Photo credit: Rob Pongsajapan.

Last week I had the pleasure of attending the Lift conference and helping to run a workshop on user privacy. This was a workshop with a difference. My colleague Franco Papeschi came up with the idea of a privacy “game” (“Denopticon“) which would help participants explore the issues around privacy, personal information and data sharing. The game started with participants filling out an ID card with personal information about themselves. Participants earned points for finding out and recording personal information from others and additional points for fulfilling various secret missions. It was enormously fun and I hope to help run it again at other events. But besides being fun, it helped the participants, and the moderators, think about the key issues around user privacy.

This was against the backdrop of enormous upheaval in the area of user privacy on the Web. I remember when privacy on the Web used to boil down to “turning off cookies.” Now-a-days if you turn off cookies, you might as well use your computer as a doorstop, and anyway the privacy conversation has so moved on. In a world where more and more of our communication is happening through social networks and socially connected applications, the whole concept of privacy is being turned on its head, to the extent that some (such as Christian Heller) are claiming that we are now living in a “post-privacy” world. And, of course, Google’s Eric Schmidt is on record saying “If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” which (if he truly believes this) I think betrays an almost pathological misapprehension about the human condition.

The truth is, we need privacy, as a society. Anyone who claims we don’t is (forgive me) either terribly naïve, stupid, or a sociopath. Privacy, and a reasonable expectation that some of our actions and communications are and will remain private, is a social lubricant that allows for healthy exercise of denial and other mechanisms that keep us sane. Anti-privacy pundits are quick to reply that “the kids” don’t care about privacy – but this notion doesn’t bear up under the facts. (For evidence, an article from today’s NY Times reporting on the increasing awareness of youth to privacy issues.) In fact, there seems to be a backlash against the “private is public” mentality which has led to over-sharing and social networking fatigue. (Do I really care that you’ve won the medal of the badge of being the mayor of the Duncan Donuts at 33rd and 8th? Maybe that’s something better kept private.)

Over-sharing as promoted by servers like Foursquare may be annoying but it’s basically harmless. You may be opening yourself up to stalking or having your house burgled but that’s a choice you’re willing to make for the benefits that social sharing bring, right? OK, but what happens when you’re not just making that decision for yourself? What happens when your sharing impacts your family, your sexual partner, your children? Emerging usages of  social networks will require more trustable, private environments. With their ability to share structured data, social networks could be a great environment to interact with your stock broker or financial advisor. What about health service communications – such as your blood sugar levels or the results of your AIDS test? What about parent-teacher communications? The list goes on – all of these intrinsically private types of communication could benefit from the rich communication mechanisms that social networks bring to bear. But people would (rightly) be reluctant to use Facebook or other existing social networks in these ways.

Unfortunately, although social platforms like Facebook are adding richer privacy controls, there remain problems both with the implementation of these controls and in making them understandable to regular users. I think Facebook has actually made a lot of progress in making privacy options visible and usabile – at least on their Web site. In fact, my personal trust level of Facebook’s privacy mechanisms has increased enough that I’ve begun sharing family photos and other information with family members on the platform. I’ve been very frustrated by the lack of privacy controls on their mobile clients and mobile web site, but it seems to me they are on the right track. There are challenges on the horizon, though.

One challenge will emerge from the wealth of availability of data that is opening up to Web developers. With a few lines of JavaScript code, a Web application or widget can access your location (via the Geolocation API). Soon, that information will expand to capturing your camera image or digging into your address book. Although browser and web runtime makers are building in privacy controls, are they working and are they the right ones? These are the issues we’ll be exploring at an upcoming W3C workshop I’ll be co-chairing on privacy and device APIs.

Another challenge is going to be implementing trustable privacy in the post-Facebook world. How would my family photos use-case work if my family members were not all on Facebook  but were members of a series of federated social networks? These are some of the problem spaces we’ve been exploring in the W3C Social Web Incubator. The OneSocialWeb project is building an open source platform that uses XMPP to bring some of these ideas to life.

One thing is clear: privacy is becoming a key industry topic and a flashpoint in the intersection between mobile, social and  the Web. The common wisdom is shifting away from the idea that “people don’t care about online privacy” which is good, but it throws a spotlight on the mess that privacy on the Web has become. Cleaning up that mess is going to take some effort.

On the point of openness, though, my friend definitely has a point. LinkedIn really needs APIs, including the ability to get at your data using FOAF or other open protocols. In fact, if Facebook and LinkedIn both supported FOAF, you would be able to choose which service best suited you and then build your network picking friends/colleagues from either service (or any other FOAF-based service). Imagine this: you build up your network on Bebo, then when you go to college you transfer everything over to Facebook and when you become an old codger like me you can graduate to LinkedIn. Why can’t we all just get along?