jueves, 10 de diciembre de 2009

New Default Facebook Privacy Settings: More Stuff Going Public

"Meet the new privacy, the same (or worst) than the old privacy." - Unknown (2009)

This week has been deployed the new Facebook privacy interface and the new default privacy settings. We are interested in the latter, although is useful to have privacy settings per Facebook object the default settings are the most used because these respect the minimal effort of the average user.

Check this screen shot with the default settings proposed.

  • About Me: has gone from Only Friends to Everyone.
  • Family and Relationships: has gone from Only Friends to Everyone.
  • Work and Education: are still in Everyone.
  • Posts I Create: has gone from Only Friends to Everyone.
  • Photos and Videos of Me: has gone from Only Friends to Friends of Friends.
  • Birthday: has gone from Only Friends to Friends of Friends.
  • Religious and Political Views: has gone from Only Friends to Friends of Friends.
  • Email Addresses and IM: are still in Only Friends.
  • Phone Numbers: are still in Only Friends.
  • Address: is still in Only Friends.
Please comments any errors or doubts.

miércoles, 9 de diciembre de 2009

Notes from Minsky talk on Artificial Intelligence

After watching talk Emotion Machine: Commonsense Thinking, Artificial Intelligence and the Future of the Human Mind by Marvin Minsky I share my notes.

The talk is mostly pessimistic. He warns about a work emergency, not enough people working and we will need AI to replace human work in the next years. Now, robots work in small domains, for example in the construction of standardised objects. But there is no automation of maintenance. Little or big maintenance is not accomplish by robots because this work usually has unexpected elements. Minsky has a gloomy view of the last 20 years of AI. He calls to recall old fields of AI like Sematic Information Processing. He also wants to emphasize the lecture of other books from the 60s and 70s. An example of restricted domain where AI was successful is symbolic integrals. Also algebra problems represented with natural languages have very good old solutions, hardly improved in the last years. But no commonsense knowledge is embedded in AI in these days. Human intelligence has multiple domains of knowledge in parallel: physical, social, emotional, spatial, mental, etcetera. He recommends his book: The Emotion Machine. Also warns about fad techniques and research areas, some of these will go away: genetic programming, insect robots, artificial neural networks, etcetera. They work with a well defined problem, not very general. For example with genetic programming, the problem is that only remembers what succeeded. No common mistakes are learn. On the other side, culture teaches common mistakes. Memes, propagated beliefs, not genes, include positive and negative information. Also the representation of knowledge is diverse. Minsky proposes a "Critic-Selector" model of the brain. It seems a very abstract model of the brain, including many levels, at least 6 of them. He emphatizes that you need theories of the mind before doing mental experiments with the brain. He observes that there are many Ways To Think: analogy, planning, simplify, reformulate, simulate, etcetera. Also that there are more parts than you need in the mind, there is no Occam's Razor in psychology! Many levels and structures. Minsky talks about different types of goals, seems to static to me if you have static categories. Finally he confess he professes isolationism, not connectionism, the existence of isolated levels and structures, that only interact when they need to.

I liked the emphasis on:
  • Commonsense is mostly social.
  • If you can solve a problem you cry for help, social intelligence comes to rescue.
  • Any machine with Minsky's Model it's "... got to learn from people.".
Happy AI Hacking!

lunes, 7 de diciembre de 2009

Understanding Facebook Tagged Photos Privacy

We discuss how to enhance the privacy of Facebook when facing users tagging you in third-party pictures.

To understand the tagged photos privacy features of Facebook we design a Facebook usage lab. Our laboratory includes three individuals who graciously volunteered to be part of the tests. Bob is in Alice's contact list because he is her lover and Chuck is in her contact list because he is her official couple. Chuck suspects that Alice is unfaithful but he needs evidence to attract Alice into a vortex of unhappiness and sorrow.

Each of the users respectively uploaded one picture: PhotoB, PhotoA and PhotoC. The critical photo is PhotoB, uploaded by Bob, where Alice is included.
In Facebook, a user can tag photos with names. If the name belongs to a contact of the user the tag is linked to other public photos of that contact. The privacy features of tagged photos are centered around:

a) who can view the photos published by user A and
b) who can view the photos where user B was tagged.

We will discuss briefly the scenario where Bob tags Alice in his photo, with the default configuration.
By default, Bob's photos are only visible by his friends, in this case Alice and not Chuck. But if Bob one day needs to share something and changes his profile privacy from "Only Friends" to "Friends of Friends" (Settings > Privacy > Profile > Profile) then Chuck will notice in his Facebook feed that Alice was tagged in a photo owned by Bob. This is due to the default photo tagged visibility configuration of Alice, i.e. "Only Friends" allows her to view the photos where she was tagged. If Alice changes her tagged photos settings to "Only Me" (Settings > Privacy > Profile > Photos Tagged of You > Customize... > Only Me) then Chuck will not see the critical PhotoB.

To search for photos and test the visibility you can use "photo_search.php".


There you can view the photos "visible" by the user A who is logged right now. This photos can be from the user A profile, or from another user but tagged with the name of the user A whom numerical identification is USER_NUMERICAL_ID.

Join the privacy lab via Facebook (Alice, Bob and Chuck) or the Data Privacy Army if you want to contribute with scenarios or comments!

martes, 1 de diciembre de 2009

Social Rings: A Simple Method For Enhancing Privacy In Web 2.0 And Social Networks

Disclaimer: This post was written for the annoyingly paranoid.

If you are worried about your privacy but you don't want to be isolated in Internet then you may want to implement social rings. Here we will describe the simple method we devised for enabling a little privacy in web 2.0 and social networks. We design four privacy levels or social rings to access the web and contact people through social network services. Keep in mind, that as soon as other abstract communication layers don't provide any privacy, probably your privacy is invaded by your local ISP, government intelligence/security agency or employer.

This method includes human and automatic computer interactions. We have been testing it for about a year and provides a more clear understanding of privacy in the Internet, given the little effort of managing the different rings. It is designed to avoid phishing, spamming and optimized your mindshare/attention online, a limited resource.
  • Social Ring 0 (The Circle Of Trust or The Social Circle): Include here close friends, trusted co-workers and trusted family members. Create an e-mail for this ring. Identify yourself with your complete name but don't include your complete name in the e-mail, you don't want people knowing your complete your name to deduce the e-mail. Use this e-mail only for human-human contacts, not for automatic subscriptions, the latter usually contains messages from people you don't trust. This email, not directly deducible from your complete name, will be the key/token (we will call it token0) to enter social ring 0, but assume that contacts in this ring know your complete name. Use token0 to create and account on you favorite social network service. Check that people can only contact you in this ring if they have token0. In Facebook for example you must not use your complete name, but you may want to be contacted with token0 in the people search queries. From example if your name is Alan Smithee you may use alans or as23 as privacy token0. Only people (or robots?) will enter this ring after physical contact or personal recommendation from an existing contact. You may subscribe to news feed system only in this feed systems allows anonymous subscriptions or followers. Twitter allows anonymous subscriptions via RSS feeds but following people in Twitter with your Twitter account is not anonymous.
  • Social Ring 1 (The News/Nickname Ring): Here are included not so close friends, untrusted co-workers/family and automatic subscriptions/robots. Create an email with privacy token1, similarly as with ring 0 but now with a token completely uncorrelated to your complete name. Don't use your complete name anywhere within this ring (!), use a simple nickname, such as alan666 or morfeus. Using token1 you can subscribe to people and systems that only supports non-anonymous subscriptions such as Twitter. E-mail newsletters and lists are included in this ring because this qualifies as an interaction with an untrusted machine possibly aggregating content and spam from people you don't know. Don't use token1 for possible spammish subscriptions or people/social network systems suspected of being malicious. You may want to use your complete name in blogs and services associated with token1 but only for publishing content, not consuming.
  • Social Ring 2 (Social Event Horizon): create a totally uncorrelated social key token2 for this ring. Use it for subscriptions/services you don't trust at this moment. You can probe suspicious services or people comfortably standing in this ring. Surely you will need an email for this ring.
  • Social Ring 3 (The Anonymous Moors): anonymous polls, anonymous social comments in web forums, no credentials needed. As you can be approximately geographically located, you may want to used anonymous routers such as Tor to avoid geographical bans or censorships. Remember to don't use any ring 0-2 credentials in this ring.
Some improvements may include Social Ring -1 with an encrypted web vault for storing personal data such as financial information, other critical data and Social Ring 0-2 credentials.

You want to avoid scenarios were people/machines can't deduce token{n-1} from token{n} so that can elevate their social ring level.

Please comment any method bugs or possible improvements.

(Last photo courtesy of lois_15354.)