversight into surveillance.  We should still pursue strict controls on authorized surveillance as a matter of course, as it’s the only way to solidify gains legally, but the underlying strategy should be more openness, more sharing, more creation of public alibis to verify our reputations and livelihoods.  By withholding information from others, we give those who can still get that information power, since they then have access to data others don’t.  By sharing information, we not only take it out of play in the interconnected data market, we free that data for use in silly experimental games, behavioral economics studies, and so on.

I feel as though the conservatives have been particularly absent from the NSA story, probably because they are conflicted: on one hand, whistleblowing is a fine line between treason and heroism, whereas Big Brother and mysterious government agency behavior is a mainstay of the skeptical conservative.  The liberals on the other hand have gone full-retard.  Their shock that an agency tasked with collecting and analyzing information might try to game the internet is just downright laughable, particularly after almost a decade of encroachment into our communications networks painstakingly whistleblown by brave but mostly unheard individuals.  The liberals are also in disbelief that Obama could do this (!) and have begun equating what “he” has done with the horrors under Bush and Cheney.  It’s like some sort of retarded amnesia.  The final absurdity is that there has been no even half-constructed policy suggestion from the liberals on how to deal with maintaining intelligence superiority through surveillance versus maintaining first amendment freedoms in an interconnected hyperglobalized hybrid digital-actual world.  The NSA of course has blown almost every opportunity to win by just laying out an honest case for the nation requiring such systems in order to maintain superiority in foreign affairs.  I assume it squanders this position because it knows it really doesn’t have to do anything except keep its head down until this passes (like gun control, Gitmo, and a litany of other liberal causes abandoned when the next fauxtrage comes about).  You know, at least the Tea Party advocates turned out for rallies.  Digital liberals will just mock Occupy and Anonymous and Like Kony 2012 and anti-NSA causes on Facebook, slacktivism at its finest.

There’s absolutely no informed debate about this issue at all, yet it permeates every damn site right now.  So frustrating.  I would maintain that you can have 3 legitimate stances on it: 1) you don’t care, 2) you delete all your social data online and encrypt all your email along with friends who agree to it, or 3) you try to see the issue as a balance between national security, technological advancement, and public freedoms.  I choose #3 as a matter of pragmatism.  But I respect those who choose #1 and #2 as well.  I also allow for the criticism of being more open, which Jaron Lanier partially explains:

Metadata has proven to be a tool for certain kinds of behavioral change. Facebook can use metadata to find people who are more likely to agree to share information with each other, because they share history with each other anyway. This, in turn, increases the amount of metadata available to the algorithms. Once enough people are signed up, a new sphere of social mores is created and even more information is shared. … Young people, weaned on free Internet services that spy on them, seem to have accepted an America in which their financial prospects are reduced, and in which no one should expect “privacy.” The acquiescence of our young people is historically exceptional and bizarre. In the metadata age, privacy needs a new definition, and it might be “freedom from being profiled.” Or “equity with those who use the biggest computers.”

So in short: I wish there were more people clamoring for more openness, more transparency, starting with our own personal data.  If agencies and corporations draw power from controlling the distribution of our data, then we need to dump it out there into the public domain.  Aren’t open sourcing, transparency, openness, public domain the things digital liberals and other civil libertarian groups always say they want?

Well, as my final point, I would argue that those values are not really what they want.  They want everyone else to share more, but they won’t do it themselves.  Other people can fight the war, they’ll stay home and watch the Daily Show “destroy” some FOXNews pundit.  Other people can put the leg work in, they’ll make sure to catch that sweet rooftop party tonight.  Other people can dirty their hands with campaigning and fighting for causes, they’ll just photograph it to feel like they’re a part of it.  No associations, no taking a stand.  Just criticizing, critiquing, “doing no harm”.  Useless.

Tech Fetishism

At the same time, the obsession over drones, NSA surveillance, and other aspects of the “military-industrial complex” borders on tech-fetishism.  Behold the awesomeness of that drone turning that pickup truck into glowing-white heat signatures.  Think of the sexiness of that NSA terminal poring a search query through petabytes of data!  Are you getting a boner yet?  It plays into every Ayn Rand teen’s wet dream about how insidious and dangerous the government is, yet it’s ignorant of the reality of today’s world, where columns of tanks and infantry are so rarely seen, but code — and data — runs 24 hours a day, every day.  The thing about that is, tanks and infantry always cause destruction — they were built to destroy — whereas code can be good or bad, depending on the policy and the actors behind it.  Anti-NSA tech-fetishists would have the code and tech destroyed, while in awe of it, but a more sensible approach would be for a citizenry to push a responsible use of that tech through Congress and POTUS: acknowledge the necessity of it, yet create sound policy to govern the use of it.

And a nation won’t use it as much if the nation’s priorities don’t require so much of it.  Right now under a paranoid post 9/11 security apparatus (worldwide and even in the holier-than-thou Europe, I might add, and not just under Nobama’s America), the threat vector includes just about any potential self-radicalizing self-pitying dumbass who read a pamphlet about how x or y is oppressing z.  So you take away the siloed cartel control of distribution of our data, establish reputations and publicize them, and you take away much of the potential for abuse by over-zealous states who either through blunder or through antipathy go after non-targets and then claim confidentiality and parallel construction (a technique as old as the hills by any type of law enforcement, I might add) as a defense.

I don’t know where the fuck this post is ending :) so I’ll wrap it up here but right now there’s some sort of weird disconnect between the reality of a world I thought we all witnessed in the last decade or so and the Sesame Street world that the old Tea Partiers, anti-NSA libertarianers, and uninformed liberals are living in.

And so it will continue.  Sigh.

Building Online Communities

[Before I begin, I just wanted to link to this O’Reilly Radar post that shows how Facebook continues to blow away its competition, with 175 million users worldwide.  Another conflicting post from another source has a different number of total users, at 222 million.  Facebook is posting great growth numbers abroad and in the US — I say all this because I believe Facebook is taking over the planet in social networking shortly before the personal data jailbreak is to occur.]

Somewhere between researching my final orals exam topic of “individualized identity and reputation for international development” (for my MSFS degree) and studying how to design both a competitive and collaborative ecosystem for my start-up, I came across some very cool pages at Yahoo!.

Yahoo!’s developer network has available some tips and examples of how to build competition, reputation, rankings, leaderboards, and other social interaction devices into a web site.

Check some of them out:

YDN (Yahoo! Developer Network) has grouped these and many other categories loosely under “Reputation” in one of its menu hierarchies.

These pages have some interesting linkages.  From one post it links to:

“The famed #1 book reviewer on Amazon.com (who does claim to be a speed-reader) posts, on average, 7 book reviews a day. So not only does Harriet have time for reading all these books, she can also whip off reviews of them pretty quickly, too.”

Another example:

“Avoid even slightly offensive names for levels (e.g., Music Hotshot! or Photo Flyguy!)

  • These may be learnable with appropriate supporting material, but remember that reputations are also a form of self-expression and odds are good that a sizable portion of your community won’t want to be identified with frivolous, insulting or just goofy-sounding labels.
  • Ambiguous level names like these tested very poorly with some of our users.”

What’s interesting to me about all this is that it provides some basic examples of when to use certain systems and when not to.  Sometimes you may not want people to be competitive, because it may detract from their desires to collaborate.  What I read between the lines is that different cultures will adopt different preferences for how their self-designed systems will create and generate the maximum value and benefit for them.  Such a system might not be of maximum utility to another culture, however.

This implies that systems may need to be designed that are flexible to different peoples’ values.  It also implies that certain web sites may work where they were previously thought not to, just by providing an alternate version specific to that culture or tribe.  The easiest example of this to visualize would be language-localized versions of web sites.  Facebook adding Arabic and Hebrew versions recently will bring in many more Arab- and Hebrew- speakers through this alone.  But other cultural dimensions beyond language have yet to be addressed.

Not too long ago, I attended the Future of Web Apps conference in Miami.  It amazed me to see just how involved companies like Yahoo! and Facebook are getting into building online communities.  I also picked up some cool Yahoo! schwag including a foldable map that shows all of Yahoo!’s APIs and services.  Pretty impressive.  What’s even better, these companies are being extremely open about all of this.  The social networking community looked nothing like this when we first began our research not too long ago in August!  Pretty awesome!

Studying Russia

[To round out my research, I need to study the BRIC countries — however I realize I do not have the time to give them much more than a cursory look in all their dimensions:  demographics, political economy, sociography, history, culture, religion, etc.  So I thought if I were to look at them through the lens of how it might affect the expression of their cultures/countries online, that might be sufficient.

Now, please, I am not a regional expert by any means, so if I overgeneralize or say something blatantly wrong, please correct me in the comments but don’t take what I write personally — I’m only going off what I could find online, mainly through Wikipedia.  Here’s Russia’s Wikipedia page, for example.]

Russia

Government: Parag Khanna argues in “The Second World” that Gazprom, Russia’s oil corporation, controls Russia and the government, with Vladimir Putin running a revivalist, nationalist agenda.  It is, as Khanna says, a petrocracy, one that is acutely sensitive to oil prices.  Russia is not politically free, but it is economically free — if you’re rich, you’re living well.  The rest of the country has languished.  Journalists who have attempted to investigate the government have been intimidated or murdered.

International Affairs: Russia continues to be a formidable security presence, exerting its influence on former Soviet satellites and in throttling Europe’s exposure to natural gas and oil.  However, it seems reliant on Europe for investment, and is being trumped by China on its eastern borders.  Russia’s military has not benefited from oil/gas profits — thus its ability to exert leverage has become even more concentrated in its ability to control natural resources.  It can be argued that Russia now looks with embarrassment as China as a successful Communist model.

Demographics: According to Khanna, 2/3 of the Russian population lives near the poverty line.  Russia has an aging population that is emigrating from the country if possible.  It is still well-educated.  HIV/AIDS and other health problems have surfaced as health care systems languished.  Russia is in danger of losing its eastern provinces (providing most of its land mass) to China, whose economic success and cultural roots prove far more inviting.  3/4 of Russia’s economy is concentrated in Moscow.

Religion: Russian Orthodox 63%, agnostic 12%, atheist 13%, 6% Muslim.

Telecom: Russia has very low penetration, at 14%.  According to comScore, the Russian internet market grew 25% in 2007, making it one of the fastest-growing (and largest) markets in the world.

Social Media Usage:

In Russia, there are two major social networking sites (SNSs):  Odnoklassniki and vkontakte.  Odnoklassniki is primarily for students to find each other, while Vkontakte is a blatant Facebook rip-off.  Both have the same percentage reach of the overall internet market.  The difference is that Vkontakte users spend 689 average minutes on the site per month, whereas Odnoklassniki users only spend 120 average minutes on their site. (comScore)  This means that although both have similar statistics, Vkontakte usage is richer, and, in the long-run, will grow faster.

One blog post says,

“What’s more, some users try to demonstrate to their friends that they no longer use Odnoklassniki and have moved to Vkontakte by displaying a graphical image as their avatar or one of the photos reading “moved to Vkontakte” to avoid the automatic filters for the text messages – but such photos are quickly deleted by moderators of the network anyway.

“I have to admit this looks like a creative way to avoid migration of your users to your competitor but at the same time I have a feeling it should be frowned on at the very least. For example, I have seen Odnoklassniki buying ad space on Facebook to display to the Russian users and a Facebook advertising team representative told me that their ToS for the advertising program did not prevent competitors from paying to reach the users of the social network.”

Noticeable is that Facebook has almost no exposure in Russia, although it only added language localization in June of 2008.

Questions

Odnoklassniki seems on the surface to not be appealing in a broader sense than networking among students.  Facebook started off this way, however, but expanded for wider social networking.  Vkontakte is exploiting the success of Facebook, but in an inferior manner — fewer controls and features.

Furthermore, I disagree with the blog post that suggests the only option for Facebook is to buy its clone Vkontakte to take the users and grab much of the Russian market.  I would predict that if Russia’s integration into the larger internet community grows, Facebook will quickly syphon users away from Vkontakte.

Identities and Censorship

Pseudonymity

One excellent point brought up during our breakfast presentation in the CCT lounge (their journal, Gnovis, posted a write-up of it by Margarita Rayzberg) was that one coping mechanism for lack of privacy controls on an SNS or within an intrusive state is to create fake profiles and characters and pseudonyms in order to operate online.

(Outside our discussion, I want to quickly add, why Asians are more comfortable with avatars, pseudonyms, and anime in representing themselves online?)

Anyway, in my privacy controls post, I showed just how extensive Facebook’s privacy controls are.  This allows people to feel more secure about putting more information into Facebook’s databases because, whether they use those controls or not, they feel as though they can control their own data.

But Brazil uses Orkut, which has fairly weak controls relative to the rest of the spectrum of SNSs (Myspace excluded).  I am not sure if Brazilians fear government intrusiveness into their day-to-days, since I haven’t done the research yet, so if they are using fake profiles quite often, then it might be because they are uncomfortable sharing info that those in their peer group or real life may view.  We see this phenomenon here in the US with Myspace users.  Younger users are encouraged to create fake profiles to hide from their parents, unauthenticated classmates, and other outside, threatening players in their lives.

I would argue that pseudonymity has an unappreciated role online.  Anonymity has been with us since the start, back to “on the internet, no one knows you’re a dog”.  Certainly much has been made about verified identity online, to facilitate trade and commerce — it wasn’t long ago that people refused to shop online for fear of fraud, an irrational fear as it turned out.

Pseudonymity has been discussed at length as well, as most outsiders see it as escapism from reality and compensating for missing traits in real-world personality.  But it also allows, at the identity layer level, for a blend of authentication and anonymity to make up for the lack of identity tools to properly set the level of privacy you’re comfortable with online.  You may want to be anonymous to all those who know you in real life, but you want to be known online within a certain community.  So you take a handle or nickname and create a reputation around it.

Censorship

The Yahoo!/ISD fellowship was originally created with the help of Michael Samway, Yahoo!’s VP and general counsel of human rights efforts and a former Georgetown MSFS alumnus, in response to a case of censorship by the Chinese government with the collaboration of Yahoo!.

The NYTimes this weekend published a long article called “Google’s Gatekeepers”, which describes a case involving Google’s YouTube property and Turkey’s blocking YouTube because of videos from Greece that defamed the founder of modern Turkey, which is a crime there.  This spurred a look into how Google decides which videos get taken down and why.

What should companies do about issues such as this?  Should they concede to governments’ wishes in order to stay in the market, particularly one as delectable as China’s?  If they decide to stick to principles of free speech and user protection, they risk being banned, while their competitors could decide to concede and gain the lost market share.

For now, multiple stakeholders have formed the Global Network Initiative in order to collaborate and work together to ensure freedom of speech and privacy; it remains to be seen who will cooperate with the group and who will break apart, and whether they can exert enough leverage on governments to back off from censorship.

The Little Guy

What I am primarily concerned with in my research is how all this affects the little guy.  You, me, those in BRIC countries.  How do different countries’ users approach social media usage, knowing the risks they take both socially and from their governments?  From some discussions I’ve had (but with nothing concrete to back it up), it seems as though Chinese users have a good sense of where the line is when saying something potentially risky in the government’s eyes.  It’s hard to draw such a line when it comes to what one can say within his social network, though, since there are many more actors and attitudes and roles of relationships with that person.  In other words, what you would say if you knew your mom was listening and what you would say if your best friend or boss were listening would be markedly different.  At least you know in China fairly reasonably what you should and shouldn’t say in order to get the government censors concerned.

With that in mind, I think my privacy model holds well, although I’ve learned from our CCT chat and various other discussions to modify some of the language and words used, since each word has very specific meanings and inferences.

Your True Identity

The last thing I want to talk about here is with regards to hiding your true identity, as in your real life identity.  In my “What’s Shaping the Internet” class (also in the CCT department), one of my colleagues did a presentation on Chinese censorship.  One thing I started thinking deeply about through the pre-class reading was that foreign companies use tunneling and encrypted networks to pass through the Chinese firewall (or “Golden Shield”) in order to phone home to their offices.  Both technically (encrypted tunneling is hard to defeat or wiretap) and commercially (if foreign companies have no privacy, then they would object and would pull business out for fear of losing trade secrets or more), encrypted networks and VPNs within China seem untouchable.

This ability can’t necessarily be said for regular Chinese citizens, who must find a secure connection to use in order to start tunneling securely.  But it brings up the interesting question:  how much tunneling do Chinese citizens engage in?

And would it really help them as far as SNSs go if they could tunnel out?  SNSs are huge in China and by statistics we’ve discussed earlier, Chinese use social media far more than Americans do.

But at some point, can you really escape who you are?  If you could post about yourself on computers based in a country that protects free speech, you’re still at some level talking about metadata that links back to your identity back home.  If you were to scrub all your information of your real name or pseudonym, it would not take much work to find out where you live, what you do, and who you know.  It would then not be much of a stretch to find you.  Your personal data is horribly non-anonymous whether you’re Publius or Joe Klein.

So we’re led back to the beginning of this post, resorting to using pseudonyms to create completely fictional characters that anonymize our real life personas.

Hiatus

Apologies for the interruption in posting regularly.  It’s the end of the semester and I can’t speak for Gaurav and Pav but I’ve had a lot of on-going semester-long projects.  The Mumbai attacks hit close to home for Gaurav and Pav and I kept up with Gaurav’s tweets and posts during the Thanksgiving break while watching TV coverage and reading the spotty journalism online.  Certainly there was a communitas and online awareness during the Mumbai hostage situations that’s unique to our times.

In mid-November, Gaurav gave a presentation during a Georgetown CCT (Communications, Culture, and Technology) breakfast chat. The CCT program, by the way, has a really cool blog called gnovis which covers interdisciplinary issues such as culture, technology, media, politics, and the arts. Add it to your RSS feed!

I assisted in covering a few slides for the presentation.  Our topic was how cultural context affects social media usage in the BRIC countries and in the US.

Gaurav posted the excellent slideshow he presented, so you can check it out:

This presentation was very useful for us because the CCT students are not only already well-versed in the subject we covered, but also pointed out areas we completely overlooked, studies we used that have blind spots, and presented an argument that we should look more carefully at how the different BRIC countries and the US view issues like privacy, openness, and sharing.

So these issues I will be researching for my future posts, particularly how the word “privacy” does not translate well into other languages and is fairly confusing even in English.

I also plan to study the individual countries to see if I can isolate characteristics applicable to my studies on privacy and openness vs. closedness.

It should also be mentioned that discussion within the web developer community regarding identity, sharing data across sites, and privacy vs. advertising is extremely hot right now, so I will try to post more summaries of good stories I see out there on that front.

Happy belated Thanksgiving, and here’s hoping you have a happy holiday season, wherever you are.

Social Networking Sites’ Privacy Settings

In order to get a better sense of how different social networking sites (SNS) in the US and BRIC countries approach their users’ privacy, I took screenshots from Facebook, Myspace, Orkut, and Vkontakte.  A very kind master’s student from China, Lydia Zhang, was kind enough to take screenshots of Xiaonei, China’s top SNS, and then translate them into English for our benefit!  Much love to Lydia!! (Lydia is working on a paper on SNSs as well; please, if you are a US student, fill out her survey and e-mail it along to her.  Thanks!)

Myspace is primarily a US thing, while Facebook is popular in the US but also in many other countries around the world (earlier, Gaurav posted about Oxyweb’s map of SNSs around the world).

Orkut is primarily associated with India and Brazil while Vkontakte is associated with Russia.  China’s primary SNS, Xiaonei, competes with Kaixin, but according to Lydia:

“Kaixin (means fun and happiness in Chinese) is a fast-growing SNS in China. Its success mainly relies on its spam-spreading e-mail invitation strategies among SNS users.  Some Chinese internet observers said Kaixin attracts people mainly from companies.  Those white-collar workers spend most of their boring working time on Kaixin to play games developed by third-parties with their colleagues, even their bosses.  This is what they think, leads to Kaixin’s surprisingly high user involvement.  Because users of Xiaonei are mostly college students, who don’t have convenient access (as those white-collar workers in companies) to internet because of economic factors. Generally speaking, Kaixin is basically a clone of Xiaonei but is featured by its spam-spreading and  some popular third-party applications, for example, some most successful games directly copied from FB and some games developed by Chinese third-party. These games of Chinese characteristic could be a possible topic for cross-cultural studies on group involvement of Chinese and foreign SNS. This requires more observations and I will keep tracking those information. Interesting enough is that Xiaonei now realised Kaixin’s threatening expanding and launched recently a new SNS aming at competing with Kaixin in games and other entertaining functions.”

A few notes:  1) Screenshots were taken on Nov. 1, 2008.  2) The screenshots are somewhat huge so I’m just using thumbnails for this post.  I’ve linked to the full-size versions instead.

Privacy settings menu screenshots:

Facebook

Facebook by far has the most extensive and precise (and as danah boyd says, confusing) security settings.  Not only can you blacklist individual users so that they can’t access you at all, you can also configure virtually any different category of information about yourself (education, work, bio, friends) by more categories than the other major SNSs:  friends, friends of friends, your primary network, all your networks, anyone, only some networks, and no one at all.  For your schools, you can also specify by undergrads, grads, alumns, faculty, and staff.

Facebook has so many privacy settings that it breaks them down into four primary categories:  profile, search, news feed and wall, and applications.  Primarily, you can limit your biographical information, who can see your different photo albums, and whether your info gets posted on your wall or not.  You can block whether search engines will index your profile or not, as well.

Another unique feature to Facebook is to see how your profile would look to a specific friend in your network, as an added security measure for those who are nervous about specific people.

At this point I must say that it would be difficult to quantify the number of settings per SNS to see which allowed for the most privacy.  Certainly Facebook offers a level of granularity unparalleled by any other SNS.  It doesn’t, however, let you open up your profile to everyone. The best way to measure degrees of privacy on other SNSs perhaps is to see what the other SNSs lack compared to Facebook.

Myspace

Myspace is currently the biggest SNS in the US but it’s highly doubtful that that will continue to be the case for much longer.  Myspace is undergoing a strategy revamp but is also not very useful compared to Facebook except in specific circumstances.  I was also amazed to see that it offers very little in the way of privacy control.

Myspace offers an individual blacklist, but otherwise has only 5 discrete settings under privacy to customize.  It lets you hide your age, online status, and birthday; it also allows you to blanket-protect your photos (with no granularity), and control who can view your profile by age.  Given that Myspace has the younger online demographic, compared with Facebook, this is completely unacceptable.  Not only does it not do a good job of protecting adults’ privacy, but it does very little to protect minors’ identities.  Outside literature I’ve read has suggested that minors have compensated by creating fake profiles known only among their circles of friends.

Orkut

Orkut, owned by Google, is used a lot in India and Brazil but not so much in the US.  It also has a surprisingly weak array of privacy control options, all fitting on one screen, just like Myspace’s.

Orkut protects against photo tagging (people uploading photos and tagging that you are in them), update statuses, Google indexing (since it’s integrated with Google search), and anonymous friend requests.  It lets you protect certain features (scraps, photos, testimonials, feeds) by three levels of settings:  friends, friends of friends, and anyone.  There is no “no one” setting or anything more granular.

Brazilians and Indians don’t seem to mind.

Vkontakte

Vkontakte is the most popular SNS in Russia, and along with China’s Xiaonei, is a blatant complete Facebook rip-off both in color scheme and layout.  Facebook has sued Vkontakte because of this.  The site DOES provide English support, which is useful for branching out from Russia.

One thing that’s interesting is that upon login, you have to check a box to NOT have Vkontakte save your login settings automatically.

Vkontakte has a blacklist feature.

Vkontakte lets you show your info to only friends, friends of friends, no one, and all users.  Mostly the controls, instead of controlling which of your info gets out, like on other SNSs, controls who can send info TO you, like invites, graffiti, and messages.  You can control who can view your photos or view your profile.  If you select “no one” for who can view your page, it actually says, “No one, delete my page”.  Harsh!

Xiaonei

Xiaonei leaves opting in as the default setting for many of its privacy controls.  For instance, unless you change your settings, anyone can see your entire profile at first, even if they don’t log in.

Xiaonei, as I learned from Lydia’s very helpful translations, probably has the second-best privacy controls to Facebook out of all the sites here.  Interestingly, it lets you share to all, or to just yourself, along with other degrees of privacy.  it lets you set privacy across several different categories of your personal information.  I counted more than 10 different categories.

I saw that Xiaonei offers IM on its profile page; IM in China is one of the biggest sources of traffic among Chinese users.  It also lets you see recent visitors, something you have on Orkut but not on other sites.

Conclusion

Both Myspace and Orkut contain separate settings to protect against spam.  This doesn’t exist on Facebook, Xiaonei (to my knowledge), and Vkontakte.  That they even have problems with spam says something about the data integrity within Myspace and Orkut.

I guess my closing question is, why does Facebook get so much more flak than other services for having lax privacy, when the other competitors’ sites are far worse?  Certainly Myspace had its days in the news for exposing minors to predators and abuse, but now Facebook is the target.  Is it also because Facebook not only might expose users to public and private abuse, but also to abuse by marketers, governments, employers, and corporations?  Is it telling that Xiaonei and Facebook, from China and the US, have similar degrees of privacy controls?

Edward Hall’s Context Prism

In search of more prisms that I can examine BRIC countries through (Gaurav blogged about Geert Hofstede, which gave us some interesting data points), I came across Edward Hall’s high- and low- context analysis.

Other sites already cover Hall’s theory pretty well, but basically he differentiated cultures based on an idea that some had high-context communication and others had low-context communication.

Scandinavians, for example, have low-context communications.  You can walk into any conversation with them and their dialogue will contain very direct messages that are self-encapsulated and contain most of the information you would need to make sense of it.

There are codified norms within the society that make the conversation rules-based and less personal.  It comes off as very direct and to the point. Read More »

Americans’ Attitudes on Digital Footprints (Pew Internet & American Life Project)

I wanted to get more information about “online culture” within the US, since it is still, at least for now, the standard for what an online society looks like in terms of debating privacy versus openness, online presence, and reputation.

In December 2007, the Pew Internet & American Life Project released the findings from its surveys on “digital footprints” and “online identity management and search in the age of transparency”.  You can read the full report (PDF) online, and the questionnaire they used, as well.

It is interesting to study the attitudes versus the actions of social networking users when it comes to privacy versus openness.  The study found that “[m]ost internet users are not concerned about the amount of information available about them online, and most do not take steps to limit that information.” Read More »