From Privacy To Opacity - Digital Me Management

This document has been submitted to the W3C Workshop on Privacy for Advanced Web APIs, 12/13 July 2010, London

What Privacy Means For People?

I recently asked to work colleagues and friends (a quite western homogeneous cultural group) this very basic question:

What is privacy for you?

The diversity in answers has been broad. Some people replied in “private” with a vague answer. Some replied to Work mailing-list with their own personal opinions on the topic including everyone else in the answer. The context of privacy was defined in very different terms or context. One would separate the work life from the family life, another one would put the border between their own actions and their family. A few people had a more nuanced opinion about it relying on context.

What all these answers demonstrate is that people are not necessary confused about the notion of privacy but the notion of privacy is a personal assessment about one’s interactions with the surrounding world.

I propose that we move away from privacy and we address what helps people to improve their choices on sharing, removing or just hiding information.

A New Term: Opacity

Opacity is a term often used in Astrophysics. It defines the ability of a material (star atmosphere) to absorb light. The opacity is then defined by the mean travelled distance of a photon between two interactions with local matter.

The photon is the message, the matter, us, humans. The interaction is the time a message is received or emitted by a person or a software. In between, we have lived. In between, we had time to breathe, laugh, love and die. But sometimes, this time is very short.

The network opacity is the property of the network to slow down (until it dies) or accelerate the information.

Physical And Digital Opacity

Our communications in the physical world has some properties such as:

1. We are sharing information (with or without conscience) in a limited physical space.
2. We are learning things about people most of the time asynchronously.
3. We are telling fabricated stories more than facts about people.
4. We are forgetting what we said or heard about people.

We do basically the same things in the digital world but with a different turn:

1. Global: each unit of information is available almost everywhere at once.
2. Instantaneous: each unit of information is available in real time.
3. Replicated: each unit of information is replicated identically.
4. Permanent: each unit of information is kept for a long period of time.

The opacity is thicker in the physical world than the digital world. We can’t escape the information shared on the network. Even if you are not part of a digital property (ex: social networks), one might put images, talk about you in the digital world without the desire of being harmful. A tourist could take a photograph of you when going out of an hospital. The photograph is later on put online and geolocalized. Someone else right away or in a few months or years searching for local hospital photographs finds the image and recognizes you. The person tags or leaves a comment giving a lead for identifying who you are. In this chain, nobody had the desire to be specifically harmful but the individual actions lead to consequences.

This type of interactions is happening in the physical world too. In the digital world, the thinner opacity increases its probability.

Tools Versus Policy

It is inevitable with the rise of issues around breach of personal data (intentional or not) that legal systems will take of the society framework. This framework will certainly have diversity in between countries. For the purpose of the Web industry, we should stay far away as much as possible from legal frameworks and policies.

Instead I propose we work hard on tools that helps people to have a better control on their personal data. The control means to be able to create, remove, hide and visualize (the often forgotten part) data. The area is vast and there are many issues we could tackle at a low cost with strong benefits for individual people (as I’ll show later on). It is not about creating better silos, or giving up on any kind of hope as we heard a few times these last months under the motto: “Privacy is dead”.

The mistake is often in the binary decision made around the access of data. An information can be here for a certain time, an information can be accessible to some specific tools and people, an information can be slowed down. This type of granularity is very important. Our physical social context is complex as it is online.

• Features for managing data must not be a reduced set of instructions.
• A change in a feature behavior should never been made automatically if this broaden the context of data sharing.
• A person should always have to opt in system which broadcast their information.

Managing Opacity

Concrete features already available for managing opacity

• Tumblr is a popular publishing platform with a rapid growth. After creating a new space, the settings authorize the owner to forbid or authorize the search engine harvesting by just selecting a checkbox. The content stays publicly accessible but the opacity has been increased. It dampens the communication.

Directory: Allow search engines to index your tumblelog. If checked, your tumblelog will appear in search results on sites such as Google and Yahoo.

• Many social network sites give the possibility to have very basic options for hiding content from other people or selectively a group of people.
• The W3C Web site, a space managed by 70 persons and more, gives the possibility to set the access policy of a specific URI with the comma tools

These are very simple and basic features but which in the end gives a lot of power to the user.

Tools to improve for managing opacity

In January 2009, in the paper DMM: Digital Me Management (Karl Dubost, Olivier Théreaux) we showed the issues around the classical tools such as robots.txt, sitemap.xml and .htaccess for managing access to information. Most of these tools are incomplete and only accessible to a few power users with full control of their environment. These usually do not solve the issues about data hosted elsewhere. The comments still stand.

Here are a few avenues to explore around Web Privacy APIs

• it should give the possibility for users to act on the basic features like sitemap.xml, htaccess, robots.txt.
• A person should be able when sharing data to give an expiry date for catering for the memory loss.
• Opacity of data is also important for security. We can consider that, in some contexts, user profiling for marketing endeavors is a middle man attack. People should be able to use a service without having their data used for commercial purpose.
• Some efforts have been made for exporting data. Giving the possibility to people to export all their data create trust among users. See Data Independence and Survival Best Practices.
• People should be able to obfuscate some data about themselves. It can become very important in the realm of geolocation services. Depending on the context, one might want to set the precision of the location from a few meters to the landscape precision (or none).
• No APIs should assume that the user wishes to be identified or tracked by default. Example : for each download of Google Chrome, a unique id is created and included in the product.

Conclusion

Mark Twain died on April 21, 1910 (100 years ago). He left 5,000 unedited pages of memoirs. In his notes, he had written that he did not want them to hit bookshops for at least a century. Managing opacity is an important asset for people.

Author History

Karl Dubost has been working for W3C for 8 years and is now the CTO of Pheromone, a Montreal Web agency (Canada), developing other companies social networks. He is interested by all issues surrounding data access granularity and privacy.