“You can’t get the toothpaste back in the tube, so deal.”
That was the final line in a comment by reader John Maloney concerning yesterday’s post “Social Networks will be the downfall of civilization!“ And it’s also part of the point I was trying to make yesterday: too many people don’t realize that once they put information about themselves on a social networking site, it’s public and there’s almost no way to get it back. Once you’ve posted your personal information and pictures to the Internet, they’re out there and the more effort you put into getting them back, the more likely they are to spread.
As a blogger and podcaster as well as a dabbler in other social media, I’m constantly struggling with the balance of disclosure versus keeping my life private. I don’t talk about it much, but if you take a look in the archives of the site, you can find who my last few employers have been, you can find out a bit about my family and where I live. You can find my hobbies and interests outside of security. Search hard enough and you might even find a couple pictures of the neighborhood I live in and my family. But the point is, I considered what information I was releasing into the wild each time I posted them and made a conscious decision concerning the information and the possible impact it’s release could have on me. And that’s my problem with social networking today: too many people fail to understand the consequenses of publishing their most intimate details.
Just like the rest of security, people don’t give much thought to the consequences of information disclosure, they automatically think that only the people who they want to have access to their information are going to see it. Or they don’t believe anyone outside their circle of friends would ever want to see their information. Or they never even give it any thought at all and post without any understanding of the possible consequences at all. This is a matter of education and quite frankly most people never have an opportunity to get educated or educate themselves and probably wouldn’t take it if it was offered.
Social networks espouse the benefits of their services. After all they want to encourage their audience to use the service and who can blame them? But I think few, if any, make much of an effort to explain to their users the danger that the information users are disclosing may pose.. How many social networking sites try to make users understand that the pictures, posts, comments and chats they post online have the potential to be seen by employers, friends and spouses, let alone the consequences that disclosure could have? I don’t remember seeing anything to that effect on any of the social networking sites I’ve signed up for. If you know of some, please tell me in the comments.
Privacy may not even be the proper term for this discussion. Privacy has more to do with other people trying to find out information you’ve kept hidden or information others are supposed to be keeping safe for you. Privacy is about your sensitive information not being probed by the Feds without a warrant and keeping your medical records safely at the doctors office, not on a USB stick or in Google docs or some other cloud technology. I believe the more appropriate term would be disclosure, since every piece of information on social networks is something that the user has made a conscious decision to put there, whether they understand the consequences or not. And usually the understanding is not there.
As far as I’m concerned, this discussion has little or nothing to do with privacy and everything to do with disclosure. Privacy is not dead and hopefully never will be. But people have to understand the difference between the two concepts. You can’t consider something you’ve willingly place online to be private anymore. I can understand that misconception five years ago when the social media revolution was starting, but in today’s environment, with all the writing and discussion around social networking, it’s almost willfully ignorant to not consider the consequences of posting something to YouTube, MySpace or Facebook.
So, no, you can’t get the toothpaste back in the tube. Which is why we need to educate people about the difference between ‘privacy’ and ‘disclosure’. People, young and old, need to understand what the consequences of using social networking sites. They, the users, are the one’s who are taking their information out of the realm of ‘privacy’ and into the realm of ‘disclosure’. It’s up to the user to understand the difference.
We can have privacy and social networking, it just takes constant vigilance and some understanding of the difference between privacy and disclosure. Well, we can have privacy if you discount little things like warrantless wire-tapping, telephone company immunity, the FISA courts and governmental trends to intrude anywhere they think a ‘terrorist’ might be. But that’s a different, much more contentious discussion.