There’s a growing problem right now with Facebook Connect: it can silently log you in to websites that you *don’t want* to share your private data with. I saw a funny example last month where a porn website had integrated Facebook Connect … so when you visit the site, one miss-click and you’ll broadcast to all your work colleagues your embarassing love of HardCoreGrannies.
But there’s another example right now that may be worse, and is definitely food for thought. Facebook doesn’t broadcast your data – not to protect your privacy, but to prevent competitors getting access to data they are currently making money out of themselves. By contrast, there’s Gravatar: these guys take your private data and give it away to everyone – and they refuse to stop doing it (I’ve asked, directly, and they refused. They had no reason to refuse – they knew my identity, they knew my request was valid, and I believe under UK / Europe law it would be *illegal* for them to refuse. But … they’re American, and I guess all they care about is money).
So, for instance, I just had one of my online identities ruined by Gravatar. A website that I rarely use recently “upgraded” and implemented the gravatar system – and immediately took a private account and publically broadcast that I was the owner. They didn’t ask me, they just went ahead and did it. Like many web developers, I’m sure they had no idea what they were doing – few seem to be aware of the scam that underlies Gravatar.
Fortunately, I’m not going to lose something massively important, like my job / marriage / life (c.f. the news stories when Google Wave launched), but the website owners had no way of knowing that. They’ve just unleashed this upon their hundreds of thousands of users; what are the chances that one of them will be affected?
(incidentally, if you’re a website owner, I strongly recommend you think twice before adding Gravatar (or any of the clones) to your own site. I don’t know if anyone’s been sued for it yet, but I’m sure it’ll happen eventually)
There are two halves to the problem. Gravatar is fundamentally a violation of privacy: they take your data and give it to *everyone* without you knowing. So what? That’s the whole point of the service! Yes, the Gravatar author is a little incompetent (c.f. OpenID for how he *should* have implemented it), but otherwise there’s no problem, is there? In theory … if you voluntarily sign-up for it, it’s all OK. Isn’t it?
Well … maybe not. They won’t let you (the user / owner) control that flow of data. What happens if you change your mind – can you delete their data? Nope. Why? I’m not sure, but I would guess: If you did that, you’d undermine their ability to make $$$ out of you. You can (theoretically) set your pictures back to empty. But …
…But there’s a second half to this. I believe most people are on Gravatar because WordPress “gave” the user’s private data to Gravatar. That’s a nasty mess right there; what does WordPress’s privacy policy say? Again, when they acquired Gravatar, they apparently didn’t ask their users what they wanted, they just forced this privacy violation on them. Back then, it didn’t have much effect (Gravatar itself was relatively unknown / little used), but as Gravatar gets used more widely, the problem becomes more acute.
And here’s the rub: Gravatar’s staff refuse to adhere to privacy requests because (precising / summarising): “you have to use your wordpress.com account”. What if you don’t have one? “you must have had one in the past and we won’t help you. Go away, and stop bothering us”.
Meanwhile, WordPress refuses to send password details to anyone, ever. A wise security decision in some ways (e.g. many people use the same password on multiple sites. Doh!). Your only choice is to delete the password and recreate it.
Is that a problem? Sadly, yes. Because (due to some very short-sighted / stupid marketing decisions by the WP folks) there are lots of admin systems – e.g. anti-spam – that are run off people’s WordPress accounts. So far as I can tell, no reason exists for this *except* to harvest email addresses and try and lure people onto paid WordPress.com plans. Further, WordPress uses an archaic password-based system (instead of e.g. Yahoo’s permission-based API – which, again, is how WP should have implemented this) – so if you change your password, all those websites will break.
Summary
These services are a nice idea in theory, but when you get terrible implementations like Gravatar, combined with lazy / stupid staff, the user does pretty badly. They get screwed, they get patronised (just look at the Gravatar.com FAQ; they’ve cleaned it up in the last 12 months, it’s no longer so actively offensive as it used to be, but it’s still pretty bad), and many times they don’t even know about it until the violation is widespread.
And, ultimately, any website that uses this system is in danger of losing badly if it goes to a court-case. I’m not a lawyer, but when there are industry standards for user-controlled privacy (OpenID), and specific laws demanding that Gravatar honour the requests it currently refuses (UK Data Protection Act, for instance), I suspect a court is unlikely to look favourably on a website claiming innocence. Ignorance isn’t generally a valid legal defence.
But how much damage do these systems do to themselves? If Automattic were a little less greedy, or a little less selfish, would a lot more people embrace the idea of sharing their identity openly? Will OpenID provide a gravatar-replacement that doesn’t shaft the user, and will that take off much bigger than the original?
Personally, I look at recent events like Google Wave, and Blizzard’s “forum identity = credit-card name” – and the s***storm of angry users in both cases – and I suspect these privacy issues are much more damaging than corporates expect. Which is good news: the world appears to be slowly waking-up to the abuses inflicted upon them in the digital world, and the importance of keeping certain things (passwords, email addresses – and now, finally: identity) sacrosanct. And that is definitely a good thing…
