Category: Social Network Websites


The Woes of Web 2.0

From CNN comes yet another story about people who disclose too much information on their blogs and social network websites:

On a Facebook group that celebrates young women getting drunk, there’s no such thing as going too far.

One young woman dances on top of a bar. Another sits on the toilet drinking a beer. Several vomit. One appears with a bruised and bandaged face (“I just got drunk and fell out of a car,” she writes.). In another photo, two women urinate into a waterfall.

What you won’t find on this page — called “Thirty Reasons Girls Should Call it a Night” — is humiliation and embarrassment. For the most part, the women post the photos themselves, seemingly with pride. This makes many adults — teachers, counselors, parents — worry that students aren’t thinking through the consequences of showing themselves drunk to the world.

Many photos on the site are accompanied by full names and the colleges the women attend, apparently without much concern that parents, or potential employers, will take a look.

Recently, a commenter to one of my posts pointed me to this apt cartoon at Geek Culture’s The Joy of Tech.


Used with permission.

Will having embarrassing information on the Internet affect people’s employment prospects in the future? Or will it all just grow passé? Are we witnessing a generational shift, where people will just get used to being more exposed than ever before? Will people be less harsh in judging others, as everybody will have their drunk naked photos and other private information online? Or will there be consequences and regrets? Only time will tell, but I find it to be an interesting issue for cultural speculation.


Facebook’s Beacon, Blockbuster, and the Video Privacy Protection Act


The news has been buzzing lately about Facebook’s Beacon, where participating websites share personal information with Facebook. Beacon originally had a poor notice and opt-out policy, but after significant public criticism, Facebook changed to an opt-in policy. Even under the new opt-in policy, however, the participating companies are still turning data over to Facebook, and that spells potential trouble for at least one of the 40 companies in the Beacon program — Blockbuster Video.

Over at Laboratorium, Professor James Grimmelmann (NY Law School) has an excellent post arguing that Blockbuster’s participation in Facebook’s Beacon violates the Video Privacy Protection Act (VPPA), 18 U.S.C. § 2710. James writes:

The VPPA states:

A video tape service provider who knowingly discloses, to any person, personally identifiable information concerning any consumer of such provider shall be liable….

18 U.S.C. § 2710(b)(1). The important first question is who’s a “video tape service provider.” That’s defined in paragraph (a)(4):

[T]he term “video tape service provider” means any person, engaged in the business, in or affecting interstate or foreign commerce, of rental, sale, or delivery of prerecorded video cassette tapes or similar audio visual materials. . . .

Blockbuster clearly qualifies as a video tape service provider. To the extent it transmits information to Facebook about a customer’s video purchases — no matter what Facebook ultimately does with that data (i.e. regardless of whether it appears in a person’s profile, is stored by Facebook in a database, or is deleted), Blockbuster could be liable under VPPA. The statute is an opt-in statute, requiring that the customer provide “informed written consent . . . at the time the disclosure is sought” in order for the disclosure to be permissible.

James also analyzes whether Facebook could be liable as well:

There’s the joint enterprise theory; since Facebook and Blockbuster acted together, and Blockbuster is liable, so too is Facebook. There’s a split in the VPPA caselaw as to whether liability runs only against the video tape service provider, or can run also against the person who induced the disclosure.

James concludes:

Put this all together, and the legal situation looks a bit bleak for Facebook and Blockbuster. The VPPA provides damages of $2,500 per violation, plus punitive damages and attorneys’ fees. I have no idea how many movies wound up in people’s news feeds, but it doesn’t have to be too many for the total to hurt. Class action lawyers, start your engines.


Reputation Economies Symposium

yale-reputation.jpgI’m currently at the Reputation Economies Symposium at Yale Law School. The conference has been quite good.

Professor Rebecca Tushnet (Georgetown) is liveblogging the conference, and I found her account of my panel to very nicely summarize what was said. For those who are interested in the conference but unable to be here today, you should read Rebecca’s terrific account over at her 43(B)log:

Panel I: Making Your Name Online (Bawens, Ghosh, Hoffman, Masum, Noveck)

Panel II: Privacy and Reputational Protection (Acquisti, Citron, McGeveran, Solove, Zittrain)

Panel III: Reputational Quality and Information Quality (Gasser, Goel, Kirovski, Kuraishi, Prakash)

Panel IV: Ownership of Cyber-Reputation (Clippinger, Goldman, Sutor, Thompson, Tushnet)

UPDATE: Eric Goldman and Michael Zimmer also have good recaps.


Megan Meier Blog: A Hoax

A few days ago, I blogged about a blog called “Megan Had It Coming” when a blogger in the name of Lori Drew (the mother who was involved in the case) attempted to explain her side of the story. I wrote in my post that the blog might very well be a hoax, and it indeed was. From CNN:

Police are investigating Internet postings of someone posing as the woman linked to an online hoax played on a 13-year-old girl who committed suicide. . . .

Lori Drew’s attorney said Friday that she is not the writer.

The St. Charles County sheriff’s department is investigating the blog postings on to see whether a crime has been committed, a spokesman said.

“Any Internet message that purports to be a member of the Drew family is being managed by an impostor and undoubtedly is being done for the purpose of further damaging the Drews’ reputation,” the family said in a statement. . . .

Lori Drew’s lawyer, Jim Briscoe, said Google Inc., which owns, has been contacted. A Google spokesman said the company is reviewing the impersonation allegation. . . .

Since then, the Drews have been besieged with negative publicity, and Meier’s death prompted her hometown of Dardenne Prairie to adopt a law engaging in Internet harassment a misdemeanor.

Now, elected officials say the law’s first use could be to prevent possible harassment against the Drews.

“I would say that would be a possibility, that they could be the first,” Mayor Pam Fogarty said Friday. “A law is a law is a law. You can’t discriminate.” . . . .

St. Charles County Prosecutor Jack Banas said he heard about the postings through the news media and asked the sheriff’s department to investigate.

Banas said he had no idea if someone might be charged under the Dardenne Prairie measure. He explained any charges he brings are under state law, not under local ordinances.


Breaking Up: From Face-to-Face to Facebook

In my book, The Future of Reputation: Gossip, Rumor, and Privacy on the Internet, I write about how members of the current generation — what I call “Generation Google” — are increasingly spreading gossip and rumors about their private lives online. Some people have few inhibitions, especially one woman who decided to break up with her boyfriend by posting it on Facebook.


From Valleywag:

Can’t a girl publicly humiliate her boyfriend by dumping him via her Facebook status message anymore without getting harrassed by a horde of social news readers? Nope. New York videoblogger Sandra [lastname] tried to get away with it. The image above got over 1,600 votes on Digg.

On Digg, there are scores of comments attacking the woman.

Over at Wired’s Underwire blog, Jenna Wortham writes:

Since the story hit Digg on Dec. 4, the count (at the time of posting) clocks in at 1,878 Diggs and 482 comments. In addition to an onslaught of scathingly harsh comments denouncing “her” actions, a litany of low blows were slung, mocking her looks and ridiculing any bit of personal information scavenged from the web, adding up to the thinly veiled conclusion: The crowd agrees that Sandra [lastname] got exactly what she deserved. If the real Sandra [lastname] is indeed suffering at the expense of a jilted lover or a Punk’d-style prank gone horribly awry, one has to wonder at the long-term ramifications of this alleged hack and subsequent Digg-villification. Will future friends, boyfriends and employers remember this murky quagmire and steer clear?

One blog refers to the breakup as “Dumping 2.0.”

Meanwhile, it’s time for Facebook to snap into action with the appropriate Social Ad.

Hat tip: Guilherme Roschke


More Facts about the Megan Meier Case

This story from CNN provides some interesting facts about the Megan Meier case:

Megan became friends with the Drews’ young daughter and the girls remained close for years, according to a report provided by prosecutors. But the girls had a falling-out in 2006.

A teenage employee of Drew’s named Ashley said she created the “Josh” account on MySpace after a brainstorming session with Drew and her daughter, according to a prosecutor’s report. Drew said the girls approached her with the idea, and she told them only to send polite messages to Megan.

Ashley sent Megan many of the messages from “Josh,” and Lori Drew was aware of them, prosecutors said.

On October 16, 2006, there was a heated online exchange between Megan and Ashley, who was posing as Josh. A few other MySpace users joined in, calling Megan names. It ended when “Josh” said the world would be better off without Megan.

Tina Meier said her daughter went to her room, crying and upset. About 20 minutes later, Megan was found hanging from a belt tied around her neck.

Drew’s attorney Jim Briscoe said on NBC on Tuesday that Drew “absolutely, 100 percent” had nothing to do with the negative comments posted online about Megan and wasn’t aware of them until after the girl took her life.

One possibility is that perhaps one of the other young girls involved made the nasty comments that precipitated Megan’s despair. This still doesn’t excuse the mother’s involvement in the fake profile, but much of the online shaming blames her for the suicide. Maybe Lori Drew is taking the brunt of the criticism to protect the other young girls involved.

Suppose the mother weren’t involved at all, and the profile were made totally by the young teenage girls without the knowledge of any adults — would people feel differently about the online shaming campaign or about posting personal information about the creators of the profile?

Meanwhile, the shaming of the Drews continues:

Read More


The Megan Meier Case: New Developments

Recently, I blogged about the tragic Megan Meier case, where the parent of a classmate of Megan’s created a fake MySpace profile and pretended to be a boy (Josh Evans) interested in Megan. When the fictitious boy suddenly dumped Megan and wrote nasty comments, Megan committed suicide. A local newspaper reported the story, which quickly caught fire in the media. The local reporter declined to identify the woman who created the fake profile, fearing vigilantism, but a woman named Sarah Wells posted the woman’s name — Lori Drew — and her address. Soon, the blogosphere was aflame in rage at Drew. Recently, the local prosecutor considered bringing charges against Drew but ultimately concluded that Drew had not committed any crime.

Now there’s a new twist in the case. On a blog called “Megan Had It Coming” is a post purportedly written by Lori Drew.


The blogger, who claims to be Drew, writes a lengthy essay explaining her side of the story:

It’s time I dropped the charade. Yes, I made this blog. Yes, I’m Lori Drew.

My daughter had nothing to do with this. Everyone needs to leave her alone. None of you can possibly know her involvement, and none of you can possibly know what she’s gone through. She’s just a kid. She doesn’t deserve these brutal verbal attacks. Please stop.

Now that Mr. Banas has made public the announcement that there will be no charges filed against me or my family, I feel it is time to speak out about this tragic affair. I cannot count on any media organization to fairly represent my story, as they have grossly misrepresented and sensationalized the story so far. So, I must present my case here, on the blog that has been my only outlet. . . .

Then Sarah Wells outed me. Then the hate and harassment and threats poured in. Even against my daughter. First there were dozens of calls, then hundreds, then there was national news, and everyone went crazy.

That’s why I started this blog and posted as “Kirsten.” I was so angry at the world for being so unfair, especially when it came to my daughter whom I had sworn to protect from all of this. I took a low blow at Megan’s memory because I desperately wanted the world to at least get a glimpse of the truth.

But that’s all over now. The final word from authorities has come down that there will be no charges, so I don’t have to remain silent. There’s no point in hiding anymore. The internet has made it clear that mob revenge must prevail, even if there’s no justice in it. So be it.

Here I am, internet. Come get me.

There’s a lot more in the post, which has over 1800 comments. Is this really Lori Drew? The Internet makes it so easy to spread information — in anyone’s name — that it could be Drew or just some imposter.

Hat tip: Prettier than Napoleon, who writes that the “blog is almost certainly a hoax (any competent attorney would have put the kibosh on it), but does it matter? Regardless of authenticity, it acts as a lightning rod for outrage, and the reputation of the purported author is already shredded.”

UPDATE: The blog is indeed a hoax.


Facebook — the New DoubleClick?

facebook3.jpgI previously complained about Facebook’s Beacon and Social Ads, and last week Facebook appeared to back down (at least from Beacon) by changing its policy and having users opt-in before their activities on other websites is broadcast on their profiles. I applauded Facebook’s change of heart.

But there are more disturbing aspects of Beacon that have not been changed. According to Macworld:

If you think that just because you have never signed up for Facebook you’re immune to the tracking and collecting of user activities outside of this popular social networking site, think again.

Facebook’s controversial Beacon ad system tracks activities from all users in its third-party partner sites, including from people who have never signed up with Facebook or who have deactivated their accounts, CA has found.

Beacon captures detailed data on what users do on these external partner sites and sends it back to Facebook along with users’ IP addresses, Stefan Berteau, senior research engineer at CA’s Threat Research Group, said Monday in an interview.

This happens even if users delete the Facebook cookie. “The Facebook Javascript [code] is still called by the affiliate site and the information is passed in,” he said. In the case of users without accounts or with deactivated accounts, the data isn’t tied to a Facebook ID, he said.

However, it is well-known that IP addresses provide a variety of information about users, and have in some cases been used to identify individuals.

The information captured by Beacon in these cases includes the addresses of Web pages visited by the user and a string with the action taken in the partner site, Berteau said. . . .

Over the weekend, Facebook confirmed that Berteau’s report on Friday was accurate, but said that it deletes the data it gets under these circumstances.

Still, Friday’s findings deepened the privacy concerns surrounding Beacon since its introduction several weeks ago. And the admission Monday added to the concerns, since it contradicted what had, until then, been the official company line about this issue.

For more, see Michael Zimmer’s post.

A while back, DoubleClick generated many privacy complaints. DoubleClick used information about people’s websurfing habits to target ads on various websites. Facebook’s Beacon appears to be a related incarnation of the DoubleClick advertising model.

Facebook is not the only one to blame with Beacon. About 40 websites participate in the Beacon program, including:

Read More


Facebook Founder Zuckerberg’s Lost Privacy

facebook3.jpgFacebook founder, Mark Zuckerberg, has learned a lesson about privacy — it’s hard to maintain if others irresponsibly leak your personal information. From the New York Times:

Facebook tried last week to force the magazine 02138 to remove some unflattering documents about Mr. Zuckerberg from its Web site. But a federal judge turned down the company’s request for a court order to take down the material, according to the magazine’s lawyers. . . .

02138, which refers to Harvard College’s ZIP code in Cambridge, Mass., and consists primarily of articles about Harvard and Harvard alumni, published an article last week about the genesis of Facebook and the resulting lawsuit. The piece is sympathetic to the plaintiffs’ account and questions the validity of Mr. Zuckerberg’s claims.

The article relied in part on documents submitted in the lawsuit, in Federal District Court in Boston, that were ordered sealed by the judge in the case, Douglas P. Woodlock. On its Web site, 02138 posted not only the article, but also the documents, which include Mr. Zuckerberg’s handwritten application for admission to Harvard and an excerpt from an online journal he kept as a student that contains biting comments about himself and others.

Luke O’Brien, the freelance reporter who wrote the article, said that he had done nothing wrong in obtaining the documents and that neither side in the lawsuit had improperly leaked them to him. He said he had obtained the papers in mid-September from the First Circuit Court of Appeals in Boston, which considered a part of the case, where a clerk apparently made a mistake and let him read and copy sealed documents, along with those that were still supposed to be open to the public. . . .

Some of the pages he copied were stamped “Confidential” or “Redacted.” Bom Kim, founder and editor of 02138, which is not affiliated with the university or its alumni association, said that gave him pause.

On Thursday, Facebook asked Judge Woodlock to order 02138 to strike the documents from its Web site. Lawyers for 02138 said that late Friday, the judge, in an oral ruling, turned down the request; Facebook and its lawyer refused to confirm or deny that account. Calls to the court went unanswered.

Since the documents were leaked by the court, the First Amendment bars the newspaper from being sued for publishing them. See Cox Broadcasting v. Cohn, 420 U.S. 469 (1975).

The Zuckerberg incident raises an issue that I find to be occurring far too often — courts inadvertently leaking sealed and confidential documents. As businesses have discovered, after the spate of data security breaches in 2005, keeping people’s data secure is no easy task and demands training and resources. But courts, it seems, have not thought much about data security. One of the problems is that a victim of a judicial leak of information has little recourse. The First Amendment prevents stopping a newspaper or blogger or anyone who obtains the information from publicizing it. As for the court, the court clerk and officials are typically immune from liability. So if a court leaks your confidential personal information, it’s tough luck for you.

There needs to be a better incentive for courts to protect personal information. “Oops, I’m sorry” just doesn’t cut it if a court is negligent in keeping information secure.

Hat tip: Bashman

Metcalfe’s Law vs. WealthSpace

If you’re getting sick of FaceBook‘s privacy practices, and have a high net worth, you might opt into new social networking sites for the wealthy…call them WealthSpaces. Founders of such sites have found the balance between openness and access tricky:

“It’s very difficult to build a network based solely on wealth,” says Stephen Martiros, a managing director of CCC Alliance, a coalition of rich families based in Boston. “You might start with a few wealthy people, but as you grow it eventually reverts to the mean. And once that happens, the wealthy leave.”

A Geneva member [of aSmallWorld, another social network for the wealthy] wrote: “One of my friends, a funny old-timer here, told me that the site has lowered so much its level, that she has invited her maids.”

Funny indeed. While the social networking of the rich and famous may seem a silly topic, the dilemmas of these sites actually reflect a larger tension within social networking.

Read More