MoveOn and the privacy policy of who cares

MoveOn.org sends me e-mails ever since I requested the free Obama bumper sticker. Since most of the time his bumper stickers are sold out, a free sticker is a free sticker, even if it is from MoveOn. I got this e-mail:

Each one of those 3 boxes is the same url, but ends in &t=#, where for the first box it's 1, "sign the petition" button and text it's 3, and the video it's 4. In the e-mail there are text links using the numbers 5 and 6. I wanted to see the video (t=4), so I clicked that. Instantly I was greeted by a moveon.org webpage thanking me for signing the petition. What? My name is going to Fox on a list of people who signed a petition? I didn't mean to do that! I just wanted to see the video, it looked like a youtube link! Why didn't you ask for confirmation?

So I saw at the bottom that this was ok with their privacy policy, and I got mad. Privacy? Not really, I never said "sure, put my info down", I just clicked a link that did NOT indicate in any way that I was confirming anything. So I went to their "contact us" page and wrote this:

You disobey your own privacy policy, because in the e-mail you can click on a video screenshot highlighting "Obama's Baby Mama" and this will, without any confirmation, add your name to the petition to Fox News. That is not at all what I wanted to do, and whoever wrote the e-mail in a fashion where you don't have to click "Sign this petition", but can click OTHER OBJECTS THAT DO NOT IMPLICITLY SUGGEST YOU ARE ABOUT TO SIGN THE PETITION and achieve the same result should be fired.

Also, if I don't get a confirmation that my name has been removed from a petition that I did not want to sign, I will be happy to take action against MoveOn.org. Perhaps a petition for MoveOn.org to respect users privacy by confirming that they want to put their name on something that they may not agree with, or may think is ultimately ineffectual? I'm sorry I took the free Obama bumper sticker, because MoveOn.org is seriously looking as bad as the republicans say it is with this kind of disrespect for user privacy.

I expect my name to be removed, but I also expect no real sincere apology to be given, nor action to be taken. MoveOn Political Inaction, right? Right.

However, since it doesn't really matter (they'll just give me a form 'who cares, why did you get your panties in a twist, obviously you have to disagree with it since you're on our mailing list!'), I'm toning it back to this:

I clicked on a thumbnail of a video in the recent petition to fox news e-mail and was alerted that, without confirmation, my name had been added to the petition. Remove it, I gave you no such permission, and while I have not read your privacy policy, I find it hard to believe that a "by visiting a URL on our website, you give us permission to use your name" clause is in there. Maybe a "by visiting a url on our website, checking an "i'm sure" box, and hitting submit, you give us permission to use your name", but not the one lacking the confirmation box.

Remove my name from the petition.

Watch as nothing happens and MoveOn continues to deceive.

June 27 @ 07:44 PM | 0 Comments | Tags: moveon, privacy, petition | Trackback

Note to self

Don't just overwrite your chyrp directory, set up a 'staging' area first, especially when the guy who writes chyrp assumes everyone will use git so he writes absolutely no 'safe upgrade' instructions for people using releases, nor "files that contain your config info so these are the most important". Good thing I backed up first :-

edit: also, copy over your .htaccess at the terminal

edit: ah, good, the staging area is broken. beautiful. and the developer thinks everybody's gonna have git so they can do a git pull on their webserver. Dreamhost survey sez...

[attila]$ git
-bash: git: command not found

June 27 @ 07:02 PM | 0 Comments | Tags: chyrp | Trackback

More on Fire Eagle and privacy

I've written before on Fire Eagle. It's a nice idea, Fire Eagle is. I complained on Twitter that there seems to be no private flag in the API, and confused Tom Coates. I responded, with an extra post containing more info, which confused him more, so he asked me to IM him. Well, I saw that tweet while I was out at a restaurant, so I wrote a blog post instead (the one I mentioned in the first sentence) and let him know. He didn't respond. I tried to IM him on both accounts, his AIM failed, and later his Y!M had no response. I added him to my 'friends', later he messaged me while I was not at the computer (and I responded, but he apparently was offline the whole time, and has not responded in the days since). Now I have asked why he is avoiding me now.

I understand that's a lot of tweets, but you don't actually need to read them, they just provide backstory if you're unsure about my summary.

So, since I had grouped my Fire Eagle with my BrightKite, I posted an update to brightkite in private mode. Brightkite told Fire Eagle the full address, instead of just the city and state (like it is supposed to, to non-trusted friends and the public). I can understand their intention: Fire Eagle needs the full address in case it has to update other sites, like Dopplr, with my full address (for friends) and partial address (City, State) for public. But as far as I can tell, there's no way for BrightKite to tell Fire Eagle, "hey, he's in private mode, so tell the other sites he's in private mode and don't display the full address to them". You have to go in, and either set private mode in Fire Eagle (kinda silly since FE is supposed to be the middle man and not the home base where you go in and update your address to push it to other services), or go in and say

ok, I'll tell my full address to brightkite, it will pass that on to FE, but since there's no privacy tag in the api I will have to tell FE that Dopplr is only allowed to know my City, State, even though it's allowed to know MORE, I just can't tell Dopplr the full location with a 'and only the city/state is public' notice.

I don't see how this doesn't make sense as I said it above, but some people seem to find what I say difficult, so I'll give a run down. There is NO PRIVACY TAG in the location API. NONE. Not on a individual scale (imagine being able to say that the street was public, but which city it was in was private!), and not on a master scale. However, there is still some semblance of privacy.

User Location Permissions

From the user's perspective, when she is authorizing your application, she is setting two things. Firstly, she is authorizing how much of her location information in Fire Eagle is accessible to your application. Secondly, she is deciding whether your application can set his location in Fire Eagle.

Users authorize which of the following levels of their location information your application is able to access. Your application should be prepared to deal with inputs at any of these levels.

• user has not allowed read access.
• as precisely as possible
• at the Postal Code level
• at the Neighborhood level (currently unused)
• at the Town level
• at the Regional level (currently unused)
• at the State level
• at the Country level

After authorizing your application, the user can change either of these authorization settings at any time without notice to your application.

This is an interesting way to go about it, I'm reminded of Aza Raskin's method (check the mockup at the bottom of his post!). However, this is not the correct way to go about it.

What if, like BrightKite obviously understands with their user customizable "private" mode, I could tell Fire Eagle that sometimes I want Dopplr to know/show my full location, and sometimes I don't? Just sometimes. There's no way to do this. I have not used Dopplr (so maybe there is no private mode), but there's still no excuse not to support a privacy tag in the API. I'd be able to tell Fire Eagle

ok, we know Dopplr has no privacy mode, so when BrightKite tells you I'm in private mode, don't tell Dopplr my street address. Just the City, State.

That's too logical, I'm afraid.

Update (Aug 13, 2008): Tom Coates has sent me a direct message.

Hey - we didn't ignore it - we're still thinking about it. No promises it'll happen, but we're definitely considering it.

June 27 @ 06:34 PM | 0 Comments | Tags: brightkite, fireeagle, location, geolocation, api, privacy | Trackback