Social networking has attracted an unprecedented number of Canadians, some 17 million of whom have a Facebook profile, 4.5 million are on MySpace, 14.5 million visit YouTube every month, and 3.6 million upload photos to the sharing site Flickr.com. Social networkers shape their identity with these sites, essentially broadcasting their public image around the world.
But it's not all fun and games online.
The more we use social networking sites, the less privacy we can lay claim to. You have to be obsessively careful with what you post online - you can become a victim of identity theft, ruin your own reputation, or even attract the attentions of undesirable people who have more than chatting on their minds.
The problem is getting so big that provincial and federal governments have taken to educating social-network members about the need for privacy.
Many social networking site have privacy systems in place, but many users ignore them, only to find out - too late - that they shouldn't have left their photos, blog postings and personal information available for anyone to discover.
A two-month investigation by Globe and Mail reporter Matt Hartley tracked more than a dozen Canadians through their open social networking profiles, gathered as much information as possible using freely available Web tools to build detailed profiles of each user. When compiled in one or two places, a casual observer can develop a rudimentary image of a subject in just a few clicks.
Globe reporter Matt Hartley took readers' questions on Tuesday about the pitfalls of putting your identity online, and how best to behave in a world where you are on display. Your questions, and his responses, are below.
Editor's Note: globeandmail.com editors will read and allow or reject each question/comment. Comments/questions may be edited for length or clarity. HTML is not allowed. We will not publish questions/comments that include personal attacks on participants in these discussions, that make false or unsubstantiated allegations, that purport to quote people or reports where the purported quote or fact cannot be easily verified, or questions/comments that include vulgar language or libellous statements. Preference will be given to readers who submit questions/comments using their full name and home town, rather than a pseudonym.
Jack Kapica, moderator, writes: Hello Matt, welcome to our chat about privacy in the age of social networking. Let me start off by asking you a question: What is it about social networking that makes people forget they're on public view?
Matt Hartley answers: It's an interesting question, for sure. I'm not exactly certain what it is about social networks that makes people forget they're on public view. The whole point of these sites is to meet and mingle with friends and people who become your friends. By their very nature these sites are "social" so one would assume that people are aware that folks will be looking at what they post online.
Many users likely assume that the only people who can see their profile are their friends. In some cases, if their privacy settings are up to snuff, they're correct. But more often than not, Facebook and MySpace users leave their settings wide open, which allows thousands of users to see their profiles.
Think of it as a bedroom. You don't expect anyone except the people you invite inside to see the pictures of your friends that you've pasted to the wall or your CD collection scattered about on the floor. But if you leave the drapes wide open, anyone can look inside, whether you've invited them to or not.
I think other people just don't understand the scope of the privacy settings. For instance, if you have your Facebook profile set so that anyone from your high school or university network can look at your profile, there are literally thousands of people you've never met who went to the same school and can look at your profile any time they like.
Privacy on social networks is a bit of an illusion. If you don't want people to know your address or the fact that you love Kelly Clarkson's music or that you cried at the new Lindsay Lohan movie, don't post it online.
Polou Ha from Toronto writes: I am wondering why social networks don't show or blog more about the safety features that they have to offer. I find that I have to go and learn this on my own by digging through all these features and check to say no to show my name, address or phone number or anything that are important.
Matt Hartley answers: Thanks for the question Polou. In fact, both MySpace and Facebook have devoted large parts of their websites and signficant resources to blogging about privacy and security in an effort to educate their users. MySpace, for example, uses its founder Tom as its in-house privacy and security guru. Tom is the first friend you get when you sign up for MySpace. While I'm sure part of the reason is so that new users don't feel lame by having a big zero on their friends list, having Tom on everyone's profile enables MySpace to send messages to users' inboxes in a medium they are familiar with in an effort to help them learn about what the site is doing to protect them and how they can protect themselves.
If you scroll down the bottom right corner of your Facebook profile - for those who are using the much maligned new version of the site - there's a little link that says "privacy" which takes you to the site's security and privacy page. Facebook offers a lot of different tips to help its users lock down their profiles.
The biggest problem, unfortunately, is that people just don't read these pages. Whether they don't care or they just aren't aware depends on the user, but the fact remains that people are constantly surprised by what people can access about them. As our study shows.
One complaint that has been lobbed at both sites is that too many of the security features are "opt out" rather than "opt in." Privacy advocates argue that when a user signs up for Facebook or MySpace, their privacy settings should automatically be on the most secure setting, and that users should choose not what they want to protect, but what they want to share. Obviously, since these sites are set up specifically to allow people to interact with one another - they're "social" networks after all - the idea of locking everything down from the outset runs somewhat counter intuitive to their whole purpose. Both sites have taken a few steps in the right direction in this regard, but both could probably be doing more.
Penny from Toronto writes: I don't do social networking, but I share my reasonably obscure name with one gentleman who does. He is about my age, and his hobbies include liquor, pot smoking, heavy metal, and "loose women." Is there anything I can do to avoid being confused with him professionally?
Matt Hartley answers: Hi Penny, and thanks for the question. I can't tell if you're being sarcastic here, but let's assume you're not, because you raise a good point.
Unfortunately, there's not much that you can do to dissociate yourself from this person. I know you say you don't "do" social networking, but you could set up your own Facebook profile with a picture that clearly differentiates you from this gentleman. You could even call yourself "The Real Penny" a la Eminem.
Otherwise you might be stuck simply telling people, "No, that's not me," when they ask. One thing that we talked about in our series was that employers often check up on potential hires by scoping out their social networking profiles. If you're worried that when you apply for a job someone is going to go on Facebook, see this guy's profile and think that you're into "loose women" you could create a profile at a work-related social network such as LinkedIn, and provide a link to that profile on your resume.
It sounds silly, but you could also try putting the fact that you're not on MySpace or Facebook in your cover letter. With so many organizations out there worried about employees posting company secrets online, that might actually be one thing that differentiates you from other candidates and moves you to the top of the heap. Good luck.
Aaron Talbot from Canada writes: Is privacy something that all of us (not just kids) are giving up for technological advances on the Internet? With Google's release of its Chrome browser, the argument is that Google wants to shift personal data storage from our hard drives onto an external web source ... in exchange for streamlining ads to users. Is privacy something that we're starting to lose sight of as the Internet matures?
Matt Hartley answers: Thanks for the question Aaron.
Is privacy dead? It's one of the most important questions facing all of us as we become increasingly dependent on technology. Scott McNealy, the chairman of Sun MicroSystems, once remarked that "Privacy is dead" and suggested the audience "get over it." Harsh, no?
But the scary thing is that he might have a point. In an era when you can zoom in on a satellite picture of your home from the Internet or look at the vacation pictures of total strangers, does privacy really exist any more?
Google is at the centre of this debate (as the company is for just about anything related to technology these days). We used Google Maps to find out where our subjects live for Project Creep, and although the site has some limitations, it is remarkable what you can find using Google's services.
One of the company's more controversial tools is its Street View service, which enables you to zoom right into the street level of a location and see it as though you were standing right there. Privacy advocates are still up in arms about Street View. One couple in the United States has sued Google for taking photos of their home. There's a parents' group in the U.S. that says Street View is being used by child predators to scope out schools and playgrounds where kids congregate. Scary stuff.
Google says that they're only taking photos of streets from publicly accessible locations, something anyone with a digital camera could do. Is it true that someone could walk down your street with a digital camera, taking photos of your house and those of your neighbourhood and post them online? Of course. Google isn't doing anything that radically different, they're just doing it on a massive scale, the likes of which have never been seen before.
One thing I will say about privacy in the digital age is that it's probably smart to put all your eggs in one online basket. If you use Google to search the net, it knows what you were looking for. If you use Gmail, Google knows what's in your e-mail. If you use their new browser Chrome, they know which sites you visit. The best thing to protect yourself if you're worried about one company knowing too much about you is to use different services from different companies. If you like using Google's e-mail service, consider switching to Yahoo or MSN for Internet searches.
Ann Cavoukian, Ontario's Privacy Commissioner, told us that privacy isn't dead, only that it's "changing." She said that privacy forms the backbone of our democratic society and that privacy is the first thing to go when a culture moves towards a totalitarian state. She might have a point. But we as users of these services need to take on more responsibility for our own privacy and security.
I think it was Thomas Jefferson who said that the "price of liberty is eternal vigilence." I imagine he would probably have a few choice words for us Google users.
Mei N. from Shanghai, China, writes: Hi, Matt. Thanks for taking our questions. What are the legal implications of third parties obtaining personal information from social networkers? Legislation seems pretty vague in terms of what constitutes consent and what's "reasonable" for individuals to expect when it comes to third parties accessing their information. Is Facebook liable if I install a widget on my Facebook profile and, as a result, a marketing company finds out what music I listen to and where my friends and I partied last weekend? What laws (if any) are third parties breaking if they use that information, given that I willingly installed their widget? If this is a "user beware" system, as it seems to be, why bother suing Facebook?
Matt Hartley answers: Thanks for the question Mei N.
It's a tricky issue and I must admit that I'm not an expert in all the legalities surrounding privacy law. When you install an application on Facebook, part of the deal is that you must give them access to certain information. All applications ask you what you're willing to share before you install them, so you do need to sign off on what you're giving them access to. It's just one more reason why you should make sure you read the fine print on anything you install on your computer or your Facebook profile. Facebook isn't liable because you consented to sharing the information.
It's also true that some of these applications can "go rogue" if they were created by a developer with bad intentions. A few lines of code is all they need to get these applications to start gathering information from your friends' profiles. Facebook and MySpace work very hard to eliminate these kinds of applications and ban the developers who create them, but you're right, users should beware and not just add every "Zombie Points" or "The Hills: Quote Generator" application that comes along.
I can tell you that the office of the privacy commissioner of Canada is looking into this issue and is preparing a report that is due to be released later this year, which should give us all a better idea of how these sites conform to the Personal Information Protection and Electronic Documents Act (PIPEDA).
Jack Kapica, moderator, writes: I'm afraid we've run out of time for this discussion. I'd like to thank Matt Hartley for all the effort he has put in on the answers, and all people who asked them. Our apologies to those whose questions couldn't be included in our time frame.