Christopher Allen on Privacy

As always, Christopher Allen has an awesomely thorough post. This one is on privacy. I've mentioned before in my discussions on eurekster, that the balance between privacy and improved personalization on the web needs to be continuously questioned and addressed.

Chris takes a step back from "the how do we design our applications to protect people's privacy perspective" and categorizes the different types of privacy that need to be protected. He argues that there are four different types of privacy violation. He calls them, "defensive privacy, human-rights privacy, personal privacy, and contextual privacy."

He defines them in the following ways:

Defensive privacy is the first form: it's about protecting information about myself that makes me vulnerable or makes me feel at risk. This type of information can include things like my social security number, my credit report, or non-financial things such as my medical records or my home address. For some of my female friends this includes things like their photographs and email addresses. All of this information can be misused by other individuals or organizations in one way or another to mess up my life -- and in fact defensive privacy is usually centered around protecting this critical information from those singular individuals or organizations, be they con men, stalkers, or the Mafia. Most of the current privacy issues on the Internet seem to fall into this category. This form of privacy has also not fared well in the US courts -- for instance, in 1974 the Supreme Court decided that your bank records belong to the bank, to do with as they see fit.

Closely intersecting defensive privacy is the category of human-rights privacy. When you are speaking with a European about privacy, this often is the type of privacy they are speaking of. This comes from their history: the Netherlands in the 1930s had a very comprehensive administrative census and registration of their own population, and this information was captured by the Nazis within the first three days of occupation. Thus Dutch Jews had the highest death rate (73 percent) of Jews residing in any occupied western European country -- far higher than the death rate among the Jewish population of Belgium (40 percent) and France (25 percent). Even the death rate in Germany was less then the Netherlands because the Jews there had avoided registration. (source: The Dark Side of Numbers). Human-rights privacy differs from defensive privacy in that it is about how governments can abuse information, rather then individuals abusing information. I used to feel safe about human-rights privacy in the US, that there was no way that what happened in Europe could happen here, but now I have lost such confidence because of Bush and Ashcroft.

The third kind of privacy, personal privacy, is more unique to the United States. It is what Supreme Court Justice Brandeis in 1890 called "the right to be left alone". This form of privacy is often what the more Libertarian-oriented founders of the Internet mean when they talk about privacy. Personal privacy covers things like the "do not call registry", the various rights to do as we please in our own houses -- such as view pornography or play S&M games with our partners -- and the general right to not be interrupted or interfered with unnecessarily at home. This form of privacy has more basis in US law; the concept is based on an interpretation of the First, Fourth, and Fifth amendments of the US Constitution, but is not explicitly defined there. However, this form of privacy is guaranteed by the State of California Constitution which assures residents that they may pursue and obtain safety, happiness, and privacy.

Finally, contextual privacy is what Danah Boyd calls the ickiness factor in her blog, and also in her post at Many-To-Many:

Ickiness is the guttural reaction that makes you cringe, scrunch your nose or gasp "ick" simply because there’s something slightly off, something disconcerting, something not socially right about an interaction.
This category is very difficult to define, and is easily confused with other forms of privacy, but I believe it has more to do with an inappropriate level of intimacy. An example of this is when I discovered that my professional colleagues on Orkut could see that I was in a committed relationship, and in turn I could see that some of them were in open marriages. I don't think there is very much harm that can come from this information being revealed, however, it was "icky" because it was an inappropriate level of intimacy for a professional context.

All four of these forms of privacy can intersect -- for instance, Orkut allows you to reveal your sexual orientation, which could be used secretly by an employer to discriminate against you (defensive privacy), or by a future Ashcroftian government to violate your civil rights (human-rights privacy), might lead you to being bothered at home because of people who either agree with or disagree with your orientation (personal privacy), and often is inappropriate for casual professional acquaintances to be told about (contextual privacy).

I really really appreciate the thoroughness of his explanation of different reasons people have for keeping certain information private, as well as the historical and cultural perspective that is added in the definitions. However, I am unsure what help this categorization of different types of privacy have for designing software or social networking systems.

The underlying theme of all of the examples (or types) of privacy that Christopher Allen describes is that privacy is uniquely personal and private: Different people have different notions of privacy. Different people prefer to keep different things private. And different people like to keep private the fact that they'd like to keep certain things private from certain people.

Lets take a simple example. On the television show, Will & Grace, Will was dating a sport's television reporter. Will visited his partner in the locker room after a shoot. His partner was obviously very happy to see him and when the camera man was packing up, he was willing to flirt with Will. However, when the reporter's boss entered the room, and asked who Will was, the reporter responded that he was his brother. So, for the reporter, keeping private the fact that he was homosexual to certain people, but not to others was important. Also, in the case of the camera man, he wasn't making it explicit that he was gay, but certainly wasn't keeping it secret. On the othe hand, Will was more than willing to tell the reporter's boss that they were partners.

So, in Christopher's Orkut example of revealing sexual orientation, he explains that all of the different types of privacy can converge. Based on my Will & Grace example above, I would not try to define different types of privacy. Instead, I would say that different people would like to keep different things private. Included in that list of things, keeping private what you would like to keep private is also imperative.
I would argue that privacy is interpreted by everyone in a different way.

So, how do you design a system to enable everyone to maintain the level of privacy that they would like to maintain? Orkut and livejournal both take a stab at allowing you to define what pieces of information you make available to what groups. On Orkut, on specific pieces of content, you can choose who can see it from a predetermined list. The different groups are myself, friends, friends of friends and everyone.

I am not sure exactly how livejournal works. Anyone know?

At WhizSpark, we have taken a slightly different approach. We allow the user to make certain information public or private to them. This is available on each piece of content that they fill out in their profile. They can make it public for the world to see or they can keep it invisible from everyone. The reason that we collect certain information that they'd like to keep private, is so that we can enable transactions with our system. (ie email, address, etc) Further, we aren't collecting the detailed information that orkut or friendster collects.

As you can see, we've designed the system with privacy in mind since we aren't collecting as much information as the other social networking systems and since we allow everyone to hide the information from everyone else, thus avoiding encroaching on all of the types of privacy that Christopher mentioned. We also considered the following scheme:

The next step in designing a social networking system with privacy in mind, is to ultimately enable people to control who can see what on an individual relationship level. For example (using my Will & Grace example again), Will would let every person who knows him, as well as everyone he doesn't, to know his sexual orientation. He doesn't keep that private in his professional or private life. The reporter would allow Will (of course) to know his sexual orientation. He may allow the cameraman. And he wouldn't allow his boss. In order to keep it private from his boss that the cameraman is keeping his sexual orientation private, we would not show sexual orientation in his boss's view of his profile. Since Will, his boss and his co-worker cameraman would probably all be his "friends" on orkut's system, that system would not work for him. The only way to satisfy the tv reporter's privacy concerns would be to allow him to set it on an individual relationship level.

We considered building this in the next version of WhizSpark, soon to be released. However, it didn't make the final cut for new features. It's still on the table for the future. What do people think?

how to do viral marketing?

Because I started a business with literally no capital, i became intrigued by viral marketing. Other words for viral marketing are buzz marketing, word of mouth and/or word of mouse advertising. It is similar to network marketing (building and selling through a network), but without the building out of the network. Instead, word about buzzworthy things spreads hapharzadly. And although people like Malcolm Gladwell and Seth Godin have tried to point it out when it happens, define it, and explain it, noone has written a book on how to do it, yet.

A recent article (found via Jennifer Rice) defines viral marketing:

Viral marketing essentially takes advantage of the rapid multiplication effects of online social networks (through e-mail, chat rooms, IM, file-sharing networks, etc.) to help spread a commercial message on the cheap. Potential exists for exponential growth in message exposure that can far exceed what's achievable were similar budget spent on commercial media channels.

Jeniffer Rice, in her weblog, Brand Mantra, wrote about Sky High Airlines, a spoof airline website, that turns out to be an ad for Alaska Airlines. I've seen the site several times, as I seem to be on everybody's forward list for shit stuff like that. However, I never knew that it was intended to actually be an advertisement for Alaska Airlines.

Another example of a viral campaign is Burger King's recent Subservient Chicken and often games, quizzes and contests are considered viral marketing. However, things that spread virally online are most often non-commercial, anti-commercial or even rallying against one company, like fiendster, the obvious parody of friendster. Things that are anti-something spread virally in the political sphere also, like the bush sloganator (or the Kerry one, which is apparently still functioning and better funded).

I personally think that online viral marketing is the future of online advertising. Why pay for something (advertising exposure), when you can get it for free? Viral marketing hasn't really caught on though (it seems). Why?

Firstly, it isn't easy to create a viral marketing campaign that says what a marketer wants to say about their company or product, and actually becomes viral. In the case of Sky High, as Jennifer points out, the connection between the parody and the sponsor isn't that obvious. The subservient chicken is another example of a campaign, like Sky High Airlines, where it isn't obvious it is connected to the brand. (This may be intentional as the BK brand is very subdued on the page.) Further with the chicken, it isn't obvious how the chicken actually enforces the brand's message. Maybe they were just trying to transfer the attraction of a person dressed up in front of an actual fast food place to an online medium. Who knows. Regardless, all it delivered was some impressions and some good laughs when people tried to make it do obscene things.

A second reason why it hasn't taken off may be because "the experts" say that most people won't forward things (via this article):

The proportion of the online audience likely to participate is small. Jupiter Research's latest European consumer survey shows only 5 percent of the Internet population had forwarded an advertising message. Of respondents who said they had, 64 percent were under 34 years old and 56 percent were male.

Although viral marketing is challenging, figuring out how to repeat is something worthy of some study. Especially for me, since viral marketing is the basis for my company, WhizSpark. WhizSpark combines social networking with event promotion.

We learned several years ago, that events "get attended" by lots of people, when the key people in the social network that connect people have committed to attending in advance of the event. At most events, 5-10% of the people invited the majority of the others. These 5-10% of the people are the people-people. The people that did all the inviting, entertain us, make our connections, etc. They love people, socializing with people. They've figured out how to sell people things by helping people at the same time.

We've made it a point to network with these people and find out why they do what they do. All of these people do it because they love being social. Many of these people have managed to turn their passion for event planning, promotion and people into a business or supplemental income. We also wanted to figure out how its done.

We've focused mainly on marketing entertainment and social events. We've learned that people only attend places where they are comfortable, on subjects or with entertainment that they enjoy. We also learned that people really get juiced up about helping to promote events when they and there friends get rewarded by spreading the word or when they are engaged in the planning process.

I think this is a model for viral marketing in general. Engage people in the planning and production process (let go marketers, just let go), create a high quality product (ie event, service or product), seed the campaign by rewarding, bribing, paying, begging the key people, sit back and watch the message get out.

I am very interested in anyone else's ideas on this process. Feedback please!

placing an ad on feedster

After reading a flame up by Jeremy Zawodny, on one of his usual bitch sessions about how something doesn't suit his fancy, I decided to try and do something that'd help the situation. Jeremy was bitching about how feedster was accepting ads for viagra and how that was antithetical to the unwritten blogging credo in the war against comment spammers. Personally, I think that a site should be able to take which advertiser's money it sees fit to take, but Jeremy's attack prompted Scott Rafer to take it down. It is a smart move given Jeremy's weight in the blogging world.

In Jeremy's comments, I wrote the following:

I think we all should throw feedster a bone and help them out a bit. I just placed an ad on feedster for my company. i get a lot of value from feedster. it is a great engine. and the only one that helps me network with people on the web in real time. it is unfortunate that they need to resort to selling ads to disreputable companies, but i am sure they will find a revenue model that works soon enough.

20 days and 500 impressions later, we've received 2 clicks. Not so good. So, I am changing the approach.
Here's the old text ad:

Promote Events & Win Prizes create mailing lists, invite friends, promote events, win prizes whizspark.com

Here's the new one:

social network to win Try whizspark. Win Stuff. whizspark.com

I've also changed the target keywords.

I was considering this one, but decided against it. Maybe at a later date.

Friendster Sucks. you can't win stuff. Try whizspark. Win Stuff. whizspark.com

With that last one, I'd be taking the tack that: "any PR is better than zero PR". I'd be hitting the head on this one. Talking shit about a competitor, talking shit in general, and using trademarked names to target ads. If that isn't timely, I don't know what would be.

If nothing else, I am glad to be helping out feedster with the small ad I placed there. I use feedster every day and do get a lot of value from it. I think more people should advertise on feedster. For all this blogging stuff to support itself, we are going to need to find a way to monetize some of it. I think this can be done without compromising blogging's editorial roots. Help out Feedster. Advertise.

sort of official unofficial WhizSpark weblog

I've been posting to the WhizSpark weblog for awhile now. From monitoring google adwords on it, I can see that it gets 50 or so hits a day on it. I don't promote it and it usually isn't written in a first person voice. Also, although I tried to convince my partners to write to it and recruit other event planners and promoters to write to it, I have not been accompanied by anyone. Poor me!

So, I am moving the WhizSpark weblog over to this site, my personal weblog. Instead of trying to maintain several blogs in different places, I think I'll be more successful focussing on one and doing it right. Moving it here will allow me to write things that I normally wouldn't write to the other blog too, since it is not the official words of the company. How does that disclaimer go? I've stolen the verbiage from Robert Scoble:

Peter Caputa works at WhizSpark. Everything here, though, is his personal opinion and is not read or approved before it is posted. No warranties or other guarantees will be offered as to the quality of the opinions or anything else offered here.

Does this work when you own the company? I don't read it or approve it before I post it. Doesn't make much sense. Oh well, I guess I'll have to avoid any slanderous remarks. Damn. I'll reserve that for discussion boards where I use a pseudonym.

When we relaunch WhizSpark, I will remove the blog from the site.