When public and private collide
2006-09-11 - BBC News
There is a growing need to develop technologies that help us tackle the problem of trust online, says regular commentator Bill Thompson.
Most of the discussions about Craigslist, the phenomenally successful classified ad website that started over 10 years ago in the US, concentrate on the job ads and accommodation listings and how they are challenging existing advertisers.
But the site is also used extensively for personal ads of all sorts, including many from people looking for sex with no complications.
The ads, some of them very explicit, can be found in the "casual encounters" area of the personals section, behind a warning notice designed to deter children or the easily offended.
Hide and seek
In early September Jason Fortuny, a web designer and network administrator from Seattle, took an apparently real ad from one Craigslist site and posted it in the Seattle "casual encounters" section. The advert was from a woman looking for a man.
Within a day he had 178 responses, many with photos. At which point he posted them all onto a public website, complete with the photos, e-mail and IM addresses and even mobile phone numbers.
He has since asked people to help him identify those respondents who were more cautious about revealing themselves in their e-mails, presumably so he can humiliate them further online.
Some of the men who contacted Fortuny were married. Some used their work e-mail addresses or attached nude photos of themselves. Many of them said things that they would not want friends, family, co-workers or even casual acquaintances to know, and all of that information is now available on a public, and widely publicised, website.
Fortuny calls his exploit "The Craigslist Experiment", but of course it is not an "experiment" at all since it has long been clear to anyone who cares to think about it that few net users have any real understanding of the degree to which they expose themselves when they go online.
The recent furore over AOL's ill-considered release of the search terms entered by its customers, and the ease with which people could be tracked down just by what they were looking for, showed this clearly.
All Fortuny has done is show how far things can go, and in the process he has probably ruined the lives of dozens of people.
Some of them will probably sue him, since although the US has no real privacy law "publication of non-newsworthy, private facts about an individual that would be highly offensive to a reasonable person" is grounds for legal action. Some may be planning more direct action against him.
Wired News blogger Ryan Singel has called him "sociopathic", and although some of those commenting on Fortuny's blog think what he has done is "cool" in some way, the general feeling is that he has gone too far.
I agree. He has acted in a despicable manner, and deserves whatever legal action is coming his way. He also deserves to be ostracised by the online communities he was so clearly seeking to impress.
We didn't need to know about his experiment to understand that the net creates new possibilities for public exposure. And we certainly don't need to give Fortuny credit for his cheap trick.
After all, this was the week in which Facebook founder Mark Zuckerberg apologised publicly for messing with his users' privacy and getting it wrong at the massively popular social networking site he created.
The problems arose when a recent site overhaul introduced a "news feed" feature which instantly notified users when anything changed in their contacts' profiles, including when they made new friends, joined or left groups or changed relationship status.
The user community, mostly US college students, didn't like this at all since while all the information that was visible in the feed had been available to anyone who cared to look for it, bringing it into one place left them feeling exposed.
As a result of the protests Facebook has made some changes, giving users more control over what information other people can see in their feeds, and this may be enough to defuse the criticism.
And the incident has done a lot more to raise general awareness of online privacy, at far less cost, than Fortuny's exploits.
Privacy breaches occur all the time, of course. Sometimes it is malice, sometimes it is poor decision making, and sometimes it's incompetence.
Over the weekend Linden Lab, creators of the popular and increasingly hip virtual world Second Life, revealed that its account database had been compromised and details of more than 600,000 accounts were exposed.
Account names, real names and contact details, but not credit card information, were all visible.
And the net's not the only place where personal details can leak out.
The board of Hewlett-Packard is still coping with the revelation that old-fashioned surveillance methods were used by chairwoman Patricia Dunn, who used private investigators to get phone records for her fellow board members and a number of journalists after details of internal discussions appeared in the press.
In the end the question is one of trust, and of understanding what levels of trust are appropriate in different areas of our lives, on and offline. Sadly, however, the answer seems to be that anyone using the network should trust no one.
We need better ways of negotiating trust online, says Bill
An e-mail sent to a girlfriend or boyfriend may be circulated widely if the relationship breaks up; a seemingly trustworthy company may have bad internal practices and expose you to identity theft; the person you think you're chatting to on IM could be an impostor or even your colleague's young child - ask my friend Simon about this one.
But we cannot live in such a world and we should not have to. As society developed from small groups where everyone was known to everyone else we found new ways to make connections and establish appropriate levels of trust.
We'll need to work hard, and fast, to find ways to make online contacts work too. Otherwise we'll fall for scam after scam and expose ourselves to humiliation or blackmail again and again.
And we'll fall for the oldest tricks in the book, like those who wanted to believe in YouTube icon Lonelygirl15, who claimed to be a precociously astute home-schooled sixteen year-old in her posted videos and turns out to be an "art project" with links to Hollywood.
While the deceit may get someone a production deal or a show on an obscure cable channel, it shows yet again that you simply can't believe what you read or see online without some real evidence.