Tag: Facebook

Bits and pieces of issues regarding the happy sharing of your children’s lives on Facebook

It's just a picture of them playing, they don't mind. Like!

It’s just a picture of them playing, they don’t mind. Like!

Similarly to what is happening in other EU Member States’ courts, Portuguese courts have been struggling with the application of traditional legal concepts to the online context. Just recently, in a decision which I addressed here, it considered that those having in their possession of a video containing intimate images of an ex-partner are under the obligation to properly guard it and the omission to practice adequate safeguard are condemned as a relevant omission.

Thus said, there is one particular decision which was issued by a Portuguese appealing court last year that I failed to timely address and which concerns the very specific rights of image of children in the online context. Considering the amount of pictures that appear on my Facebook wall every time I log in on my account and the concerns expressed by the upcoming GDPR in regards of the collection and processing of data referring to minors of sixteen, I would like to address it today.

The court at stake confirmed the decision of the court of first instance, issued within a process of regulating the parental responsibilities of each progenitor, which forbid a separated couple to divulge on social media platforms pictures or information identifying their twelve years old daughter. It severely stated that children are not things or objects belonging to their parents.

One would expected that a court decision would not be necessary to achieve the conclusion according to which children have the right to have their privacy and image respected and safeguarded even from acts practised by their parents. In fact, one would hope that, in the online context, and considering their specific vulnerability and the particular dangers facilitated by medium of the Internet, their protection would be ensured primarily by their parents.

Ironically, the link to the news referring to this court decision was greatly shared among my Facebook friends, most of them with children of their own. The same ones who actually happily share pictures of their own kids. And who haven’t decreased the sharing of information involving their children since then.

It is funny how some people get offended or upset when someone posts online a picture in which they are not particularly favoured or of which they are embarrassed and are quick to require its removal, and do not wonder if it is ethical to publish a picture of information about someone who is not able to give his/her consent. Shouldn’t we worry what type of information would children – our own, our friend’s, our little cousin or nephew – want to see about themselves online in the future?

Every time I log in my Facebook account, there is an array of pictures of birthday parties, afternoons by the sea, first days at school, promenades in the park, playtimes in the swimming pool, displays of leisure activities, such as playing musical instruments or practising a sportive activity… In a particular case, it has been divulged that the child had a serious illness, which fortunately has been overcome ever since but which received full Facebook graphic and descriptive coverage at the time of the ongoing development.

I have seen pictures where my friends’ children appear almost naked or in unflattering poses, or where it is clearly identifiable where they go to school or spend holidays. Many identify their children by their name, age, school they attend, extracurricular activities… In any case, their parenthood is quite well established. I always think that, in the long run, it would permit the building of an extended and detailed profile for anybody which has access to such data. And, if you had read any of my other posts, you know by now that I am not exactly referring to the Facebook friends.

More worryingly, these details about the children’s lives are often displayed on the parents’ online profiles, perhaps due to simple distraction or unawareness, without any privacy settings being implemented. Consequently, anybody having a Facebook account can look for the intended person and have access to all the information contained on that profile.

I do not want to sound like a killjoy, a prude or a moralist. I get it, seriously, I do. A child is the biggest love and it is only human to want to proudly share his growth, development and achievement with relatives and friends. It has always been done and now it is almost effortless and immediate, at the distance of a click. In this regard, by forbidding the sharing of any picture or any information regarding children, the abovementioned decision seems excessive and unrealistic.

Nevertheless, one should not forget that some good sense and responsibility is particularly required in the online context, considering how easy it actually is to lose control of the purposes given to the published information besides the initial ones. As many seem to forget, once uploaded on an online platform, it is no longer within our reach, as they can be easily copied or downloaded by others.

Thus said, while it is certainly impossible to secure anonymity online, the amount of information that is published should be controlled for security, privacy and data protection purposes.

Anyway, this common practice of parents sharing online pictures and information regarding their children makes me wonder how companies such as Facebook, and other platforms focusing on user generated content, who process data at the direction of the user and, consequently, who unintentionally have to collect and process personal data regarding children below the age of sixteen, may be asked to comply with the new requirements of the GDPR in that regard.

If it is to be lawful if and to the extent that consent is given or authorised by the holder of parental responsibility, and if, as the Portuguese court have understood it, parents are not entitled to dispose of their children’s image on social media, a funny conundrum is generated. If the parents cannot publish such information, they will not be able to authorize it either and, consequently, children/teenagers won’t be able to rely on their parents’ authorization to use social media.

The ‘Safe Harbor’ Decision ruled invalid by the CJEU

Safe harbor?!? Not anymore.

Safe harbor?!? Not anymore.

Unfortunately, I hadn’t had the time to address the ruling of the CJEU issue last October, by which the ‘Safe Harbour’ scheme, enabling transatlantic transfers of data from the EU to the US, was deemed invalid.

However, due to its importance, and because this blog is primarily intended to be about privacy and data protection, it would be shameful to finish the year without addressing the issue.

As you may be well aware, article 25(1) of Directive 95/46 establishes that the transfer of personal data from an EU Member State to a third country may occur provided that the latter ensures an adequate level of protection. According to article 25(6) of the abovementioned Directive, the EU Commission may find that a third country ensures an adequate level of protection (i.e., a level of protection of fundamental rights essentially equivalent to that guaranteed within the EU under the directive read in the light of the Charter of Fundamental Rights) by reason of its domestic law or of its international commitments.

Thus said, the EU Commission adopted its Decision 2000/520, by which it concluded that the “Safe Harbour Principles” issued by the US Department of Commerce ensure an adequate level of protection for personal data transferred from the EU to companies established in the US.

Accordingly, under this framework, Facebook has been transferring the data provided by its users residing in the EU from its subsidiary in Ireland to its servers located in the US, for further processing.

These transfers and, unavoidably, the Decision had been challenged by the reference to the CJEU (judgment in Case C-362/14) following the complaint filed by Max Schrems, a Facebook user, before the Irish DPA and subsequently before the Irish High Court. The main argument was that, considering the access electronic communications conducted by its public authorities, the US did not ensure adequate protection of the thus transferred personal data.

According to the AG’s opinion, “the access enjoyed by the United States intelligence services to the transferred data constitutes an interference with the right to respect for private life and the right to protection of personal data”.

Despite considering that a third country cannot be required to ensure a level of protection identical to that guaranteed in the EU, the CJEU considered that the decision fails to comply with the requirements established in Article 25(6) of Directive and that the Commission did not make a proper finding of adequacy but merely examined the safe harbour scheme.

The facts that the scheme’s ambit is restricted to adhering US companies, thus excluding public authorities, and that national security, public interest and law enforcement requirements, to which US companies are also bound, prevail over the safe harbour principles, were deemed particularly decisive in the assessment of the scheme’s validity.

In practice, this would amount to enable the US authorities to access the personal data transferred from the EU to the US and process it in a way incompatible with the purposes for which it was transferred, beyond what was strictly necessary and proportionate to the protection of national security.

As a result, the Court concluded that enabling public authorities to have access on a generalised basis to the content of electronic communications must be regarded as compromising the essence of the fundamental right to respect for private life.

The Court stated that the decision disregards the existence of such negative interference on fundamental rights, and that the lack of provision of limitations and effective legal protections violates the fundamental right to effective judicial protection.

Upon issuance of this ruling, the Art29WP met and concluded that data transfers from the EU to the US could no longer be legitimized by the ‘Safe Harbor’ decision and, if occurring, would be unlawful.
While its practical implications remain unclear, the ruling undoubtedly means that companies relying on the ‘Safe Harbor’ framework for the transfer of personal data from the EU to the US need to rely, instead, on another basis.

In this regard, considering that not all Member States accept the consent of the data subject or an adequacy self-assessment as a legitimizing legal ground for such cross-border transfers, Model Contractual Clauses incorporated into contracts and Binding Corporate Rules (BCR) for intragroup transfers seem to be the most reliable alternatives in certain cases.

Restrictions on data transfers are obviously also foreseen in the GDPR, which, besides BCRs, Standard Contracts and adequacy decisions, includes new data transfer mechanisms such as certification schemes.

You can find the complete version of the ruling here.

The not so privacy orientated new privacy policy of Facebook

Am I really in charge?

Am I really in charge?

Following all the criticism regarding the complexity of its terms of service and privacy policy, and allegedly in order to get more people actually reading and understanding the terms which must be agreed on for the use of the service, Facebook has announced, last month, an update (yes, again) of this privacy policy. But this time it is a visually clearer, shorter, linguistically simplified and more understandable version. If you have a Facebook user account, you certainly have already received a notification regarding this update, which will enter into force on the 1st January 2015.

In a section entitled ‘Privacy Basics’, users are told how to control what is to be shown to others, how they might interact with others and what may be shown in their news feed, how to control the visibility of their profile, and how to deactivate or delete their account. This new policy even includes a childlike assistant to guide users through these explanations.

On the terminological side, ‘public information’, which was previously defined as “the information you choose to make public, as well as information that is always publicly available“, is now defined as “any information you share with a public audience, as well as information in your Public Profile, or content you share on a Facebook Page or another public forum”.

However, not much changes, actually. Indeed, this more user friendly appearance does not really give users more control over their data. In fact, it does not give much. Users might control their data regarding others but Facebook and its commercial partners are certainly not included in the concept of ‘others’. The reading of the data policy regarding the type of data which is collected and the use of such data is quite self explanatory in this regard.

To be sure, the users’ settings haven’t been changed. Nevertheless, on a positive note, the user gets now to better understand how Facebook tracks its users. For instance, it is specified that Facebook may collect location information from users on its mobile apps through GPS, Bluetooth or WiFi networks.

In this regard, although users can decline or opt out of sharing information with third party applications or for targeted advertising purposes, which are based on their browsing habits off of the network, they have no control regarding the information that is collected and shared. To be true, no changes were made regarding how much data Facebook collects from its users.

In fact, Facebook has entire access to all the information made available about their users, both provided by users themselves while updating their profiles and by their friends. Moreover, Facebook can use this information namely to provide and develop its Services (yes, with a capital letter) and to promote and evaluate successful advertising. Unless entirely unconnected from the platform, as it does not suffice to close the tab, Facebook is therefore able to access all information provided in websites or applications which use its Services, gathering data on websites visited by its users and their behaviour on those websites. It will be, for instance, the case of Instagram or Whatsapp.

Likewise, as Facebook now accepts payments to be made on the platform, it can use information people share regarding their purchases and financial transactions to better target advertisements. For example, according to the update, the company collects information on each purchase, including payment information such as credit or debit card data, account authentication information, billing, shipping, and contact details. In addition, users are not given the option to control what information is being used for advertising purposes.

Furthermore, users can customize their ads preferences in order to make the advertisements which are shown to them more relevant. Therefore, a user will be able to decide whether or not to see advertisements based on a peculiar interest. While most users may appreciate this new option, the main beneficiary is ultimately Facebook itself as it allows advertisers to differentiate among successful and irrelevant ads. However, it must be noted that users will still not be able to control the data collection resulting from targeted advertising, but only to control how much targeted advertising is presented to them.

What is more, Facebook continues to get location information in order to allegedly present more relevant information regarding, for instance, friends or restaurants nearby. As you may know already, if you at some point read the previous version of the terms of service, advertisements were usually presented based on the location listed in a user’s profile. Facebook now proposes to enable advertisers to target users based on their actual location.

Thus said, Facebook has always been associated with issues regarding its privacy policy and terms of service, which were always deemed to be too complex for the common user. However, I believe that this complexity was not the main cause why most of its users are not aware of the use purposes of their data. My experience tells me that, disregarding how simple they are, and contrary to their best interests, not many people will actually read any terms and conditions of any service. Similarly, these updates on the terms and conditions will certainly not be read by many. And for those who will, it will surely not make them turn away from the social platform.

Facebook is already a very relevant part of its users’ lives, businesses and online interactions. Perhaps most users have accepted that, beyond being a space where friends and family can interact, it is primarily a business intended to deliver effective advertisements by using the information provided by its users. Or perhaps people just don’t care.

Nevertheless, it must be noted that the consent given by users do little in regards of their privacy. Individual consent is rarely exercised as a meaningful choice. And by ‘meaningful’ I mean with awareness and understanding of the implications and consequences of their consent.

Either way, the outcome is as follows: while people continue to use Facebook to interact with their family and friends, Facebook is not the product. Users are.

National Security: The new
responsibility of Tech
Companies?

Let's take a closer look on... everything!

Let’s take a closer look on… everything!

Private tech companies are no longer expected to only aim profit. No. Besides having been assigned with the task of distinguishing public and private interest, they are now required to act as watchdogs to the intelligence services.

I am referring today to the very interesting opinion article of Robert Hannigan, published on Financial Times, last week, which I highly recommend.

Hannigan is the new Director of CGHQ, which stands for Government Communications Headquarters, meaning the British electronic intelligence agency. It operates closely with the British security service, MI5; the overseas intelligence service, MI6; and the United States National Security Agency (NSA).

In the above-mentioned article, Hannigan called for “better arrangements for facilitating lawful investigation by security and law enforcement agencies than we have now” in order to find “a new deal between democratic governments and the technology companies in the area of protecting our citizens”.

He mainly referred to the radical group Islamic State, a.k.a. ISIS and ISIL, “whose members have grown up on the Internet” and are “exploiting the power of the web to create a jihadist threat with near-global reach.” In this context, he qualified tech companies as “the command and control networks of choice” for terrorists.

Basically, and summing it up, let’s all forget about Snowden’s revelations (which I already addressed here) and see the big picture: because terrorists are using the social media websites, tech companies such as Facebook and Twitter ought to share all our private data with law intelligence agencies to stop terrorism. As we all have a common enemy, let’s allow a more undisturbed sharing of information between the intelligence community and private technology companies of our data. In these dangerous times, who needs privacy, anyway, right?

Coincidentally or not, these declarations came in the wake of Apple and Google sophisticated encryption initiatives regarding data on their mobiles and email systems. Indeed, encryption makes the collection of data off the wires more difficult. Unsurprisingly enough, these statements are also in line with FBI Director James Foley efforts.

However, despite seemingly intended to be simultaneously inspiring, alarmist and paranoia inducing, I couldn’t help to notice that the article is actually full of contradictions which I assume were intended to go unacknowledged.

To begin with, the conclusion according to which techniques for encryption or anonymisation through mobile technology in fact help terrorists to hide from the security service – or, as stated, “are the routes for facilitation of crime and terrorism” – is quite a far-fetched one. Terrorism has been here long before new technologies as we know them and, unfortunately, terrorists have always found ways of hiding their operations quite successfully.

As for the allusion that the leaking of information by Edward Snowden has actually helped the development of terror networks… Seriously? Of course, the problem was not mass surveillance in itself. The real issue was that those monitoring activities were revealed to the world.

Besides, the use of Internet by radical groups for promotion, intimidation and online recruitment of potential fighters is already a general concern. But the thing is, as these activities happen in fact on social media platforms, everybody can actually see it. So, where does the need for a more direct and thorough access to social platforms data comes from? It is not as secret terrorist operations are expected to be conducted on Facebook or Twitter. I mean, these companies are not really known for the security of their communications.

Moreover, nobody actually believes that privacy is an absolute right. The ECHR is quite clear on that. The right to privacy shall always be balanced with other rights, freedoms and needs, as for instance the right to information, the freedom of expression and the need to ensure national security. However, I fail to see the balance between civil liberties and national security in Hannigan’s speech. Similarly, I fail to understand how the free and secretive interference in our privacy – for security reasons, always, of course – can be lawful and how its proportionality is ensured.

Likewise, why isn’t a prior court order appropriate to intelligence agencies regarding requests for data? It should be up to the courts, not the GCHQ, nor tech companies, to decide when our personal data shall be shared with the intelligence services. Courts are the only guarantee of individuals’ rights and freedoms and of principles such as necessity and proportionality of the measures taken. Tech companies cannot refuse these requests when they are based on a Court order. So, when Hannigan calls for ‘better arrangements‘ and ‘new deals’, it is very questionable what is truly meant.

Thus said, the consideration that users of social media platforms “do not want the media platforms they use with their friends and families to facilitate murder or child abuse” was just the cherry on top of a very bitter anniversary cake, the 25th anniversary of the world wide web, that Hannigan obviously hasn’t failed to mention.

These arguments are not fit for a “mature debate on privacy in the digital age”. Indeed, the fear, uncertainty and doubt (FUD) is quite a well-known strategy regarding perception influence and public misinformation.

For more regarding this brilliant-for-all-the-wrong-reasons article, check the following posts.

Atlas or how tracking technology is getting smarter and more intrusive

Thumbs up on tracking everyone.

Thumbs up on tracking everyone, everywhere.

Traditionally, Atlas refers to a collection of maps, typically of the earth. But this concept is about to assume a much creepier meaning. It is now associated to a ‘people-based marketing’ model, meaning the tracking and mapping of consumer’s behaviours both online and offline, as they move across content, websites and apps with different devices.

I am referring to the new advertising platform called Atlas, recently announced by Facebook. The platform is an improved version of Atlas Advertiser Suite model, purchased from Microsoft in 2013, and is deemed to be more implacable than cookies technology, which it aims to eventually replace.

Currently, marketers usually target and track the performance of online advertisements through cookies. However, cookies have been failing the marketing industry due to the very limited outcomes they allow. Indeed, they are less and less reliable and increasingly ineffective due to browser settings and plug-ins which can block them. Moreover, they are not as effective on smart phones and tablets, the main tools to access internet nowadays, as on computer’s desktops. In addition, they do not distinguish among users and devices.

As a result, advertising companies, contrarily to their best interests, are unable to figure which advertisements are worthy and efficient.

Facebook, dressing a red cape over its blue clinging suit, proposes to solve these issues with Atlas.

How?

Well, taking advantage of the huge amount of data it collects about its members. After all, information as where people live or go, websites they visit, their preferences, interests and their interactions is highly valuable for marketing purposes. Indeed it enables marketing companies to target its advertisements more efficiently according to contextual and behavioural profiling.

But how?

While being logged in a Facebook account, each user has one unique identifier which distinguishes him or her from all the others. It is like a fingerprint.

Atlas will combine cookies with the unique Facebook individual identification to track users’ exposure to advertising across the web, linking their personal information to their browsing activity.

In this context, marketers and advertisers will be able to match the list of individuals who they know have bought their product, through purchasing details, and the list of advertisements that individuals have seen online.

As a result, they will be able to evaluate to what extent their targeted advertisements on Facebook influence its members’ purchases and to assess which ones are successful.

Getting a cold feeling of discomfort regarding your privacy?

Do.

While these might be good news for advertisers and marketers in general, users already worrying about their privacy and personal data will certainly find room for some additional concern.

Indeed, even if many other Internet companies, as Google and Yahoo, collect data on individuals based on their web browsing and other online activities and use it to target ads, Facebook raises the stake to a whole new level.

To start with, it distastefully shares data collected within social networking with third parties, advertisers and marketers. So, information provided by its members in a certain context will be used in another context.

In addition, while combining cookies with the Facebook ID, Atlas will enable to track online activities across devices of logged in users and to assess their reaction to advertising campaigns both across Facebook and third-parties websites and apps, both on desktop and mobile devices.

Therefore, Atlas applies a user’s Facebook identity beyond Facebook’s walls, resulting in exposing users who are logged in across devices to a new persistent tracking mechanism which I can’t help but picture as a constant and undesirable online stalker.

As, having purchased ad campaigns through Atlas, advertisers can choose whether or not to include it on Facebook, its primary intention is consequently to demonstrate that advertisements placed in its website do work, i.e., that online social behaviour and search habits of its members can be a faithful indicator of consumer interest and purchase intent. The aim is to attract advertisers and marketer’s interest in order to place ads on its platform, with the argument that ads bought through Atlas will be more effective than other platforms, because they will use data collected through Facebook.

This will enable Facebook to establish a demand-side platform, where marketers will be able to buy ads which target Facebook’s members as they move across the Web, and even target users through real-time bidding. Once a user has logged into Facebook on a device, Atlas will be able find that user and present personalized ads.

In this context, the core privacy concern is whether data can be utilized while maintaining users’ privacy rights. Facebook pledges that the whole process will be anonymous and that is not going to disclose personal information such as user’s names or locations to advertisers. It is said that marketers and advertisers won’t be able to access other details than those they already know. Furthermore, marketers won’t be able to take Atlas’s cross-device tracking information out of the Facebook system.

Nonetheless, it conveniently failed to acknowledge that this kind of marketing is targeted to us as identified individuals, despite no revelation of real names is involved.

Indeed, it belongs to an emerging strategy known as ‘onboarding’, which aims to link our offline life to our online activity. Instead of users’ actual names, Atlas targeting segments refer to age, gender and demographics and might eventually include political affiliations, credit card use and relationship status.

So, Facebook’s policy regarding real names might not be as well intended as it was firstly presented. As users are voluntarily submitting authentic information, just by using the social network on a regular basis, knowing its users’ real identities allows the building of detailed profiles of people.

It is already known that Facebook’s partners include Omnicom, Instagram and, possibly, Twitter.

Some consider that this aims to take down Google from its dominant position regarding online-display advertisements, taking advantage of the fact that Google’s targeting is primarily based on cookies, which don’t work on mobile phones and get confused across users and devices. Despite Facebook’s denials, Atlas will allow Facebook to build an advertisement network that would, like Google’s AdSense, extend its ads across the Web.

I don’t know one single person – except for my little cousin, who thrives with pub time on TV – that appreciates to have every webpage opened filled with ads. And it becomes worse when they are irrelevant!

Perhaps Atlas is just a way of ensuring that the advertisements we see are of more interest to users. Hopefully, it doesn’t mean that we will have to face a bigger amount of ads.

Anyway, Facebook’s members can’t opt out of Facebook’s data capture mechanisms entirely, although they will be able to view and change the types of ads they are presented with through the Ad Preferences portal.

But while some may argue that Atlas is just a new tool to make ads more relevant to users, one shouldn’t ignore that users are being made more relevant to advertisers. We are the product. Perhaps for those who need to socialize online, Ello is not such a bad option after all…

 

Ello! Here to stay?

Ello, the new kid on the social networks' block.

Ello, the new kid on the social networks’ block.

It must come as a surprise, as I am writing openly on a blog, but I am not the most sociable person in this online world. In fact, my online interactions are mainly limited to an increasingly left aside Facebook account, some comments written here and there in blogs posts or news that particularly interest me and this recently created blog.

Regarding Facebook, I don’t log in as often as I used to. And truth is I find it less interesting in each visit due to the ad-filled pages and the endless requests from friends to play games. Not only am I trying to spend more time offline, but I also find the whole concept of sharing (showing off?), following, liking and commenting bits of others people’s lives very tiring at times. I recognised that is mostly due to a bad management of my account. As I realized recently, I don’t even know that well 90% of my friends and I honestly couldn’t care less about their lives, worries or interests.

However, it is an undeniable source of information regarding feedbacks on the most various subjects, through the specific groups and communities created. Moreover, it has enabled me to find lost friends and to keep in touch with friends and family members living abroad, without having to spend hours on the phone or Skype. In that context, it makes possible for people to share moments and to be part of each other’s lives in a way that would be very difficult otherwise. Besides, it has allowed me to know better people with whom I weren’t that close, making me grow fonder of them or, instead, killing any good impression I might have once had.

Nonetheless, I am more and more driven to more traditional means of communication, for instance gathering and talking. I intend to spend only meaningful time online, namely engaging in rewarding conversations with people who share the same interests as me.

So, when I first heard about the new social networking platform everybody was talking about, Ello, my first question was: what is the point of it? My second thought was: it won’t last. The history of social networks is full of unsuccessful chronicles: Friendster, MySpace, Diaspora or AppleSeed, just to mention a few. The secret for Facebook lasting so long is its most relevant feature: one can actually find almost everybody there and it feeds people’s curiosity and egocentric tendencies.

In Ello’s current Beta phase, you have to receive an invitation from a registered user in order to access the platform and each user can only send up to five invitations. This not only compels users to carefully select future friends but it avoids as well a sharp and fast expansion of the network which would threaten its normal management. However, it will be just a matter of time for it to lose its restricted nature…

Having received an invitation to join Ello, I succumbed to curiosity and created an account… just to see what the fuss was all about!I was not looking for another social network to be in but I was willing to replace Facebook with one platform that would allow me the same benefits without being so annoying.

Regarding the registration act itself, I must point out that identical user-names are not allowed. When I tried to use my real name, it was rejected, both in the integral and partial version of it, because someone else had taken it previously. As a result, I had no option but to pick up a pseudonym. I would have preferred to use my real name, regardless the fact that it might bring identity confusions.

The direct consequence of this is that, if someone wants to add a friend, he or she needs to know what his or her username is. The use of pseudonyms made up just for the registration act makes difficult to find friends on the platform. On the bright side, it certainly helps to keep undesirable wannabe friends away. But it is nevertheless ironic, considering all the buzz surrounding Facebook real names policy, who affected people preferring to adopt pseudonyms. While I don’t believe that Facebook’s policy is unrelated with the recently announced ad network Atlas (which I will address in a future post), I must say that I am not convinced either by Ello’s policy. Google Plus, for instance, had a similar policy and dropped it. However, the same policy regarding user-names is successfully applied in Twitter or Instagram…

Anyway, what is Ello really about? Well, as any other social network platform, it is intended to enable the connection and the sharing of content among users. However, it comes with the promise that user’s data won’t be sold for marketing purposes and paid advertising won’t be allowed.

Regarding the design itself I wasn’t expecting anything special, really. As long as it wasn’t bluish, I would be flexible. I enjoyed the monochrome concept; however I have found the design exaggeratedly minimalist and not very user-friendly. Somehow, knowing that it has been created by artists and designers, I was expecting more creativity.

One feature that struck me negatively is that all the information displayed in each profile is public within the website’s community. Of course, I am fully aware that Facebook itself is far from being the gatekeeper of privacy or a paradigm for any other value. It suffices to remember the sneaky privacy changes or the ones made to please the users, the experiment conducted on users data, and the removal of campaign post-mastectomy photographs or pictures of women breastfeeding considered obscene. More recently, there is the polemic ad network called Atlas. But, I mean, it is a business and profit is its aim. No surprise there. As it is commonly said: if you are not paying for it, you are the product. Proper information and transparency on how, what and why things are done are, in my opinion, the main issues. Nevertheless, I enjoy the apparent privacy regarding the ability to share information among a pre-selected group of friends.

On Ello, users can unilaterally add ‘friends’ (as for acquaintances whose lives they are interested in) and ‘noise’ (as for random popular users) who may be followed through a newsfeed-like menu. It is fairly easy for users to delete their Ello account if they want to opt out of the service. However, one must be aware that it is an irrevocable action and the content will be lost forever. So dramatic!

In an ‘wtf’ section, one can find some elements intended to introduce Ello to the new user. In this regard, its manifest is quite engaging as it reads as follows:

Your social network is owned by advertisers.
Every post you share, every friend you make, and every link you follow is tracked, recorded, and converted into data. Advertisers buy your data so they can show you more ads. You are the product that’s bought and sold.
We believe there is a better way. We believe in audacity. We believe in beauty, simplicity, and transparency. We believe that the people who make things and the people who use them should be in partnership.
We believe a social network can be a tool for empowerment. Not a tool to deceive, coerce, and manipulate — but a place to connect, create, and celebrate life.
You are not a product.

Having navigated around the platform for a little while, I must admit that advertisements were nowhere to be seen. So far, so good… However, despite being a hopeless romantic, the new starry-eyed concept of online celebrating life failed to convince me.

To start with, it is unclear how the website will make money. Let’s not forget that other social network platforms, like Facebook or Tumblr, similarly started without advertising but, profit being intended, it was not a workable business model. According to Ello, profit will eventually come from special features that will be offered against a small amount of money (well, if they are paid for, it is not an offer anymore, just saying…) in order to customize users experience. This is not a new concept: it is called Freemium business model and is used by Evernote, for instance. That makes sense and it is utterly acceptable. After all, Ello has to capitalize somehow. Nevertheless, if the number of users continues to increase, I have serious doubts that those little charges will be sufficient to run the servers.

What is worrying, instead, is that, according to some provisions of its Privacy Policy, Ello is not everything it claims to be.

Although it might have escaped to the most distracted and laziest of us (not everybody reads the privacy policies) , Ello does collect users personal information, namely information about what pages are access, about the device used, information that is send to it directly or post on its web site, and the address of web sites that refer the user. It stores as well the name and e-mail address that users register with. In addition, Ello collects and stores an anonymized version of users IP address and of Google Analytics to gather and aggregate general information about users behaviour, although it offers the option to opt-out of Google Analytics and commits to respect “Do Not Track” browser settings. It states also that it may use or share anonymous data collected for any purpose.

Although Ello reiterates that it won’t sell information about users to any third party, including advertisers, data brokers, search engines, or anyone else, it may share some of the personal information with third parties under several circumstances. Users consent, legal compliance and the fulfilling of contracts requirements celebrated with third party services providers are among the exemptions foreseen.

It is quite strange that, while considering unethical the collecting and selling of personal information for advertising purposes, Ello broadly collects user data for non-advertising ends. Moreover, it establishes the sharing of user data as a rule, and not as an exception, considering the abstract nature of those foreseen.

Bearing in mind that advertising can be very positive as it provides useful information regarding products and services that users may be interested in, I am not sure that this is the biggest of their concerns. Indeed, the door is left open for privacy violations that come along with online tracking. Furthermore, anonymisation of the data does not ensure that, in subsequent matches, an individual won’t be identifiable. Additionally, Ello doesn’t give any guarantee regarding the deletion of information stored in backups when content posted or a personal account is deleted. As for the foreseen possibility of sharing information with future affiliated companies, it just means that the data collected and stored by Ello will be made available for businesses to which users have not delivered their data to.

Only time will tell if Ello is here to stay… But considering the above-mentioned devil in the details, one may conclude that privacy  just seems to be the newest marketing slogan, regardless if it is ensured in fact or not.

© 2017 The Public Privacy

Theme by Anders NorenUp ↑