With all the recent hubbub about Facebook and privacy concerns, one might wonder if this is just another one of those molehill-problems that the media is mountain-sizing. You know, like mad cow disease, Y2K, and light beer. I tend not to worry too much about such things, because I don’t put incredibly detailed information about myself online. Some suggest that even putting information about your birthday on Facebook is a security risk. I’m honestly not sure about that, but I do know that Social Security came about in 1935. It stands to reason that somebody may have had time to figure out the algorithm for generating a Social Security Number in 75 years time. After all, the encryption they had back then was roughly equivalent to the copy protection measures found in SSI’s Pool of Radiance (which, I might add, science has found a way to defeat).
For the life of me, I never have fully understood the human compulsion to fill out forms containing their personal data on a computer. If I walked up to a random person on the street with a form asking for their personal data, they’d probably think I was up to something unsavory (like signing them up for a credit card), and tell me to shove off. You put the same person on Facebook, and it wouldn’t surprise me if at least a good portion of their extended profile information is filled in. What benefit does this give anyone but Facebook and their demographic-engine? You know, aside from thoughtfully tailored ads for the user’s pleasure.
I found myself asking the same question some fifteen years ago. I was 19 years old, it was 1995, and I was running a modestly successful local BBS. Most of the other BBS users in town were older than me, and almost all of the sysops were. For some reason, if you were in the greater Peoria area, male, 40 years old, and into ham radio, chances were decent that you either ran a BBS or called one. Being younger, I tended to attract a younger crowd, and thusly we became the bane of the local FidoNet hub with our youthful exuberance (and willingness to start a flame war over the slightest of offenses). Even so, my BBS still racked up a couple hundred user accounts. Most were one-time callers checking the place out, but I probably had a good 30-40 regular users and lively message boards.
You know what I also had? The name, address, and phone number of every last person that called.
Why? Well, that’s what happens when you don’t read the documentation to your BBS software very well and make all the user account info mandatory. I remember telling people who asked me why they needed to put in their address that “this is so I can verify you’re a real person”. I didn’t need it, of course. There were callback systems that could, at the very least, know there’s an active phone line on the number they put in. Most of the boards in town didn’t require complete information, and you could put in whatever you wanted and it would still let you through. (For instance, my co-sysop – whose address was “KEVORKIAN”.) Fortunately for them, my dear mother did not raise an asshole. I probably could have gotten into some trouble using all that data. I knew people who got in trouble for similar things. However, there was one instance in which having all this data did cause me a lot of trouble.
The BBS software I used to run was called Renegade. It had all sorts of nifty features, one of which was called MCI codes. I forget what it stood for, but we used to joke that more expensive BBS software would have used AT&T codes. Yup, we were nerds. Basically, you could write a message containing these codes, and it could display all sorts of information back to the user about themselves. It was supposed to be used so sysops could make nice status screens telling people what address they have on file, and how many megabytes they’ve downloaded this month, their security level – that kind of fun stuff. Well, as it happened, this 13 year old kid on the board who went by the handle CAPTIAN JAMES T. KIRK had been reading the Renegade documentation. We hated this kid. He would always come on the board and piss a bunch of people off, and then we would flame him mercilessly and he would retreat for a couple days and then the cycle would repeat itself. One day, the good Captian discovered something else I hadn’t turned off – letting users use MCI codes in their messages. And so it was that he put in a little something like this:
HEY @a I KNOW YOUR ADDRESS IS @b AND YOUR PHONE NUMBER IS @c AND I'M COMING TO YOUR HOUSE TO KILL YOUR FAMILY AND YOUR DOG.
This would yield output specific to whoever was reading it, so at the time I saw something like:
HEY MATT DUKES I KNOW YOUR ADDRESS IS 235 FAKENHAMMER LANE AND YOUR PHONE NUMBER IS 309-555-4857 AND I'M COMING TO YOUR HOUSE TO KILL YOUR FAMILY AND YOUR DOG.
I remember thinking “hey, that’s a pretty neat trick”. Then I noticed my inbox had fifty messages in it.
Apparently this idiot had managed to convince pretty much everyone who called in that day that I had for some reason given their name out to a psychopath. I had people threatening to come to my house and kick my ass. I had people crying and wondering how I even knew they had a dog and why I would divulge any information about said dog to a third party, much less an angry nutjob. Even people I called regularly for help on how to set up my board got fooled and were angrily sending me messages. It was the largest instance of mass hysteria I’ve ever personally witnessed, and the happiest we ever saw Captian Kirk.
It took a day or two, but finally I managed to convince my rabid userbase that it was just a trick. The incident is still legend among those who were there.
We call it the Golden Mindf@$k.
Wow. That’s something that I’m sure was not nearly as funny at the time, at least not when people were threatening to beat you up…
…but that’s sheer genius.
.-= Andy´s last blog ..Just To Let You Know… =-.
Just an FYI, the concern on facebook is the fact that they are changing privacy policy, without user consent, and with no reasonable way to change it.
short version
Prior you could choose, who could or could not see individual pieces of info
Now they change it, so all your info is shared, you have no say. in it, period.
even if you delete your account, they retain any info you already entered, and will share it with whomever they feel like
the hubub therefore is less about what is available on facebook, but about the fact that facebook now gets to hand out your data, to whoever they feel like, without your consent, and most people find that wrong.
where this becomes a very bleak area, si that new people signing up, could for instance, choose not to enter, info they don’t want share,d such as say your birthday, just don’t enter it.
but people who have already been on the site, and entered info before this policy change, are simple out of luck.
the actual info/privacy is not a problem as much as the moral outrage IMO
All the better to steal your soul with…
.-= Devious´s last blog ..Dear Sir, You Can Talk To Me =-.
Hmmm…you weren’t in the BBS scene in Memphis, were you? I’m sure it was widely used, but we had our own James Kirk who ran a local BBS.
.-= The Gonk´s last blog ..Mickey Doggie =-.
@The Gonk: Nope. Peoria, IL.
.-= Vanir´s last blog ..You’re Not Just Good, You’re Golden =-.
https://www.eff.org/deeplinks/2010/01/primer-information-theory-and-privacy
My wife is a researcher who works with government data. Getting your gender, zip code and birth day is trivial from government sources. The irony is she has to strip that information away on the output end to avoid “information disclosure” while the real source of disclosure is the public source data.
(A quote from the source paper: http://groups.csail.mit.edu/mac/classes/6.805/articles/privacy/sweeney-thesis-draft.pdf …)
“I conducted experiments using 1990 U.S. Census summary data to determine how many
individuals within geographically situated populations had combinations of demographic values that
occurred infrequently. It was found that combinations of few characteristics often combine in
populations to uniquely or nearly uniquely identify some individuals. Clearly, data released containing
such information about these individuals should not be considered anonymous. Yet, health and other
person-specific data are publicly available in this form. Here are some surprising results using only three fields of information, even though typical data releases contain many more fields. It was found that 87% (216 million of 248 million) of the population in the United States had reported characteristics that likely made them unique based only on {5-digit ZIP, gender, date of birth}. About half of the U.S. population (132 million of 248 million or 53%) are likely to be uniquely identified by only {place, gender, date of birth}, where place is basically the city, town, or municipality in which the person resides. And even at the county level, {county, gender, date of birth} are likely to uniquely identify 18% of the U.S. population. In general, few characteristics are needed to uniquely identify a person.”
.-= John Lopez´s last blog ..Games for Windows Live =-.
Haha. Hahahahaha.
Renegade.
This is clearly why WWIV was the best software.
Also, I wrote about this in my master’s thesis. I had the benefit of, you know, already using Facebook at the time, but I still thought about how great it was that we had gone in such a short amount of time from “I ain’t gonna give out my information over the phone!” to “oh, awesome, I can put in EVEN MORE information about myself in this electronic database!”
@John Lopez: That’s terrifying. 🙂
@Quarex: My dream is that one day, we all learn that what matters is not the software our BBS runs on, but rather the color of our ANSI graphics.
.-= Vanir´s last blog ..You’re Not Just Good, You’re Golden =-.
Matt, I remember that post. 🙂
I also remember some choice phrases Greg mentioned at the time about ways to defile Cap’t Kirk’s mother’s skull.