Category: Social Network Websites


Reputation Economies Symposium

yale-reputation.jpgI’m currently at the Reputation Economies Symposium at Yale Law School. The conference has been quite good.

Professor Rebecca Tushnet (Georgetown) is liveblogging the conference, and I found her account of my panel to very nicely summarize what was said. For those who are interested in the conference but unable to be here today, you should read Rebecca’s terrific account over at her 43(B)log:

Panel I: Making Your Name Online (Bawens, Ghosh, Hoffman, Masum, Noveck)

Panel II: Privacy and Reputational Protection (Acquisti, Citron, McGeveran, Solove, Zittrain)

Panel III: Reputational Quality and Information Quality (Gasser, Goel, Kirovski, Kuraishi, Prakash)

Panel IV: Ownership of Cyber-Reputation (Clippinger, Goldman, Sutor, Thompson, Tushnet)

UPDATE: Eric Goldman and Michael Zimmer also have good recaps.


Megan Meier Blog: A Hoax

A few days ago, I blogged about a blog called “Megan Had It Coming” when a blogger in the name of Lori Drew (the mother who was involved in the case) attempted to explain her side of the story. I wrote in my post that the blog might very well be a hoax, and it indeed was. From CNN:

Police are investigating Internet postings of someone posing as the woman linked to an online hoax played on a 13-year-old girl who committed suicide. . . .

Lori Drew’s attorney said Friday that she is not the writer.

The St. Charles County sheriff’s department is investigating the blog postings on to see whether a crime has been committed, a spokesman said.

“Any Internet message that purports to be a member of the Drew family is being managed by an impostor and undoubtedly is being done for the purpose of further damaging the Drews’ reputation,” the family said in a statement. . . .

Lori Drew’s lawyer, Jim Briscoe, said Google Inc., which owns, has been contacted. A Google spokesman said the company is reviewing the impersonation allegation. . . .

Since then, the Drews have been besieged with negative publicity, and Meier’s death prompted her hometown of Dardenne Prairie to adopt a law engaging in Internet harassment a misdemeanor.

Now, elected officials say the law’s first use could be to prevent possible harassment against the Drews.

“I would say that would be a possibility, that they could be the first,” Mayor Pam Fogarty said Friday. “A law is a law is a law. You can’t discriminate.” . . . .

St. Charles County Prosecutor Jack Banas said he heard about the postings through the news media and asked the sheriff’s department to investigate.

Banas said he had no idea if someone might be charged under the Dardenne Prairie measure. He explained any charges he brings are under state law, not under local ordinances.


Breaking Up: From Face-to-Face to Facebook

In my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, I write about how members of the current generation — what I call “Generation Google” — are increasingly spreading gossip and rumors about their private lives online. Some people have few inhibitions, especially one woman who decided to break up with her boyfriend by posting it on Facebook.


From Valleywag:

Can’t a girl publicly humiliate her boyfriend by dumping him via her Facebook status message anymore without getting harrassed by a horde of social news readers? Nope. New York videoblogger Sandra [lastname] tried to get away with it. The image above got over 1,600 votes on Digg.

On Digg, there are scores of comments attacking the woman.

Over at Wired’s Underwire blog, Jenna Wortham writes:

Since the story hit Digg on Dec. 4, the count (at the time of posting) clocks in at 1,878 Diggs and 482 comments. In addition to an onslaught of scathingly harsh comments denouncing “her” actions, a litany of low blows were slung, mocking her looks and ridiculing any bit of personal information scavenged from the web, adding up to the thinly veiled conclusion: The crowd agrees that Sandra [lastname] got exactly what she deserved. If the real Sandra [lastname] is indeed suffering at the expense of a jilted lover or a Punk’d-style prank gone horribly awry, one has to wonder at the long-term ramifications of this alleged hack and subsequent Digg-villification. Will future friends, boyfriends and employers remember this murky quagmire and steer clear?

One blog refers to the breakup as “Dumping 2.0.”

Meanwhile, it’s time for Facebook to snap into action with the appropriate Social Ad.

Hat tip: Guilherme Roschke


More Facts about the Megan Meier Case

This story from CNN provides some interesting facts about the Megan Meier case:

Megan became friends with the Drews’ young daughter and the girls remained close for years, according to a report provided by prosecutors. But the girls had a falling-out in 2006.

A teenage employee of Drew’s named Ashley said she created the “Josh” account on MySpace after a brainstorming session with Drew and her daughter, according to a prosecutor’s report. Drew said the girls approached her with the idea, and she told them only to send polite messages to Megan.

Ashley sent Megan many of the messages from “Josh,” and Lori Drew was aware of them, prosecutors said.

On October 16, 2006, there was a heated online exchange between Megan and Ashley, who was posing as Josh. A few other MySpace users joined in, calling Megan names. It ended when “Josh” said the world would be better off without Megan.

Tina Meier said her daughter went to her room, crying and upset. About 20 minutes later, Megan was found hanging from a belt tied around her neck.

Drew’s attorney Jim Briscoe said on NBC on Tuesday that Drew “absolutely, 100 percent” had nothing to do with the negative comments posted online about Megan and wasn’t aware of them until after the girl took her life.

One possibility is that perhaps one of the other young girls involved made the nasty comments that precipitated Megan’s despair. This still doesn’t excuse the mother’s involvement in the fake profile, but much of the online shaming blames her for the suicide. Maybe Lori Drew is taking the brunt of the criticism to protect the other young girls involved.

Suppose the mother weren’t involved at all, and the profile were made totally by the young teenage girls without the knowledge of any adults — would people feel differently about the online shaming campaign or about posting personal information about the creators of the profile?

Meanwhile, the shaming of the Drews continues:

Read More


The Megan Meier Case: New Developments

Recently, I blogged about the tragic Megan Meier case, where the parent of a classmate of Megan’s created a fake MySpace profile and pretended to be a boy (Josh Evans) interested in Megan. When the fictitious boy suddenly dumped Megan and wrote nasty comments, Megan committed suicide. A local newspaper reported the story, which quickly caught fire in the media. The local reporter declined to identify the woman who created the fake profile, fearing vigilantism, but a woman named Sarah Wells posted the woman’s name — Lori Drew — and her address. Soon, the blogosphere was aflame in rage at Drew. Recently, the local prosecutor considered bringing charges against Drew but ultimately concluded that Drew had not committed any crime.

Now there’s a new twist in the case. On a blog called “Megan Had It Coming” is a post purportedly written by Lori Drew.


The blogger, who claims to be Drew, writes a lengthy essay explaining her side of the story:

It’s time I dropped the charade. Yes, I made this blog. Yes, I’m Lori Drew.

My daughter had nothing to do with this. Everyone needs to leave her alone. None of you can possibly know her involvement, and none of you can possibly know what she’s gone through. She’s just a kid. She doesn’t deserve these brutal verbal attacks. Please stop.

Now that Mr. Banas has made public the announcement that there will be no charges filed against me or my family, I feel it is time to speak out about this tragic affair. I cannot count on any media organization to fairly represent my story, as they have grossly misrepresented and sensationalized the story so far. So, I must present my case here, on the blog that has been my only outlet. . . .

Then Sarah Wells outed me. Then the hate and harassment and threats poured in. Even against my daughter. First there were dozens of calls, then hundreds, then there was national news, and everyone went crazy.

That’s why I started this blog and posted as “Kirsten.” I was so angry at the world for being so unfair, especially when it came to my daughter whom I had sworn to protect from all of this. I took a low blow at Megan’s memory because I desperately wanted the world to at least get a glimpse of the truth.

But that’s all over now. The final word from authorities has come down that there will be no charges, so I don’t have to remain silent. There’s no point in hiding anymore. The internet has made it clear that mob revenge must prevail, even if there’s no justice in it. So be it.

Here I am, internet. Come get me.

There’s a lot more in the post, which has over 1800 comments. Is this really Lori Drew? The Internet makes it so easy to spread information — in anyone’s name — that it could be Drew or just some imposter.

Hat tip: Prettier than Napoleon, who writes that the “blog is almost certainly a hoax (any competent attorney would have put the kibosh on it), but does it matter? Regardless of authenticity, it acts as a lightning rod for outrage, and the reputation of the purported author is already shredded.”

UPDATE: The blog is indeed a hoax.


Facebook — the New DoubleClick?

facebook3.jpgI previously complained about Facebook’s Beacon and Social Ads, and last week Facebook appeared to back down (at least from Beacon) by changing its policy and having users opt-in before their activities on other websites is broadcast on their profiles. I applauded Facebook’s change of heart.

But there are more disturbing aspects of Beacon that have not been changed. According to Macworld:

If you think that just because you have never signed up for Facebook you’re immune to the tracking and collecting of user activities outside of this popular social networking site, think again.

Facebook’s controversial Beacon ad system tracks activities from all users in its third-party partner sites, including from people who have never signed up with Facebook or who have deactivated their accounts, CA has found.

Beacon captures detailed data on what users do on these external partner sites and sends it back to Facebook along with users’ IP addresses, Stefan Berteau, senior research engineer at CA’s Threat Research Group, said Monday in an interview.

This happens even if users delete the Facebook cookie. “The Facebook Javascript [code] is still called by the affiliate site and the information is passed in,” he said. In the case of users without accounts or with deactivated accounts, the data isn’t tied to a Facebook ID, he said.

However, it is well-known that IP addresses provide a variety of information about users, and have in some cases been used to identify individuals.

The information captured by Beacon in these cases includes the addresses of Web pages visited by the user and a string with the action taken in the partner site, Berteau said. . . .

Over the weekend, Facebook confirmed that Berteau’s report on Friday was accurate, but said that it deletes the data it gets under these circumstances.

Still, Friday’s findings deepened the privacy concerns surrounding Beacon since its introduction several weeks ago. And the admission Monday added to the concerns, since it contradicted what had, until then, been the official company line about this issue.

For more, see Michael Zimmer’s post.

A while back, DoubleClick generated many privacy complaints. DoubleClick used information about people’s websurfing habits to target ads on various websites. Facebook’s Beacon appears to be a related incarnation of the DoubleClick advertising model.

Facebook is not the only one to blame with Beacon. About 40 websites participate in the Beacon program, including:

Read More


Facebook Founder Zuckerberg’s Lost Privacy

facebook3.jpgFacebook founder, Mark Zuckerberg, has learned a lesson about privacy — it’s hard to maintain if others irresponsibly leak your personal information. From the New York Times:

Facebook tried last week to force the magazine 02138 to remove some unflattering documents about Mr. Zuckerberg from its Web site. But a federal judge turned down the company’s request for a court order to take down the material, according to the magazine’s lawyers. . . .

02138, which refers to Harvard College’s ZIP code in Cambridge, Mass., and consists primarily of articles about Harvard and Harvard alumni, published an article last week about the genesis of Facebook and the resulting lawsuit. The piece is sympathetic to the plaintiffs’ account and questions the validity of Mr. Zuckerberg’s claims.

The article relied in part on documents submitted in the lawsuit, in Federal District Court in Boston, that were ordered sealed by the judge in the case, Douglas P. Woodlock. On its Web site, 02138 posted not only the article, but also the documents, which include Mr. Zuckerberg’s handwritten application for admission to Harvard and an excerpt from an online journal he kept as a student that contains biting comments about himself and others.

Luke O’Brien, the freelance reporter who wrote the article, said that he had done nothing wrong in obtaining the documents and that neither side in the lawsuit had improperly leaked them to him. He said he had obtained the papers in mid-September from the First Circuit Court of Appeals in Boston, which considered a part of the case, where a clerk apparently made a mistake and let him read and copy sealed documents, along with those that were still supposed to be open to the public. . . .

Some of the pages he copied were stamped “Confidential” or “Redacted.” Bom Kim, founder and editor of 02138, which is not affiliated with the university or its alumni association, said that gave him pause.

On Thursday, Facebook asked Judge Woodlock to order 02138 to strike the documents from its Web site. Lawyers for 02138 said that late Friday, the judge, in an oral ruling, turned down the request; Facebook and its lawyer refused to confirm or deny that account. Calls to the court went unanswered.

Since the documents were leaked by the court, the First Amendment bars the newspaper from being sued for publishing them. See Cox Broadcasting v. Cohn, 420 U.S. 469 (1975).

The Zuckerberg incident raises an issue that I find to be occurring far too often — courts inadvertently leaking sealed and confidential documents. As businesses have discovered, after the spate of data security breaches in 2005, keeping people’s data secure is no easy task and demands training and resources. But courts, it seems, have not thought much about data security. One of the problems is that a victim of a judicial leak of information has little recourse. The First Amendment prevents stopping a newspaper or blogger or anyone who obtains the information from publicizing it. As for the court, the court clerk and officials are typically immune from liability. So if a court leaks your confidential personal information, it’s tough luck for you.

There needs to be a better incentive for courts to protect personal information. “Oops, I’m sorry” just doesn’t cut it if a court is negligent in keeping information secure.

Hat tip: Bashman

Metcalfe’s Law vs. WealthSpace

If you’re getting sick of FaceBook‘s privacy practices, and have a high net worth, you might opt into new social networking sites for the wealthy…call them WealthSpaces. Founders of such sites have found the balance between openness and access tricky:

“It’s very difficult to build a network based solely on wealth,” says Stephen Martiros, a managing director of CCC Alliance, a coalition of rich families based in Boston. “You might start with a few wealthy people, but as you grow it eventually reverts to the mean. And once that happens, the wealthy leave.”

A Geneva member [of aSmallWorld, another social network for the wealthy] wrote: “One of my friends, a funny old-timer here, told me that the site has lowered so much its level, that she has invited her maids.”

Funny indeed. While the social networking of the rich and famous may seem a silly topic, the dilemmas of these sites actually reflect a larger tension within social networking.

Read More


Facebook Listens and Responds

facebook3.jpgI’m quite pleased to learn that Facebook has come to a privacy epiphany. I’ve been blogging a lot lately about the privacy problems with Facebook’s new features — Beacon and Social Ads:

* Facebook’s Beacon: News Feeds All Over Again?

* The Facebook-Fandango Connection: Invasion of Privacy?

* Facebook and the Appropriation of Name or Likeness Tort

* The New Facebook Ads — Starring You: Another Privacy Debacle?

Facebook recently announced that it is changing the way it obtains people’s consent before it uses or discloses their personal information. In particular, its change in policy involves Beacon. According to the AP:

More than 40 different Web sites, including, and, had embedded Beacon in their pages to track transactions made by Facebook users.

Unless instructed otherwise, the participating sites alerted Facebook, which then notified a user’s friends within the social network about items that had been bought or products that had been reviewed.

Facebook thought the marketing feeds would help its users keep their friends better informed about their interests while also serving as “trusted referrals” that would help drive more sales to the sites using the Beacon system.

But thousands of Facebook users viewed the Beacon referrals as a betrayal of trust. Critics blasted the advertising tool as an unwelcome nuisance with flimsy privacy protections that had already exasperated and embarrassed some users.

Some users have already complained about inadvertently finding out about gifts bought for them for Christmas and Hanukkah after Beacon shared information from Other users say they were unnerved when they discovered their friends had found out what movies they were watching through purchases made on Fandango.

Peter Lattman of WSJ blog was one of the ones caught off guard by Beacon, when he discovered to his dismay that Facebook announced to his friends that he bought tickets to Bee Movie on Fandango.

According to the New York Times:

Under Beacon, when Facebook members purchase movie tickets on, for example, Facebook sends a notice about what movie they are seeing in the News Feed on all of their friends’ pages. If a user saves a recipe on or rates travel venues on, friends are also notified. There is an opt-out box that appears for a few seconds, but users complain that it is hard to find.

The New York Times story explains Facebook’s change in policy:

Read More


Facebook’s Beacon: News Feeds All Over Again?

facebook3.jpgI recently blogged about Facebook’s Beacon, where it adds information to user profiles of their purchases at participating external websites such as Fandango. Beacon is starting to spark a privacy outcry among Facebook users. From the AP:

Some users of the online hangout Facebook are complaining that its two-week-old marketing program is publicizing their purchases for friends to see.

Those users say they never noticed a small box that appears on a corner of their Web browsers following transactions at Fandango, Overstock and other online retailers. The box alerts users that information is about to be shared with Facebook unless they click on “No Thanks.” It disappears after about 20 seconds, after which consent is assumed.

Users are given a second notice the next time they log on to Facebook, but they can easily miss it if they quickly click away to visit a friend’s page or check e-mail.

Back in 2006, Facebook rolled out a new feature called News Feeds that sparked a privacy outcry among its users and prompted Facebook to issue a letter of apology. Perhaps it is deja vu all over again with Beacon. According to the AP story:

Users are able to decline sharing on a site-by-site basis, but can’t withdraw from the program entirely. . . .

Liberal advocacy group formed a protest group Tuesday and had more than 6,000 members by Wednesday. The group is calling on Facebook to stop revealing online purchases and letting companies use names for endorsements without “explicit permission.”

“We want Facebook to realize that their users are rightly concerned that private information is being made public,” MoveOn spokesman Adam Green said, adding that Facebook could quell concerns by seeking “opt in” consent rather than leaving it to users to “opt out” by taking steps to decline sharing.

Maybe Facebook should realize something that strikes many as common sense — if people want something to appear in their profiles, they’ll put it there themselves.