Eternal vigilance app for social networks: treating privacy vulnerabilities like other security risks

Social networking sites are Skinner boxes designed to train you to undervalue your privacy. Since all the compromising facts of your life add less than a dollar to the market-cap of the average social network, they all push to add more "sharing" by default, with the result that unless you devote your life to it, you're going to find your personal info shared ever-more-widely by G+, Facebook, Linkedin, and other "social" services.

Arvind Narayanan has proposed a solution to this problem: a two-part system through which privacy researchers publish a steady stream of updates about new privacy vulnerabilities introduced by the social networking companies (part one), and your computer sifts through these and presents you with a small subset of the alerts that pertain to you and your own network use.

Here's how we could build a "privacy alert" system that solves these problems. It has two components. The first is a privacy "vulnerability tracker" similar to well-established security vulnerability trackers (1, 2, 3). Each privacy threat is tagged with severity, products or demographics affected, and includes a list of steps users can take. The second component is a user-facing privacy tool that knows the user's product choices, overall privacy preferences, etc., and uses this to filter the vulnerability database and generate alerts tailored to the user.

While the core design is very simple, we can imagine a number of bells and whistles. The vulnerability database could utilize crowdsourcing to increase coverage and expediency, and offer an open API so that anyone can utilize the data. If the user-facing tool taps into browsing history and other personal information, it can automatically infer which vulnerabilities are relevant to the user. Of course, this raises its own privacy concerns, so the tool would have to be offered by a company or organization that the user trusts.


Eternal vigilance is a solvable technology problem: A proposal for streamlined privacy alerts [Arvind Narayanan/Freedom to Tinker]