I meant to write about the problems with Facebook alternatives quite a while back, as there are many many problems with Facebook (and indeed all social media platforms) but so far no platform addresses them all or indeed very many of them. However the news that “Anonymous” are launching a Super-private social network is an excellent excuse to revisit the topic. As they’re in the news and the new kid on the block I’m going to use them as an example of how difficult the problems of online social network platforms actually are, all of the complaints and criticisms I make about them almost certainly apply to pretty much everything else out there at the moment as well. Before I get started on our case study I’d like to make one thing very clear – I’d trust anonymous with my data as much as I’d trust a back up tape made of used bog roll. So safe to say they’re starting at a bit of a disadvantage in winning me over.
In the general case for a social network to thrive and grow it needs users and to get users it’s got to offer something better than the existing options. There has to be some compelling reason for people to move and for the majority of people “better privacy” isn’t enough, this puts new comers at a distinct disadvantage as they need to be able to launch fully fledged with a better proposition than FaceBook – it’s no use promising all the features later people (at least if they’re anything like my friends) will give a new platform a whirl but it needs to be really good to keep people there – as who has time for multiple social networks? What the vital features of a social network are obviously varies from person to person and group to group, but it needs to be more than just a glorified blogging platform.
So far every new FaceBook killer, that I’ve looked at has fallen down either on functionality, policy, privacy or funding – Anonymouses Minds looks to be no different.
Functionality is the bit which even the great Google screwed up and to my mind still haven’t got right. So basing my assumptions on what my friends and I tend to use the basic functionality that any new platform must have in place from day one to have any chance of persuading people to move are:
- Blogging ability – the wall/timeline feature in facebook
- Photo albums
- Events – this is a huge one that Google missed out for no obvious reason
- Pages – for things other than real people
- The ability to get notified about and interact with all of the above
Now if you’ve been around the internet for any length of time you’ll already have spotted that all of those things have been around for ages except for the last one. The thing that keeps us all hooked on social networks is it brings all of those disparate parts together into one easy to use place – a bit like RSS almost could. Whilst there are obviously loads of technical challenges there from the point of view this isn’t the interesting bit, it’s just a basic feature check list and lots of other projects have implemented some combination of them to some extent, but if you can’t hit everything on that (or a similar) list people aren’t going to move.
Enough about functionality what about policy? This is where things start to get interesting and where our case study will come in useful. Policy is tricky, especially if it has to work internationally, it’s also often not the first thing considered and isn’t something that programmers tend to be good at. Writing good policies is difficult at the best of times and the larger the audience the harder it gets, it needs a good legal mind and it needs to be considered from the outset to make sure the functionality of the code matches it.
On the policy front one of the big questions asked (and which Google and FaceBook avoid answering) is who owns your data once you upload it especially once you want to leave. What does Minds have to say about this, well the only thing I found
in their terms was this:
“If you wish to terminate this Agreement or your Minds.com account (if you have one), you may simply discontinue using the Website.”
So it looks as though if you want to leave all of your data stays sitting on their servers for some unspecified period. I can’t find any mention of a method to terminate your account and delete your data. In fact even deleting your data might be tricky:
“If you delete Content, Minds will use reasonable efforts to remove it from the Website, but you acknowledge that caching or references to the Content may not be made immediately unavailable.”
This is relevant as they do have provisions for selling the company including all of the data you haven’t removed to other people. Sadly it does get worse especially for a “super private” network, as apart from the fact that they’re planning on getting some revenue (more on that later) from advertising with the usual cookie problems they also mention that they have an API:
“You may use the Minds.com Firehose to develop a product or service that searches, displays, analyzes, retrieves, and views information available on Minds.com.”
Again I may have missed it but I can’t find much by way of detail as to what information the API can get and who can use it. On even simpler policy terms it gets worse as they don’t state under what jurisdiction they’re operating (though it seems likely it’s the USA) nor how that plays with their aimed for international reach. There is more but you’re getting the idea and so far so FaceBook especially as they don’t anywhere that I can find say anything about who owns the intellectual property rights to content on the Minds site. They do though find space to warn you that by using the site you indemnify them against any and all costs arising from what you do.
“We do not willfully disclose the personal information of our users to anyone except to comply to applicable law, provide the services of the website, or protect our rights”
First off as asked before what applicable law, what jurisdiction are we talking about here? Secondly the “services” provided by the website is quite vague, I understand it’s tricky to write that clearer but that allows for an awful lot of expansion of data use. Now for the usual snake oil:
Now ignoring how little that tells us, it doesn’t after all say “securely encrypt everything”, they might just be doing something like this:
"Encrypt everything" -> "Rapelcg rirelguvat"
Even if they are using a decent encryption algorithm for a social networking site to work they have to be able to share your content with other people. This means they have to be able to decrypt it. Great you’re traffic can’t be snooped on the way to the server, they have a weakly verified certificate, but the data on the servers is accessible to them and therefore to other people. This is to be expected from a “how things work” point of view but it does mean that the statement “Encrypt everything” isn’t quite as amazing as it would seem. Again quickly into the policy they say that they’ll release “non-personally-identifying information in the aggregate” to other people, which is a problem as researchers have shown time and again that anonymized aggregate data isn’t as obscure as people like to thing. Your email address will also be revealed to anyone you comment to, which again makes it a lot less private than needs be. The section on aggregated statistics is again not very specific – blocks of two users at a time would be aggregated data but not terribly private. If it seems I’m splitting hairs here it’s because other companies have been shown in the past to have at least fallen foul of such mistakes. Privacy and security are sadly complex matters to implement correctly.
“Minds discloses potentially personally-identifying and personally-identifying information only to those of its employees, contractors and affiliated organizations that (i) need to know that information in order to process it on Minds’ behalf or to provide services available at Minds’ websites, and (ii) that have agreed not to disclose it to others”
Emphasis mine, but providing adverts would for instance be a service that could be provided to Minds, so there you go all your personal information out the door to adclick or google or the like as long as they don’t tell anyone else. You don’t get to know who those people are what jurisdictions they’re in or anything else, just trust Minds as they’re the good guys. Ever heard that before? For a privacy based site it gets even worse, if such a thing were possible:
“Minds discloses potentially personally-identifying and personally-identifying information only in response to a subpoena, court order or other governmental request, or when Minds believes in good faith that disclosure is reasonably necessary to protect the property or rights of Minds, third parties or the public at large.”
Again emphasis mine, still god to know that they’ll only hand over your private “encrypted” data if either the Government asks them to or if they believe it would be a good thing to do. That’s all right then. Sadly they’ve not finished yet, that e-mail address you have to give them well if you send them a request then they:
“reserve the right to publish it in order to help us clarify or respond to your request or to help us support other users”
Then there’s the bit where if someone else buys them they get to use all of your information on the same very generous terms as Minds. So if they get bought by Facebook say all your data gets to be made available to Facebook and all of their affiliates and so forth. You can of course always leave at that point but as mentioned previously that doesn’t clear up your data. Finally the usual killer in privacy policies they reserve the right to change it, but if they do they won’t tell you, nope you have to check to see if it’s changed and what’s changed. If you don’t then more fool you.
that’s quite enough about privacy what about funding? This is important as running large websites cots money, the larger the website the more money. I’m relieved to see that Minds are at least charging for some services but given how often advertising is mentioned they are yet another company hoping to fund themselves by ad revenue, which means the ad companies are the customers as they’re paying and as ever we’re the product or at least our “aggregated” data is. I would say that this at least is no worse than normal, but there is a slight problem “Minds” aren’t a company, at least they don’t publish any company information. The Minds domains are registered to a private individual, the only contact method given on the site is a form, no address or phone number and their email is provided by Google. None of which is a good thing if you want to ensure that they’re doing what they promise to or if you need to use the law to force them to behave. I may be being harsh but if someone is selling themselves on privacy I want to know who they are, and where their funding is coming from as the person paying the piper calls the tune.
Like I said at the start most of these “mistakes” have been made by every other new social network touting itself as the answer t FaceBook but if you’re going to sell yourself as being for privacy then it’s past time to not have learnt from everyone else mistakes.
Update As a final thought, events with Governments and internet companies the world over have taught us that if we want to trust someone with our data then transparency is vital, a lesson you’d have thought Anonymous and the people behind Minds would have learnt. But there’s precious little sign of it on their site so far.