Protecting Your Privacy On Social Networking Sites Now that the Library of Congress is archiving tweets and lawyers are using Facebook status updates in cross-examinations, how private are our online musings? Ira Flatow and guests discuss the ethical, legal and social issues associated with increasingly public social networking sites.

Protecting Your Privacy On Social Networking Sites

Protecting Your Privacy On Social Networking Sites

  • Download
  • <iframe src="" width="100%" height="290" frameborder="0" scrolling="no" title="NPR embedded audio player">
  • Transcript

Now that the Library of Congress is archiving tweets and lawyers are using Facebook status updates in cross-examinations, how private are our online musings? Ira Flatow and guests discuss the ethical, legal and social issues associated with increasingly public social networking sites.

Related NPR Stories


You're listening to SCIENCE FRIDAY from NPR. I'm Ira Flatow.

How many times a day are you on Facebook? Well, if you're like me, I'm on Facebook quite a number of times a day. I'm either checking my status, I'm posting my own status, I'm updating our SCIENCE FRIDAY page, which, judging by our fans on SCIENCE FRIDAY's Facebook page - and there now 11,570 of you fans who have profiles on our Facebook page - you're joining more than 400 million people worldwide who belong to Facebook.

But lately, we've been seeing continuous changes in Facebook's privacy policy and hearing comments like this one in January from Facebook founder Mark Zuckerberg, who claims that - well, listen to what he has to say.

Mr. MARK ZUCKERBERG (Founder, Facebook): And people have really gotten comfortable, not only sharing more information and different kinds but more openly and with more people. And that social norm is just something that has evolved over time.

And we view it as our role in the system to constantly be kind of innovating and be updating what our system is to reflect what the current social norms are.

FLATOW: Does Facebook reflect your social norms? Does the privacy policy reflect your social norm, or do we create social norms, or does Facebook create social norms? Do you wonder just how much of what you post on Facebook has slipped, unintentionally, into the public domain. Stuff you didn't know was going there, maybe your birthday or your home town? It's possible that even simple personal data like that is enough to figure out your Social Security number.

And think of all the information Google has learned about you. You know, Google reads your email. Google reads your e-documents, your Google documents. They follow what you're reading, what you're searching for, even where you are at any given time.

On top of that, the Library of Congress is now archiving your tweets. So even if you'd like to cancel your Twitter account, and you try to erase your history of your tweets and your Twitter account and retreat into that quaint privacy idea of, oh, the 20th century. Can you ever erase your tweets if the government has a copy of every single one sitting in an archive somewhere?

This hour, we're going to take a look at your digital privacy. How can you protect it? Is it possible? Who really owns who owns your personal information and your right to disseminate it? Seems like it should be you, but is it?

Let us know how you're dealing with recent privacy changes? Give us a call. Our number, 1-800-989-8255, 1-800-989-TALK. What concerns you about privacy issues, and what are you doing about it yourself?

And you can tweet us a question by writing the @ sign followed by @scifri, @-S-C-I-F-R-I, and of course, you can surf over to our website at and leave comments and talk amongst yourselves on there while we're talking here on the radio.

Let me introduce my guests. Rich Mogull is an analyst and CEO of Securosis, a security firm based in Phoenix, Arizona. He's also a writer for the online news site, TidBITS. He joins us from KJZZ in Phoenix. Welcome to SCIENCE FRIDAY.

Mr. RICH MOGULL (Analyst and Chief Executive Officer, Securosis; Writer, TidBITS): Thanks, Ira, great to be here.

FLATOW: Nice to have you. Michael Zimmer is assistant professor in the School of Information Studies at the University of Wisconsin in Milwaukee. He's also an associate in the Center for Information Policy Research there. He joins us from WHAD FM in Milwaukee. Welcome to the program. Mr. Zimmer.

Mr. MICHAEL ZIMMER (Assistant Professor, School of Information Studies Associate, Center for Information Policy Research University of Wisconsin-Milwaukee): Hello, Ira. It's a real pleasure to be here.

FLATOW: Rich, you wrote an article on some ways to protect your privacy and still use Facebook. Can you walk us through some of those tips? And you know, the problem with Facebook is that privacy rules seem to be evolving and changing all the time.

Mr. MOGULL: Yeah, it's, you know, a really tough situation, because not only is Facebook constantly changing their privacy policies, they're also changing their practices, and then those two don't always match up, and there was kind of a big flare-up that we saw in the Wall Street Journal today, which I think we'll talk about later.

So really, the most important thing I advise people when using something like Facebook is understand that there is really no way to guarantee that whatever you do there is going to remain private.

And so, you know, even though we want to do pretty personal communications, I think we need to do so with the expectation that that will someday become public - someday become public and searchable on the Internet.

So it might there, you know, to haunt you in 20 years when you go to run for political office or something.

FLATOW: Keep going. Lots of questions for you, so go ahead.

(Soundbite of laughter)

Mr. MOGULL: You know, and the other thing is once you approach it, it's really liberating, once you realize that, you know, you go in with the expectation that that won't be private.

Now, the problem is your perceptions of privacy or what you consider private may change over time, and that's a really tough thing to handle, especially if you're younger.

Beyond that, there are some technical things we can talk about, we can get into, at some point, that'll also...

FLATOW: Sure, go ahead. Give us a couple of technical tips there.

Mr. MOGULL: Sure. So one of the things that I do is, you know, Facebook has these ways of sort of trying to track you around the Internet the same as any advertising network, and they communicate with those advertising networks.

So to limit the ability of Facebook to kind of track me around, I actually just use a dedicated Web browser for Facebook.

FLATOW: Wait, wait, so you have on Web browser just for Facebook. So if you Explorer for something, you might use Firefox just for your Facebook account.

Mr. MOGULL: Exactly. You just use Firefox or there's these great things calls single-site browsers, and if you go if you're using Firefox, you can download a tool called Prism, which will make that little browser for you, which is just sort of dedicated to that one site, and you don't have to worry about kind of wasting it, downloading a whole different version of Firefox or something.

FLATOW: Well, what's the risk if you don't do that, if you use just one browser for everything?

Mr. MOGULL: Well, I mean, black helicopters aren't going to come to your house. But if you do use that one browser, it certainly makes it a lot easier for people to track as you're moving around the Internet. And there's been some things Facebook has done in the past.

They had a beacon service where you this was the first big privacy problem they had. So back in 2007, if you visited one of their partner sites, they exchanged information about you, Facebook and the partner site, you know, automatically.

They have kind of a different version of this now called instant personalization, which is doing something similar, but if you only ever use that one browser for Facebook, it means everything there is just kind of isolated to that world of Facebook.

FLATOW: I see. Michael Zimmer, when, you know, when we first sign on to Facebook there is this, you know, terms of use policy. Does anybody ever read that? Do they know what they're agreeing to when they go to Facebook or Google or any of these other sites?

Mr. ZIMMER: No, by and large, you know, users aren't reading terms of service or privacy policies. And there's even been studies to show that when you ask users what they think a privacy policy means, most of them think it means that's how the website is protecting their privacy, when in reality, those policies are almost exclusively talking about the ways that they don't protect privacy, how are they going to use people's data and collect their data.

So it's almost a misnomer, calling it the privacy policy. You know, Facebook's, you know, the statistics were coming out in the past couple weeks how Facebook's privacy policy is longer than the U.S. Constitution. And there's really kind of a disconnect there that something should be so complicated to protect user privacy.

FLATOW: Would it be possible to come up with something simpler that we can, you know, a page or two long?

Mr. ZIMMER: Oh, absolutely. And there's been some efforts to sort of create a layered approach to having these kind of privacy policies. You know, if you're an attorney, you may want to see the whole thing, you know, but my mother just wants to know basically what are you collecting, and what are you going to do with it? And you can sort of have a policy that spells out, in one or two paragraphs, what's going on, and then you can sort of click through if you want to get more and more detailed.

Some companies, you know, Microsoft has done that to some extent. Google has even done some good things with their privacy center to help educate people a little bit better about what's happening with all their data on Google, and Facebook really needs to do something and do something quick to make people feel more comfortable.

FLATOW: Rich, if you had to make some bullet points, quick points, about your privacy policy, what would they look like?

Mr. MOGULL: Actually, that's what we do on our site. It's real you know, it depends on what the goals of the business are and the kind of relationship they want to have with the people visiting their site.

But the quick bullet points are pretty easy. It is, you know: one, you own your own information. We will not share anything you provide us without your permission. Two, a bullet point saying whether or not you track their activities or if you share any of their other information. And three, the one that I really like that not a lot of sites do, which is, you know, should we change this privacy policy, not only will we notify you, but you will have the opportunity to remove all of your information from us in the future if you don't agree with the new policy.

FLATOW: Well, if you could shrink all that verbiage in Facebook, what would it look like, down to a few bullet points?

Mr. MOGULL: You own your own words. You own your data. We won't share anything without your permission, and if we...

FLATOW: But what does it look like now?

Mr. MOGULL: It looks a lot bigger, as mentioned. It's, you know, longer than the Constitution. Of course, a lot of things in the world are longer than the Constitution.

FLATOW: But it basically boils down to we own everything that you agree to.

Mr. MOGULL: Oh yeah, they own absolutely everything. They can change the policy at any time. They don't have to notify you directly. They just have to post it on their site. And beyond that, they don't actually even completely follow all of their own policies.

FLATOW: They don't follow their own policies?

Mr. MOGULL: Well, that's what we just found out today. They said we will not share your information with marketers without your permission. It turns out, under some circumstances and, you know, they may have not realized that they were doing this, they're claiming that they're fixing it, removing that from the site. But that was what the Wall Street Journal reported today, which is your user ID can be shared with advertising networks every time you click on an advertisement.

FLATOW: Let me just say let me just tell our audience that we did ask for a representative from Facebook to come on and talk about this, but they didn't send one. We got pretty close.

(Soundbite of laughter)

FLATOW: I don't know why, (unintelligible) go ahead. Somebody pick one out. Rich, you want to go?

Mr. MOGULL: Yeah, just to close it out, the easy thing to remember is whatever their privacy policy is, they can change it at any time, and they can reapply it to anything you've ever put up there in the past. So in some ways, it almost doesn't even matter what it is currently.

FLATOW: Well, but on the other hand, without piling on Facebook, we could look at Google and say they're looking through all your email that you allow them to and your Google docs that are up there. They're surfing through that, looking for stuff they can use for advertising, are they not?

Mr. ZIMMER: Yeah, certainly Google has quite a bit of information, if not as much or more, about users than Facebook does. And I think and Google, I mean, myself and others have certainly have enough opportunities and moments to criticize their practices and procedures.

But I think over the last few years, they've actually made some good steps to try to address some of these issues. They've created a privacy center, YouTube videos, things to help educate users. They've done a better job in explaining how they're doing data collection. And even some of their products, like their behavioral targeting system that they recently launched, they allow users some level of access to see what's sort of going on behind the scenes.

Google's, by far, is not perfect in how they're approaching this, but I think Facebook has a long way to go. The trouble with that, what we learned in the Wall Street Journal, today, that Rich was talking about, was it was just a week ago that Facebook's head of public policy was giving some remarks in the New York Times where he said that we don't share information - identifiable information, to advertisers.

And just a week later, we find out, well, they do. And so there's a lot of these kind of disconnects between what Facebook is saying or promising and what's really happening. And that's what I find, you know, quite troubling, that a company that large and has so many people and so much information at their disposal, that they don't seem to be even on the same page internally in terms of what's going on with how they're handling that information.

FLATOW: We're talking about privacy on the Internet this hour with my guests Rich Mogull, who is analyst and CEO of Securosis, that's a security firm based in Phoenix; Michael Zimmer, assistant professor in the School of Information Studies at the University of Wisconsin in Milwaukee.

Our number is 1-800-989-8255. I urge you to go over to our website, and you can leave us some information and join a discussion about what your what do you think the privacy rights should be? What you like to see that it's finished?

You can also tweet us @scifri, @-S-C-I-F-R-I. We just need a few more tweet members to push us over the 50,000 mark. So maybe you can be the 50,000th person to join us this week. Stay with us. We'll be right back after this. Don't go away.

(Soundbite of music)

FLATOW: I'm Ira Flatow. This is SCIENCE FRIDAY, from NPR.

(Soundbite of music)

FLATOW: You're listening to SCIENCE FRIDAY, from NPR. I'm Ira Flatow. We're talking this hour about Facebook, Google, social networking and your online privacy with Rich Mogull and Michael Zimmerman - Michael Zimmer. Our number: 1-800-989-8255.

Let's get a really relevant call from Graham in Cincinnati. Hi, Graham.

GRAHAM (Caller): Hello.

FLATOW: Hi, there. Go ahead.

GRAHAM: I just had a comment about some of the privacy settings. I've opted out of virtually everything I can on Facebook. One of the things I found out, I was kind of upset about was my friends who use applications that I even don't can those applications can search through my profile and even get my information, even after I've opted out of everything that I could to protect my privacy. And I'll take some of that feedback off the air, thank you.

FLATOW: All right. Now, are you still a Facebook member, Graham?

GRAHAM: I am still a Facebook member, and I have contemplated opting out totally and deleting my profile, but they even have some of that information backed up. Plus, I'm going to be a college student next year, and it's still the best way to keep in touch with friends. Until there's an alternative, I'm probably going to stick with it.

FLATOW: And people are looking in your Facebook account for your records as a person, aren't they, for employment, for maybe your application for going to college?

GRAHAM: Yeah, definitely. I don't know to what extent, but I know it's happening. I've heard friends talk about it.

FLATOW: All right. Let me get an answer, Graham. Thanks for calling.

GRAHAM: All right. Thank you.

FLATOW: So how does he he's tried to opt out of everything, but still his applications in Facebook are getting to him. Any suggestions? I know that the...

Mr. MOGULL: Yeah, the problem - oh, sorry, Ira.

FLATOW: Michael, go ahead.

Mr. ZIMMER: Sure. Because the concern here, of course, is, you know, what is he opting into and opting out of? And he's trying to be proactive in order to, you know, protect himself and have some control over his information on Facebook. But the way they've built this platform is to allow these third-party applications that his friends are using to access his information. So clearly, that's a considerable concern.

There are some settings, if you go into the privacy settings system that Facebook has built, and there's a section on applications and websites, and in there, there are some ways that you can restrict what is going to be visible to applications.

I'd want to make sure Graham goes into there and make sure he's clicked off some of the boxes in there. But this is, you know, this is one of the issues with the whole way they've built their platform, which pretty much encourages the collection and spread of information, whether you've opted into it or not.

FLATOW: Mm-hmm. 1-800-989-8255 is our number. Thank you out there for putting us over the 50,000 tweet-member mark. We'll see how high we can go.

I want to bring another guest into the discussion, because I mentioned this just a little bit in this last call, about the legal repercussions of what you post because these days, you have your photos, you have your status updates on Facebook, and they're making their way, believe it or not, not only into your employer's file but into your courtroom, where they can be used as evidence in all sorts of cases.

You have worker's comp and divorce. There's custody. There's a kind of goldmine of evidence for lawyers. I understand that from my next guest that two-thirds, two-thirds of all lawyers use Facebook as a primary source.

Kevin Underhill is a partner at the law firm of Shook, Hardy and Bacon in San Francisco, author of the legal humor page, the blog "Lowering the Bar." You can find it at Welcome to SCIENCE FRIDAY, Mr. Underhill.

Mr. Kevin Underhill (Author, "Lowering the Bar" Blog; Partner, Shook, Hardy and Bacon): Hi. How are you?

FLATOW: So lawyers are using Facebook for - and - this stuff for just about everything.

Mr. UNDERHILL: Yeah, and that's the thing that people should remember, is, you know, what they post there is evidence. And it's maybe not admissible, but at least discoverable in pretty much any case.

I mean, you get some categories where you see it proving useful to one side or the other over and over again. And like you said, you know, worker's comp is one of those, domestic relations. But, yeah. There was a recent survey of divorce lawyers that said that two-thirds of them were using Facebook as their single primary source in those cases.

FLATOW: So they catch people there? There's a little gotcha when they find people doing something that they think they shouldn't be doing?

Mr. UNDERHILL: Oh, yeah. And it's you know, here's a couple of examples of how it comes up in those domestic cases. You know, you'll have a one case, there was a custody dispute, and the guy told the judge that he had reformed, and he hadn't had a drink in months. And then, of course, there are Facebook pictures on his profile showing him drinking and even smoking a joint.

And then another one that our firm actually handled was a custody dispute where there were domestic violence allegations, also. So the ex-boyfriend said that not only had he not threatened somebody with a gun, he didn't even own a gun. And then his Facebook profile showed somebody - it didn't show the person's face, but it showed someone with a distinctive tattoo holding a gun. And, apparently, on the - when he was on the stand being cross-examined, he then had to raise his pant leg, and there was the tattoo.

So - and, you know, but that shows you that it has obvious implications, at least for credibility.

FLATOW: Yeah. Well, why don't they claim that this is just hearsay, because it's not, you know, coming from the mouth of the person themselves?

Mr. UNDERHILL: Well, you know, when someone has posted it themselves, then normally, that's - that would be considered what's called a party admission. In other words, the reason that hearsay is not admissible is because the person who made the statement is not there in court to be cross-examined. And if the party is there, then they can give their side of the story. So if people are posting things themselves - you know, status updates or pictures - then very often, those are going to be admissible under that exception.

FLATOW: Mm-hmm. Now, I understand that something that you've actually done yourself is to vet jurors by looking at their Facebook profiles.

Mr. UNDERHILL: Yeah. We...

FLATOW: Is that better than just interviewing them?

Mr. UNDERHILL: Well, that's - you know, the people we're talking about, potential jurors, here, and you - both sides are wanting to check whether somebody might have potential bias to one side or the other. And they do - you get a chance to interview them in court, and they also fill out a questionnaire. But we - you know, it's not just us. I mean, everybody - it's very common for both sides to be searching the Facebook profiles because, you know, people post things there that they do not reveal in a questionnaire.

And it's - this is something that, you know, you'll go through the first round of screening, and then you get a list of names. And lawyers will sit, you know, right there in the courtroom after they get the list of names and start running these searches. And this - I mean, this happens in everyday cases, and I saw a report that it had - that in the Jose Padilla trial, the government lawyers did that in the courtroom and found that somebody had lied on her questionnaire, and so - and she was excused. So, I mean, it happens in cases - from national security cases down to, you know, your personal injury cases and domestic cases, too.

FLATOW: So I guess the take-home here is - what? If you don't want a lawyer to see it, don't ever put it on the website.

Mr. UNDERHILL: Yeah. That's actually what I had written down here as the lesson to take away, is - and like you're - like Rich said earlier, if you don't want - if you want to be sure that nobody sees it, including a lawyer, then you have to not post it there in the first place.

FLATOW: Mm-hmm. And so what is - is there any other advice you can give people besides that - don't post stuff you don't want a lawyer to do? Or if you have stuff incriminating on there already, is there any way to remove it? Or it's there forever?

Mr. UNDERHILL: Well, you know, that's - that is - I think it's more of a technical question as to whether and to what extent, you know, it gets backed up on Facebook or maybe, you know, archived somewhere on the Internet. I mean, you know, one thing that people should is - I mean, at the very least, they should set their privacy settings so that it's not - the information's not publicly available, because if it's - as far as getting the information is concerned, I mean - while you're maybe running a search, and if it's publicly available information, then you just print it off the Internet.

FLATOW: Right.

Mr. UNDERHILL: Otherwise, if it is - if it's set to private - and I actually had this experience in a case last year. You know, we ran - we were running search on - searches on jurors, and one of our - I think it was one of our actual jurors had a Facebook account, but it was accessible to friends only. So - and that was the end of that search. Now, you know, had there been some reason to think that there might have been some interesting stuff there, we might have gone to the court and tried to - well, for a juror, I don't know. For a party, you can go to the court and try to get an order to disclose it if you can show it's relevant. But for a juror, you might not be able to do that. But, you know, if it's - that's where, you know, we drew the line, where if it's not publicly available, then we're not going to pry into it.

And there is an ethical issue that I think attorneys should be aware of in that, you know, some people are inclined to say, well, maybe I'll try to become that person's Facebook friend, or I'll have my investigator do it, or something, and then, you know, we'll have access. But there's at least one Bar Association opinion I know of that said that that is - that that's an unethical practice, because even if you're not lying to someone in order to convince them to be your friend, you're omitting information that they would absolutely find material.

FLATOW: Well, Kevin, I want to thank you for taking time to be with us. It's very interesting stuff.

Mr. UNDERHILL: Thank you.

FLATOW: You're welcome. Kevin Underhill is a partner at the law firm of Shook, Hardy and Bacon in San Francisco, author of the legal-humor blog, Lowering the Bar. And you can find that at

We're talking about privacy issues with Rich Mogull, is as an analyst and CEO of Securosis, and Michael Zimmer, assistant professor in the School of Information Studies, University of Wisconsin in Milwaukee.

Gentlemen, any comments on what he said about - do you want to add anything about - is it just Facebook? What about stuff that you've sent email-wise or on other Web pages? Are they as searchable as Facebook is to find this stuff?

Mr. MOGULL: You know, with a court order anything is searchable. So there's that different line. So there is what you know is public. So, for example, if you're - you have public tweets, everybody knows those are public. If you open up your Facebook or some - if you blog, those sort of things.

The next line is things that are potentially public. And that's because either there's a security failure or there's just a legal court order, discovery order where somebody can come in either for a civil or criminal case or if the government has a legal reason to look at what you're doing.

And under those circumstances, quite a bit, most of what you do online is potentially openable or potentially public.

FLATOW: 1-800-989-8255. Let's go to the phone. It's Carol(ph) in East Hampton, New York. Hi.

CAROL (Caller): Hi there. Thanks for taking my call.

FLATOW: Go ahead.

CAROL: I am a clinical psychologist with a practice in New York City. And not too long ago I got an invitation to join Facebook. I am not presently a Facebook member or user. And the invitation supposedly came from one of my patients. It did not, because I checked with the patient. And on the invitation were 10 photographs and 10 little blurbs about the people in the photograph. Half of them were my patients. Some were colleagues. Some were family members.

It was terrifying to think that Facebook co-opted my private confidential contact list and was posting it all over the place. So I'd like to know if anybody has any hypotheses as to how this happened and what's going to be done with the information?

FLATOW: Wow. You were not even a Facebook member?

CAROL: No. Absolutely not. What I think is that Facebook ran a correlation with everybody who's had my name on several people's lists, generated the invitation that way.

FLATOW: Wow. Wow. And so they...

CAROL: So the whole thing was terrifying. I'm mandated by law to protect the confidentiality of my patients' identity. And there it was, all on Facebook.

FLATOW: Well, I'm going to get - let me get some reaction. Rich Mogull? Michael Zimmer? Have you heard like this before?

Mr. MOGULL: One thing that could be happening is if your patient is a member of Facebook, it just doesnt recall sending you that invite. There's often ways on Facebook where these invites get sent sort of automatically. You might click a button to say, you know, search my Gmail contact list and try to make friends. And that kind of thing could have happened inadvertently. And then at the same time showing all these other friends that this person may had have. So there could have been something that sort of happened without that person realizing...

FLATOW: Does she have any recourse to go to Facebook and say, you now publicized my patients, my private - you know, doctor-patient relationship has been compromised?

Mr. MOGULL: I wouldn't suspect so.

CAROL: Yeah, I'm wondering if it did get published anywhere other than on my, you know, they just prompted to me. I mean, I dont know if they went out into cyberspace.

Mr. MOGULL: And it probably didnt - I mean...

Prof. ZIMMER: Yeah.

Mr. MOGULL: What likely happened here is a number of patients and others use your name in tagging photos or those sorts of things. And then Facebook is actually able to correlate that information. So either none of the patients, nobody else realized that this was occurring, they actually pulled that information together.

Now, if you did join Facebook and your friends list - and you friended these people, somebody could, you know, obviously that is potentially public. It is public by default. They could use that to expose who those individuals are. But, you know, I suspect that you know, Facebook is not Skynet, at least not yet. So it doesn't have the ability to sort of think and track us. But if a lot different people use the same words and information, it can certainly pull that together.

CAROL: You know, I highly doubt that anybody has tagged me personally, you know, any of my patients. You know, my patients dont have photographs of me. My patients dont know where I live. My - you know, they have my email address that we confirm appointments back and forth.

FLATOW: All right. Well, good luck to you.

CAROL: Well, thanks for taking my call.

FLATOW: You're welcome.

You're listening to SCIENCE FRIDAY from NPR. I'm Ira Flatow.

We're talking about Facebook. I guess people now have to start asking people they know to be careful about throwing around information about them, you know? If you're a psychologist and you have patients, do you tell them on the application that, you know, along with the name, rank and serial number and their medical number and their insurer, please check this box, don't let out any information about our relationship?

Prof. SIMMER: Right. We struggle with this in the university setting, where I could be in a student's contact list so that I get an invitation automatically or maybe purposely to become their friend on Facebook.

But if I accept that invitation, then all of a sudden I have access to all this information about my student that traditionally a professor and student relationship doesnt really allow. And it shows this sort of merging of contexts that can occur on these kind of platforms where all of a sudden I can start seeing pictures from last night's party. And the student may not have even had intended that. They just thought, you know, we should be Facebook friends because, you know, I show up in their email list.

FLATOW: Yeah. Are we living in a time like Zuckerberg was saying that our notions of privacy are shifting? Are kids growing up today who dont have any real experience with privacy and that's just to be the norm?

Prof. ZIMMER: Yeah, that's a common thing you hear where people are saying that, you know, kids dont care about privacy anymore these days. And Zuckerberg has to make statements like that because that's his whole business model, is for people to share information. So he needs to believe that, whether it's true or not.

But there's been some good studies. A recent one just come out from Chris Hoofnagle and some of his colleagues at Berkeley, you know, asking young users of these social networks, what do they think about privacy? What are their expectations? And it turns out they do have expectations of privacy in certain contexts. They want to control information in certain ways. But the challenge is they don't always know how to do it, and they don't always understand how these systems are built in such a way to make that really hard.

FLATOW: Yeah. Well, let me - we're going to take a break and have a few minutes to talk when we come back. And one thing I want you to think about, I want to get into, is that we have seen private little entrepreneurs now trying to create their own little versions of Facebook where it really is just you and your friends. And I want to talk a little bit about that when we get back. And can you create - can you come up with a method where it's not a big commercial model, that it's not being made to sell all your information to advertisers and where you can just keep a small group of people, you and your friends, able to talk and share information with each other by buying a little piece of software or finding a network that really works and you don't have to worry about, you know, giving out all your information?

We'll talk about that after this short break, so stay with us. Talking with Rich Mogull, analyst and CEO of Securosis based in Phoenix. He's also a writer on the online news site TidBITS. Michael Zimmer, assistant professor in the School of Information Studies, University of Wisconsin in Milwaukee. Our number: 1-800-989-8255. Please tweet us at scifri, S-C-I-F-R-I. We'll be right back.

I'm Ira Flatow. This is SCIENCE FRIDAY from NPR.

(Soundbite of music)

FLATOW: You're listening to SCIENCE FRIDAY from NPR. I'm Ira Flatow.

We're talking this hour about your online privacy, social networking, Facebook, other kinds of social networking, with Rich Mogull and Michael Zimmer. Our number: 1-800-989-8255.

Before the break I suggested a topic and I'll reiterate it now. There has been talk of distributed open source alternatives to Facebook, things like the Diaspora Project that NYU students are working on. There is one social Web which Vodafone employees are working on.

Rich Mogull, is this possible? Is - can we look at this as the future of smaller little friendship sites?

Mr. MOGULL: I think it's possible. And we do have some similar sites, things that are more contained that Facebook. There's two issues. One is, is - I have plenty of security researcher friends probably listening right now that would have a field day with most of these services because they have to be distributed by their nature, and that means if you can potentially get on that network, you can potentially access the information. So none of these things are perfect.

And then the other issue is, is that it, you know, it'd be wonderful to see these succeed. It's very hard for a lot of business and network effect reasons. The reason Facebook works so well right now is there are so many people on it. People who have lost touch 20 years ago can re-find each other, and that's a big reason people use it. And that may be hard to replicate with some of these other services.

FLATOW: So you think once they get big enough, though, they'll all be bought out and may go commercial?

Mr. MOGULL: That's always the risk, you know? You can't argue with success. And let's keep in mind, with all of these social networking services, we're not their customers. I mean, we...

FLATOW: Right.

Mr. MOGULL: ...don't pay them money.

FLATOW: Right.

Mr. MOGULL: It's the advertisers who are their customers, and we are their product that they sell.

FLATOW: Yeah. Michael Zimmer, let me ask you about something that I learned just recently, that - is it - it's true that all the tweets now that are out there are going to be housed and libraried in the Library of Congress?

Prof. ZIMMER: Yeah. There is an announcement that came out a few weeks ago that the Library of Congress and Twitter came to an agreement where any public tweet will be archived. And the way that works is that when you use Twitter to send out your 140-character messages, you can have a public stream or a private stream. And my stream is public, anybody can go and see it. They can find that on Twitter. But you could set it up as private, where you have to authorize people to see your tweets. And under this agreement, any tweet that was public after a six-month delay will be archived at the Library of Congress.

We don't have many details on this. And in fact, I submitted a Freedom of Information Act request the day that was announced to the Library of Congress to get a copy of the agreement. And they published it a few days later, and they're still working out all the technical details. There are some concerns here because, you know, my tweets could contain private information. Even though I have a public stream, I still...

FLATOW: Right.

Prof. ZIMMER: ...only figure there were a couple hundred people looking at it and I never expected the government to be archiving it. And that's a meaningful difference.

FLATOW: And they would be searchable and anybody could go through them and..

Prof. ZIMMER: Yeah. Those are some of the original concerns, and it sounds like they are going to restrict it to authorized researchers. I'm not sure how they're defining that. And it's not going be just - you're not going to be able to go to the Library of Congress and just do a search. They would - the data would be made available - a very large dataset only to certain researchers under certain conditions. So it does sound like they're going to have some restrictions in place and won't be available for commercial use.

But, you know, Twitter now allows you to include your locational data, you know, your GPS coordinates as part of your tweet packet stream. And we don't know if that data is going to be included. I could have friends that have private tweets, but I've retweeted them, I've sort of repeated them to my audience. And so there could be private tweets that show up in here. And what if I decide next week to delete all my tweets? But now, like you mentioned in the intro, you know, they're sitting at the Library of Congress. And right now there's no mechanism for me to go and take them off of there if I wanted to.

FLATOW: Rich, we got just about a minute left. Are there any connectivity or new website experiences to get that are worth the privacy trade-off? They're so...

Mr. MOGULL: Sure. You know, I think - let's just keep in mind that what information we reveal we do have control over. So for example, I'm on Facebook. Even though I'm a heavy critic, I just don't put anything up there that I'm overly concerned about. Same thing with Twitter. You know, I'm cautious. Now, the big issue is that what we perceive as being private today may change in the future, especially for that younger generation. And I think socially we're - we are at a turning point where we need to learn how to manage that a little bit better. But you know, certainly I dont think we can assume there's privacy with sites that are - that advertise themselves as being public.

FLATOW: Mm-hmm. So when in doubt, just assume that it's all public, it's all going to be out there in the public domain.

Mr. MOGULL: Absolutely.

FLATOW: All right. Gentlemen, thank you for taking time to be with us today. Rich Mogull is an analyst and CEO of Securosis. That's a security firm based in Phoenix, Arizona. He's also a writer for the online news site TidBITS. Michael Zimmer is assistant professor in the School of Information Studies at the University of Wisconsin in Milwaukee, and he's also an associate in the Center for Information Policy Research there. As I say, thank you again, gentlemen, for joining us today.

Mr. MOGULL: Thank you.

Prof. ZIMMER: Thank you.

Copyright © 2010 NPR. All rights reserved. Visit our website terms of use and permissions pages at for further information.

NPR transcripts are created on a rush deadline by an NPR contractor. This text may not be in its final form and may be updated or revised in the future. Accuracy and availability may vary. The authoritative record of NPR’s programming is the audio record.