I posted this on Facebook and Google+ already, but I want to make sure that everyone I can reach sees this. Facebook’s “frictionless sharing” initiative may have already caused friction with Spotify users, but it presents very real privacy issues when it comes to Klout. My original post on Facebook:

Sometimes, people message me that they’re unable to write on my Facebook wall. I originally disabled it because people were using my wall to post spam. Now Facebook & Klout have provided another reason: Anytime someone posts something on my wall, or even comments on my posts, they unknowingly, unintentionally are getting their data pulled into Klout for public use. Even if they’re just kids.

If you’re a parent, please read this article on “Privacy Fail: Klout Has Gone Too Far” (TheRealtimeReport) and this one on “Is Klout Stalking Your Kids” (Sophos NakedSecurity) - Please make sure your kids are safe and that they understand to *NOT* post anything personal or private online, especially on Facebook.

Let’s prevent another Kiki Kannibal from happening!

If you don’t have time to dive deeper into all the links, here are some highlights. Danny Brown shares a great example of the privacy breach through Tonia Ries‘s personal experience:

…Tonia pointed out the example of her son.

He isn’t on Twitter, and he’s not super active on Facebook. He hasn’t given Klout permission to access his account, and he has his Facebook privacy settings at private. Just like Megan advises.

And yet here he is on Klout, with a profile and score of 38. However, that’s not the issue. The bigger issue is this. As you can see from the image (which I’ve blurred to protect his identity), you can clearly see that his Facebook icon is a live one (i.e., not shaded out), which means people can visit his Klout profile and be taken to his very private Facebook profile by clicking the Facebook icon.

…If you’re [Klout] going to activate accounts for people who have their feeds set to private, and justify it by saying, “But they spoke to someone who has a public account”, that’s crap. That’s like saying, “Well, we’re going to telemarket call your son’s private phone number because we overheard you asking for his new number on your public phone.”

The NakedSecurity post explains in more depth:

As Danny Brown has demonstrated, it’s not easy to delete your Klout profile.

And as shown by myriad legal actions, Facebook is clinging to our private data even after users supposedly delete it. This has come to light most clearly in the complaints brought by Max Schrems against Facebook in theEurope vs. Facebook privacy war. Schrems found, after getting curious about what data Facebook was retaining on him, that it was, among other things,

* Retaining data on pokes  after a user removes them.

* Collecting data about people without their knowledge, using it to substitute existing profiles and to create profiles of non-users.

* Using tags without specific user consent.

* Gathering personal data - e.g., via its iPhone app or the “friend finder” – and using it without the consent of the data subjects.

* Retaining posting data after user deletes.

(For the full list of 22 complaints, see Kim Cameron’s Identity Weblog.)

As for Ries’ son, he apparently got caught up in Klout’s net because of Facebook’s recent platform changes - namely, the one that allowed users to specify whether their posts were visible just to friends or public or some combination of the two. As Ries describes it, whatever you used for your last post becomes the default for your next post.

“As a result, my Facebook posts are set to be visible to the public,” Ries wrote. “And when my son recently commented on one of my Facebook posts, so was his comment – and Klout used that comment to find him and create a profile on him.”

This should be disturbing to any parent. The Facebook page for Ries’ son won’t turn up if you run a Google search on his name + Facebook, nor via searching on Facebook search unless you have ample personal data on him.

But now, Ries says, “you can easily find him via a prominent link from the Klout profile of a relatively public person.

“I’m not a legal expert, or a privacy expert, so I have no idea whether laws are being broken here,” Ries writes. “But the idea that, just by virtue of the fact that he commented on my post, I am now exposing him, a link to his Facebook profile, and the information that Klout is pulling on his social graph – all in a far more public and visible manner than he would ever chose to agree to – is extremely disturbing to me.”

If you use Klout, are on Facebook, and care about *not* exposing your family and friends to the public without their express consent, please consider disconnecting your Klout and Facebook accounts until the issue gets fixed. I am. And until that issue does get fixed, I will completely understand if you stop commenting on any of my Facebook posts for a while. Or ever.

About grace

http://www.gracerodriguez.com http://twitter.com/gracerodriguez http://facebook.com/gracejrodriguez http://linkedin.com/in/gracerodriguez http://www.culturepilot.com http://www.dfjmercury.com http://www.c2creative.org http://www.fanlaunch.com http://www.sockwonkey.com http://blog.aynbrand.com

View all posts by grace →