According to Eli Pariser, a cofounder and former Executive Director of MoveOn.org, data aggregators like Google have started using increasingly sophisticated filters to decide what information we consume online.

Trouble is, these new levels of data-personalization, along with the growth of social networks that we use to self-aggregate, are threatening to hamper civic engagement. The filtering, Pariser told those attending the Personal Democracy Forum in Manhattan earlier this month, is starting to keep us from being exposed to a surge of new information and ideas — and chiefly, viewpoints that may differ from our own.

For example, Pariser says, Google now uses 57 different personalization filters to customize what we see on the Web, even if we aren’t logged in. That makes it harder for us to see news and information that Google’s algorithms suggest might bore us or upset us. And that’s not all, says Pariser. Often, these “filter bubbles” keep information from us without our specific permission — and worse, without our knowledge.

[Google isn't the only culprit. Facebook also customizes content, using information on the links people click to tailor the news that appears in their personal feeds. Pariser, a progressive, says he has tried hard to add conservative friends to his own Facebook feed but their links and feeds keep getting blocked by Facebook's personalization algorithms.]

“What you see on your screen may be different from what the person sitting next to you sees during a similar Google search,” Pariser told the gathering of more than 600 social change advocates, social entrepreneurs and open-government activists. “…We really need to get away from that silly idea that (computer) code doesn’t care about anything.”

Data-filtering isn’t new, of course. But these new filter bubbles differ from what we’ve seen before, and in three key ways, Pariser says. First, the degree of personalization is higher. You’re no longer simply being grouped with a bunch of people who read The Nation. Now you’re alone in your bubble. Second, filter bubbles are invisible. You don’t realize they exist; you can’t see them. And third? You don’t choose them. They choose you.

“As the face of curation of what we see and consume online changes from a person to a machine, we need to start questioning the values of these filtering devices and get the power back to make these decisions for ourselves,” Pariser says. “The filter bubble may be good for consumers but it’s bad for democracy.”

Other assertions made by presenters:

* There is racial segregation on the Web, even in trending topics on Twitter. According to data visualization experts Fernanda Viegas and Martin Wattenberg, the thousands of hashtags being used to collate and segment different conversations by topic also may be keeping many people out of the short-messaging site’s most popular and/or important conversations. Example: Two of the top-trending topics over the recent Memorial Day weekend — #cookout and #oilspill — were starkly segmented along racial lines. Viegas said the #cookout conversation was attended mostly by blacks and #oilspill, mostly by whites during the same period. “Hashtags are the bumper stickers of the 21st Century,” said Wattenberg. Added Viegas: “On many topics, it’s a heterogeneous crowd, but there’s a whole other chunk of topics where race divides people. We need to be aware that even online, we can be immersing ourselves in conversations that are segregated in ways that might be worrisome.”

* We are not using the social media tools we have to solve problems so much as we are using them to socialize with like-minded people about these problems. It’s time to get more active offline, said Clay Johnson, the director of Sunlight Labs and co-founder of the online political strategy firm, Blue State Digital. Social entrepreneurs and activists need to focus less on using social media to build email lists and focus more on getting people active offline solving social problems, he said. He cited the online social network, Momsrising.org, as a good example of a social network that is highly engaged in civics, using government data on health, education and economic trends to create a “Moms Score” to help catalyze offline protests and social change.

* We must work harder to break out of these self-imposed (or machine-imposed) comfort zones if we’re to affect social change. “We are too focused on climbing the hierarchy ladder in our workplaces and social networks online, and not focused enough on dismantling these hierarchies, which is where the true power lies,” said Deanna Zandt, a social media consultant and author of Share This! a new book about social networking. “We’re living like fish right now,” she said. “We don’t know we’re wet. We’re taking our perception that the Net is a wonderful meritocracy but that’s not true. We need to interrupt this pattern of thinking immediately.” Zandt urged conferees to shatter their comfort zones to start making the Net a more hospitable place for civic engagement. “We have to work harder at civic engagement online,” she said. Zandt, who is white, shared her own experience of finding herself in an unexpected discussion on Twitter about race in America after she spoke out against an action last summer by Philadelphia’s Valley Club to ban black children from swimming in its pool. “This was completely outrageous, I got really angry about it and signed petitions and all of that, but what was more interesting was what happened in the days following that,” Zandt said. “People started sharing on Twitter about the first time they’d been discriminated against as children and this blew me away. I wouldn’t have found myself in a group of people of color, sharing stories about discrimination without Twitter” and without “stepping out.”

* We must stop enabling the status quo. John Perry Barlow, the founder of the Electronic Frontier Foundation, a 20-year-old nonprofit digital rights advocacy group, told the gathering that he stands by his earlier statement, made many years ago, that “the Internet is the most powerful event since the capture of fire.” Barlow said there is massive power in the hands of individuals, thanks to the Web, but this is power that destabilizes the status quo and can cut both ways, for better and worse. Most people still don’t know how to use this Web power to organize and affect social change. But they are learning, he said. “We have to stop expecting the government to shower us with things it can no longer deliver,” he said, “and start running this country and our institutions (including companies) the same way the Internet is run, from the edges.”

* We must stop assuming that civic engagement will occur online on its own. James Fishkin, the director of the Center for Deliberative Democracy at Stanford University, said the best way to boost public deliberation online is to create it. Fishkin says that the current way we “self-select” our social networks online has led to only the most extreme views being heard by one group or another. He suggested a five-step “Deliberative Polling” methodology to start creating issues circles, which first gets all stakeholders together from all sides of an argument to agree to a set of detailed survey questions that will help frame a debate around issues where civic engagement is most needed. Second, select 500 people who represent specific groups across viewpoints to participate. Third, send them the survey. Fourth, assemble them in small groups and facilitate discussion and deliberation, either online or in person. Fifth and last, survey the participants again to see if their opinions have changed as a result of that engagement.

* The Net can be a force for civic engagement, especially in societies around the world where there has been none before. Ethan Zuckerman — a social media expert, blogger, founder of Tripod.com, a Web hosting enterprise, and co-founder of Global Voices, an internationally crowd-sourced news site — said the Net “really changes things in the long-term by creating a new public space, one that in most closed societies around the world is not available any other way.”

What do you think? Does the surge of online social networks and corporate use of Net filters to segment consumers of their products make it harder for people to engage with one another — in or out of the workplace? Let us hear from you.

In January, Facebook Chief Executive Mark Zuckerberg declared the age of privacy to be over. A month earlier, Google Chief Eric Schmidt expressed a similar sentiment. Add Scott McNealy’s and Larry Ellison’s comments from a few years earlier, and you’ve got a whole lot of tech CEOs proclaiming the death of privacy — especially when it comes to young people.

It’s just not true. People, including the younger generation, still care about privacy. Yes, they’re far more public on the Internet than their parents: writing personal details on Facebook, posting embarrassing photos on Flickr and having intimate conversations on Twitter. But they take steps to protect their privacy and vociferously complain when they feel it violated. They’re not technically sophisticated about privacy and make mistakes all the time, but that’s mostly the fault of companies and Web sites that try to manipulate them for financial gain.

To the older generation, privacy is about secrecy. And, as the Supreme Court said, once something is no longer secret, it’s no longer private. But that’s not how privacy works, and it’s not how the younger generation thinks about it. Privacy is about control. When your health records are sold to a pharmaceutical company without your permission; when a social-networking site changes your privacy settings to make what used to be visible only to your friends visible to everyone; when the NSA eavesdrops on everyone’s e-mail conversations — your loss of control over that information is the issue. We may not mind sharing our personal lives and thoughts, but we want to control how, where and with whom. A privacy failure is a control failure.

People’s relationship with privacy is socially complicated. Salience matters: People are more likely to protect their privacy if they’re thinking about it, and less likely to if they’re thinking about something else. Social-networking sites know this, constantly reminding people about how much fun it is to share photos and comments and conversations while downplaying the privacy risks. Some sites go even further, deliberately hiding information about how little control — and privacy — users have over their data. We all give up our privacy when we’re not thinking about it.

Group behavior matters; we’re more likely to expose personal information when our peers are doing it. We object more to losing privacy than we value its return once it’s gone. Even if we don’t have control over our data, an illusion of control reassures us. And we are poor judges of risk. All sorts of academic research backs up these findings.

Here’s the problem: The very companies whose CEOs eulogize privacy make their money by controlling vast amounts of their users’ information. Whether through targeted advertising, cross-selling or simply convincing their users to spend more time on their site and sign up their friends, more information shared in more ways, more publicly means more profits. This means these companies are motivated to continually ratchet down the privacy of their services, while at the same time pronouncing privacy erosions as inevitable and giving users the illusion of control.

You can see these forces in play with Google’s launch of Buzz. Buzz is a Twitter-like chatting service, and when Google launched it in February, the defaults were set so people would follow the people they corresponded with frequently in Gmail, with the list publicly available. Yes, users could change these options, but — and Google knew this — changing options is hard and most people accept the defaults, especially when they’re trying out something new. People were upset that their previously private e-mail contacts list was suddenly public. A Federal Trade Commission commissioner even threatened penalties. And though Google changed its defaults, resentment remained.

Facebook tried a similar control grab when it changed people’s default privacy settings last December to make them more public. While users could, in theory, keep their previous settings, it took an effort. Many people just wanted to chat with their friends and clicked through the new defaults without realizing it.

Facebook has a history of this sort of thing. In 2006 it introduced News Feeds, which changed the way people viewed information about their friends. There was no true privacy change in that users could not see more information than before; the change was in control — or arguably, just in the illusion of control. Still, there was a large uproar. And Facebook is doing it again; last month, the company announced new privacy changes that will make it easier for it to collect location data on users and sell that data to third parties.

With all this privacy erosion, those CEOs may actually be right — but only because they’re working to kill privacy. On the Internet, our privacy options are limited to the options those companies give us and how easy they are to find. We have Gmail and Facebook accounts because that’s where we socialize these days, and it’s hard — especially for the younger generation — to opt out. As long as privacy isn’t salient, and as long as these companies are allowed to forcibly change social norms by limiting options, people will increasingly get used to less and less privacy. There’s no malice on anyone’s part here; it’s just market forces in action. If we believe privacy is a social good, something necessary for democracy, liberty and human dignity, then we can’t rely on market forces to maintain it. Broad legislation protecting personal privacy by giving people control over their personal data is the only solution.

This essay originally appeared on Forbes.com.

Zuckerberg on privacy: http://www.guardian.co.uk/technology/2010/jan/11/facebook-privacy

Schmidt on privacy: http://gawker.com/5419271/google-ceo-secrets-are-for-filthy-people

McNealy on privacy: http://www.wired.com/politics/law/news/1999/01/17538

Ellison on privacy: http://www.businessweek.com/bwdaily/dnflash/oct2001/nf2001104_7412.htm

Danah Boyd on privacy and younger people: http://www.danah.org/papers/talks/2010/SXSW2010.html

The Supreme Court on privacy and secrecy: http://www.rbs2.com/privacy.htm

Privacy and salience: http://www.computer.org/cms/Computer.org/ComputingNow/homepage/2009/1209/W_SP_NudgingPrivacy.pdf or http://tinyurl.com/yfm4jh9

Social networking sites downplaying privacy concerns: http://www.schneier.com/essay-278.html

Sites that make misleading privacy claims: http://www.schneier.com/essay-276.html

Humans are a poor judge of risk: http://www.schneier.com/essay-162.html

Academic research on how people make privacy decisions: http://www.heinz.cmu.edu/~acquisti/economics-privacy.htm

Google’s Buzz:

http://news.cnet.com/8301-31322_3-10451428-256.html
http://www.businessinsider.com/warning-google-buzz-has-a-huge-privacy-flaw-2010-2 or http://tinyurl.com/ydqq8ql
http://finapps.forbes.com/finapps/jsp/finance/compinfo/CIAtAGlance.jsp?tkr=GOOG or http://tinyurl.com/fuoxw
http://www.lightbluetouchpaper.org/2010/02/12/whats-the-buzz-about-studying-user-reactions/ or http://tinyurl.com/yh8weef
http://www.computerworld.com/s/article/9172079/FTC_member_rips_privacy_efforts_by_Google_Facebook or http://tinyurl.com/y8szb2j

Facebook’s privacy problems:
http://www.eff.org/deeplinks/2009/12/facebooks-new-privacy-changes-good-bad-and-ugly or http://tinyurl.com/yffmwmn

Facebook News Feeds:
http://blog.facebook.com/blog.php?post=2207967130
http://www.facebook.com/group.php?gid=2208288769

Facebook’s latest privacy changes:
http://blog.facebook.com/blog.php?post=376904492130

The value of privacy:
http://www.schneier.com/essay-114.html

Privacy legislation:
http://www.schneier.com/blog/archives/2006/02/a_model_regime.html

Google responds:
http://www.forbes.com/2010/04/12/privacy-facebook-gmail-technology-security-google.html or http://tinyurl.com/ydvwpva

Another essay on the topic:
http://www.secureconsulting.net/2009/05/the_new_school_of_privacy.html

When Google introduced Buzz — its answer to Facebook and Twitter — it hoped to get the service off to a fast start. New users of Buzz, which was added to Gmail on Tuesday, found themselves with a ready-made network of friends automatically selected by the company based on the people that each user communicated with most frequently through Google’s e-mail and chat services.

As well, if you connected to Buzz via iPhones or other mobile devices, your location could be broadcast to those people whom Google had decided should know where you were, who were emailing, and what you were saying.

As Miguel Helft in the NYTimes said: “E-mail, it turns out, can hold many secrets, from the names of personal physicians and illicit lovers to the identities of whistle-blowers and antigovernment activists.”

Evgeny Morozov wrote in a blog post for Foreign Policy, “If I were working for the Iranian or the Chinese government, I would immediately dispatch my Internet geek squads to check on Google Buzz accounts for political activists and see if they have any connections that were previously unknown to the government.”

Harriet Jacobs, a psuedonym for a woman who writes about violence against women, succintly writes on her blog that the people she receives email from most often include her ex-husband, his friends, and abusive comments. This, she writes, “is why it’s SO EXCITING, Google, that you AUTOMATICALLY allowed all my most frequent contacts access to me….My privacy concerns are not trite. They are linked to my actual physical safety.”

Harriet is not the only one who has to worry, and for Google to suddenly decide to monetize gmail by sharing gmail user’s data with a spectrum of un-approved users, certainly seems like a step away from “do no evil”.

Buzz is an “opt-out” service. In other words, your data, if you use gmail, was automatically disclosed to everyone with whom you’ve emailed more than once or twice.  The  people at Google just assume you want to be part of their new world where “[i]f you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place.”

What distressed me most is that Google made Buzz automatic. It was folded into Gmail, assimilated your contacts and email history, and created these first social connections without ever asking permission. If you had ever created a Google Profile (an innocuous webpage that might collect comments you left on Maps or links to your LinkedIn profile), then Google went a step further — it published these social connections in a place accessible to the world. And even if you had not yourself created a Google Profile, your social connections could still be exposed on the other person’s Google Profile.

Don’t like it? The burden was on you to track all this down and make the privacy changes you wanted. Even if you did that, it wasn’t clear that it was even possible to truly “turn off buzz.” Flipping the switch at the bottom of Gmail didn’t work. Who knows how many people have been misled by that. (Google now acknowledges this on one of its support pages. All that switch does is “remove the Buzz label from your Gmail account,” or in other words, hide it within Gmail.)

Even after clicking “turn off buzz”, your Buzz connections persisted, they were still shown on your profile, and Buzz was still active (as you could readily see from a mobile client, such as an iPhone).

Yesterday’s slight modifications by Google make clear that this was indeed their design. Yesterday afternoon, Google released a statement.They did not back away from their business plan — they still make Buzz automatic and create these connections for you. Their response is, in essence, to blame you for not having figured out how to tweak these engineering settings yourself.

In particular, they point out that it’s possible to manually go through and block particular followers. But, to take one example, they do not mention the data leakage, in which these followers get access to information about your other social contacts before you block them. They also don’t mention that each Google-automated follower has to be blocked individually, which for journalists, attorneys, or anyone else with a large contact list that is concerned about client privacy, can take a significant amount of time.

Google did not ask your permission for this repurposing of your personal email information, it did not ask your permission to share it, and is not asking for your forgiveness now.

Imagine if Facebook had done this. Imagine they bought a major email provider, folded all of its users into their social network, and prepopulated lots of connections based on who they had emailed the most frequently.

Okay, now imagine that Facebook had placed a button on the email client page that said “turn Facebook off.” And that the button did not actually do what it said. Users and the press would be calling for Facebook’s head.

How to really turn off buzz

If the “turn off buzz” link at the bottom of Gmail isn’t the right way to actually turn the service off, what is?

Buried within its support pages, Google offers a three-step procedure you can follow to actually disable Buzz. Follow these steps in order, or it doesn’t work at all. The first step, contrary to what you might expect if you were not a Google engineer, is not to click “turn off buzz.”

1. First, you delete your google profile. You don’t hide it or change the name. You have to delete it completely. This doesn’t destroy your overall google account, but it does limit some of your functions. Here’s how to delete your profile.  (For those of us that never opted into having a profile, there is still some question as to what is being shown in other people’s feeds, or how to manage privacy settings.)
2. You have to go into buzz and manually delete your connections, including blocking everyone who is following you already. Depending on how many people Google automatically added, this could take a while.
3. Now it’s safe to go back to Gmail and click “turn off buzz.”

Even if Google ever changes their mind, and gives users an easy way to protect their data and their client’s data, this remains a massive violation of user trust on Google’s part. This sharing of personal information never should have been opt-out.

This is a huge shift in how Gmail uses our data. If this is Google’s method of dealing with our previously private data in the future, how many of us will really feel good about trusting our documents to Google Docs? Or our photos to Picasa?

Google has broken the trust, and taken the first public step towards evil. With millions and millions of user’s and their accompanying data, the question becomes, do they step back, or is there a greater evil coming?

The privacy policy might seem like just another box you have to check when signing up for a site. But in today’s web world, privacy is much more than just another barrier to registration, and it will only become more important as we move into the social, semantic world of web 3.0.

Privacy is the core currency of the social web, and like any other type of currency system there’s an exchange rate. In this case, the equation boils down to how much privacy the user is willing to give up in exchange for the features and functionality a site provides. It’s a tricky equation, and the answer varies for every user and for every site. But, with targeted advertising, connected social networks and constant lifestreaming becoming more mainstream by the day, privacy is poised to become one of the core issues that defines the relationship between users and websites. Understanding how and why that relationship works — or doesn’t work — is going to become a hallmark of both smart sites and smart users.

The Common Ground

---

Like most transactions, privacy on the web is generally governed by a contract, often known as the “privacy policy.” There is some boilerplate language you can expect to see in pretty much every privacy policy on the web. Most sites will save your cookies, track your IP address, and store your login, registration and contact info. Despite the “Big Brother is watching” fears sometimes associated with words like “tracking” and “cookies,” you can rest assured that most publishers respect the fact that with great tracking power comes great responsibility. So, they’re using this information to serve up more appropriate ads, help you log back in if you forget your password, and make sure that they’re legally covered in case you turn out to be a 12-year-old kid in a place you’re not supposed to be surfing.

Publishers are generally pretty cautious in how they use this information, and sites are certainly learning from the very public battles web giants like Facebook have fought when their users feel uncomfortable with their privacy policies. Of course, there are different comfort levels for different users on different types of sites, particularly in the social media sphere. Although many privacy policies start with the boilerplate blah-blah-blah, the modern social network seems to fall into one of three categories when it comes to crafting their particular balance of privacy and functionality.

The Social Network: Share & Share a Lot

---

Since the Friendster days, social networks have walked a fine line between protecting a person’s personal information and helping their members meet each other. Recently, with the rise of real-time social search and the development of entire app-based ecosystems, that line has become even blurrier as social networks struggle to stay both open and private at the same time.

It’s in the best interests of sites like Facebook, MySpace and LinkedIn to make their users feel safe and secure in sharing their information. The more they can convince you to feel comfortable sharing within their walled-off networks, the more incentive there is for other people to use their particular platform to stay up to date on what you’re up to. However, it’s also in these sites’ best interests to keep connections flowing between members, developers, and the major search engines.

Social networks have always had a vested interest in helping members find each other, often by making certain types of information publicly searchable by default on their sites. There’s also a relatively new and growing demand for social network statuses to show up in third-party search engines, and that demand will only continue to grow as more and more customers come to expect everything on the web to arrive in real-time.

These sites have a good reason for wanting to open their data up to search engines now, and they are expecting that consumers will be more receptive to these real-time deals. After all, if you want to see Facebook updates in your Google results, you’re going to have to accept that, at some point, Google had to index those updates. And Facebook — amongst other sites — seems to be banking on the idea that you might be willing to let that wall down a bit in order to gain those Google results.

As a result, many major social networking sites have recently started splitting the information you give them into different categories, some of which is considered public by default, and some of which isn’t. This distinction appears in privacy policies from MySpace to Meebo , where categories of information tend to be broken up into personal, profile information, and publicly posted content and activity. Users can then control who sees these different categories by defining different groups of connections with different levels of access.

Regardless of the site, these groups all start at public and end at totally private, which is nothing new. However, the definition of “public” has changed. Whereas “public” was once considered to mean “open to all users of a social networking site,” it has now become synonymous with “the entire Internet.” This adds a whole new layer of people with access to the privacy pyramid.

A similar shift in privacy expectations is also occurring as social networks become more open to third-party developers who seek to link their applications to the rich networks of data that large social networks have to offer. With 14.3 million users allowing the Mobsters app to access their MySpace data, and 69 million users playing Farmville, it’s clear that people are willing to open up their profiles and forgo some of their privacy in exchange for the services a third-party app developer has to offer. That’s why many sites are now adding clauses allowing them to connect third-party developers to your personal profile information — provided you approve that connection.

LinkedIn’s privacy policy is a perfect example of the balance many sites are trying to strike between encouraging third-party development and protecting your privacy. It explains that the site will “enable you to share your information and communicate with other Users, or provide (usually at your option) your personal details to third parties offering combined services with LinkedIn.” By putting the onus on the user, LinkedIn and sites like it allow the millions of users who want to exchange their information with developers to do so, while keeping the default settings at a more conservative level of privacy.

The Communication Platform: For Everyone’s Eyes Only

---

Tumblr , Yelp , and Twitter are all social sites with distinct characteristics and uses. But when it comes to privacy policies, they all share similar struggles and similar solutions, making them more alike than you’d think. At their core, all three types of sites share the same purpose — to help the user broadcast information to a network of (presumably) interested people, many of whom the user may not know, or may not know very well.

Unlike the social networks discussed above, these sites don’t have to worry so much about creating different categories of connections, since they’re already assuming that you’re likely using them to broadcast on a one-to-many basis. So, these sites tend to protect only the most private of your personal information by default. For example, on Twitter, the standard privacy settings make a user’s name, bio and tweets publicly available, and the privacy policy clearly states that “Most of the information you provide to us is information you are asking us to make public.” However, geotagging is one of the few features that is disabled by default for all Twitter users, meaning that you must actively give the company permission to annotate your content with your location. Clearly, Twitter has decided that most users will accept their content being made public by default, but that location is something their users are not willing to exchange so easily.

Yelp does something similar in that their privacy policy posits that all content you create on Yelp is public, but they do promise to protect your most personally-identifying information when sharing that public content across the web. Yelp’s privacy policy says, “When we distribute your submissions to third parties, we typically include your account name (but not your personal information unless you include your personal information in your submissions).”

Tubmlr takes a similar approach, promising to protect your personally-identifying information while also warning the user that “if you submit information to ‘chat rooms,’ ‘forums’ or ‘message boards’ such information becomes public information, meaning that you lose any privacy rights you might have with regards to that information.” By refraining from specifically defining what a “forum” or “message board” means in the Tumblr universe, the company puts the burden on the user to figure out where their information will be public and where they can expect it to remain private. With monthly unique visits in the millions, it seems that Tumblr’s users don’t mind that very much. Clearly, the users creating content on these communication platforms are expecting an exchange rate that favors finding friends, followers, readers and reviewers to maintaining personal privacy.

Ultimately, these communication platforms do rely on that particular attitude towards privacy being a core attribute of their main user base, and so they provide policies that allow for a lot of information sharing, streaming and searching by default. Of course, users can always restrict the flow of that information by setting their profiles to private or protecting their status updates, but the reality is that for sites like these, it’s often as much in the user’s interest to broadcast to many as it is for the site itself.

The Location-Based App: Where You At?

---

Like communication platforms, location-based apps have a bit of a luxury when it comes to putting their privacy policies together. They know their users are already open to the idea of giving up a certain amount of privacy in exchange for a certain level of connectivity. After all, why else would you use Foursquare , Loopt, Gowalla , or any other service that exists for the sole purpose of sharing your location with friends? The tricky thing for location-based services is figuring out how to make users feel safe sharing something as private as location with an entire network of people, while also allowing those users to do the things they signed up for in the first place.

That’s why these apps tend to be the most conservative when it comes to the privacy exchange rate — their very functionality hinges on users exchanging information. Loopt explains it well when they write “Loopt uses your personally identifiable, registration, profile, and location information to operate, maintain, and provide to you and other Users all of the features and functionality of the Loopt Services.” Users give information to get access to the service. If a user chooses to disclose less information, they receive fewer benefits of the service.

For example, in Gowalla’s case, the site automatically adds you to the feeds of a particular location when you check in there. Should you choose to turn that feature off, Gowalla says, “your check-ins will not be credited in the spot feed nor will you appear in Top 10 lists amongst other things.” Similarly, you can’t become the mayor of a place on Foursquare unless you upload a profile picture.

Users looking to make the most of a particular location-based app are also increasingly turning to third-party services like Facebook, Twitter and MySpace to share their statuses with their entire social networks. This presents another privacy policy challenge to these sites, as they must address the way user information is shared outside the relatively close confines of their protected, proprietary networks.

Foursquare recently revised its privacy settings to allow users to specify very specific kinds of information to be sent to each site they connect their account to. A user can specify different levels of privacy for their friends on Facebook and their followers on Twitter. They also built a caveat into their privacy policy that allows them to share certain pieces of profile information in search results — both within the network and outside of it. They couched this caveat in the promise that sharing the really personal stuff would still be up to the user, since that information would only be viewable by the user’s friends. Loopt also puts the onus on the user to dictate their own privacy policy by specifying that Loopt will only share personally identifiable information with third parties based on the user’s personal settings.

The location-based apps expect their users — or at least their power users — to be willing to give up a certain level of privacy in exchange for features and functionality. The amount of people doing so tends to be much higher on these sites than it does on the traditional social network. However, these location-based sites also put users in control of the exchange rate, allowing them to easily manage the publicity of their updates and information.

Conclusion

---

Ultimately, it is up to users to take that kind of control on all social sites. The only truly effective privacy policy is the one a user sets for himself by being conscious of the value of privacy as currency and making informed decisions about these exchange rates. And while that consciousness starts by understanding why different sites treat privacy the way they do, it ends with the user making educated choices about what to share and where to share it. The best privacy policies are not written by coders, copywriters or corporate lawyers. They’re the ones observed by people who know what they want from the web, and what they’re willing to give up to get it. That makes privacy a much more important issue than that innocuous little checkbox seems to imply.