Check out my ride
Involuntary wealth
aipuck.com
bothyp.com
all of which have
A Closer Look
Exile Island
bothose.com
The Martyr Approac
You’re stuck in my

Outraged
We’ve got a lot of
DWI/ DUI loss of v
Apple in the Garde
Penetration Testin
ailimp.com
Ready to Play Like
That Girl is Like
Enough is Enough
Now considered a s
<<      >>
Why Would You Trust Me? A few weeks ago, we asked you to weigh in on the idea of a “universal online ID.” We’re talking about an idea for a trusted identity system to be built on the open Internet by multiple companies and organizations, but controlled and stewarded by no one. While the basic concept is out there, we have to face up to reality: You trust nothing. The good news is that most of you don’t. And that gives us an opportunity to rethink identity. Over the coming weeks, we’ll roll out ideas for a “universal online ID” that’s really decentralized—something that could be owned by users, protected by them, and controlled by them as well. We’ll need the help of both the privacy advocates and security advocates in the online world to pull this off. We hear from security experts that if online identity were decentralized, we would have less identity theft. And from privacy advocates that centralized, user-owned online identities would allow more freedom in sharing sensitive information. But no one believes they can control these identities themselves, and with identity theft on the rise and government information-sharing growing, the risk of data hacks on a “universal online ID” is also growing. We’ll need to find the right way to create systems that meet everyone’s needs—even the most paranoid—in order to help users feel as safe online as possible. But first we need to understand what users are up to now and why. What are they willing to share, what are they concerned about, and what are they interested in? We’ll start with some broad questions: Why would you trust me? How does trusting others differ from trusting yourself? Do we have more to fear from the government or from hackers? And why do we want more control over our online identities, and what kinds of control will give us peace of mind? The data is in, and there’s a lot of it. There’s been quite a bit of online privacy panic lately, particularly as information regarding online identity becomes more available to the government. But most of the information we’re talking about is already available through the data brokers: Acxiom, ChoicePoint, Experian, LexisNexis, and so on. Data broker information is used by credit companies, mortgage lenders, background checkers, and much more. So if you have a credit history or health history, it’s not the information the government is using; it’s your data, packaged and sold to others. While this data isn’t a direct threat, it’s still something for us to keep in mind when trying to determine what privacy is. That’s not what your information looks like, though. People are much more comfortable sharing their personal information, including the stuff they want to keep private. The Pew Internet & American Life Project released a study recently of online privacy that shows us how these different forms of data are being used. The study found that people use online sharing sites to share a lot of personal data, including: What city you’re from, how many kids you have, where you work, and what your marital status is. They’re also more concerned about the government’s use of online data. Of the people surveyed, 80% were concerned about employers mining their e-mail or Facebook profiles to decide whether or not to hire them, while 67% were concerned about credit bureaus and the government mining their data. If you don’t trust the government or others to have this information, what about your own information? Privacy research firm Ponemon conducted a study last year on personal data. Data is the new currency in the consumer market, and consumers trade away a lot of privacy to get something of value. The study found that people are okay with sharing information online, so long as they can control it. The study’s conclusions: Identity and Personal Information: Consumers are willing to let others use their personal information, as long as they can control how that information is used. Consumer Privacy Behaviors and Awareness: Consumers’ current behavior results in a loss of personal information control. Identity Tracking—The Big Picture: The problem is that data tracking is happening all around us—not just when we’re online, but in unexpected places. So how do we get the benefits of identity tracking while maintaining control over what data we allow to be tracked? As much as we have to learn, we have to trust. We need to trust companies and others who are managing our information, to make sure it’s protected. But more than that, we also need to trust ourselves. You need to know the risks and benefits to you, and be able to make a clear decision about what you’re willing to let people know about you, how you use that information, and where you’re willing to share it. About the author: Joel Spolsky has been on the Internet since the days when most of us were still using Archie, but he's made a name for himself as the cofounder and CEO of Fog Creek Software. Along the way, he's built a few small software companies, gotten involved with a few government projects, and written a couple of books. When he's not building software, he likes to write longform essays about it at JoelOnSoftware.com. If you’ve been paying attention to the headlines lately, then you’ve probably heard about the FTC’s “Consumer Sentiment Project.” The project was actually started in the ’80s, but Congress recently gave the FTC the authority to resurrect it, as long as they use the information to help “promote the public interest.” Basically, they’re going to run a survey of a small group of people to learn what information they want or don’t want to give out. Most Internet users are against this idea; the FTC hasn’t really given much of a reason why they think it’s necessary other than to satisfy the law. I’m not personally against the project, but it certainly seems like the FTC is overstepping its bounds in this. Personally, I don’t want my information shared. The people who ask for my Social Security number so they can make some credit card purchase don’t ask because they care about me. They’re asking because it’s in their best interest to do so. Their need for my information is their product, and they’re going to try as hard as they can to make me share it. And if I don’t, the consumer law says they have the right to sue. That’s their side of the bargain, and I have to weigh the risk of them going through with it against the value of my information. As with many other things in life, there’s a difference between security and privacy. Security is the process by which you control what happens to your data, or more precisely, you control what people who have access to it do with it. Privacy is you controlling how you share your information. Let’s start with some background on identity theft, since it’s such a hot topic these days. The FTC defines identity theft as the “fraudulent appropriation of another’s identity for personal gain.” In the United States, the law defines identity theft to be the theft of: “Any name or number that can be used to access financial accounts. It is the combination of name and number that forms a person’s identity, and identity theft occurs when criminals take the rightful identity of an individual.” So there’s quite a bit of confusion over just what is and isn’t legal. To illustrate this further, when the issue was first proposed, we were asked to go through the FTC website and check if anything we had was stolen. It wasn’t hard to find at least one account using our name. How could this be, we asked ourselves? Well, it turns out that our Social Security number isn’t the same as our identity. An identity is a unique combination of your Social Security number and name. If it’s not your name, then it’s your Social Security number. As we’ve been saying all along, don’t use your Social Security number to identify yourself online, since it’s essentially like giving a stranger your credit card and address, and asking them to mail you a nice gift. Social Security numbers are a liability for most people in the United States, and we use them to simplify our lives. The FTC is looking to protect us by educating us about the risks of sharing too much information online. We all make mistakes, so why shouldn’t they know when we did something dumb? The FTC plans to conduct an e-mail survey and poll consumers to determine whether or not they would consent to their personal information being shared. They want to create a profile that will let them better understand how consumers view privacy and security issues. But as we’ve seen before in their “Privacy Bill of Rights” work, the FTC is not an organization that’s comfortable with new technology or concepts, so don’t expect them to make much sense