Posts about privacy

The real Facebook burglaries story

I did a little reporting to get the real story behind the reports of a Facebook burglary spree that supposedly used the service — right after its launch of Places — to find victims who were away on vacation. I emailed Nashua, NH detective Dan Archambault, who told me that only two of the cases involved Facebook and in each case, “one or two of the suspects were Facebook friends with the respective homeowners. They basically had access to the walls and could read that the families were away on vacation. The information was only available to friends and the Facebook Places feature was NOT a part of this. And finally my advice to Facebook users is carefully pick your friends and watch what you post.”

And my advice is don’t believe everything you read. So this was not a case of a criminal using Facebook to find any old random victim. The implication of the coverage is that we were all — all 500 million of us — at risk for being so foolish to make ourselves public on Facebook and make ourselves vulnerable to every criminal out there. No, it’s foolish to make the wrong friends. Always has been. Still is.

I also contacted Facebook, and a PR person there sent back suggestions for how to wisely use the service: “I would recommend creating friend lists to separate people you really trust from others. Then, use the publisher privacy control to
send status updates to appropriate groups (and only them). I actually think it may make sense to tell people you really trust that you are gone through Facebook just as you would in person. Then, they can watch your place for you, feed your cat, etc… As for everyone else, if you wouldn’t tell them in person you were leaving town, you probably shouldn’t use Facebook to tell them. As always, we also recommend people only accept friend requests from others they actually know.”

All sensible.

If only things were so simple for Google, where, according to Gawker, an engineer used his high-level access to the company’s data bases to stalk teenagers. Google fired him. But the damage is done. We spoke about the case on today’s This Week in Google and as Leo Laporte and Gina Trapani said, to keep systems running, someone will always have access to data. Of course, that someone should be trusted. But as this case reveals, you never know whom to trust. So the company must come up with systems to assure trust. Should there be teams that must operate together in failsafe mode to get access to data? You tell me what would work.

The bottom line for both companies is that trust is essential and cases such as these can ruin trust and eventually ruin companies if we cannot depend on them. In the first case, media blew up a story for effect. In the second case, a dangerous vulnerability is revealed.

: AND: Being a journalism professor, I suppose I should point out the journalistic lesson here about reporting.

When this story first came out, it was marked by sloppy reporting that was only repeated and diluted. I read a number of the reports and backed up the line to the Nashua paper trying to find answers to basic questions. Nothing.

For anyone who knows the slightest thing about Facebook — that is, any reporter who uses it — the reporting raised obvious questions. So I contacted Facebook, who gave me the email of the detective, and I asked him: How did the accused use Facebook? In how many cases? Were they friends — that is, connected on Facebook — with any of the victims? Facebook tells me that its Places feature was not involved; true? Finally, what advice do you have for people using Facebook? Plus a few, more-detailed questions about the specifics of how these victims used Facebook.

The detective said this is an ongoing investigation, so he was limited in what he could tell me. But, as you can see, he answered the essential and obvious questions reporters and editors should have asked before. And if they didn’t have answers, they should have said so. I say lately that the key skill of journalists is going to be less saying what we know than saying what we don’t know. That is the essential skill in process journalism.

But all along the chain, nobody wanted to ruin a good story: USE FACEBOOK AND YOU’LL BE ROBBED! Much more fun, isn’t it? Reporting takes all the fun out of it.

The price of privacy

I love it when economists and their ilk reduce a complicated issue in life to a simple line and chart (that’s what makes Freakonomics so popular). At the latest New York Tech Meetup, Drop.io founder Sam Lessin did just that with my favorite topic: privacy and publicness. In a rebuttal to Clay Shirky’s Cognitive Surplus he said:

Privacy was once free. Publicity was once ridiculously expensive.

“Now the opposite is true: You have to pay in a mix of cash, time, social capital, etc. if you want privacy.”

Right. It takes effort to create privacy — or to build a private image, as Laurent Haug argues. If you decide not to bother, if you opt out of using Facebook, LinkedIn, Twitter, et al, then there’s now an opportunity cost: you miss making connections that have personal or economic value. That’s why people quite willingly give up what we used to think of as privacy: because it’s worth it to them. These are the new economics of privacy.

So maybe I can start to understand what Fred Wilson was talking about when he said there was money to be made in privacy, in premium privacy (because there’s now a premium on it). I’m still looking for concrete examples of how, but I’ll just bet Fred will invest in one soon.

Now let me make a caveat: privacy and publicness are neither mutually exclusive nor binary; they aren’t competitors at all times. So this is an oversimplification, which I’ll oversimplify even more:

Once-abundant privacy is now scarce. Once-scarce publicness is now abundant.

It’s the second half of that that interests me most since I’m writing a book about that.

So if we’ve seen Lessin’s Law on Privacy, then Jarvis’ Corollary on Publicness (which is my synonym for publicity because publicity as a word is so freighted with marketing meaning now) is this:

Now publicness is free.

So the old controllers of publicness — media and entertainment companies — can’t make money on it anymore.

The economics of abundant publicness mean that the old gatekeepers — editors, agents, producers, publishers, broadcasters, the entire media industry — overnight lost their power. That’s why they’re so upset. That’s why they keep complaining about all these amateurs taking over their sacred turf — because they are. What they thought was valuable — their control — now had no value. They can’t sell their casting couches and presses on craigslist for nothin’. They are being beat by those who break up their control and hand it out for free (Google, craigslist, Facebook, YouTube, etc.).

Abundant publicness also creates new value. Google search is made up of that value. Twitter movie chatter predicting box-office success is that value. Annotations on maps, restaurant reviews, health trends, customer desires — and on and on — all find value in our publicness and so new companies are being built on that value. That is why it is in the interests of both companies and customers to be public and why privacy — when it does compete, when it discourages publicness — becomes a nuisance for them.

Abundant publicness leads to the confusing economics of free: If everyone can create stuff, then stuff is no longer valuable. But your stuff can gain value for you if it’s spread around and remixed and is more public than the next guy’s. The way to make it more public is to make it free. That’s OK because it doesn’t have value anyway. So you have to find value now not from owning and controlling the stuff but from making it more public and extracting value through a side door: advertising, performances, reputation…. (If I were good, I’d turn this into George Carlin 2.0: you no longer want a place for your stuff, you want your stuff to be in every place).

Abundant publicness raises all sorts of issues around ownership. Who owns the wisdom of the crowed? The crowd? Or the company that adds value to it? See also the questions above about making free stuff public to gain value. You can’t make it public with DRM and ownership controls, or at least not the old ones built for a scarcity economy. Being public is about giving up control, which is the exact opposite of how media used to make their businesses.

Abundant publicness makes filters more valuable. See again Prof. Shirky.

Abundant publicness increases the value of reputation. See aplusk.

At the same time, abundant publicness makes fame a devalued commodity. See Lindsay Lohan.

I’m exploring these ideas for my book so please help me tease them out. What are the implications of abundant publicness and scarce privacy?

: Here’s Lessin’s talk:

Speaking of Fred Wilson, I came across Lessin’s talk because Fred recommended watching Twilio’s superb presentation at the Tech Meetup. It is, indeed, a model for such talks and here it is.

: MORE: Seth Godin just emailed alerting me to a typo I’ll leave above: “the wisdom of the crowed.” A spooner insight, he calls it: “But who are the ‘crowed’? They are the newly attended to, the newly famous. We crow about them, thus they are crowed. Does the insight of someone with a lot of twitter followers deserve more attention? Are they more wise? The wisdom of the crowed.”

He’s right. I was starting to dance with that question but let it go: When everybody’s heard, no one’s heard. So who *should* be heard? Or is that an old-media worldview speaking? There’s no longer the media structure to decide should’s. Do people rise on merit of what they say? On tricking Google and Twitter? On outrageousness? On authority?

Privacy paranoia dramatized

The German Consumers’ Union—funded by the German government—has put out a video warning internet users about their privacy under a campaign called Surfers Have Rights. You don’t need to speak a word of German to get the gist:

(At the end, the text says: “You do this every day … on the internet.” And the shopper is asking simply, “Excuse me, where do I find…? The store clerk needs no translation.)

The German blog Netzpolitik thinks it’s a nice video. But Martin Weigert at Netzwertig has real concerns. The video “does but than spread distrust,” he says, arguing that even the most trivial data that “has the value of a dropped sack of rice in China” (must be an idiom) is made to seem drastically overvalued. The clip presents consumers as helpless, persecuted by their cohort. “What message does this convey? Mistrust everyone and everything.”

Hmmm. One would think that the German government would be somewhat sensitive to some irony there since, in earlier form, it was quite effective at making everyone mistrust everyone.

But the metaphor is hardly just German. Last week in Congress, Sen. Jay Rockefeller pulled out the overused trope that navigating the internet is like shopping in a mall, being watched in every move by “a machine” (very Orwell, that). The Byron Dorgen revealed a bit too much, I think, when he extended the metaphor to wonder whether, when going to the ladies’ lingerie department, onlookers would wonder whether you were really buying some for your wife or…. “That’s a really good analogy, I think, to what is going on on the Internet today,” said Federal Trade Commission Chairman Jon Leibowitz.

No, it’s not. You are already being watched in the store. Stores have cameras watching you. They track what you buy via your credit card and frequent-shopper cards. They have floorwalkers and clerks who see what you buy. Fellow shoppers can see what you buy. So the hell what? So you like bananas. It’s a sickness in the mind of the beholder to imagine you doing something bad with the fruit.

The German clip and the Congressional “debate” reveal that the essential argument about privacy is too often purely emotional. You may — and do — go about your shopping every day feeling quite fine about it but here are government officials who want to creep you out. Government officials who have the power to creep us out in plenty of other ways. And now The Wall Street Journal is continuing the creep-out (odd, since they’d usually be the ones for business freedom against government regulation… hmmm).

In neither exposition is there any discussion of actual damage and actual danger, just nonspecific creepiness. Thus Netzwertig worries about the public’s attitude toward the internet and technology itself. I do, too. I will argue in my book that we need strong protection for privacy especially against bad actors — but I’ll go the extra step and try to define privacy and define the danger for unless we do that, all we’re doing is summoning boogeymen with warnings of nonspecific creepiness. And then I’ll argue that what we should be spending time understanding how this new world works and finding the opportunities in it because its progress is inexorable.

: LATER: Here’s an equivalent EFF video (in English):

I ask, what’s the great harm of giving me couch ads when I’m looking for a couch? Would I rather have bra ads when I can’t use them? Where’s the harm?

Cookie Madness!

I just don’t understand Julia Angwin’s scare story about cookies and ad targeting in the Wall Street Journal. That is, I don’t understand how the Journal could be so breathlessly naive, unsophisticated, and anachronistic about the basics of the modern media business. It is the Reefer Madness of the digital age: Oh my God, Mabel, they’re watching us!

If I were a conspiracy theorist — and I’m not, because I’ve found the world is rarely organized enough to conspire (and I found this to be especially true of News Corp. when I worked there, at TV Guide) — I’d imagine that the Journal ginned up this alleged exposé as a way to attack everyone else’s advertising business just as its parent company skulks behind its pay wall and surrenders its own ad business. But I’m not a conspiracy theorist. That’s why I’m confused.

The story uses the ominous passive voice of newspaper scare stories: “…a Wall Street Journal investigation has found…” As if this knowledge were hiding. Cookies have been around as long as the commercial browser, since October 1994. Or was that 1984?

The piece uses lots of scare words: “surveillance technology” … “tracking technology” … “intrusive” … “no warning” … “surreptitiously re-spawn” … “rich databases” … “so powerful and ubiquitous” … and my favorite: “targeted ads can get personal” (well, yeah, that’s the damned point).

The Journal acts as if it has discovered a conspiracy of its own: “Marketers are spying on Internet users — observing and remembering people’s clicks, and building and selling detailed dossiers of their activities and interests.” Gasp! Mabel, hide the kids, the Romans Huns Krauts Commies Marketers are coming!

There is absolutely nothing new — thus nothing newsworthy — in what the Journal promises threatens to be a series.

The Journal does measure its own cookies, finding its site moderate (I count 34 Journal cookies on my new Mac and I don’t use the site often) in what it ominously calls an “exposure index.” Mabel: Bring the Geiger counter!

Well, except the Journal is unique because unlike the other sites the story writes about, the Journal has my personally identifiable information! It has my friggin’ credit card number and name and address and phone number as well as my web behavior and it allows me to be tracked by third parties. The Journal has more information about me than ANY of the sites it warns about. And the Journal is owned by a company some people don’t trust. Hmmm.

It’s a fine thing that the Journal also tells readers how to “avoid prying eyes.” And if enough people do that, then the value of the advertising-supported web falls. Without cookies, the effectiveness and price of advertising would plummet as ads everywhere turn into remnant junk (smack the money), reducing revenue for media sites and reducing their content to junk. Hmmmm….

A story like this might also affect policy as the FTC is looking at regulating online advertising and marketing; its chairman, Jon Leibowitz testified before Congress on the topic this very week. Hmmm.

I think the Journal should have told exactly how it places and uses every one of its cookies and beacons and ominous tracking surveillance spying technology. It doesn’t. The story doesn’t even link to the paper’s privacy policy, which says that cookies and beacons and all that scary surveillance/tracking/spying technologies are used at WSJ.com and its affiliates and also by third parties over which the Journal has no control. Opportunity lost.

If I were an advertising-supported site, I’d be aggressively transparent. I’d tell you exactly what we track and what impact that has on what we serve in advertising and content. I’d create an app to read the cookies placed just for you and explain them. I’d give you the chance to correct information. I’d give you the chance to select your own advertising (now that would be valuable). I’d treat this with radical openness.

Otherwise the scare mongers like those regulation-loving, anticapitalist commies at News Corp. will win the day.

: Oh, and I neglected to point out that it was the very same Journal that had the wingnutty story about privacy and RFID tags on our pants, quoting as an expert a woman who thinks that RFIDs are — and I exaggerate not — the work of the devil. What the hell is happening there? Are they going out for drinks too often with their new neighbors at the Post?

: Oh and here’s more scaremongering from the commie Telegraph in London, which equates Wikileaks’ Julian Assange with Facebook’s Mark Zuckerberg. Man, we are in silly season.

: MONDAY: The Journal campaign against digital advertising continues today with a shocking exposé revealing that Microsoft is a business-friendly business that chose not to release its browser with a default that would have killed ad tracking and targeting. Horrors!

Now if the Journal were really a business newspaper still, there’d be no news there. The news would be if Microsoft did not do what was good for revenue.

Here’s a too-metered Microsoft response to the weekend’s follies from the browser team.

Privacy wingnuts

I’ve been looking for a classic example of so-called, self-appointed “privacy advocates” gathered by the press going off the deep-end (if you have any, please send them to me).

And then this dropped in my lap: a reputed outcry by these putative privacy advocates against Wal-Mart putting RFID tags on pants.

What could possibly violate our privacy with tracking pants in a store to make sure there aren’t too many extra-large sizes on the shelves? (That was my experience with Wal-Mart when I tried to buy sweats before my surgery; I wish they’d restocked the mediums.)

Well, say the advocates the Journal found: “While the tags can be removed from clothing and packages, they can’t be turned off, and they are trackable. Some privacy advocates hypothesize that unscrupulous marketers or criminals will be able to drive by consumers’ homes and scan their garbage to discover what they have recently bought.”

Yeah, and then what? So they find out that I bought 33/34 jeans. And with that precious personal data they will do what? Blackmail me because I’m no longer the svelte 32 I once was? Sell me illegal diet aids? Sell me ice cream? Target advertising for medium jockeys to me? Subject me to public ridicule as a pencil-necked geek?

Don’t the reporter and editor at the Journal stand back and laugh at the absurdity of this worry? Don’t they ask the next, obvious question: “Yeah, and…?” Isn’t that their job?

Ah, but they report more and find further cause for worry:

“Some privacy advocates contend that retailers could theoretically scan people with such [encoded] licenses as they make purchases, combine the info with their credit card data, and then know the person’s identity the next time they stepped into the store.”

And that would be worth the trouble and risk for the store how? That would give them more data than they already have from credit cards and other means?

So often, articles calling on “privacy advocates” leave them unnamed — anonymous and private, you understand. The Journal digs up one Katherine Albrecht, “founder of a group called Consumers Against Supermarket Privacy Invasion and Numbering and author of a book called ‘Spychips‘ that argues against RFID technology.” Group? Just how many people go to her meetings? And does the book come with tin-foil underwear? The “group” was founded to oppose grocery-store loyalty cards. Yes, we see the damage they have done to countless lives.

Her own site says that she has “earned her accolades from Advertising Age and Business Week and caused pundits to label her a PR genius.” I dare say. She next got the Journal to swallow her silliness.

Listen, I’m all for privacy. I’m working hard to define it in my book on publicness. I will vigorously defend the need and right to control one’s information. There are plenty of serious and difficult issues to discuss. But this kind of idiocy does not serve the cause. It only finds a spy under every leisure suit. In the long run, it turns the cause of privacy into an object of ridicule. And that’s wrong.

But this is often the case with technology and privacy. Technology spawns fears — and worries these advocates — because it introduces change and it’s really change that they fear. Here’s a tidbit from my manuscript illustrating the point:

* * *

Alan F. Westin, in his influential 1967 book Privacy and Freedom … found many devices to fear: LSD “may greatly affect the individual’s daily personal balance between what he keeps private about himself and what he discloses to those around him” and could again be used for government surveillance. Westin worried about radio pills, miniature transmitters, and even about fluorescent powders and dyes—not to mention radioactive substances—that could be applied to “hands, shoes, clothing, hair, umbrella, and the like, or can be added to such items as soap, after-shave lotion, and hair tonic” to track the unsuspecting person.

Secret, miniature cameras, infrared film, microminiature microphones the size of match-heads, battery-operated tape-recorders, hidden “television-eye” monitoring, telephone tapping, “truth measurement” by polygraph tests, personality testing, brain-wave analysis, dossiers of personal data, and the means to steam open envelopes and measure TV audiences—these all concerned him. He speculated about “invisible magnetic-ink tattoos [that] might be applied (for example, to babies at birth)” and transmitters that could be implanted and “wireless, battery-operated television ‘eyes’ the size of buttons,” not to mention U-2 spy cameras from above as well as the ability to read brain signals.

Westin warned of the dangers of computers. In 1966, he wrote, there were 30,000 computers used in the U.S., 2,600 of them in the federal government. What happens, he asked, when we come to the day when “computers in the field of health will eventually establish total medical profiles on everyone in the country ‘from the hour of birth’ and updated through life. Each record will be almost instantly accessible to medical personnel.” Oh, if only.

Westin listed his fears of technology’s impact on privacy 45 years before you read this. How many of his dreads came to life? Few if any, I’d say. That is not to mock him nor even to diminish his warnings, only to put the fears technology fosters into context as we grapple with the concerns attached to our more-modern sciences.

* * *

LATER: I looked at all the coverage I could find on Google News and I found but one piece that, like me, dared to question the “Cassandras of the privacy movement.” CNBC’s Dennis Kneale wrote:

One day RFID tags will permeate the U.S. and global economies, cutting costs for manufacturers and retailers and letting them better respond to consumer tastes. A whole new stock-sector boom could loom as well, in companies that cash in on this inevitable tech trend.

That is, unless the Privacy Police gets in the way. . . .

Um, so what is it I should fear that Wal-Mart will do with this new data horde showing that I just bought a pair of boxers? (Alright let’s stipulate: We’d be less keen on Wal-Mart’s knowing we just bought Spanx.)

The privacy guys always do this—raise well-intended but fear-provoking possibilities at the advent of most any new, promising technology. It is part of what the 1990s Internet sage, Nicholas Negroponte, called the “demonization of bits.” If a salesperson follows us around a store watching our purchases, fine; but use technology to do it and suddenly it’s Orwellian.

Playing the privacy card seems a bit antiquated in this exhibitionistic era of gleefully revealing your inner-most foibles and fetishes to potentially millions of other equally indiscreet folks on Facebook.

: LATER: RFID Journal blasts “privacy nonsense” around chips.

: UPDATE: The WSJ’s RFID expert believes that the chips are a fulfillment of an end-time biblical prophesy. Did I say wingnuts?

The German privacy paradox, continued

German researchers have found that—heated rhetoric about privacy aside—people are willing to give away personal information in exchange for a bargain. They’re even willing to give it away for nothing.

The Social Science Research Center in Berlin brought together 225 students at the Technical University there and offered them the chance to buy the same DVDs from two different online stores. Each store required the customers’ name and postal and email addresses. But one store also required date of birth and personal monthly income. That store also offered a one-euro discount on every item. Of 42 purchases made by this group, 39 opted to give away the additional personal information to get the discount.

What puzzled the researchers is that even when the discount was taken away, the two stores attracted equal business. “Thus the more privacy friendly firm failed to attract more customers even though prices were equal at both stores,” the study says (PDF here).

In spite of all of this, in a post-study questionnaire, 75% of the participants said they “have a very strong interest in data protection” and 95% said they “are interested in the protection of their personal information.” So they say one thing and do another. The rhetoric about privacy should perhaps be judged accordingly.

At the same time, German media and government are quite heated about privacy. The New York Times separately noted the irony that Germans by their actions don’t show such profound concern about privacy. To which a German government official who’s going after Google and Facebook told The Times that “his agency was trying to protect consumers from themselves.”

Whoa. Any time a government says it is trying to protect its citizens from themselves, beware. That is a government that is trying to get citizens to behave the way it wants them to behave, whether they want to or not. Isn’t that exactly the opposite of what government should do? And beware media that keep telling the public what it thinks they should care about whether they care about it or not. They, too, are out of touch.

Yes, privacy matters. But we need to get past the rhetoric, past the heat, and examine what people really do, what risks they are really under, what benefits they pass up when they decide not to share. That’s what my book will examine.

(Here’s my presentation in Berlin on the German privacy paradox.)

Will video become intimate?

There’s something surprisingly tragic about Apple’s latest touching, brilliant commercials for the iPhone 4’s FaceTime. At the end of each of these commercials — the first four below are vignettes about two new babies, one new hairdo, and a new set of braces — I feel a need for the people on either end to hug. But they can’t.

Now, of course, the video call only brings them closer together than a plain old telephone call could have — or an email or an SMS or (does anybody send them anymore?) a letter. That’s what makes Facetime so miraculous: it is finally almost like being there. They can almost touch. And that’s what’s tragic: they can’t.

This is to say that FaceTime is terribly intimate. And that’s what struck me, too: In an instant, the video of the people shifts from broadcasting to intimacy, from making a YouTube video millions may see to making a call for one. Is this how we’ll use video now, to connect two-at-a-time? Or will that now seem smalltime? Will we use the front-facing camera to face the world still? Will video be public still or private?

I don’t know the answers to those questions. We’ll know only when these tools get into the hands of enough people — and when developers use the camera to create new applications and when AT&T gets its act together so we can use the camera anywhere, not just on wifi.

Maybe the original video vision of Seesmic (before it became a Twitter app) comes to life: we hold video conversations. Maybe the camera only makes it easier for anonymous pervs to peddle their penises on Chatroulette. Maybe we walk away creation toward communication. Maybe we leave time-shifting for live. Maybe we invent new forms of phone sex. Maybe Leo Laporte uses them to reinvent the podcast and cable news uses them to reinvent vox pop. Or maybe nothing changes as we already have cameras everywhere; these are merely more portable.

Watch the commercials and see what visceral ping it elicits in you.

See MC Siegler breaking down the emotional appeal of the iPhone ads on TechCrunch here and here.

If Facebook were smart…

If Facebook were smart and open and meant what it said about the benefits of publicness and transparency that it now expects of the rest of us, then:

* Today’s company all-hands meeting about privacy would be public.

* It would find the Apple-elegant way to express its privacy policy rather than its current Talmudic tangle, something like: “Everything you put into Facebook is shared with your friends but in each case you may limit who sees it or choose to share it with the public. That is always your choice.”

* It would find the Apple-elegant way for us to execute that choice: let me make it every time I do something.

* It would find easy ways to show us how the world sees us through Facebook (and help us change that).

* It would not change its privacy settings and policies constantly. Set it. Explain it. Stick with it.

* It would not attempt to hoover up and share my implicit activity on the web. It should share only that which I explicitly choose to share. Execs should recognize that that’s what set users off; that was the line too far, the straw too many.

* It would recognize how much their defaults matter because, even if their privacy policies and functionality were elegant, they know most of us wouldn’t bother — and many of their users are young and not necessarily savvy about how their information can be used in the future. They would see their defaults as a responsibility.

* It would define evil. I said that on the latest This Week in Google: Google, by enabling its employees to ask whether it is evil, defines evil every day and that’s only for the good of its business: If it oversteps a line, if it does evil, it will lose trust and lose business. Facebook must make the similar calculation. It should define that line openly and let us and their employees challenge it constantly.

* It would use today’s meeting as an opportunity for soul-searching, enabling employees and unhappy (would-be) former users to criticize and thus help Facebook find its way.

* It would open-source and federate and put in users’ control any data and functionality about their identity online. That is, it should use open-source standards. It should allow me to extract and host my own identity and data. It should enable other companies to build atop this, with my consent.

* Facebook should decide whether it is in the relationship or the identity business and should learn that trying to be in both put it in conflict with itself and us. It was and likely needs to stay in the relationship business and that is precisely why it can’t become the host and publisher of our public identities.

* As I suggested here, it should study 16th century history about the origins of the public and private and understand that it is playing with bigger, more powerful and profound forces than even it knows. I just wrote in my next book that we are undergoing a similar shift in how society organizes itself with similar tools. Mark Zuckerberg says that he is enabling big change in society. I say examine that belief.

Facebook is smart. That’s why I remain surprised that it is blundering so. When Peter Rojas killed his Facebook identity (as Leo Laporte did last night on TWiG), he said in a Twitter conversation we had that Facebook may be blinded to its problems by its meteoric growth; it can’t see people leaving for all the people joining. I think he has a point. Any and every company would be wise to hear from unhappy and former customers, no matter how many new customers they have.

And they should do it in public.