Talk:ListenLog: Difference between revisions
Jump to navigation
Jump to search
mNo edit summary |
mNo edit summary |
||
Line 4: | Line 4: | ||
# Assumption that whenever personal data is captured, it is captured ultimately on behalf of a vendor, even if users are told otherwise. The default assumption is that data is stored and used by the vendor who is in control of the current user experience, e.g. whomever distributes this software application or hosts this website. The assumption might be that it is used by an unwarranted vendor or that if explicit permission is given, the data might be used in an unwarranted fashion (e.g. when you provide your phone number to a vendor who then later uses it to solicit you). | # Assumption that whenever personal data is captured, it is captured ultimately on behalf of a vendor, even if users are told otherwise. The default assumption is that data is stored and used by the vendor who is in control of the current user experience, e.g. whomever distributes this software application or hosts this website. The assumption might be that it is used by an unwarranted vendor or that if explicit permission is given, the data might be used in an unwarranted fashion (e.g. when you provide your phone number to a vendor who then later uses it to solicit you). | ||
# Concern that even if the data is owned or controlled by users, it might eventually be compromised, e.g. by a malicious 3rd party, oppressive government, legal body, etc. who can tie this data to me. Since we intend to store the data remotely, this might aggravate the concern. | # Concern that even if the data is owned or controlled by users, it might eventually be compromised, e.g. by a malicious 3rd party, oppressive government, legal body, etc. who can tie this data to me. Since we intend to store the data remotely, this might aggravate the concern. | ||
# | # As a user, why would I choose to do this? Since LL will like have the ability for individuals to opt-in or opt-out, why would someone choose to collect their own data? What's in it for them? There might be built-in resistance without a compelling use case. | ||
What might we do to address these concerns? Here are some suggestions I propose: | What might we do to address these concerns? Here are some suggestions I propose: |
Revision as of 11:47, 2 February 2009
Users Might Object
A potential concern with ListenLog is that many may perceive it as yet another mechanism for aggregating personal attention data that will (or at least could) be used or used indiscriminately by a third party. There are four aspects of this concern, depending on how the LL concept is presented and implemented:
- Knee-jerk negative reaction to the concept of personal/attention data being monitored at all. This reaction is prior to any consideration as to why and for whom the data might be used.
- Assumption that whenever personal data is captured, it is captured ultimately on behalf of a vendor, even if users are told otherwise. The default assumption is that data is stored and used by the vendor who is in control of the current user experience, e.g. whomever distributes this software application or hosts this website. The assumption might be that it is used by an unwarranted vendor or that if explicit permission is given, the data might be used in an unwarranted fashion (e.g. when you provide your phone number to a vendor who then later uses it to solicit you).
- Concern that even if the data is owned or controlled by users, it might eventually be compromised, e.g. by a malicious 3rd party, oppressive government, legal body, etc. who can tie this data to me. Since we intend to store the data remotely, this might aggravate the concern.
- As a user, why would I choose to do this? Since LL will like have the ability for individuals to opt-in or opt-out, why would someone choose to collect their own data? What's in it for them? There might be built-in resistance without a compelling use case.
What might we do to address these concerns? Here are some suggestions I propose:
- Clear, careful presentation of the concept. This is unlike anything people will be familiar with and they will likely resist, misunderstand, or compare it to historic privacy violations. A primary emphasis on new, previously unavailable user functionality might be a good approach.
- Store the data somewhere agnostic and other than on the application or vendor servers (I recommend Berkman servers)
- Send data to servers over secure sockets
- Automatically and by default store all data in fully encrypted form ("locked"). As an alternative to opt-in, users would need to unlock the data (would un-encrypt it wholesale) in order to get access to functionality or to share the data externally. Users could lock, unlock, and delete at will.
- Perhaps lock and unlock different sub-sets of data, e.g. location
- Don't build any ability to share data into first version
- Build and focus on a single piece of previously unavailable end-user functionality, e.g. "Search across everything I've ever listened to"
Khopper 15:31, 2 February 2009 (UTC)