Skip to content

Why the Right to Delete is so important Online

We all instinctively know that when we connect to websites and use online apps that some data is being collected about us.  Sometimes we explicitly know what that data is from forms we filled in, but in reality it’s what we do online that tells the most interesting tale of who we are.

What we spend time reading, what we skip past, what we click on, what we respond to – all this information adds to a profile about us and it can be extremely detailed – see this 60 Minutes TV story: The Data Brokers: Selling your personal information – http://cbsn.ws/1lLp5Zh 

Most people think that this information is just used to target adverts, so what’s the problem?  Unfortunately they are wrong, as the 60 Minutes documentary highlights, in the US in particular, huge corporates collect more and more data about your online activities and analyse it to create a view on who you are, your interests, habits, who your friends are etc, they then sell this data on to anyone willing to pay, which includes insurance companies for example, who want to know more and more about how much of a risk you are.  The trouble is, this profile collation is unregulated, cannot be tracked and you cannot review it for accuracy.  So a bit like a gossip who gets a bit of a story wrong because they only hear one side of the story, these data brokers don’t really know how accurate their profile of you is.  It only takes one inaccurate bit of data to end up costing you dearly.

Now of course this business will eventually be regulated….but as 60 Minutes highlights, governments love this Big Data too.  They are a customer as much as commercial entities, and as such it’s very empowering for them, so they are not exactly highly motivated to give you the consumer the right to control this data.

Even if you take care about reading privacy policies on websites and apps (I do), you’ll find that the business model du jour is build it, collate as much user profiles as possible then decide what the business model for making money is later on. In short you do not know how the data you share will be used when you engage with a company – and by the time they decide, you are committed.  Even if you make a choice to stop using that service or use a more privacy conscious  competitor service, the business still owns all the data they collated about you and can sell it on, usually years worth, by which time you may feel it’s too late, you are hooked in so you may as well continue.  This is the pernicious culture the business model of the internet today cultivates.

So what to do?  In our opinion at Krowdthink, the most empowering thing that can be delivered to consumers is the right to delete.  Specifically you should have the right to delete any specific piece of information about you, or indeed all the information collated by a business or service.  This requires transparency of what information is held by a business or service.  Its your data so why can’t you see it?  Except of course it isn’t your data – the legal structures of companies like Facebook make it clear, every bit of data you share with them, every interaction, is owned by them to use commercially. This is why at Krowdthink we are creating an innovative legal structure to  guarantee that your data belongs to you.  As soon as you make that step in your business process, the right to delete follows as a natural consequence.

If we can set an example in social networks about how data can be used to deliver a service and still empower the end user with complete control, we can reverse the  data collection and ownership culture of Big Data businesses. Empowering consumers with the right to delete is the only way we can reverse the current pernicious Internet business culture that so disempowers us as consumers and users.

The EU has been seeking to add the right to delete to the Data Protection act, it’s being strongly fought by Google, Facebook and others because it undermines the core of their business.  We suspect if the right to delete is ever legislated it’ll be so watered down as to be meaningless.  But this does not stop innovative companies delivering this empowering capability to end users.  It’s Krowdthink’s mission and when we launch the Krowd you’ll see it in action.  It’s time to take back control of our data online!

A Day in the life of ManInTheKrowd

It’s a bright crisp autumnal morning and ManInTheKrowd leaves for work at 6am to catch his train. It’s packed as normal and it’s a job to get a seat, but he eventually gets settled for the hour-long journey.  He sets his Krowd persona to Social and connects to the Krowd in the train using their onboard Wi-Fi service. The journey to Birmingham passes quickly as he browses the persona’s of people in the Krowd, chats with a few regular early morning travelers like himself, people he follows who he can see are on the same train as usual. He picks up their persona updates about what’s been happening with them recently and comments on KarenKool’s Krowd Blog (Klog) entry about a local restaurant she went to last night, asking if the service was as good as the food.  JoeB broadcasts that he’s starting a new job today at Big Corp and he gets a load of congratulations and a couple of introductions from people who work at the same office, although someone called Madfly says something unpleasant. A quick review of their profile indicates a lot of people ignore Madfly, and ManInTheKrowd adds Madfly to his ignore list too.

ManInTheKrowd needs to get his wife a birthday present in a couple of days time, she has raved about a couple of fashion designers recently and he noted them down in his retail persona. While on the train he updates his retail persona search tag and Klog (Krowd blog) with a couple of ideas of what he’s looking for.

Upon leaving the train station in Birmingham city centre he sets his Krowd persona to retail. As he walks through the shopping centre a few of the shop assistants take the opportunity of the early morning quiet time to browse the Krowd, thanks to Digital Birmingham’s deployment of free WiFi throughout the city centre. One sees ManInTheKrowd’s retail search tag about fashion accessories and his latest retail Klog entry stating he’s looking for a birthday present for his wife.  She sends him a comment that her shop has a beautiful Orla Kiely handbag at a knockdown price.

ManInTheKrowd enters the 10 story office block where he works for a small company of a dozen or so people in a shared office facility.  He sets his persona to business as he enters the building.  No one here needs to know he’s looking for a birthday gift for his wife or what she likes.

The office management company uses the Krowd as an easy and secure way to connect all the people in their office building socially, both workers and official visitors. GreatOfficeAdmin has updated his business Klog to let everyone know that they are trialing a new sandwich supplier in the cafeteria this week and encourages everyone to try them out.

ManInTheKrowd can see everyone in his company has arrived for work except LaidBackLarry, he’s not in the local Krowd list.  That’s par for the course, but he sends him a personal message just to see if he’ll be in the office in time for the 9.30 sales meeting. He responds to say he’s stuck on the motorway…again, but won’t be more than 10 minutes late.

GreatOfficeAdmin , as efficient as ever, broadcasts a reminder message about the sandwiches several times leading up to lunch. So at lunchtime ManInTheKrowd goes to try them out and while in the café he checks his retail Klog and sees the new highlighted comment about the handbag.  That’s useful, he can nip down there straight away, and he messages them to check its still there and gets a confirmation. The handbag is perfect and at just the right price.  After he has bought it he deletes his Klog entry and changes his search tag.  He does not want to be contacted now he’s got what he was looking for.

In the shared office it’s always nice to meet someone new, especially from another company.  So when SandraD joins Acme LLC on the next floor, she introduces herself via the Krowd and Klogs about her business interests.  It just so happens she’s there to add consulting services on PR to Acme, just what ManInTheKrowd needs to help him launch his new product next year. He checks her business Klog and can see she worked for a competitor previously, that could be useful.

After work, ManInTheKrowd meets up with his friends to watch a basketball match, so he sets his persona to sport.  They decide to meet up in the stadium entrance hall. Except its packed, and hard to move, so getting together is hard.  Using the Krowd ManInTheKrowd can immediately see his friends are nearby, so they just message each other and decide to just get to their seats, but that Fred will get 6 pints of beer as he’s closest to the bar.

BasketCase is a sports statistics geek, and he continuously updates his stats in the Krowd via his sport Klog, highlighting to all in the stadium when Big Jock scores his record breaking one thousandth basket halfway through the match….and to add value, as he knows its coming, he snaps a great pic of that basket and shares it in his sports Klog with all those people who were there to experience that special moment, many of whom copy it to their Klogs to show their friends and family when they get home.

On the way home, on the late night train he rarely takes, ManInTheKrowd looks to see whom he knows in the local Krowd.  He still has his sports persona set, so CloudMan, someone he has often Krowd chatted with on the early morning commuter train, contacts him after seeing his Big Jock’s one thousandth basket pic.  It seems he’s a huge fan too but missed the game, so he copies the pic into his Klog. They get on well in the Krowd chat, and as the train is half empty, decide to meet up. The real-life CloudMan is a nice as his Krowd persona, so he is invited to ManInTheKrowd’s regular basketball group and a new friendship is made.

Sometimes it’s those instances of shared interest or experience that bring people together.  This is what the Social in Social Networks should be about, helping make real life connections with real people.

You always pay for Social Network services

The norm for social networks is that they present the idea they are free. But they are not of course. You pay by helping them collate a profile of you. Not just with your profile itself, but by how you interact with their service overtime, which adds to the identification of who you are. The longer you interact with a social network, the more new ‘features’ you use, the more information you provide, the more accurately the social network provider can define you. For some this does not cause them concern. For others it causes disenfranchisement with social networks, which is a shame, because they are incredibly useful tools. But what parent has not blanched at the thought of their teenage son or daughter opening up a Facebook account? Some like me deny them the right to do so, others cave in to peer pressure despite their trepidations and others are more than happy to be able to monitor their child’s online behaviour by requiring their child to friend them, despite the fact that the monitoring itself adds to their own profile! Facebook have finally admitted your data is the price of admission. Even Google has claimed that users have no legitimate expectation of privacy! when a service is provided for free.

 

The claim is that the data is ‘only’ used for marketing purposes, or that if it is shared it is anonymised. But at what point does a detailed view of your life online identify you even when the name has been removed?  Real anonymisation is really hard, and expensive, to do, and it gets more expensive as you aggregate (bring together) more data  The more expensive it is to do the more likely it won’t be done right by entities seeking to commercialise your profile.  The law lags this commercial monetisation of your data  woefully.
There is no such thing as a secure system. Facebook has been hacked more than once. In the last admitted breach they ‘only’ lost the profiles of 6 million users! There is an internet mafia that truly understands the value of this data when in the hands of those unconstrained by law.  The only real defence is to minimise your personal data and meta-data.

So do we have to pay by providing a profile of ourselves that can be sold onto marketers? We think not.

Since the time Facebook, Linkedin and Twitter and other social networks have started there are two truly ground-shaking changes in the market that if leveraged  can turn the personal profile commercial land grab around in favour of giving users control of their data and thus their profile.

The first is the emergence of the app purchase model.  When seen as a micro payment mechanism it delivers a method to provide revenue to a social network provider that does not require the service provider to be seeking ever greater information on you, at a price less than a pint of beer.  In fact, it can reverse the profile collation trend and  become meritorious to only store data that you absolutely need to use the social network to deliver real socialisation value.

The second is the incredibly rapid decrease in costs of server technology in the Cloud. The market pressures on cloud companies to drive down costs, combined with the benefits of scale being returned to users in a price competitive market, means that server costs are now orders of magnitude cheaper than when the incumbent social networking companies were first formed and had to invest in their own server technology.

If you couple a meritorious desire to minimise profile collation and storage, with the massively reduced cloud service cost reductions and then deliver these benefits through a micro-payment mechanism you have the tools needed to re-shape social networking and put users back in the driving seat of control of their data. At least we think so.  Read our “Your Data” commitment to understand how we are doing this.

PRISM, the NSA – We “only” collect the meta-data

In my opinion, this statement from the US National Security Agency, when defending themselves against the revelations by Ed Snowden about how PRISM collated data about your online communications, is perhaps the most reprehensible piece of marketing double-speak I have heard for a long long time.  They know full well that the vast majority of people don’t really understand what meta-data is, nor how it can be used.  So they rely on ignorance of the populace to hide what they do. They really do think we are stupid.

This article in the International Business Times gives you a useful way to visualise what it means by allowing you to analyse your own email traffic to show what it reveals about you.  What the article does not do is highlight that this data is aggregated and correlated with vast troves of other online activities you engage in.  These two terms, aggregate and correlate, are where it really gets scary.  What you do in any online service is aggregated with what you do in email and other online activities. Lets face it you usually provide an email to validate so many of your logins right?  so how hard is it to correlate a validation email received from a service provider to your personal account if you are tracking the meta-data (who sent what when to whom)?  It’s not hard at all.  This new meta-data is inferred (we’ll get to why that’s scary later) and is aggregated with other data, all of which is inferred from what you do, when, who with.

We are all private individuals, even if we use a social network, we are careful who we connect with, what we share, our kids at school have this drummed into them.  So they think they are safe.  I had exactly this experience when I presented the Krowd privacy concepts to a bunch of tech savvy android developers at a college.  All 16-18, the general consensus was, if I am careful about what I post, so what?, no one sees anything I don’t want them to see.  So wrong.  The meta-data sees a lot lot more. I pointed out that while they used online tools from the same place at the same time on a regular basis, that meta-data can be obtained, stored, aggregated from multiple service providers (hence why the NSA has deals with so many large online service providers) and then patterns of activity can be spotted.  your patterns are mapped to patterns of other individuals, and it becomes easy to infer a relationship between you and someone in your class even though you never connect to them on social networks, email or anything else (and your college records are maintained privately).

The problem with these inference engines is that they work on heuristic programming techniques – which basically means they make connections on the basis of probability, not certainty.  So you are probably connected to those same people in the same place at the same time.  But at what point does this probability become certainty in an investigators mind? Getting back to my initial point about understanding of meta-data, even our courts struggle with such things, they are not staffed with technical people, so the chance of an inference being taken as proof steadily rises, but where is the courts application of reasonable doubt in this context?  As yet its an unresolved legal issue in most countries.

Meta-data + Aggregation + Correlation + Inference = a very uncertain world for the ‘little people’…that’s you and I.

On a positive note – The NSA, however powerful, and they are (see the wired magazine article on General Keith Alexander) are ultimately answerable to the people, law and government.  So there is hope that eventually the ‘little people’ can claw back some semblance of online privacy, although the issue of country boundaries will vex law makers for many many years.

But, in my next blog I will discuss how commercial online  entities stay 3 steps ahead of the law, by offering convenient services for ‘free’….of course only a fool believes anything is truly free, they are commercial entities out to make a profit, and they profit from you as the product, and you’re getting a raw deal.

Thinking about Images in Social Networks

Images are great, we love using them to communicate, and now its said that facebook posts now contain an image 50% of the time.

But with social networks that actually seek your data in order to sell it on…which is the majority, you have to ask yourself, how much data did you just give over by posting a pic?  They say an image is worth a thousand words…..but with todays imaging technology perhaps that should be 10,000 words!

Let me expand a little on how this works with todays technology. You probably know information like date and time is embedded in your digital photograph, but in fact there is a load more data than just that. The data is stored in the image itself in a format called EXIF. What you may not be aware of is that this data can also include your GPS information.  In other words not only what time you took the picture, but exactly where you took it!  To get a better idea download one of the many EXIF viewers from your mobile app store and take a look at the EXIF data of a picture you took.  Then turn on GPS and take another pic and see the additional info embedded in the picture.

The next issue is image recognition.  Facebook caused a storm of protest when they used facial recognition in their social network, and turned it on by default.  So if you happened to be in the background of someone else pic, you could have been identified.  Combine that with the EXIF data and you start to see how intrusive this technology can be.  Now technology has moved on to try and identify objects and brands in your pics….so social networks can sell this information on.  Combine that with associated text like “Little Jimmy’s Birthday”, plus the name of the person posting and you can see how quickly highly intrusive perspectives on your private life that you did not realise you were sharing can get shared.

So next time you post a pic to a social network…THINK first.

In the Krowd, we explicitly go in the opposite direction of other social networks.  We seek to minimise the amount of data we hold on our users, and also protect them from inadvertent exposure of information.  So how do we do this for images?

Well first we strip all EXIF data from any image that is posted and stored.  So only the date/time of your post indicates a possible date/time of the picture.

Second, we reduce the image resolution down to the minimum needed to view the picture on your phone or tablet.   This is important because most cameras take very high resolution pictures today, far higher resolution than the eye can behold (the idea is that if you blew up the pic to wall sized it would still look good), in reality you only need 3M pixels to be able to print a decent quality pic on A4/US letter sized paper.  Who needs more than that?  Well the answer is going to be the image recognition guys.  Because although the eye cannot perceive it there is image data stored that can see the letters on your clothing label, and if they can only see part of it, perhaps blurred, well they can apply digital enhancement technology to determine what is written.  More than that they are developing object recognition, to be able to tell one brand of shoe from another, or one chair make from another.

So when I say a picture tells a 10,000 word story perhaps it should be  100,000 word mini novel!

Be careful what you post, what you see is not all you are sending when posting todays high res images.

Tracking Location Creeps Us Out

Using Co-Location not Location-based capabilities to deliver a social networking service.

Lets face it, very few people turn on their GPS except for a specific purpose, such as getting map directions.  We intuitively understand that when GPS is on we are being tracked by the company behind the app and/or perhaps the mobile phone maker or network provider.  Its one thing for someone to know what information about ourselves we explicitly put in the cloud, its a whole other thing for some commercial entity to be tracking where you are and when you are there (Governments reserve special privileges in this regard…nothing we can do about that in our app).  What may be less intuitively obvious is that these same companies can correlate your location-based information with other location information sources (such as someone else’s mobile GPS information) so that they can look for patterns over time, inferring who you are friends with, predicting where you will be in the future. It may be cool to turn up at your favourite coffee shop and have your regular order waiting without even asking – but imagine that movement pattern information be hacked and used for more nefarious purposes?  It makes you shudder.  Imagine less scrupulous businesses using that information and what they could do…all within the current internet and privacy laws, or because you checked their long-winded T’s & C’s without reading them closely – who does?

They’ll claim all this data is anonymised to protect your privacy – but at what point does a specific movement pattern plus other anonymised data such as age, gender, work location, the fact you own two dogs, or a red ford car etc start to fully define you…just without a name attached?

We pondered the dilemma and challenge of delivering location-based mobile app value without know where you are – could it be done?

The answer was to stop thinking about location-based services, and instead think about Co-Location based services.  For a social network like the Krowd there is value in knowing who is nearby, but for the purpose of connecting co-located people together it became obvious we did not need to know where in the world you are, just that you are in proximity of others, and to do this we don’t need GPS turned on.

We go one step further – because of course we do know who you were recently co-located with – and that is information you may not want tracked over time. Hence we only store the last few Krowds that you were in – we plan some cool features around this data – we don’t think our customers will care if we know where they have been the last few days, but not the last week, month, year etc – if you do…leave a comment below. We’ll be enabling the tracking of this policy by our board of trustees who ensure the privacy of your data on our customers behalf, and ensure app feature changes remain in alignment with the policy of not storing information about our users except as needed to deliver the service they demand of us.

What is a Krowd?

In short its the social networking app created by Krowdthink.  But thats does not tell you much, especially as we have not launched the app itself yet, it enters 1st public test in Q1 2013, email here if you are interested in supporting any of the test phases.

Our start point for the Krowd concept was the crowd, a group of people congregating in a location because they have a common interest or purpose.  So by definition some of those people are people you may want to connect with.

But as a concept, what is a Krowd? We define the Krowd on our website as a trusted social network to connect like minds.

There are three key components to this statement: ‘trusted’, ‘connect’ and ‘like minds’.  Lets expand on each of these:

‘Trusted’ – we outline what we mean on our website and a previous blog,  here and here. These values are especially important when put into the context of connecting people.

‘Connect’ – when you combine online social networking and mobile devices you bring in the potential for location-based value.  We believe the ultimate value of a social network should be to facilitate the face-to-face meeting, yet no online social networks to date have made this their top service focus to their users. When we say connect, we don’t just mean virtually in the cloud, but potentially in reality face-to-face. So the Krowd app is as much an intellectual introductory service as it is a social network.  But to be able to make a decision to meet someone you know is nearby, you’d like to check them out anonymously, to validate they have common interests.  But we don’t want to expose our personal profile to everyone just because they happen to be in the same place at the same time. We need to be able to define our profile so that is contextual to the type of crowd we are in.  If at a sport event, we might be happy for people to know which team we support, how long we’ve been a supporter, our thoughts on previous matches we’ve watched or on particular players we’ve seen. But we may not want to expose other aspects of our social life. For example you might not want to expose the fact that you are deeply into fashion when at the sports event….or maybe you do…who knows, whatever, it should be your choice as to how many of the personal onion layers of self that you indicate to those in a crowd by means of introduction, and even once connected you still may only want that connection to be contextual to your common interest.

‘Like Minds’ – how do we assess someone is of a like mind before we meet?  at a sports event we maybe able to see what colours they wear, but online we don’t have the same visual cues.  So in the Krowd we enable people to be able to create a profile that is specific to the type of Krowd they are in.  The profile is based on a series of mini-personal-blogs we call Klogs (Krowd logs), that you build up over time.  People can comment on your Klog and you can respond to those comments.  When you do, that event is fed into the Krowd feed which combines real-time chat at the event with status information such as people joining or leaving the Krowd or posting or commenting on a Klog.  Its a real-time broadcast channel that you can use to chat with everyone in the Krowd.  If you want to get personal, invite them to a Bubble for a private, yet still anonymous, chat.  Meet face-to-face once you get comfortable or just engage with the virtual, but totally localised, Krowd conversation.

For those interested, I can point you towards many useful papers on the need for multiple identities/persona online, as a means of protecting identity or as a means of sustaining privacy in contexts you care about.  But here is my over-arching observation – current leading social networks are structured to be essentially one-dimensional in terms of the aspect of your persona you can decide to expose.  Linkedin for business, facebook for friendship/social (despite their attempts to be all things to all people, they don’t engender user trust to allow these initiatives to be properly embraced).  Google+ is trying to address this issue, but they undermined their own efforts with the demands for real identity.  Again its that trust issue that creeps in and creeps people out.  My first blog post was about Online Privacy – but in reality its a trust issue, and gaining user trust in your company and social networking app is the critical building block of a next generation social network.  We have mentioned location based capability in this post – and nothing creeps people out more then the idea that where they are and when they are there is tracked….in my next post we’ll discuss our thoughts ideas and mission with respect to achieving a location based service that has no check-in needs and does not know where you are – and does not need or even want to know.