In praise of pseudonyms…

A remarkably inappropriately titled article appeared in the Telegraph this morning.

“Facebook will soon let you post using someone else’s name”

The article itself, however, said something quite different: that ‘Facebook is reportedly working on a mobile app that will let its users interact without using their real name’. If true, this could be important – and a very positive move. Facebook have long been the champions of ‘real names’ policies: for them to recognise that there are important benefits that arise from the use of pseudonymity and sometimes anonymity is a big development – because there are benefits, and pseudonymity is one of the keys to real freedom of speech and autonomy, both online and in the ‘real’ world.

Firstly, to dispose of the Telegraph’s appalling headline, a pseudonym is very rarely ‘someone else’s name’. There are cases where people try to impersonate others, but these are a tiny fraction of the times that people use pseudonyms. Pseudonyms have been used for a very long time, and for very good reasons. Many people are better known for their pseudonyms than for their ‘real’ names – and they certainly didn’t ‘steal’ them. Did Eric Blair steal the name George Orwell? Did Mary Ann Evans steal the name ‘George Eliot’? Did Gideon Osborne steal the name George? And looking at the first two of those names, did Orwell and Eliot, ‘belong’ to someone else? Of course they don’t. Another George even springs to mind: George Osborne. Should we inset on calling him Gideon, because that was the name his parents gave him? I’m politically opposed to him in every way – but I’d defend his right to call himself George, and defend it to the hilt. Pseudonyms often belong to the people using them every bit as much as their ‘real’ names. In some ways they’re even more representative of the people: when choosing a pseudonym, people often put a lot of thought into the process, choosing something that represents them in some way, or represents some aspect of them.

Sometimes it’s about presentation – and sometimes it’s to protect your ‘real’ identity in an entirely reasonable way. It’s not that you have something to hide – but that your autonomy is better served by the ability to separate your life in some ways. Without that ability, your freedom of expression is chilled. As I’ve written before, there are many kinds of people for whom pseudonymity is crucial: whistle-blowers, people whose positions of responsibility make open speech difficult, people with problematic pasts, people with enemies, people in vulnerable positions, people living under oppressive regimes, young people, people with names that identify their ethnicity or religion, women (at times), victims of spousal abuse and others. It’s also something that helps people to let of steam, to explore different aspects of their lives – or simply to enjoy themselves.

I use my real name most of the time online – amongst other things because my ‘online presence’ is part of my job, an because I make professional links and connections here – but I’m in a privileged position, without any of the obvious vulnerabilities. I’m a white, middle-class, middle-aged, educated, employed, able-bodied, heterosexual, married man. It’s easier for me to function online with my real name – but even I don’t always do so. Over the last decade or so I’ve used a number of pseudonyms, and still use one now. For many years my main online presence was as ‘SpiritualWolf’, prowling the football message boards: I’m a Wolves fan. I didn’t particularly want to connect what I was doing on the football boards with my work life or even my home life – and wanted my football postings to be judged for their content, not on the basis of who I might be. Online life works like that. I created ‘SpiritualWolf’ – but I also was SpiritualWolf. It wasn’t someone else’s name – it was my name.

Even now I used a pseudonym – KipperNick – when I play at being the BBC’s Nick Robinson, in his role as cheerleader for UKIP, a role which, sadly, he often plays better than me. It’s a very different kind of identity – a clearly marked parody account – but it allows me a certain kind of freedom, and lets me have some fun. I don’t use it maliciously – at least I don’t try to….

…and that, in the end, is the rub. It’s not the pseudonymity that’s the problem when we’re looking at malicious communications, for example: it’s the malice. By attacking the pseudonyms we’re not just missing the target we’re potentially shutting off a great deal of freedom, chilling speech and controlling people when that control is really unnecessary. I’m delighted that Facebook has begun to realise this – though I’ll believe it when I see it.


Thanks to the many people who replied to my initial tweet about this earlier today – I’ve shamelessly used your examples in the blog post!

‘Real names’ chill free speech….

The Huffington Post has recently announced that it is going to bring in a policy of only allowing commenters on its posts who use their real names. The idea, as I understand it, is to cut down on abusive comments and trolling – but from my perspective the policy is not only highly unlikely to be effective but it is short sighted and ultimately counter-productive. Indeed, ‘real names’ policies like this are likely to be deeply detrimental to free speech in any really meaningful form. Real names policies work, to a great extent, to help the powerful against the vulnerable, to exacerbate existing power imbalances and to further marginalise and alienate those who are already on the fringes. It is a huge subject, far bigger than I can do full justice to here, but these are some of the reasons that I think the Huffington Post – and anyone else who instigates a real names policy – are fundamentally wrong in their approach.

Making links to the real world

Real names can help to make a link from the online world to the ‘real’ world – indeed, that’s really the point, if you want to make people ‘accountable’ for their comments. If you have any kind of vulnerability in the ‘real’ world that can be very bad news. Anything you do online can emphasise that vulnerability – and put you at real risk. The risks are different for different people, but they’re real. For many of those people, the risks may well be sufficient to silence them completely – and it’s not just the ‘obvious’ people who might be silenced. There are many different groups who might need some degree of anonymity – these are just a few of the possibilities.

1) Whistleblowers

The role of the whistleblower has come under huge scrutiny recently – Obama’s apparent ‘war on whistleblowers’ has been hugely criticised. Whistleblowers in most forms would be crushed by the need to provide real names. The organisations about which they are blowing the whistle will find it much easier to find them and silence them – or worse. It is already very risky to be a whistleblower: requiring real names makes it far more dangerous

2) People in positions of responsibility

In some ways related to whistleblowers are those whose positions of responsibility would be compromised if their real names came out. Doctors, police officers, soldiers, teachers, social workers and so forth are just some of these – and they are people who can often give invaluable insight to important things in our society. Perhaps the best known online example was the Nightjack blogger – a police insider who provided a brilliant blog, winning the Orwell Prize for blogging in 2009. NIghtjack gave a warts-and-all portrayal of the life of a policeman, something he could not possibly have done if he had been forced to use his real name. Indeed, when, via illegal email hacking by a Times Journalist as it turned out (see David Allen Green’s piece here), his name was revealed, his blog was silenced. There are many others – yesterday one of the people I know on twitter reminded me that when they were operating as a prison chaplain they could not possibly have blogged or tweeted under their real name.

3) People with problematic pasts.

It’s not immediately obvious, but some people like to – and need to – operate online to escape a problematic past. Something they have done, or something that has happened to them, whether it be merely embarrassing or far more serious, could ‘catch up with them’ if they operate using their real name. This isn’t about rewriting history – it’s about being a able to make a fresh start. By enforcing a real names policy you deny them this opportunity.

4) People with enemies

This doesn’t just mean the kind of person you read about in thrillers or see on TV detective stories – it means people who have been stalked, it means people who have had arguments with former colleagues, it means people who have caused ‘trouble’ at work, or against whom someone has just taken a dislike. It might just be people with problematic neighbours. Forcing any of them to reveal their real names helps their enemies find them.

5) People with complex or delicate issues

The most obvious of these is sexuality – if we lived in a world where people did not get abused for their sexuality it would be great, but we don’t. For some people exploring whether or not they might be gay is a huge and delicate issue – and they wouldn’t even dare ask the questions they really need to ask if they were forced to reveal their real names. Sexuality is far from the only area where this kind of issue can raise its head – religion, politics, even such things as vegetarianism or liking particular kinds of music can be things that make people sensitive. Force real names and you stop them being explored.

6) People living under ‘oppressive’ regimes.

This much should be obvious – and it’s far from surprising that the Chinese government is a staunch supporter of real names policies, and has gone so far as to legislate in that direction. Express a dissenting opinion and you will be hunted down. However, as recent events have suggested, it’s not just the obvious regimes that might be seen as oppressive – and regimes change, and not just for the better. Put a real names policy in place under a relatively benign government, and a subsequent, more dictatorial regime will be able to use it.

7) People who might be involved in protest or civil disobedience

With protests in the UK about the badger cull looming, this issue will no doubt come to the fore. Already an injunction has been brought in to try to block most of the protests, and the government has announced that it is going to scan social media to try to ‘head off’ protests – and if people involved in protest have to use their real names in their online activities it will be far easier for the authorities to find them and crack down. For me, protest is a fundamental part of democracy. Already it is much more limited than it should be – and real names policies can curtail it still further.

8) Young people

The position for young people is complex. One of the characteristics of the life of young people is that there are other people in positions of power over them, whether they be parents, teachers or others. That makes you more vulnerable – if your teachers or parents find out that you’re saying things or asking things that they don’t approve of, you can be in trouble, or worse. It also makes it easier for people to disregard or override your views – you’re only a kid, your views aren’t worth listening to. The internet allows a degree of this prejudice to be overcome – people can be judged by what they say, not by how old they are. Real names policies suppress young voices.

9) Women

It would be great if women were not likely to be targeted for abuse, but as recent events have shown this is far from the case. It would also be great if all women were ‘strong’ enough not to worry about the risk of being abused, but some aren’t, and none should need to be. For some women, a way out of this – temporary, many might hope – is to use pseudonyms that don’t necessarily reveal their sex. This kind of a tactic can really help in some situations – and preventing it can silence some crucial voices.

10) Victims of spousal abuse

A special and particularly nasty case of this is that of victims of spousal abuse – people whose partners or ex-partners are violent or abusive often want to track down their victims. If people are forced to reveal their real names, they can be tracked down far more easily – with devastating consequences.

11) People with religious or ethnic names

Forcing people to reveal their names can force them to reveal much more about themselves than might be immediately obvious – it can reveal or at least suggest your ethnicity or religion amongst other things.  That can make you a target – and it can also mean that what you say is viewed with prejudice, ignored or abused. Real names policies make it much harder for people in that kind of position to be heard.

12) People with a reputation

Sometimes you don’t want to be judged by who you are, but by what you say – and this can work in many different directions. ‘Give a dog a bad name’ is one part of it – but it can work the other way too. JK Rowling was recently justifiably angry when it was revealed that she was the author of a detective story under a pseudonym – she wanted the novel to be judged for what it was, not because she was the author. That’s a dramatic example, but the point is much deeper – when you want to test out your views it can really help to write them anonymously.

13) People needing an escape from difficult or stressful lives.

In the current climate, this means a great many of us – we want to separate our online lives, at least to an extent, from our real lives. It is a liberating feeling, and can help provide relief from stress, and a chance to do something different. Again, this is crucial to real free speech.

14) Vulnerable people generally

There are so many kinds of vulnerability that it’s hard to even scratch the surface – and any kind of vulnerability can make you feel at risk of being ‘exposed’. That chills speech. It doesn’t have to be ‘serious’ to have the effect – even without an obvious vulnerability many people just feel more comfortable speaking out without fear of ‘showing’ themselves.

The risks and rewards of anonymity

Of course there are risks with allowing anonymity and pseudonymity – and there are some hideous anonymous trolls and abusers online – but there have to be other ways to deal with them. Better ways, with less of a chilling effect on free speech.

It’s easy from a position of power or privilege to think real names policies will work. I use my own real name online – but I’m in a position to do so. I’m safe, secure, privileged and lucky enough to have a job and an employer that supports me in this way. I have a feeling that many of those advocating real names policies are in similar positions – they lose nothing and risk nothing by revealing their real names. Not all people are in such fortunate positions. Indeed, many of those whose voices we most need to hear are not in that kind of a position – the categories I’ve outlined above are just some of the possibilities. Going for a ‘real names’ policy will silence those key voices.

On top of all of this, from my perspective, we have a right to create, assert and protect the identities we use online – and that, amongst other things, means we have a right to pseudonymity. The Internet offers us the opportunity to bring that right to bear. It’s what makes Twitter a livelier place to debate than Facebook – well, one of the things. If you want real debate, and real free speech, you need that liveliness. You need to let those who need pseudonymity find voices for themselves. Real names policies deny them this opportunity.

I hope the Huffington Post reconsider their position – and, more importantly, I hope that other groups don’t follow their lead.

10 reasons to leave Facebook…

If you’re looking for a New Year’s Resolution – have you considered leaving Facebook? There are many reasons to do so, and getting more compelling all the time – all it takes is a little resolution.

1) Privacy

Everyone should be aware that privacy is an issue with Facebook. So many people put so much ‘private’ information onto Facebook that the possibility that your private information, photos, stories etc might get known to a wider public should be obvious. We shouldn’t be shocked when bad things happen – and yet even Randi Zuckerberg, sister of Facebook’s founder Mark Zuckerberg, still seemed surprised and upset when a ‘private’ family photograph she posted somehow made its way onto Twitter. It wasn’t hacked, scraped, leaked or anything nasty – it’s just that Facebook is designed that way. The private becomes public all too easily – ‘sharing’ means you lose control. If Randi had just emailed the pic to her family, or put it on a genuinely private site, none of this would have happened.

2) Real Names Policy

Facebook’s policy is that people should only ever use their real names – and this can have very bad consequences. There are many people for whom using real names is dangerous, from whistle-blowers to political dissidents, from victims of domestic abuse to people just wanting to harmlessly let off steam. And it’s not just in the extremes that it matters: forcing a real names policy can matter to almost anyone. It helps anchor your ‘online’ life to your ‘offline’ life – meaning that anyone wishing to take advantage of you, to manipulate you, to take information out of context etc, and link what they find out about you online to your offline existence. Real names policies are potentially deeply pernicious – and not only does Facebook have one, but it is ratcheting up its efforts to enforce it. Snitchgate, about which I blogged in September, was just one example, where they experimented with getting people to ‘snitch’ on their friends for not using their real names. For Facebook, a real names policy has value – it makes their data on you more valuable when they want to sell it to others – but for people, it is both limiting and risky.

3) Monetization

Facebook is a business, and in business to do just one thing: make money. What that means is that they want to make money from their assets – your data. The recent furore over Instagram’s altered terms of service was just one example – and in many ways it was typical. Instagram has access to a huge collection of photographs – and since Facebook acquired Instagram for $1 billion earlier in 2012, it has been looking for ways to make money out of those photographs. The internet community’s reaction to that change was dramatic – and Instagram quickly changed tack (or at least appeared to) but make no mistake, the issue will recur. Facebook will look to make money – since the far-from-stellar IPO, the pressure to make money has been growing. Facebook has to satisfy its shareholders first of all, its advertisers next, and its ‘users’ last of all. The users don’t provide money directly, after all – so Facebook has to make money from their data. That drive to make money means that what happens to you when your data is used is of very little consequence….

4) Profiling – and self-profiling

One of the best ways to describe Facebook is as a ‘self-profiling service’. Everything you put up on Facebook, every ‘like’ button you press, every silly game you play, every person you ‘friend’ (and every person that ‘friends’ you) helps build up that profile. The profiles are used primarily for advertising – but also to build up their database of profiles. Profiling is something that is risky in two diametrically opposite ways: if profiling is accurate, it impinges on your privacy, whilst if it is inaccurate it can mean that bad decisions are made for you or about you. What’s more, profiling data is particularly vulnerable – allowing far more accurate and dangerous forms of identity fraud and similar scams.

5) Facial recognition

Facebook loves facial recognition – and it’s not just a coincidence of names. Facial recognition allows them to make more and more links, which helps them to profile better, and also to anchor information in the ‘real’ world, just like their ‘real names policies. Their practices with facial recognition – including ‘automatically’ tagging photographs – may have been rebuffed in Europe on the grounds of data protection, but just as with the Instagram issue (see (3) above), make no mistake, it’s coming back. The risks will still be there – they’re inherent in the concept – but they’ll find a way to get what at least purports to be consent from users in order to satisfy the letter of the law.  Anyone who has put a photo of themselves on Facebook should be concerned.

6) You never know who’s watching

Most Facebook users imagine that the people who look at their pages are their ‘friends’, or perhaps their ‘potential friends’, and don’t consider who else might look at what they post – and there are vast numbers of other groups who will look. Those who are slightly less naïve might understand that their employers might look, or their potential employers – but what about insurance companies, looking to see if people are engaging in risky activities, or credit agencies wanting to make more ‘accurate’ assessments? Or the authorities, looking for people doing ‘bad’ things – or people who ‘might’ do bad things? Show some interest in anything political… again, the risks are both ways: accurate watchers finding out things you don’t want them to find out, inaccurate watchers making bad decisions based on incorrect assumptions.

7) Facebook is forever

Many users of Facebook start off ‘young’ – perhaps in age, but perhaps in naïveté. They put material up that they think is funny, or cool, and don’t think how it might look in the future. This doesn’t just mean the odd drunken photo being seen by a potential employer – it means pretty much everything you put on Facebook. There was a big story in September 2012 when people thought their old ‘private messages’ were being posted onto their timelines, and they were hugely upset.It wasn’t true: what was actually happening was that some of their old public posts, posts from a few years ago, were reappearing – and people had forgotten the kind of things that they used to post. What you want to be public one year, you might well wish to forget in a few year’s time: with Facebook, that’s close to impossible! These days you can delete your account – but even if you do, that may not be enough. Services like keep old Facebook profiles even when they’ve been deleted….

8) Monopoly

Facebook is proud that it has now got more than 1 billion users – which makes it pretty close to the only game in town. Monopolies are very, very rarely a good thing – and if Facebook becomes (or perhaps has already become) the default, that puts a huge amount of extra power in their hands. Effectively, they can do whatever they want, and we’ll still have to be there. That can’t be good – and shouldn’t be good, particularly is you really CAN leave, and really DON’T need to be on Facebook. There are alternatives….

9) Concentration

…and those alternatives offer a solution to another risk involved in Facebook. Facebook wants to be all things to all people – and that means all your data, all your links, all aspects of your life concentrated in one place. That means much more accurate profiling, but also much greater vulnerability. If Facebook knows everything about you, they have much more power over you – and their profiles become much more powerful, so if compromised, sold, hacked, given to the authorities, to some other ‘enemy’ of yours, they have much more potential for damage. What would be much better – though somewhat harder work – would be to use different services for different features. Use one provider for email, use twitter for mass communication, set up your own blog on a different provider, put your photos on your own website, play games on yet another and so forth. Much less risk – and much more freedom to get better services. Also, much less dependency…

10) Dependency – and bad habits…

The last reason I’m going to mention here is dependency. Many people seem to be becoming deeply dependent on Facebook. They use it for everything – and seem totally lost if it goes down. They can’t contact their real friends and relations – they haven’t even kept a record of their email addresses. That means they end up spending far too much time on Facebook – and get into lots of bad habits, habits that Facebook encourage. Too much sharing (which to Facebook sounds like blasphemy), too many pictures posted online, too much information given out (e.g. geo-location data) without a real thought to the consequences. If you leave Facebook, and instead set up particular systems for particular functions, you’re far less likely to become dependent – and you’re far less lost if one or other of those services goes down for some reason or other.

And if that’s not enough…

…there are many other reasons. One that matters to people like me is that the only way that Facebook will ever change in any meaningful way, the only way it will start to take users’ privacy and other rights seriously, is if it starts to lose users. If enough people start leaving, it will have to do something differently, and start to take us more seriously rather than just treat us as cattle to be herded and milked….

So why not do it? Make it your New Year’s Resolution: leave Facebook!

Here is a link to instructions as to how to delete your Facebook account. If you have the strength, go for the real ‘deletion’ rather than the ‘deactivation’ method. If you just deactivate, you’re leaving your data there for Facebook and their partners to exploit…..

Snitchgate developments

Since I wrote my Snitchgate Blog, things seem to have been moving forward. First of all, I’d like to thank all the people who have read the blog, liked it, reblogged it and commented on it – the fact that there have now been in excess of 125,000 hits on the blog is wonderful, and I can’t help thinking that it must have contributed to the impact.

Yesterday, the story was taken up by the excellent Kashmir Hill (@kashhill) in her blog for Forbes, The Not-So Private Parts. Kashmir got a quotes from Facebook spokesperson Fred Wolens, who admitted that this has been going on – so Snitchgate was definitely real – but suggested first of all that it was for a very limited period and secondly that it was not being used for enforcement purposes. As he put it:

“This was a limited survey we have already concluded… …We are always looking to gauge how people use Facebook and represent themselves to better design our product and systems. We analysed these surveys only using aggregate data and responses had zero impact on any user’s account.”

The suggestion, therefore, is that it wasn’t being used to actually verify real names – or to find users whose names were fake – but just as a survey of people’s behaviour. Kashmir wasn’t entirely convinced – and neither am I. It’s also notable that though Wolens said the survey had already ‘concluded’, he didn’t say that similar tactics wouldn’t be used again. I hope, however, that Facebook were at least partially put off by the publicity – and analysis – that their tactics generated. The way that interest in my blog in particular took off demonstrated to me that there’s a huge amount of concern about this issue – and not just from the ‘usual suspects’ of privacy advocacy.

This morning, the story even made its way into the mainstream – Daily Telegraph blogger Mic Wright (@brokenbottleboy) “Facebook snoopers and the rise of the social network Stasi” starts with a discussion of the snitching issue. It comes at a time when Facebook are under increasing pressure. ‘Bad news’ stories seem to just keep emerging, from the forced abandonment of facial recognition systems in Europe after pressure from the Irish Data Commissioner to the panic over what users believed were private messages suddenly appearing on their walls – and the deep concern over an ad tracking system that will “track whether people who see ads for products on the social networking site actually go out and purchase them in stores”.

Matching the pressure from these ‘bad news’ stories is the need for Facebook to make money, with the stock price still mired… so what can and what will happen? If Facebook continues to push the envelope on privacy, more of these stories will emerge, and there will be more of a reaction – and Facebook will look more and more like the ‘bad guys’, perhaps even starting to lose customers. If that happens, the stock will fall still further.

So what can Facebook do? That’s the real challenge, and I’m not sure Facebook is really up to it. They need to find a way to re-cast their service as a ‘privacy-friendly’ service – but that can’t just be a ‘rebranding’, because the internet has a way of uncovering these things, as the speed with which the Snitchgate story went from being a few tweets to being mainstream news has shown. They need not just to change how they describe what they do, but to change what they actually do – and that’s not in any way easy, either in terms of what might loosely be called the ‘Facebook mindset’, or in terms of building a business model that both makes money and respects privacy. Can it be done? I really don’t know.

Of course in writing this blog I’m being highly optimistic – what’s far more likely to happen is that Facebook will simply ignore all of this and plough on regardless, finding more and more ways to invade our privacy and use our personal information. If so, however, people like me – and most of those who’ve visited this blog over the last few days – will keep on talking, writing, tweeting and blogging about it, and do our very best to be heard. I hope we’ll succeed!

Facebook: snitchgate!

A story about Facebook went around twitter last night that provoked quite a reaction in privacy advocates like me: Facebook, it seems, is experimenting with getting people to ‘snitch’ on any of their friends who don’t use their real names. Take a look at this:

Facebook has had a ‘real names’ policy for a while: this is what their ‘Help Center’ says on the subject:

People in my field have known about this for a long time – it’s been the cause of a few ‘high profile’ events such as when Salman Rushdie had his account suspended because they didn’t believe that he was who he said he was – but few people had taken it very seriously for anyone other than the famous. Everyone knows ‘fake’ names and ‘fake’ accounts – my sister’s dog has a Facebook account – so few believed that Facebook was going to bother enforcing it, except for obvious trolls and so forth. Now, however, that appears to be changing.

Initially, I wondered if this was just a fake – the screenshot could easily have been faked – but there seems now to have been confirmation. It has been covered in the TMP Idea Lab (here), where they say that Facebook has confirmed that they are doing it, and the German online magazine Heise Online (here, in German) where they report that it is a ‘limited test’. Given that this kind of a test fits in with the official strategy, it seems likely that it is indeed true.

So what’s wrong?

There are lots of argument against the whole ‘real names’ policy to start with – it was a trigger for the ‘nymwars’. Many people can only really function online with the ability to remain pseudonymous, from bloggers like Nightjack to whistleblowers, from victims of abuse to people living in oppressive regimes. When their pseudonymity is ‘broken’, the result can be catastrophic – when Nightjack’s cover was blown, his blog ceased to exist and a valuable and entertaining source of information was lost. Mexican bloggers have suffered much worse – a number have lost their lives in the most gruesome way when the drugs cartels have been able to find them. The link between the ‘online’ and the ‘offline’ personality is one that can often need to be protected. When the ‘real names’ policy is enforced, protecting that link becomes much, much harder.

This, of course, is Facebook, which is just one service, rather than the net as a whole – but it’s a crucial service, with close to a billion users around the world, pretty close to ubiquitous. And, just as importantly, where Facebook leads, other services can and do follow. If the ‘real names’ policy becomes accepted on Facebook, it may become the norm. For some people, that sounds like a good thing – catching paedophiles and terrorists, making sure children don’t get access to ‘inappropriate material’ and so forth – but the reality is very different. The real ‘bad guys’ will find a way around the system – as so often, it will almost certainly be the innocent that get caught up in the messes.


What’s worse, the whole idea of snitching is highly dodgy. There’s a good reason that ‘telling tales’ is looked down on – and a good reason why it’s generally only been oppressive regimes (both real and fictional) that have encouraged people to report on their neighbours – from the worst of the Roman Emperors such as Tiberius and Caligula to the KGB, the Stasi and so forth. It’s creepy – and it helps build at atmosphere of distrust, breaking down the very things that make social networks good. The social relationships that are the heart of Facebook are meant to do ‘good’ things – not be a route by which bad things are spread.

Taking it a step further, look at the nature of the questionnaire. You’re being asked to report on a ‘friend’. If you say ‘I don’t want to answer’ that will be recorded – that’s the whole nature of Facebook – and it’s not hard to see that there could be a list of ‘people who don’t want to answer about their friends’. Indeed, under the terms of the Snoopers Charter, it wouldn’t just be Facebook who could access this kind of information: the authorities could potentially set up a filter to gather data on people who don’t confirm the names of their friends. It could be viewed as suspicious if you don’t answer – or even suspicious if you are friends with people who don’t answer. Again, this is the nature of Facebook’s social data – and how it could be misused.

And, as anyone who reads what I write about the Snoopers Charter etc will understand, though this may just be set up to catch paedophiles and terrorists, it can equally be used for all kinds of things. Potential employers who want to see whether their applicants are ‘open and honest’. Insurance companies for the same ‘reason’. Facebook is now in a situation where it needs to generate income – the failure of its IPO has made this even more crucial than before – and will be looking for ways to squeeze out as much revenue from their data as possible.

That, ultimately, is what lies behind this kind of thing: Facebook wants to make money. If it knows exactly who you are, it thinks it can make more money from you – by selling things to you, or by selling your details to others, or by targeting you more accurately in some other way. That’s perfectly understandable – indeed, from a business sense pretty much inevitable – but it does have consequences, particularly when the other uses that their data can be put are understood.

Oppressive regimes understand some of those uses – which is one of the reasons that the erstwhile Tunisian government, prior to the revolution, hacked into the Facebook login page in order to be able to access possible revolutionaries’ accounts. They knew how that information could be used…

What should be done?

Well, the first thing to do is make it clear that you don’t like this kind of a system. The whole idea of snitching should not be something that’s encouraged – indeed, the whole ‘real names’ system should be discouraged, but it seems hard to put that genie back into Facebook’s bottle. Ultimately, I suspect there’s only one answer: many people should simply leave Facebook. Find other ways to do the things you want to do, other ways that don’t require ‘real names’ and don’t use such sneaky and creepy tactics as snitching. Communicate by email, by twitter. Share your photos on other photo sites. Play games directly, not over Facebook. There’s always another way.

Free expression needs privacy!

The Nightjack saga – and particularly its most recent dramatic episode, Lord Leveson’s scorching interrogation of veteran Times legal manager Alastair Brett – has been compelling stuff. I am looking forward with great interest to the forthcoming article from David Allen Green (blogger Jack of Kent), due in the New Statesman on Monday, possibly including quotes from Nightjack himself.

I’m not going to rehash the saga – not least because David Allen Green will be producing something far, far better than anything I could. What I am interested in, however, is one of the underlying issues: the relationship between free expression and privacy. It is often thought that privacy is an enemy of free expression – blogger Guido Fawkes, for example, told the Parliamentary Joint Committee on Privacy and Injunctions that ‘privacy is a euphemism for censorship’. From his point of view it is easy to see that argument: celebrities (and in particular a number of Premier League footballers) have invoked privacy law to attempt to get injunctions to prevent publication of stories concerning their private lives. You don’t have to be a gossip columnist to consider that such actions might be seen as censorship.

That, however, is just part of the story. Privacy, like so many things, is a double-edged sword: the Nightjack saga shows that all too clearly. Nightjack was a blogger, a police ‘insider’ – and in order to get his stories out into the world, he needed to be able to protect his identity. He needed to be able to control who knew what about him – and that, ultimately, is what privacy is about. Having some control – albeit inherently limited – over what information about you is made public, and what remains private.

For Nightjack, losing that privacy meant losing his online identity: ‘Nightjack’ effectively ceased to exist. Anonymity (or perhaps more accurately pseudonymity) was crucial to his functioning as a blogger. For other bloggers, losing anonymity means losing much more – at least four Mexican bloggers have been brutally killed by the drug cartels about whom they have been writing.

In all kinds of situations this kind of privacy is crucial, from those combatting oppression to those threatened by abusive spouses, whistleblowers – and for others though the need isn’t so obviously crucial, anonymity or privacy allows them the freedom to talk about things that matter, not just to them but to us all. I’ve ‘met’ a number of people like this on Twitter, and have learned a huge amount from them both from their tweets and their blogs, things that they wouldn’t have felt so free to say if they had feared that they might be identified.

That’s the key. If we want to encourage people to speak freely, if we want to learn about what’s really happening in a whole range of situations, we need to give people not just the space and the opportunity to express themselves, but the protection that will give them the confidence to do so. We need to give them privacy… that way we’ll get more free expression.

Goo goo google’s tiny steps towards privacy…

Things seem to be hotting up in the battle for privacy on the internet. Over the last few days, Google have made three separate moves which look, on the surface at least, as though they’re heading, finally, in the right direction as far as privacy is concerned. Each of the moves could have some significance, and each has some notable drawbacks – but to me at least, it’s what lies behind them that really matters.
The first of the three moves was the announcement on October 19th, that for signed in users, Google was now adding end-to-end (SSL) encryption for search. I’ll leave the technical analysis of this to those much more technologically capable than me, but the essence of the move is that it adds a little security for users, making it harder to eavesdrop on a user’s seating activities – and meaning that when someone arrives at a website after following a google search, the webmaster of the site arrived at will know that the person arrived via google, but not the search term used to find them. There are limitations, of course, and Google themselves still gather and store the information for their own purposes, but it is still a step forward, albeit small. It does, however, only apply to ‘signed in’ users – which cynics might say is even more of a drawback, because by signing in a user is effectively consenting to the holding, use and aggregation of their data by Google. The Article 29 Working Party, the EU body responsible for overseeing the data protection regime, differentiates very clearly between signed-in and ‘anonymous’ (!) users of the service in terms of complying with consent requirements – Google would doubtless very much like more and more users to be signed in when they use the service, if only to head off any future legal conflicts. Nonetheless, the implementation of SSL should be seen as a positive step – the more that SSL is implemented in all aspects of the internet, the better. It’s a step forward – but a small one.

There have also been suggestions (e.g. in this article in the Telegraph) that the move is motivated only by profit, and in particular to make Google’s AdWords more effective at the expense of techniques used by Search Engine Optimisers, who with the new system will be less able to analyse and hence optimise. There is something to this, no doubt – but it must also be remembered first of all that pretty much every move of Google is motivated by profit, that’s the nature of the beast, and secondly that a lot of the complaints (including the Telegraph article) come from those with a vested interest in the status quo – the Search Engine Optimisers themselves. Of course profit is the prime motivation – but if profit motives drive businesses to do more privacy-friendly things, so much the better. That, as will be discussed below, is one of the keys to improving things for privacy.

The second of the moves was the launch of Google’s ‘Good to know’, a ‘privacy resource centre’, intended to help guide users in how to find out what’s happening to their data, and to use tools to control that data use. Quite how effective it will be has yet to be seen – but it is an interesting move, particularly in terms of how Google is positioning itself in relation to privacy. It follows from the much quieter and less user-friendly Google Dashboard and Google AdPreferences, which technically gave users quite a lot of information and even some control, but were so hard to find that for most intents and purposes they appeared to exist only to satisfy the demands of privacy advocates, and not to do anything at all for ordinary users. ‘Good to know’ looks like a step forward, albeit a small and fairly insubstantial one.
The third move is the one that has sparked the most interest – the announcement by Google executive Vic Gundotra that social networking service Google+ will ‘begin supporting pseudonyms and other types of identity.’ The Electronic Frontier Foundation immediately claimed ‘victory in the nymwars’, suggesting that Google had ‘surrendered’. Others have taken a very different view – as we shall see. The ‘nymwars’ as they’ve been dubbed concern the current policies of both Facebook and Google to require a ‘real’ identity in order to maintain an account with them – a practice which many (myself definitely included) think is pernicious and goes against the very things which have made the internet such a success, as well as potentially putting many people at real risks in the real world. The Mexican blogger who was killed and decapitated by drugs cartels after posting on an anti-drugs website is perhaps the most dramatic example of this, but the numbers of people at risk from criminals, authoritarian governments and others is significant. To many (again, myself firmly included), the issue of who controls links between ‘real’ and ‘online’ identities is one of the most important on the internet in its current state. The ‘nymwars’ are of fundamental importance – and so, to me, is Google’s announcement.
Some have greeted it with cynicism and anger. One blogger put it bluntly:
“Google’s statement is obvious bullshit, and here’s why. The way you “support” pseudonyms is as follows: Stop deleting peoples’ accounts when you suspect that the name they are using is not their legal name.

There is no step 2.”
The EFF’s claims of ‘victory’ in the nymwars is perhaps overstated – but Google’s move isn’t entirely meaningless, nor is it necessarily cynical. Time will tell exactly what Google means by ‘supporting pseudonyms’, and whether it will really start to deal with the problems brought about by a blanket requirement for ‘real’ identities – but this isn’t the first time that someone within Google has been thinking about these issues. Back in February, Google’s ‘Director of Privacy, Product and Engineering’ wrote a blog for the Google Policy Blog called ‘The freedom to be who you want to be…’, in which she said that Google recognised three kinds of user: ‘unidentified’, pseudonymous and identified. It’s a good piece, and well worth a read, and shows that within Google these debates must have been going on for a while, because the ‘real identity’ approach for Google Plus has at least in the past been directly contrary to what Whitten was saying in the blog.
That’s one of the reasons I think Vic Gundotra’s announcement is important – it suggests that the ‘privacy friendly’ people within Google are having more say, and perhaps even winning the arguments. When you combine it with the other two moves mentioned above, that seems even more likely. Google may be starting to position itself more firmly on the ‘privacy’ side of the fence, and using privacy to differentiate itself from the others in the field – most notably Facebook. To many people, privacy has often seemed like the last thing that Google would think about – that may be finally changing.
4Chan’s Chris Poole, in a brilliant speech to the Web 2.0 conference on Monday, challenged Facebook, Google and others to start thinking of identity in a more complex, nuanced way, and suggested that Facebook and Google, with their focus on real identities, had got it fundamentally wrong. I agreed with almost everything he said – and so, I suspect, did some of the people at Google. The tiny steps we’ve seen over the last few days may be the start of their finding a way to make that understanding into something real. At the very least, Google seem to be making a point of saying so.
That, for me, is the final and most important point. While Google and Facebook, the two most important players in the field, stood side by side in agreement about the need for ‘real’ identities, it was hard to see a way to ‘defeat’ that concept, and it felt almost as though victory for the ‘real’ identities side was inevitable, regardless of all the problems that would entail, and regardless of the wailing and gnashing of teeth of the privacy advocates, hackers and so forth about how wrong it was. If the two monoliths no longer stand together, that victory seems far less assured. If we can persuade Google to make a point of privacy, and if that point becomes something that brings Google benefits, then we all could benefit in the end. The nymwars certainly aren’t over, but there are signs that the ‘good guys’ might not be doomed to defeat.
Google is still a bit of a baby as far as privacy is concerned, making tiny steps but not really walking yet, let alone running. In my opinion, we need to encourage it to keep on making those tiny steps, applaud those steps, and it might eventually grow up…