Blog   |   Internet

Security vs. risk: More on Facebook and Google+

Google Chairman Eric Schmidt (left) speaks to the media on July 7. Schmidt has said that "everything will move over to using the Plus infrastructure over time." (Reuters)

It's been fascinating watching the hothousing of a new social network in Google+. In the early days of Twitter, it was the users who invented social norms like "@"ing people, hashtags, and retweeting, which the designers of Twitter adopted and echoed in thee hardwired code of the website itself. Such affordances, as they are known, evolved slowly over time, and in response to the actual use of the service by an engaged user base.

By some estimates, Google's service is already being used by more than 4 million people in less than a month. Google faces an enormous challenge in getting its own affordances right in a very short amount of time and for a wide range of people, from casual users to writers in repressive regimes. (Indeed, one Google+ early adopter, Syrian blogger Anas Maarawi, has already been arrested by the authorities, though not for his use of the new service.)

But while this early evolution is important to get right, it's also possible to change behavior and improve policies much later in the day. Companies like Facebook are not static, and over the last few months, Facebook has made some changes to how it operates that benefit at-risk journalists.

Before talking about either service, I should re-emphasize that if you really do believe yourself to be at risk of surveillance or concerned about the seizure of your computer or censorship of your online content, you should strongly consider not using social networks at all. The best way to preserve control and identity online is to own your own domain name, control your own Web server, and to use client-side anonymizing services like Tor. Social networks are general consumer services that are not necessarily designed to protect sensitive information against the sort of sophisticated cyber-attacks aimed at some journalists. Using pseudonyms, or simply being the target of a large number of other user's complaints, for instance, are commonly grounds for account deletion. Depending on their location and legal jurisdiction, third parties like social networks may be closely monitored or compelled to hand over personal data to governments or agents in lawsuits: even governments that may misuse such data.

That said, given the large number of journalists using their services, it's always good when companies take account of their particular needs. In Facebook's case, they've recently made a few valuable steps.

Over the last few months, the company has introduced a number of optional security features. If you are concerned about others attempting to gain access to your Facebook account, you should turn on https for more secure communication and enable login notifications so that you know if your account is accessed by a new device. You can also remotely disconnect other logins, and create one time passwords that are sent by text message if you are logging on in an insecure location, such as a cybercafé. They have also translated their community standards documentation into 30 languages, and made it available for those not already subscribed to Facebook, letting people who may inadvertently skirt the line of such standards a better idea of what is acceptable.

Which brings me to Google+, and its own community standards. I wondered last week whether Google's own "name you are known by" policy would differ substantially from Facebook's "real names" policy in practice. In most cases, the two ideas are indistinguishable, but in the cases that CPJ is concerned with, the outcome can potentially be starkly different. Individuals like Michael Anti are known by their online names for far more people than they are know by their legal names; will they pass muster on Google+ as they did not on Facebook?

As their service ramps up, Google has now started clamping down on unusual names, but it's still unclear what proof they will now require. One question I had was how suspension would affect users' use of other Google services, and it seems for now that the effect is limited: Just Google+ itself and Buzz are disabled if your profile is suspended. But Google's executive chairman, Eric Schmidt, has also said that "everything will move over to using the Plus infrastructure over time," so this may change.

Google+'s default behavior is also a concern. If Google wants its users adopting their new "circles" system in the rest of their life, some are already broadening its use in ways that it was perhaps not intended. Some are experimenting with individual one-on-one messaging, rather than sharing with a group. Others use it to post semi-confidential information within a small group, in the assumption that as the original poster they have a large amount of control over its distribution.

In fact, when first released, Google+ allowed anyone within the limited circulation to "widen the circle" of any posted material by mentioning someone and including a "+" in front of their name (like the "@" symbol on Twitter). This feature, of bringing someone into a private conversation after a mention of their name originally worked, even if the original poster has chosen an option called "disable resharing."

After much user debate, Google+ has already (between the first and final draft of this posting, to be exact) limited such widening to those who choose to allow resharing. These are the sort of interface quirks that are often ironed out quickly, with enough user input. But I wonder if Google's initial idea of the role of Google+ is already racing to match its users' own behavior, especially regarding confidentiality.

Plenty of confidential communications and organizing take place on Facebook, even though it too was never intended to bear that burden. Over time it has developed a number of different routes, including chat and messaging, with different implied privacy levels. Hopefully the norms and policies of Google+ will adapt to reflect those differing needs too.

The best of all worlds would be if Google, Twitter, Facebook, and any other entrants start to compete, not just on sharing capabilities and the size of the network, but on privacy and security. Even if such considerations do not seize as many headlines as offering video chat or celebrity endorsements, they are steps that benefit everyone, whether dissident bloggers or your own friends and family.

More on
Published

Like this article? Support our work