User Empowerment in a Social Media Culture

Transcription

User Empowerment in a Social Media Culture
 RESEARCH REPORT
User Empowerment in a Social Media Culture Mapping of the process to commodify Personal Identifiable Information in social media January 4, 2011 3.1.1: Mapping and in-­‐depth analysis of corporate profiling techniques Rob Heyman, Jo Pierson & Ike Picone (IBBT-­‐SMIT) ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 1 1. Abstract
Social media and its main revenue model, advertising, have brought privacy issues along. This deliverable maps the process wherein Personal Identifiable Information (PII) is gathered and commodified as a sellable service. This mapping is achieved through desk research that focused on five distinct social media platforms and one technology that is extensively used to gather PII, cookies. This mapping will also map the affordances associated with this commodification process. These affordances then become part of our framework of privacy as contextual integrity. We believe that users rely on a perceived context and perceived affordances, which steer users away from full empowerment of their privacy. We therefore conclude that we need a better way to inform users of the real affordances of social media. This is a prerequisite to start an informed debate about targeted advertising and privacy on social media. 2. Table of Contents
RESEARCH REPORT ........................................................................................................... 1 1. Abstract ......................................................................................................................... 2 2. Table of Contents ....................................................................................................... 2 3. List of figures, list of tables, list of abbreviations ........................................... 4 List of abbreviations and definitions .......................................................................... 5 4. Introduction ................................................................................................................ 6 5. Theory ........................................................................................................................... 8 5.1. Mass self-­‐communication and user empowerment ............................................ 8 5.2. Social media .................................................................................................................. 10 5.2.1. User Generated Content .................................................................................................... 11 5.3. Personal Identifiable Information ......................................................................... 13 5.3.1. PII as K-­‐anonymity .............................................................................................................. 13 5.3.2. PII as User Generated Content ....................................................................................... 15 5.3.3. PII as commodity .................................................................................................................. 16 5.3.4. Cookies ...................................................................................................................................... 16 5.3.5. Cookie occurrence ............................................................................................................... 19 5.3.6. Commodification of PII enabled by cookies ............................................................. 21 5.4. Contextual integrity .................................................................................................... 24 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 2 5.4.1. Visual constraints ................................................................................................................. 28 5.5. Integration of affordances into the perceived and complete context ....... 29 5.6. PII and UGC .................................................................................................................... 31 5.7. Conclusion ...................................................................................................................... 31 6.1. Selection ......................................................................................................................... 32 6.2. Evaluation of objects of analysis ............................................................................ 32 7.1. Netlog ............................................................................................................................... 35 7.1.1. Upon registration ................................................................................................................. 35 7.1.2. Analysis of constraints ....................................................................................................... 36 7.1.3. Explicit information gathering ....................................................................................... 40 7.1.4. Commodification of PII ...................................................................................................... 44 7.1.5. Conclusion ............................................................................................................................... 51 7.2. Facebook ........................................................................................................................ 52 7.2.1. Information collected upon registration .................................................................... 53 7.2.2. Facebook information gathering practices during use of the service ........... 57 7.2.3. Commodification of PII ...................................................................................................... 62 7.2.4. Conclusion ............................................................................................................................... 69 7.3. LinkedIn .......................................................................................................................... 70 7.3.1. Upon registration ................................................................................................................. 72 7.3.2. Extra information ................................................................................................................. 73 7.3.3. Privacy settings ..................................................................................................................... 74 7.3.4. Commodification of PII ...................................................................................................... 74 7.3.5. Conclusion ............................................................................................................................... 83 7.4. Twitter ............................................................................................................................ 83 7.4.1. Upon registration ................................................................................................................. 84 7.4.2. Twitter Privacy statement ............................................................................................... 88 7.4.3. Twitter marketing solutions ........................................................................................... 89 7.4.4. Conclusion and remarks ................................................................................................... 92 7.5. StumbleUpon ................................................................................................................ 93 7.5.1. Upon registration ................................................................................................................. 94 7.5.2. After registration .................................................................................................................. 96 7.5.5. Conclusion ............................................................................................................................. 103 8. General conclusion ............................................................................................... 103 8.1. Main findings ................................................................................................................................ 103 8.2. Discussion ...................................................................................................................................... 105 8.3. Future research ........................................................................................................................... 106 9. References ............................................................................................................... 108 10. Two-­‐page Dutch summary .............................................................................. 114 11. Annexes ................................................................................................................. 116 11.1. Annex 1 Netlog Settings ........................................................................................................ 116 11.2. Annex 2 Mail Netlog ................................................................................................................ 121 11.3. Annex 3 Massive Media Products ..................................................................................... 123 11.4. Annex 4 Netlog Interview .................................................................................................... 123 11.5. Annex 5 Netlog ads sold by Belgacom Skynet ............................................................. 142 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 3 11.6. Annex 6 Facebook permissions ......................................................................... 143 3. List of figures, list of tables, list of abbreviations
FIGURE 1 ADOBE FLASH PLAYER SETTINGS (ADOBE, 2009) ....................................................................... 19 FIGURE 2 COOKIE IMPLEMENTATION (ADOBE, 2011) .............................................................................. 21 FIGURE 3 ADDITION OF PII (ADOBE, 2011) .......................................................................................................... 22 FIGURE 4 BEHAVIOURAL TARGETING (ADOBE, 2011) .................................................................................... 22 FIGURE 5 PERCEIVED AND COMPLETE CONTEXT ............................................................................................. 25 FIGURE 6 PERCEIVED AND REAL AFFORDANCES ............................................................................................. 29 FIGURE 7 PERCEIVED AND REAL AFFORDANCES ............................................................................................. 30 FIGURE 8 NETLOG REGISTRATION FORM ............................................................................................................. 36 FIGURE 9 FILL IN THE SECURITY CODE ................................................................................................................. 37 FIGURE 10 NETLOG E-­‐MAIL WITH ACCOUNT CONFIRMATION REQUEST ............................................. 38 FIGURE 11 FIND YOUR FRIENDS ON NETLOG ..................................................................................................... 38 FIGURE 12 MORE FRIENDS, MORE FUN ................................................................................................................. 40 FIGURE 13 EXAMPLE OF A LOG .................................................................................................................................. 42 FIGURE 14 COOKIES ON NETLOG .............................................................................................................................. 44 FIGURE 15 SPONSORPAY ............................................................................................................................................... 46 FIGURE 16 EXAMPLES OF SPONSORPAY (NETLOG, 2011A) ......................................................................... 47 FIGURE 17 INVITE FRIENDS ......................................................................................................................................... 47 FIGURE 18 BELGACOM SKYNET NETLOG PRODUCTS (BELGACOM, 2011) .......................................... 143 FIGURE 19 NETLOG TARGETED ADVERTISING .................................................................................................. 50 FIGURE 20 EXAMPLE OF A NETLOG ADVERTISEMENT .................................................................................. 51 FIGURE 21 FACEBOOK REGISTRATION STEP 1 ................................................................................................... 53 FIGURE 22 DATE OF BIRTH .......................................................................................................................................... 54 FIGURE 23 SECURITY CHECK ....................................................................................................................................... 55 FIGURE 24 FACEBOOK PROFILE COMPLETION .................................................................................................. 56 FIGURE 25 OPEN GRAPH ............................................................................................................................................... 57 FIGURE 26 DEFINING ACTIONS IN THE OPEN GRAPH ..................................................................................... 58 FIGURE 27 FRICTIONLESS SHARING ........................................................................................................................ 58 FIGURE 28 REQUIRED PERMISSIONS ...................................................................................................................... 59 FIGURE 29 OPTIONAL PERMISSIONS ....................................................................................................................... 60 FIGURE 30 DESIGN YOUR ADVERT ........................................................................................................................... 63 FIGURE 31 SPONSORED STORIES .............................................................................................................................. 64 FIGURE 32 PII BROUGHT THROUGH FRIENDS IN APPS .................................................................................. 66 FIGURE 33 INSTANT PERSONALISATION DIALOG BOX .................................................................................. 67 FIGURE 34 SHARING BOX .............................................................................................................................................. 68 FIGURE 35 DATA USE POLICY ..................................................................................................................................... 68 FIGURE 36 SHARING WITH OTHER WEBSITES AND APPLICATIONS ....................................................... 69 FIGURE 37 LINKEDIN'S ANNUAL NET REVENUE BY PRODUCT .................................................................. 71 FIGURE 38 JOIN LINKEDIN TODAY ........................................................................................................................... 72 FIGURE 39 LINKEDIN ADS (WALSH) .................................................................................................................. 77 FIGURE 40 CREATE A NEW AD .............................................................................................................................. 78 FIGURE 41 POSITIONS OF ADS ............................................................................................................................... 79 FIGURE 42 LINKEDIN DIFFERENCES BETWEEN PREMIUM AND BASIC SUBSCRIPTION
............................................................................................................... ERROR! BOOKMARK NOT DEFINED. FIGURE 43 TWITTER SIGN UP (TWITTER, 2011A) ............................................................................................ 84 FIGURE 44 TWITTER CREATE MY ACCOUNT ....................................................................................................... 85 FIGURE 45 TWITTER INTERESTS .............................................................................................................................. 86 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 4 FIGURE 46 TWITTER FRIENDS ................................................................................................................................... 87 FIGURE 47 TWITTER OTHER STEPS ........................................................................................................................ 88 FIGURE 48 PROMOTED TWEET(TWITTER, 2011C) .......................................................................................... 89 FIGURE 49 TWITTER TRENDS .................................................................................................................................... 91 FIGURE 50 TWITTER PROMOTED ACCOUNTS(TWITTER, 2011B) ............................................................ 92 FIGURE 51 STUMBLEUPON REGISTRATION ......................................................................................................... 95 FIGURE 52 STUMBLEUPON REGISTRATION VIA FACEBOOK ....................................................................... 96 FIGURE 53 OPTIONAL INFORMATION .................................................................................................................... 97 FIGURE 54 USER PROFILE ............................................................................................................................................. 99 FIGURE 55 CAMPAIGN MONITOR (KRAWCZYK, 2011) ................................................................................................ 102 FIGURE 56 PAID DISCOVERY INDICATOR ............................................................................................................ 103 FIGURE 57 INTEREST BASED ADS ICON ............................................................................................................... 106 List of abbreviations and definitions
PII Personally identifiable information is information that is able to identify a person completely or partial. Partial refers to quasi-­‐identifiers used by Ciriani (2008) in K-­‐anonymity. A quasi-­‐identifier is a feature that refers to at least one person. By linking multiple quasi-­‐identifiers it is possible to refine the amount of possible identities to one, for the amount of different characteristics decreases the amount of possible identities. This principle is best explained in the game Guess Who?. Folksonomy Folksonomy is the result of personal free tagging of information and objects (anything with a URL) for one's own retrieval. The tagging is done in a social environment (usually shared and open to others). Folksonomy is created from the act of tagging by the person consuming the information. (Vander Wal, 2007) Social media Social media will therefore be defined here as the platform, which uses Web 2.0 technologies that enable users to possibly create UGC. UGC in this definition is than defined as (1) content made public on the Internet, (2) which can vary in effort from a single mouse click to the creation of something completely new that is (3) no longer solely published outside a professional context by users. Social media are now also deployed by professionals to serve professional goals. Commodification The process of commodification is best described as the ‘way capitalism carries out its objective of accumulating capital or realizing value through the transformation of use values into exchange values.’(Mosco, 1998) CPD/CPW ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 5 CP means Cost per. D and W are amounts of time, respectively Day and Week, thus CPD is Cost per Day and CPW is Cost per Week. This jargon is used in the advertising sector to refer to the costs of a given ad space. ROS ROS or Run of Site is used in the advertising sector to specify the place of the advertisement, it can be shown anywhere on the website. CPM CP means Cost per Mille and is the cost for a thousand impressions. The amount of impressions is the amount an advertisement has been shown. SOV SOV or share of voice is the amount usually described in percentages of ad space a particular campaign has. For example, a campaign with 25% of SOV has one fourth of all available ad space on a given platform. 4. Introduction
This deliverable reports on the research questions of subtask 3.1.1 Mapping and in-­‐depth analysis of corporate profiling techniques. Profiling techniques are techniques needed for knowledge discovery in databases. Hildebrandt (2008) defines knowledge as new information that makes a difference in a given situation. This knowledge is inductive; profiling does not predefine classes, but focuses on new interesting patterns. Hildebrandt questions whether we can still draw a distinction between (trivial) data and personal data because the first type of data can be profiled to become personal information. Corporate profiling techniques are limited to profiling techniques for commercial purposes as opposed to techniques to identify i.e. terrorist threats. In order to understand the process of profiling a few more steps need to be taken into account. (1) A database is needed; social media offer an excellent opportunity for profiling processes because of the large databases they have obtained by monitoring users. (2) This data is being manipulated to define new profiles of interest for the company that performed or paid for the profiling service. (3) A message is tailored for a profile and this is delivered through a social media platform. Thus this deliverable focus is on ‘the technological means in marketing and advertising to profile and segment consumers on the Internet, which includes: identification, tracking, monitoring, processing, commodification and ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 6 aggregation of consumer data.’ (IBBT-­‐SMIT, 2010) But the step of processing this data, the actual act of profiling, depends on the goals of the company that needs knowledge gathered through profiling. This step, which is step two of the previous paragraph, is easier to answer in the next deliverable: ‘Subtask 3.1.2: Analysis of business practices in profiling’. Subtask 3.1.2 has a scope on the practices entailing profiling on social media by parties that work in the profiling process: ‘Who are the key players? What are the actual practices on use and exchange of personal data? What are the business models? Where and when are the profiling techniques used?’ (IBBT-­‐SMIT, 2010) The decision to profile a specific segment is usually taken outside the context of the social media platform: i.e. Facebook provides user data, segmentation options and ways to deliver the message, but it is impossible to understand what segments are chosen without interviewing marketers who use these services. Parties that make use of profiling techniques will be interviewed in the next deliverable D3.1.2, where the practice of profiling itself will also be analysed. This report will focus on (1) the act of gathering information and (2) the means to deliver a message to a profiled audience on social media. We have left out the step between (1) and (2) wherein profiles are being made out of databases1. In addition we look at the technical means that support the act of profiling, we will take into account how the user is informed about these practices and secondly what the affordances of these practices are. In this research we look at different social media platforms. For the selection of the different kinds of social media it was important to find as much diversity as possible. This way the chances were in our favour to find a wider variety of different kinds of monitoring users and of finding different sellable services related to Personal Identifiable Information (PII). The most important affordances found are all related to the way that tracking or advertising are shown to the user. In both acts, the technologies are embedded as seamlessly as possible. This is good for it provides an unobtrusive experience, which both benefits the user and the platform owner (as well as the marketers making use of the platform). But this is also bad for users who lack the necessary information or capabilities to control their personal information. This last problem poses a serious challenge for user empowerment in social media. The report will first focus on what user empowerment or disempowerment is in social media. We will then apply this to what empowerment could mean for 1 This step is however not left out of this research project. As already mentioned the choice to look for new patterns of behaviour that are beneficial for an ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 7 privacy and how affordances for this degree of empowerment or disempowerment can be conceptualised. Before we analyse the social media platforms we will elaborate on the chosen sample and the way this is being reported. 5. Theory
First we define the concepts that are needed to situate and delineate the research questions mentioned in the introduction. We aim to investigate what social media empowerment means with regard to the process of commodification of personal information via these media. (1) First, we will define what empowerment in an Internet-­‐mediated context means and how this is part of the mass self-­‐communication potential of this medium. (2) We further limit our scope by defining social media as the platform where we analyse tools for gathering personal information and the commodification thereof. The gathering tools gather personal information and this is defined as both PII and UGC. (3) Lastly, we add a framework to evaluate flows of PII and how these are being communicated to the user through perceived affordances. 5.1. Mass self-­‐communication and user empowerment2 Tools and technologies for media and communication are undergoing major changes, based on economic transitions and digitisation. This goes together with an intensified state of convergence between the formerly strictly divided sectors of audiovisual media, telecommunication and computer industry. These new media have been described by Punie et al. (2009, p. 136) as: ‘[. . .] a set of open, web-­‐based and user-­‐friendly applications that enable users to network, share data, collaborate and co-­‐produce content.’ Punie et al. (2009, p. 136) define these tools as ‘‘social computing’’ tools. We propose to use ‘‘social media’’ in order to highlight the changing communication processes typified by Castells’ concept of ‘‘mass self-­‐communication’’. Castells (2009) sees the latter as the novel quality of communication in contemporary society: • Mass communication because social media can potentially reach a global Internet audience. • ‘‘Self-­‐communication’’ because the message production is (1) self-­‐
generated, the potential receiver(s) definition is (2) self-­‐directed and the message or content retrieval is (3) self-­‐selected. However, the different forms of communication (mass media, interpersonal 2 This section was first published in: Pierson, J. and R. Heyman (2011). "Social media and cookies: challenges for online privacy." Info 13(6): 30-­‐42. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 8 communication and mass self-­‐communication) complement rather than substitute one another. The notion of ‘‘mass self-­‐communication’’ is a good signifier for the techno-­‐
dialectic changes taking place in communication and media production. He situates the current ICT and internet landscape as a conflict between the global multimedia business networks that attempt to commodify the internet and the unprecedented autonomy for communicative subjects to communicate at large, labelled as the creative audiences or users: ‘Yet, this potential autonomy is shaped, controlled, and curtailed by the growing concentration and interlocking of corporate media and network operators around the world’ (Castells, 2009). As indicated by critical scholars like Van Dijck and Nieborg (2009) and Fuchs (2009), these changes in the Internet landscape and the claims made on the societal impact are often overrated. Nevertheless we cannot overlook that these new media and Internet are becoming an integrated part of everyday life in major parts of Western society, i.e. 47 per cent of American adults are on at least one social network site (Hampton et al., 2011, p. 85). Haythornthwaite and Wellman (2002), Arsenault and Castells (2008) and Hampton et al. (2011) also stress how the greater communicative autonomy of the media consumers could help them to become media citizens, and thus restoring the balance of power vis-­‐
a-­‐vis their would be controllers. This is however only possible if users are empowered, which means that they acquire the necessary know-­‐how to operate social media applications. The pros and cons of mass self-­‐communication are linked to notions of respectively ‘‘user empowerment’’ and ‘‘user disempowerment’’. Empowerment in the general sense is defined as ‘‘enabling people to control their own lives and to take advantage of opportunities’’ (van der Maesen and Walker, 2002, p. 24) or in other words ‘‘a process, a mechanism by which people, organisations, and communities gain mastery over their affairs.’’ (Rappaport, 1987). When applying this perspective of empowerment in the realm of new media and mass self-­‐communication, we refer to Mansell (2002): [. . .] the implications of the new media are contradictory. Once connected, there are no grounds for simply assuming that citizens will be empowered to conduct their social lives in meaningful ways. There is, therefore, a growing need to examine whether the deployment of new media is consistent with ensuring that the majority of citizens acquire the necessary capabilities for interpreting and acting upon a social world that is intensively mediated by the new media. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 9 Capabilities in this sense are the underpinning of the freedom of people to construct meaningful lives. We therefore define user empowerment in relation to social media as the capability for interpreting and acting on the social world that is intensively mediated by mass self-­‐communication. These capabilities need to be coupled with the functionalities offered by social media and we will refer to them as ‘affordances’. 5.2. Social media We have already touched the concept of social media by defining empowerment in the framework of mass self-­‐communication. The problem with the proposed definitions is their vagueness and the fact that they sometimes include more than social media alone: ‘[. . .] a set of open, web-­‐based and user-­‐friendly applications that enable users to network, share data, collaborate and co-­‐produce content.’ (Punie, Lusoli, Centeno, Misuraca, & Broster, 2009) Furthermore, these definitions are based on the practices performed by users although the degree of participation varies greatly between users of the same platform. We argument for a definition that deals with the broad aspect and the overstatement of user participation. For Kaplan and Haenlein (2009) ‘social media is a group of Internet-­‐based applications that build on the ideological and technological foundations of Web 2.0, and that allow the creation and exchange of User Generated Content.’ Although they use ‘social’ in social media, it does not refer to the social activities described within the definition of Social Network Sites. We will come back on this shortcoming of Kaplan and Haenlein’s definition after we summarised this definition. As already mentioned, Web 2.0 is used as the technological and ideological foundation of social media. Web 2.0 was the result of a brainstorm between O’Reilly3 and MediaLive International in order to find a name for their conference. This conference was going to show two things. First of all, new technologies and secondly, more ideologically, the hope or believe that Internet after the dotcom bubble still had a future (O'Reilly, 2005). Later on the term was used more broadly to include the bright future possibilities of user participation and democracy. It is not sure whether these connotations were there when Web 2.0 was used for the first time. This is pointed out by Graham (2005) who describes how he saw Web 2.0 when he visited this conference: ‘I first heard the 3 O’Reilly founded O’Reilly media, a company that spreads knowledge of innovators through books, online services, magazines, research and conferences O'Reilly Media. (2011). About O'Reilly. Retrieved 03/01/2011, from http://oreilly.com/about/. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 10 phrase ‘Web 2.0’ in the name of the Web 2.0 conference in 2004. At the time it was supposed to mean using ‘the web as a platform’, which I took to refer to web-­‐based applications.’ O’Reilly points out how new technologies changed the Internet by enabling web based applications or platforms. He highlights the advent of AJAX as one of the most important technologies. The OECD has listed a more complete list of innovations that enabled UGC and what they call the participative web: Ajax, Atom, RSS, P2P and APIs. These technologies enable User Generated Content on the platform called participative web which has already been defined by Punie (2009) in the previous part of this section. Kaplan’s definition works much in the same way, if Web 2.0 provides the means through platforms, than UGC is the product. So in order to define social media we now need to define UGC. 5.2.1. User Generated Content Kaplan (2009) refers to the OECD definition of UGC, which is ‘i) content made publicly available over the Internet, ii) which reflects a certain amount of creative effort4, and iii) which is created outside of professional routines and practices.’ Upon further inspection of this definition, it becomes clear that ‘a certain amount of creative effort’ is a vague and difficult criterion to demarcate UGC from other online content. This is problematic since it is used to define social media as well. They seem to favour the more creative UGC as these are their types: • Text, fiction and poetry • Photos and images • Music and audio • Video and film • Citizen journalism • Educational content • Mobile content • Virtual content More generally speaking, the OECD lists the following types of content: text, images, music and opinions or advice about a product. These UGC types can occur on the following platforms: blogs, wiki’s, group-­‐based aggregation, social 4 Merely copying a portion of a television show and posting it on an online video website (a frequent activity on UCC sites) would not be considered UCC. Nevertheless the minimum amount of creative effort is hard to define and depends on the context. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 11 bookmarking, podcasting, social networking sites and virtual worlds. They did include group-­‐based aggregation and social bookmarking, which entail little or no creative input and do not necessary produce text, images, music or opinions. Although this is contradicting their own definition, it makes clear that user generated content can vary from the creation of original content to the more passive aggregation of mere bookmarks or ratings. Schäfer (2009) provides a more useful differentiation of user activities that produce UGC: construction, accumulation and archiving. Construction is the most creative kind of activity wherein users create something new. Accumulation can be seen as the act of combining already made media products, this can also be called remixing. Lastly, archiving is the act of adding structure and preserving data. This last type of UGC has also been called folksonomy and it is this UGC that is problematical for the OECD definition: Folksonomy is the result of personal free tagging of information and objects (anything with a URL) for one's own retrieval. The tagging is done in a social environment (usually shared and open to others). Folksonomy is created from the act of tagging by the person consuming the information. (Vander Wal, 2007) The folksonomy UGC is aggregated and then used to organise information. This account is not creative according to the restrictive definition of UGC proposed by the OECD. We agree with Vander Wal and Schäfer that folksonomy or archiving is UGC. This implies that we have to rethink the second part of the OECD definition that requires UGC to bear a minimum amount of creative effort. Is UGC the best criterion to define social media if only a minority of users is creating? Social media and the web have been known for their participation inequality. This is also called the 90-­‐9-­‐1 rule (Nielsen, 2006). This phenomenon was already studied before the advent of social media within Usenet. Whittaker et al. were analysing the interaction on Usenet and they found that 27% of all postings were done by ‘singleton users’, users that only post once. This is strange because the mean level of posts per poster is 3.1. This implied that a very small group of posters (2,9%) publish a very high amount of posts (25% of total posts) (Whittaker, Terveen, Hill, & Cherny, 1998). This inequality is also observable on Wikipedia where more than 99% of all users are lurkers. Lurkers are users who use Wikipedia solely to read and not to write or contribute. ‘According to Wikipedia's ‘about’ page, it has only 68,000 active contributors, which is 0.2% of the 32 million unique visitors it has in the U.S. alone.’ (Nielsen, 2006) This has implications on the representativeness of social media. The contributions of these media are skewed to represent the views of a minority, ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 12 which, in some cases is only 1 per cent (Nielsen, 2006). With the social network sites going mainstream this changed, the participation or generation of updates, likes and comments rose on these platforms. But it is again debatable whether this is real UGC according to the OECD definition. So, instead of looking at UGC as a criterion, we can also look at the different possibilities the user is offered to perform on social media. This approach is more useful because many users are not contributing and thus not using social media in a participative way. Social media will therefore be defined here as the platform, which uses Web 2.0 technologies that enable users to possibly create UGC. UGC in this definition is than defined as (1) content made public on the Internet, (2) which can vary in creative effort from a single mouse click to the creation of something completely new that is (3) no longer solely published outside a professional context by users. Social media are now also deployed by professionals to serve professional goals. This can be achieved by either starting a company blog, through the founding of a company page on a platform or by managing a professional profile on social media (i.e. LinkedIn or Twitter). 5.3. Personal Identifiable Information In order to define personal information gathering tools, we need to define what personal information is. We propose to use PII. We will also extend it to include more than indirectly identifiable information. PII can also be UGC because this is indirectly identifiable. Another reason to include UGC in PII is because it is used in the commodification process of personal information on social media. Before we argument why UGC is part of PII, we will elaborate on how we wish to interpret PII through K-­‐anonymity. 5.3.1. PII as K-­‐anonymity Anonymous data is commonly defined as data that no longer holds any identifiable information. This would imply that a database that has no names or addresses is deemed anonymous. These databases may still contain other kinds of data, such as age, gender, ZIP code, occupation, etc. but it remains anonymous due to lack of addresses and names. If some of these types of data are publicly accessible, it is possible to reattach the identity to whom the data refers if the publicly available records contain a name or address. Acquisti and Gross (2009) have shown that it is possible to predict Social Security Numbers through the use of public data, to prove this point. Anonymous data is problematic as a concept because no data is ever isolated from other data. This aspect of re-­‐identification or de-­‐anonymisation is explained in K-­‐anonymity theory (Ciriani, S., Foresti, & P., 2008). We will shortly present this theory as an early argument for PII instead of anonymous information. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 13 K equals the amount of people who are identifiable through a set of characteristics, this is most clearly shown in the game Guess Who?. In this game, users need to ask questions, which are answered positively or negatively, in order to identify one person (this is the goal of the game). In the first round no information is known about the person a player has to find. K-­‐anonymity equals 24 because there are 24 possible identities. If a player asks whether the person is a man or a woman, K decreases to 12 if there are as many men as women in the game. The goal of the game is to ask as less questions as possible to get K=1, so that only one person shares the characteristics and a player is sure to identify the person. K-­‐anonymity could be a requirement for large sets of data: ‘Each release of data must be such that every combination of values of quasi-­‐identifiers can be indistinctly matched to at least k respondents.’ (Ciriani, et al., 2008) The elegance of K-­‐anonymity is the stress it puts on re-­‐identification of the respondents to which the data refer. This re-­‐identification is achieved by linking quasi-­‐
identifiers. Quasi-­‐identifiers are scraps of information that are publicly available in other records such as birth date, gender, address, etc. If the name is mentioned in other records where the name is also included, than the data is no longer anonymous. This implies that there is no such thing as anonymous information an sich. It is impossible to be sure whether a record is anonymous without identifying the quasi-­‐identifiers in the own record and other publicly available records. The conceptualisation of these quasi-­‐identifiers shows us why we need a broad definition of Personal Identifiable Information that accounts for the potential any data has to re-­‐identify a person. The way PII is conceptualised through K-­‐anonymity also allows us to add a degree of anonymity or chance to be identified, which makes it a more workable concept. A set of quasi-­‐identifiers may refer to a group of users who share the same features (the features are the quasi-­‐identifiers). The degree of anonymity, which is the numeric value of K, is the amount of people who share these identical demographics.5 A selection of features with K=45 is less prone to be re-­‐
identified than a set of features with K=2. The K-­‐anonymity perspective can be seen as what is commonly referred to as disappearing in the masses. PII defined through K-­‐anonymity is any information that can be attributed to one or more people. The kind of information does not need to be identifiable an sich, 5 If a set of quasi-­‐identifiers such as an address identifies a family of five, than K=5. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 14 it only needs to be attributable to a group of users. K-­‐anonymity is already incorporated by social media advertising campaigns because it is impossible to target audiences of for example less than 20 people (Facebook, 2011a). This limit is put there for an economic reason6 instead of privacy. 5.3.2. PII as User Generated Content We want to include User Generated Content as PII, because this type of information is also part of the commodification process. Users are creating value as they create things in social media platforms. This notion is also important to define social media. These comments, likes, recommendations, profile information, uploaded pictures, etc., can be used in two ways: as PII and as content (providing stickiness to platforms). Firstly by tagging information or objects either directly (by liking it or grading it) or indirectly (by buying it or e.g. listening to it), a pattern emerges7, this pattern can be used to recommend or advertise other products. If information is used in this way we will address it as PII. Secondly, this content is leveraged by social media platforms to attract more users or to keep users longer on the platform. We will call this form of content User Generated Content (UGC). This is particularly visible in the News Feed algorithm, which selects interesting content to keep users interested in Facebook
(Cohen, 2008) (Weber, 2010). This subjective content is now incorporated in an economical logic: ‘Every time the user submits a search topic, it accretes – like surplus labour – in the Google database and in turn microtargets an advertisement tailored not only to that particular user but to that specific search.’ (Coté and Pybus 2007). In social media value is also created by incorporating UGC into advertising. This is called ‘social advertising’ and it is used by e.g. LinkedIn and Facebook. This form of labour does not only exploit the user because they are working for free. Eli Pariser ("Author Q&A with Eli Pariser," 2011) also points out how this influences their worldviews: ‘(...) based on your web history, they filter information to show you the stuff they think you want to see. That can be very different from what everyone else sees – or from what we need to see.’ In one of 6 Ads are sold per thousand units, this means that an ad will be shown a thousand times. This is impossible if the targetable audience is too low for it would imply that this audience is shown the same ad over and over again. 7 The emerging pattern has been called a clickstream in some literature. Through the use of cookies and logging it is possible to follow what a user does on any particular website. This type of information is also part of our analysis. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 15 the examples provided by Pariser, two of his friends googled Egypt and only one of them was informed about the Arab Spring uprisings. 5.3.3. PII as commodity The Personal Identifiable Information research in this deliverable is limited to PII that is commodified either directly or indirectly (PII gathered to track terrorists or for totalitarian purposes are left out). The process of commodification is best described as the ‘way capitalism carries out its objective of accumulating capital or realizing value through the transformation of use values into exchange values.’(Mosco, 1998) An example of this commodification of PII is the profiling done by the British firm Phorm (McStay, 2011). Phorm is an advertising platform company that started experimenting with a new service in 2006 and 2007. BT, Virgin Media and Carphone Warehouse’s TalkTalk sold their users’ browsing history which accounted for 70% of all British Internet users (McStay, 2011). This data was then used to profile interesting segments for advertising campaigns that were delivered through Phorms advertising platform. In this particular example the PII contained in browsing behaviour had a use value for Phorm that acted as a middle man between ISP’s and the advertising sector who had use for this data, thus PII entered the process of ‘transforming use values into exchange values.’ (Mosco, 1998) Cohen (2008) pointed out that this process on social media is double. Users’ PII disclosed on social media enter the economy in the same way as PII described in the process undertaken by Phorm, it is gathered, aggregated and sold to advertisers. But, social media also maintain their audiences by promoting UGC: ‘By uploading photos, posting links, and inputting detailed information about social and cultural tastes, producer-­‐
consumers provide content that is used to generate traffic, which is then leveraged into advertising sales.’ (Cohen 2008) 5.3.4. Cookies The commodification of PII is very visibly illustrated by cookies because some users delete cookies and the industry reacted to this by producing harder to delete cookies.8 We will first define what cookies are and how they are being used to advertise with the use of PII. Afterwards we illustrate efforts of cookie producers to maintain the use value of cookies in behavioural advertising by making them harder to delete. 8 Part of this section was first published in: Pierson, Jo & Heyman, Rob (2011) Dataveillance and privacy in social computing: conceptual exploration and analysis of corporate profiling techniques. Paper at ‘EuroCPR 2011 -­‐ Online content: policy and regulation for a global market’, 27-­‐29 March 2011, Ghent, Belgium. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 16 5.3.4.1.
First party http cookies
The http cookie was introduced in 1994 in the Netscape Navigator browser with the purpose of user convenience, for example by remembering contents of Web shopping carts (Schwartz, 2001). The Internet had gained a memory and this memory is called a ‘state’, a state is a configuration last used by a user. This configuration can be the contents of shopping cart, login credentials or time spent on a website. This information is communicated every time a website loads and the corresponding server asks for cookies corresponding to the correct Internet domain (i.e. amazon.com can access cookies from the amazon.com domain). First party cookies are placed by the website a user is visiting and are only used by that website during the visit to the website. Information on cookies is usually encrypted for security reasons9. Cookies may contain the following: details about the operating system, the browser type, the previous visited url and plug-­‐ins in the header10 (Eckersley, 2009). The amount of information stored in this type of cookie is limited to 4 kB. 5.3.4.2. Third party http cookies
Third party http cookies differ from first party cookies in two ways. Firstly they are not only placed through the answer to a page request. They can also be placed through advertisements hosted on a first party website. If a user clicks on such an advertisement, he receives a cookie because the browser is directed to the website of the advertiser. This is not the only way cookies are placed. Third parties who track user behaviour through different sites use one by one pixels that contain an instruction to send a cookie from the moment the image is loaded (Tappenden and Miller, 2009: 24). These pixels are called ‘beacons’ or ‘gif/web/pixel bugs’. Pixel bugs are impossible to spot because they are blank images. It is important to note that third party cookies are not used for advertising only. Social computing and other web applications that require much state information through different websites, such as social tagging, need third party cookies as well to ensure an optimal working service. Secondly third party cookies are more persistent than first party cookies, because they are used across different websites instead of one website. Some cookies have a default maximum age of more than 30 years11. The third party 9 Piessens F. Interviewed by: Heyman R. (2nd March 2011). 10 The header is sent to a server to ask for instructions to load a webpage. 11 Http cookies have either a date or an age which determines when they need to be removed by the browser. Cookies are either deleted after the user has left the ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 17 cookie we discuss in the next paragraph, the Flash cookie, has no expiration date or maximum age at all. 5.3.4.3. Flash cookies or Local Shared Objects (LSO)
Flash cookies were developed by Macromedia Flash, which became Adobe Flash after Adobe bought its rival Macromedia in 2005. The first Flash cookie worked from within Flash Player 6, released in March 2002. This type of cookie was also made to remember states, but there are some important differences. First of all, a Flash cookie was not removable until September 2006, when Flash made the option available through its website (Adobe, 2011). Secondly, the cookies are not removable through a browser although there are some third party plug-­‐ins (i.e. Mozzila’s BetterPrivacy, Ad Blocker Plus and Ghostery12) that are able to delete cookies.13 Thirdly, the amount of available information space has grown to 100kB instead of 4kB compared to the http cookie. Lastly, Flash cookies do not have an expiration date. Flash cookies are installed via any Flash application on a website if the user installed the Flash player plug-­‐in. All cookies are accepted by default. Cookie preferences can be changed in the ‘Adobe Flash Player Settings Manager’ shown in Figure 1 Adobe Flash Player Settings. This settings panel is accessible on Adobe.com or by right clicking any Flash content on a given website, selecting ‘settings’. page, these are session cookies. They can also be programmed to be removed at a specific age or date which makes this latter type the persistent cookie. 12 These plug-­‐in information was obtained through our expert interviews. http://www.ghostery.com, https://addons.mozilla.org/en-­‐
US/firefox/addon/betterprivacy and https://addons.mozilla.org/en-­‐
us/firefox/addon/adblock-­‐plus 13 A Firefox plugin “better privacy” and a shareware program called “Glary Utilities Pro” can assist in deleting these Flash cookies. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 18 Figure 1 Adobe Flash Player Settings (Adobe, 2009) 5.3.5. Cookie occurrence To situate the usage of cookies we refer to previous research that demonstrates the relevance of cookies, given the increasing usage on the Internet. Former studies point at three central tendencies. Firstly the amount of websites using cookies has risen. Secondly, the amount of cookies per website increased, and thirdly the more popular a website is the more cookies are used. Source
Period
Sample
FTC
2000
Feb-Mar
2000
Feb-Mar
Miyazaki
2000
Miyazaki
Soltani et
al.
Tappenden
and Miller
2007
335 random e-commerce
websites (N=335)
100
busiest
websites
(N=91)
Media Matrix Top 500
(N= 406)14
Media Matrix Top 500
(from 2000) (N= 406)15
Quantcast Top 100
(N=100)
Alexa Top 100000
(N=98006)
FTC
2009
2009
http
cookies
(%)
3rd party
cookies
(%)
Flash
cookies
(%)
57
78
81,3
32,5
95,3
50,2
98
67,4
54
54,3
14 The result only refers to those 406 websites from the Media Matrix Top 500 that still existed in 2007 in the follow-­‐up study. 15 The remaining 406 websites from the Media Matrix Top 500 in 2000 were used. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 19 Table 116 Miyazaki (2008)was one of the few to do research that compares two moments in time using the same sample and method. This method has a small bias because many popular newcomers have emerged between 2000 and 2007, like Wikipedia (2001), Myspace (2003) and Facebook (2004). Cookies in general rose 14% and third party cookies rose 17,7%. The occurrence of cookies on a website increased as well. Miyazaki (2008) found that for websites that had at least one cookie placed on their home page, the average number of cookies on the home page increased from 2.45 in 2000 (range from 1 to 12) to 8.71 in 2007 (range from 1 to 59), which means a significant increase (t = 11.8, p < .01). The same study also shows that the average number of third-­‐party home page cookies grew from 1.57 (range from 1 to 6) to 3.84 (range from 1 to 28), which is again a significant increase (t = 4.66, p < .01). Figures by Tappenden and Miller (2009) for http cookie deployment are significantly lower than those by Miyazaki (2008) and Soltani et al. (2009). This is due to the following pattern: the more popular a website is, the more likely the chance that the site uses cookies to gather information. Since the scale of Tappenden & Miller’s research is 1000 times bigger, it is logical that cookie deployment is lower because they include more less-­‐popular websites than Soltani et al.’s top 100 sample. The same pattern seems to exist in the FTC’s random sample vs. the FTC’s 100 busiest website sample (Miyazaki, 2008: 21). The amount of cookies measured is dependent of the chosen sample but it is also highly dependent on the method of measurement. This is less obvious as it seems. Tappenden & Miller (2009: 6) report of another study conducted by Security Space in 2006. Their results suggest that only 24,6% of the examined websites use cookies. Their research was also automated but their method did not allow the webpage itself to load. This means that they only recorded cookies coming from the server and not the beacons or pixel bugs that would have loaded if the complete website was loaded. Tappenden & Miller’s approach was automated but supervised. If the automated browser stopped for a dialog box, the researcher pressed ‘OK’ to load the requested page. Soltani et al. (2009) analysed 100 websites, where they had the time and resources to simulate a real user while they visited the website. This and the above-­‐mentioned pattern explain the difference of 30,6% between the two studies. 16 The values in the table are percentages of the total sample that deployed either http cookies, third party cookies or Flash cookies. The FTC studies were cited by Miyazaki (2008: 21) ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 20 5.3.6. Commodification of PII enabled by cookies In this section we explain some data gathering and profiling techniques enabled by cookies. The first technique is behavioural advertising through third party tracking cookies. Secondly we discuss the use of zombie cookies as a strategy to prevent cookie deletion by users. 5.3.6.1. Behavioural advertising
Third party cookies are most often used to tag users and then -­‐ depending on the third party -­‐ to serve ads in line with their behaviour or aggregate the user data for another party i.e. data miner. This process is explained with Flash cookies, although it is exactly the same for persistent http cookies. This is a good example of behavioural advertising in which a pattern is used to select a potential buyer. Figure 2 Cookie implementation (Adobe, 2011) A user surfs to site A and a third party cookie is active on this site in the red box: ‘Car A SUV’. This window possibly contains a Flash element or a pixel bug to send a cookie instruction to the browser. The cookie’s domain and path differ from the visited site, it is therefore a third party cookie. In this case the user clicks on this ad. Other types of interaction or even no interaction at all may trigger the beacon, pixel bug or Flash element to send a cookie. In this example we let the user click the advertisement because it is a straightforward way to explain behavioural advertising. The user now has a cookie of site B, which is accessible for all advertisements of site B. It is shown as an LSO on the left side of Figure 3 Addition of PII. In this cookie two values defined the user, his ID ‘10100’ and the fact that he clicked ad ‘Car A SUB’, indicating he wanted to know more about the SUV. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 21 Figure 3 Addition of PII (Adobe, 2011) The user in this example (Figure 4 Behavioural ) leaves site A for site C, which also has an advertisement of Site B portraying another kind of SUV ad. The user clicks the advertisement again to learn more about it. His browser receives a new instruction; it needs to add a new value ‘Car B SUV’ to the LSO. The user is profiled as a potential buyer of SUV’s because he has clicked two ads about SUV’s. Figure 4 Behavioural targeting (Adobe, 2011) In Figure 4 the same user surfs to site D, which is also in the same ad network of the third party website B. This time he will not receive a randomly generated ad. This ad is chosen for users carrying the SUV-­‐interested cookie only. The owner of the tracking cookie can sell this specially chosen ad space to SUV advertisers who wish to buy ads that are guaranteed to be viewed by interested users. In this example a user’s web history was recorded and profiled to find a pattern of interests that may be targeted by ads. 5.3.6.2. Zombie cookies
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 22 As previously mentioned, cookies can be deleted by users and this hampers the behavioural advertising mechanism because recorded data is lost with each cookie deletion. Cookies were made tougher and this phenomenon was first noticed and researched by Soltani et al. (2009). The zombie cookie was implemented by firms such as United Virtualities after they learned that 30% of Internet users was deleting http cookies. The zombie cookie or ‘Persistent Identification Element (PIE) is tagged to the user's browser, providing each with a unique ID just like traditional cookie coding. However, PIEs cannot be deleted by any commercially available adware, spyware or malware removal program.17 They will even function at the default security setting for Internet Explorer’ (Soltani et al., 2009: 1). In order to achieve this kind of persistence the PIE is not one, but two cookies. The hacker, Samy Kamkar showed that there are even more technological means to make a cookie persistent.18 The first one is the http cookie and the second one is the Flash cookie that revives the http cookie in case of deletion. Soltani et al. (2009) examined the top 100 Quantcast websites by checking what cookies were added after every single visit to one of these sites. Cookies were then categorized and deleted to ensure correct measurement. This study was done manually to simulate a user who pays a normal visit. They found an overlap between http and Flash cookies: ‘Of the top 100 websites, 31 had at least one overlap between a HTTP and Flash cookie. For instance, a website might have an HTTP cookie labeled ‘uid’19 with a long value such as 4a7082eb-­‐775d6-­‐d440f-­‐dbf25. There were 41 such matches on these 31 sites.’ (Soltani et al. 2009: 3) These results do not indicate the use of zombie cookies, but the fact that a Flash cookie served as a backup for the deleted http cookie. They did found zombie cookies on About.com (third party cookie by SpecificClick), Hulu.com (third party cookie by Quantcast) and across domains between AOL (www.aol.com) and MapQuest (www.mapquest.com). This still means that 31 out of the 100 examined sites used cookies that were hard to remove for users unaware of Flash cookies. 17 Adware is defined as a piece of added software that has a different function from the main software component where it was installed with. Spyware is a special form of adware to gather PII and Malware is adware used to malicious ends. These removal tools can be downloaded as plug-­‐ins or stand-­‐alone applications. 18 In reaction to this move by online advertisers, the hacker, Samy Kamkar made the ‘evercookie’ to illustrate what kind of tracking is possible with the current available technology. He makes use of 13 different cookie-­‐like technologies that will reinstall deleted cookies. 19 uid = user identification ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 23 5.4. Contextual integrity Anonymity and PII have been defined but a definition of privacy is still needed. Instead of looking at particular theories that focus on a specific aspect of privacy such as the right to be let alone (Warren & Brandeis, 1890), the right not to be identified (Woo, 2006) or privacy as a subjective experience (boyd, 2006). We will make use of the contextual integrity approach because it is a very robust framework that can be implemented over a wide variety of situations: ‘{…} a framework for evaluating the flow of information between agents (individuals and other entities), with a particular emphasis on explaining why certain patterns of flow provoke public outcry in the name of privacy (and why some do not).’ (Barth, Datta, Mitchell, & Nissenbaum, 2007) In order to fully understand privacy outbreaks, Nissenbaum has developed a framework that takes the situational in account. The situation mentioned by Nissenbaum is defined by the different roles: ‘the one from whom the information flows, the one to whom the information flows, and the one -­‐ the information subject -­‐ about whom the information is.’ (Barth, et al., 2007) These entities perform roles in our society such as patients and physicians or students and teachers. The relationship between these two roles defines what is said. This means a physician may ask about your health in his office and you may expect from him that he keeps this information to himself, unless he needs to share it with a colleague to help with a therapy. In this situation two sorts of information norms define the flow and content of the disclosed information. The relationship ‘physician-­‐patient’ defined what sort of information can be exchanged by whom. In this case the patient disclosed information about his health, while the physician was not expected to do the same. The norms that govern what is disclosed in a certain situation are norms of appropriateness, and they are context dependent. The physician-­‐patient situation contains a second set of norms, which defines to what other contexts or persons this information may flow (Pierson & Heyman, 2011). These are the norms of distribution. These norms of information flow assess the transfer of personal information from one party or context to another context. The question is which information from one setting may be used in another setting. Does the actual distribution comply with the norms that were set in the original context with regards to the information flow? Personal data that are revealed in a context will always carry a specific stamp from that context. For example, in a friendship the norm of appropriateness is very flexible and dependent on the type of friendship, while the norm of information flow is much more fixed. Between friends there is most often a bi-­‐directional flow of information (in contrast to a physician-­‐patient relationship), but outside the ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 24 friendship the norm of confidentiality needs to be met. In the relationship between a client and an online store, it is mostly necessary that the consumer conveys sufficient personal information about his home address and the ways he can pay. In previous work we referred to the fact that the system above is only functional if all users are aware of every information disclosure practice possible in the present and in the future. We have pointed out that the objects in Nissenbaums framework are fully aware of the context (Pierson & Heyman, 2011). This is in contrast with many users who are not even aware of the function of a privacy statement. This is illustrated by Hoofnagle, Jay & King (2008), where they found that: ‘(…) many California consumers believe that privacy policies guarantee strong privacy rights. The term ‘privacy policy’ is functioning in consumersʼ minds as a privacy seal.’. This difference between real world users and Nissenbaums agents has concluded us to talk about two separate contexts: the perceived and the complete context. The perceived context is the specific context where a user thinks he or she is in, while the complete context is the context where Nissenbaums ideal subjects are in. Figure 5 Perceived and Complete context The diagram functions as a way of conceptualising the degree of empowerment on privacy matters in social media. The user in the first diagram is less empowered because he or she knows less of the complete context. The user in the second diagram has a larger overlap between the perceived context and the unperceived context. This implies that he or she is more capable to deduct the norms of appropriateness and distributions, which are both needed to decide what kind of communication is going to take place. This difference between the complete meaning of a technology and the more idiosyncratic meaning has been discussed in HCI. This is the discussion between ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 25 sychologists, but this
sychology is of little
difference between
that the existence of
tor’s experience and
and, tightly couples
and experience. The
e action capabilities
it is the mental and
man’s position that
ties. He states that
to the operations of
uggest the range of
that when designers
user knows what to
omplex things may
mple things should
d.
rman stresses the
es [15, 16, 17] and
ances:
real from perceived
h, but the perceived
ability. I didn’t make
book and I have spent
widespread misuse of
to mitigate future
learly separate the
on specifying the
of affordances [18],
rdances from their
his original usage.
ns about affordances
n in that article. We
on.
Norman’s and Gibson’s interpretation of affordances. We will elaborate on this discussion to provide a description of how we are going to use the perceived and complete context as an evaluative framework for privacy affordances. In order to evaluate the practices enabled by social media, we need a framework capable of describing the design aspects in relation to the functionalities of the underlying system. This can be done through the use of the concept affordances, which was introduced in HCI by Donald Norman in The Psychology of Everyday Things: ‘...the term affordance refers to the perceived and actual properties of the thing, primarily those fundamental properties that determine just how the direction
to the
actor forbe there
to be
an affordance.
thing could possibly used. A chair affords (‘is for’) support and, therefore, According to Norman’s use, on the other hand, 20the
affords sitting. A chair can also be carried.’ (Norman, 1998) affordance would only exist if there was information to
specify the possibility for action and the actor had
This definition was an the
extension of In
an this
older learned
how to interpret
information.
case,definition by the psychologist James there would need to be a door handle that signaled the
J. Gibson. ‘Gibson intended an affordance to mean an action possibility available of opening to the
If we were toindependent redraw
in direction
the environment to actor.
an individual, of the individual’s ability to Figure 1 using Norman’s definition, the two sections on
perceive this possibility.’ (McGrenere & Ho, 2000) Thus the biggest difference the right, Optics and the Environment to be Perceived,
between these two of affordances lies in the fact that Norman would be collapsed
into interpretations a single section.
sees Table
these as idiosyncratic and Gibson 1 highlights the different meanings assignedsees to these as independent of users’ affordances by Norman and Gibson.
Gibson’s Affordances
•
•
•
Offerings or action possibilities in the environment in
relation to the action capabilities of an actor
Independent of the actor’s experience, knowledge,
culture, or ability to perceive
Existence is binary – an affordance exists or it does not
exist
Norman’s Affordances
•
•
•
•
Perceived properties that may or may not actually exist
Suggestions or clues as to how to use the properties
Can be dependent on the experience, knowledge, or
culture of the actor
Can make an action difficult or easy
Table t1:
of affordances
as defined by
abilities o Comparison
perceive them. Gibson and Norman.
Table Comparison of affordances as dbetween
efined by the
Gibson The 1most
fundamental
difference
twoand Norman. (McGrenere & Ho, 2000) definitions is that for Gibson an affordance is the action
Norman’s definition more popular possibility itself
whereas became according to
Norman’s
use it and with that also the inherent has
been
both
the
action
possibility
and
the
way
that
thatan article to address this problem. ambiguities. In 1999 Norman (1999) wrote action
possibility
is
conveyed
or
made
visible
to
the
He wrote ‘affordances’ in Psychology of Everyday Things while he should have actor. Norman’s “make it visible” guideline actually
written ‘perceived affordances’. By referring to perceived affordances he was maps quite nicely to Gibson’s statement that there must
be
perceptual
information
that
specifies
the affordance
20for
the qaffordance
towberitten directly
perceived.
believe
This uote was for the first We
time in The Psychology of Everyday that
this
difference
has
caused
confusion
in
the
HCI
Things, published in 1989 by Basic Books. The Design of Everyday Things is a community. In his original definition, Norman collapsed
revision of this book. The quote has not changed. two very important but different, and perhaps even
he Differences
anonical example of
independent, aspects of design: designing the utility of
– IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone amely the affordance ©EMSOC an object and designing the way in which that utility is
es between Gibson’s conveyed to the user of the object. Because Norman has
concept. Consider a
stressed (but not entirely limited himself to) perceived
panel. Without prior
affordances, he has actually favored the latter of the
26 able to insert the Gibson’s affordances as ‘real affordances’. The difference is best explained with an example of this article: ‘Now consider the traditional computer screen where the user can move the cursor to any location on the screen and click the mouse button at anytime. In this circumstance, designers sometimes will say that when they put an icon, cursor, or other target on the screen, they have added an ‘affordance’ to the system. This is a misuse of the concept. The affordance exists independently of what is visible on the screen. Those displays are not affordances; they are visual feedback that advertise the affordances: they are the perceived affordances.’ (Norman, 1999) Norman also refers to other concepts, which were mistakenly taken for affordances by designers. These concepts, constraints and conventions, are of equal importance to our analysis because they refer to the perceived and complete context as well. We will first address the three types of constraints and then the conventions. The first type of constraints is more closely related to the concept of real affordances. ‘Restricting the cursor to exist only in screen locations where its position is meaningful is a physical constraint.’ (Norman, 1999) Thus a definition of physical constraints is ‘Physical limitations {that} constrain possible operations.’ (Norman, 1998) This concept will be very useable to map options that are not changeable, such as advertising. The second sort of constraints is the logical constraint. This kind of constraint relies on the ability of the user to deduce something from receiving input from the system.: ‘Thus, if we ask the user to click on five locations and only four are immediately visible, the person knows, logically, that there is one location off the screen.’ (Norman, 1999) The last type of constraint is the cultural constraint. Cultural constraints are bound by conventions shared by a cultural group: ‘The fact that the graphic on the right-­‐hand side of a display is a ‘scroll bar’ and that one should move the cursor to it, hold down a mouse button, and ‘drag’ it downward in order to see objects located below the current visible set (thus causing the image itself to appear to move upwards) is a cultural, learned convention.’ (Norman, 1999) These cultural conventions are arbitrary. ‘The word ‘arbitrary’ does not mean that any random depiction would do equally well: the current choice is an intelligent fit to human cognition, but there are alternative methods that work equally well.’ (Norman, 1999) Conventions -­‐ either cultural or not -­‐ need a community of practice, which adopts the convention. Once these conventions are adopted by a group of ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 27 practice, they are hard to remove form this group. Conventions in general should therefore be understood as constraints on our behaviour although we are actually free to act differently. It is important to note that physical constraints cannot be violated or changed by the user, while logical and cultural constraints can be. This is interesting because it means that physical constraints are almost like real limits to the affordances of a technology. They differ in the fact that physical limitations are specific design choices and real affordances are all the functions of the system. The difference of between these two is best explained by the following example. While it is possible to imagine a social network site without advertising (real affordance), there is no option to opt-­‐out of all advertising on Facebook (physical constraint). The latter cannot be changed by the user while cultural or logical constraints can be changed. The last two provide a more subtle way of steering users. These conventions can be used both for good things and for bad things. This is clearly shown with the quote of Mark Zuckerberg about the privacy affordances of Facebook: ‘The privacy is largely false, but for most students, the privacy is good enough’ (New Yorker, 2006) Apparently, the users of Facebook share the same believe as the users investigated by Hoofnagle et al. (2008). They have attributed a perceived affordance to Facebook or privacy policies as a shared convention. Jensen et al. (2005) researched privacy practices on commercial websites and they found that numerous ‘trustmarks’ function as cultural constraints. These trustmarks, privacy policy, Truste-­‐label and credit card logos, made the visitors of these sites believe that the site was in fact trustworthy. And this is the reason why the use of perceived affordances is so important to this research, the fact that there is no necessary connection between real affordances and perceived affordances: ‘the affordances, the feedback, and the perceived affordances can all be manipulated independently of one another. Perceived affordances are sometimes useful even if the system does not support the real affordance.’ (Norman, 1999) 5.4.1. Visual constraints As we will be analysing a media, which are shown through a screen and usually a web browser, we will encounter many visual feedback elements or the lack of visual elements and these will also steer users. We therefore argument to use another set of constraints, that are analogous to Normans reasoning. Norman talks about visual feedback as an indicator to enhance perceived affordances in such a way that they can lead to perceive real affordances: ‘In this circumstance, designers sometimes will say that when they put an icon, cursor, or other target on the screen, they have added an ‘affordance’ to the system. {…} Those displays are not affordances; they are visual feedback that advertise the ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 28 affordances: they are the perceived affordances.’ (Norman, 1999) If this is possible, than it is also possible to diminish the visibility of affordances: ‘Real affordances do not always have to have a visible presence (and in some cases, it is best to hide the real affordance).’ (Norman, 1999) We therefore add visual constraints as a choice to steer user behaviour in cases where there is for example a difference between readability of fonts. 5.5. Integration of affordances into the perceived and complete context Figure 6 Perceived and Real affordances The image above is a new conceptualisation of the perceived and the complete context. The coloured, smaller circle represents the perceived affordances, which are part of the perceived context and the white, bigger circle represents the real affordances (or unperceived context). The combination of both types of context represents the complete context. It is possible to translate all of the contextual integrity concepts needed to assess the norms of a situation through affordances. The roles between different parties can be identified now as the affordances of the different entities in social media. These are mainly limited to communication functions, which enable us to deduce norms of appropriateness and distribution. This also means that we can look at the perceived and the real affordances in yet another way. Pierson & Heyman (2011) are drawing a line between two sorts of data disclosure: implicit and explicit exposure. Explicit exposure was defined as an act of communication knowingly done by users themselves i.e. updating their status or tweeting something. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 29 Implicit exposure was defined as the disclosure of information that is not part of the
action performed by the user. For example, not all users are aware of the fact that
cookies gather user behaviour (Walrave, 2002). Users who disclose information
implicitly are not able to take this disclosure into account and this might breach their
contextual integrity.
The perceived affordances can be linked to the act of explicit exposure as users see
the function of the tool as they use the tool. The same can be done for implicit
exposure and real affordances. Due to the emphasis on the independence of real and
perceived affordances, it is now easier to define a mode of exposure, which is both
explicit as implicit. This is for example what happens with social advertising. Users of
Facebook explicitly announce that they ‘like’ a certain brand. This action is explicit
and users are aware of the affordance that this action will share this information in
their network. If we formulate this differently, we can state that users are aware of the
perceived affordance. But, this action can also be implicit, because the person who
liked the advertisement may be used in the advertisement below. This is a real
affordance but not a perceived affordance, which makes the action partly explicit and
partly implicit.
Figure 7 Perceived and Real affordances We will use the constraints as ways to become informed of the affordances related to the aforementioned framework. This is best explained through an example: users who wish to make use of a new service need to accept an end user agreement before they can use the service. This is a physical constraint since it is impossible to move forward without accepting these terms. The terms, if read, offer users the possibilities to change certain aspects in their privacy settings. If a user changes these settings than this can be logical because the user deduced they needed change. Cultural constraints can be interpreted as the way ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 30 the social medium is used by the peers of a user and these require certain information sharing and disclosure affordances to do so, which will limit or steer the behaviour towards certain information disclosure practices. Cultural constraints can also steer the perception of for example a privacy statement, which was wrongly seen as a sign of good privacy, as in the case of Californian users (Hoofnagle, et al., 2008). 5.6. PII and UGC Here we want to elucidate the relationship between UGC and PII. This is necessary because the definition of PII is so broad that it easily incorporates UGC as mentioned above. UGC is only a part of PII, and to explain the difference it is best to make use of the difference between explicit and implicit exposure. UGC presupposes an action of disclosure done by the user and we can therefore say that users explicitly expose themselves by doing so. However, users may or may not be aware that this UGC may also be used as PII in a commodification process. For example, the likes they have explicitly given to certain brands, may be leveraged by companies as PII to start a marketing campaign. UGC in the example above with the like given to a particular brand, has a dual exposure feature. Since it is user generated as an announcement to the user’s network of him or her liking that particular item or brand, we can say that it is explicit. But, users have also generated PII into the database of a company and this can be used in a later commodification process to generate advertising value. 5.7. Conclusion To summarise we can conclude that user empowerment in social media is closely related to the potential described by Castells (2007) as mass self-­‐
communication. However this potential is not only curtailed by companies but also by users’ incapability to grasp all the real affordances. The fact that there can be a difference between the complete and the perceived context ushers us to look at the constraints that are put in front of the user to steer him or her in a certain direction. This direction will probably be given by social media’s financial interest. To prove this, the analysis that follows will map these constraints and the complete context with its real affordances. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 31 6. Method
The main research method of this report consists of a desk research and an analysis of five purposefully selected social media platforms. We will first explain our research set-­‐up, which includes the selection of the platforms and what we will analyse in these platforms. 6.1. Selection The two main criteria for the selection of social media platforms were variety and relevance in Flanders (Belgium). Firstly, we have chosen for as much diversity in sorts of social media platforms as possible. Secondly, we took into account the platforms with the biggest user bases in Flanders (Belgium) in 2011. This generated the following cases: Facebook, LinkedIn, Twitter, Netlog and StumbleUpon as the most relevant players, that are all using different accents in their platform. The social network site Facebook (data collection in January and October 2011) is meant to connect with friends and sustain these networks. The social network site LinkedIn (data collection in January 2011) was chosen because it provides a network for career management and job solutions. The IPO filing of LinkedIn (January 27th 2011) was another important selection reason because this supplied us with more detailed information about the commodification process. The micro blogging site Twitter (data collection in August 2011) is a completely different service because it focuses more on the communication itself and less on the relationships between these communicators. They have also been struggling to find a way to monetise their network (Swisher, 2011). The latter is another important reason to scrutinise Twitter. Netlog (data collection in August 2011) is an important player among social network sites in Flanders because it is a Belgian platform and it used to have more users than Facebook in Belgium until 2010. Lastly, StumbleUpon (data collection in October 2011) was analysed as a social media platform that uses collaborative tagging to recommend new content to its users (similar to Last.fm and Amazon.com). This platform was also chosen because it has the biggest referral traffic of all social media platforms (Lipschutz, 2011). The only sort of social media that has not been mentioned here is the sort that shares locations such as Gowalla or Foursquare. 6.2. Evaluation of objects of analysis We map the perceived and real affordances of social media in order to conclude whether there is enough overlap between perceived and real affordances. This overlap is needed to indicate the degree of empowerment users have with regard to their privacy. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 32 In order to map the perceived affordances – by replacing ourselves as researches in the role of the users -­‐ we have registered all the necessary steps needed to register a user and we have also browsed all the pages a normal user would use in order to make use of the service. We need to remark that the privacy settings are not included unless they offer settings to limit advertising practices in any way. The goal of this part of the research is to map how users are being informed of the commodification of PII. We are not mapping how users are informed about their privacy if this is related to social privacy issues i.e. whether friends of friends can see status updates or not. During the sign up process and the browsing of the platforms, Ghostery21 was turned on. Ghostery is a Firefox plugin to visualise the amount of parties that track a user on a specific web page. The results of this plugin are only mentioned when third party trackers were identified by this plugin. The other affordances will be added either as explicit or implicit information, which is gathered either from the privacy statement or through analysis of the advertising services. Explicit information is information easily obtainable for users while implicit information is less accessible due to constraints. It is important to notice that implicit and explicit are degrees that signify how visible and understandable a service is if users were to sign up to it. All selected platforms will be presented in a uniform matter. The information collecting practices are presented first. These are subdivided in three categories: 1. Information gathered during registration 2. Information gathered explicitly after the registration 3. Information gathered implicitly during membership of or participation on the service. The place of the privacy statement in this order is very difficult because it depends on the user and his or her willingness to read this. We have chosen to put it between explicit and implicit information gathering (2 and 3). This placement is motivated by the fact that it is unsure whether users read privacy statements and terms of service. This has been shown by the British firm, GameStation, which mentioned that users’ souls would be sold to the devil if they agreed to the terms of services ("7,500 Online Shoppers Unknowingly Sold Their Souls," 2010). Research shows that only one in four users read the privacy statement on commercial websites. However in this case the respondents had knowledge of the goal of the research, which could skew the results. (Jensen, et al., 2005). Secondly, users do not always understand what a privacy statement or policy is (Hoofnagle, et al., 2008). The privacy statement is very important 21 www.ghostery.com. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 33 because this is where users are informed about their context and asked to agree or disagree with this context. After this mapping we will be able to analyse how the perceived affordances relate to the real affordances. This relation will indicate the degree of empowerment users have to understand the context or medium and how they can act upon it. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 34 7. Social media platforms
7.1. Netlog Table 2 Netlog www.netlog.com
Founders Lorenz Bogaert, Toon Coppens Country of origin Belgium Established September 2006 Users (global) 94 million (December 2011) Data collection August 2011 We have chosen to analyse Netlog 22for two reasons. It used to be a social media platform that had a larger share of Belgian users than Facebook. They lost a large amount of users to Facebook in 2010 but the amount of users is now increasing again: in 2010 they ticked off at 70 million users and in July 2011 this was already 80 million (Tibau, 2011). At the time of writing Netlog closes 2011 with 94 million users, which proves that they are on the rise again. Netlog is also interesting because it is part of the Massive Media holding, which is diversifying its services with: a games platform (Gatcha.com), a Netlog complementary datingsite (Twoo.com), a conversation platform (Ekko.com) and a website that offers prizes in the form of contests (Kezoo.com). This diversification is also noticeable in the amount of different commodification possibilities on Netlog. 7.1.1. Upon registration 22 Netlog is part of the EMSOC Advisory Committee of Users (ACU) which gives more opportunity to get additional information on their internal organisation. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 35 Figure 8 Netlog registration form Netlog needs certain credentials in order to start an account. The needed information is: (1) e-­‐mail address, (2) first name, (3) gender, (4) date of birth and (5) a password. It is also possible to fill in a last name, but this is not mandatory. If the user is already using other social media such as Facebook or Messenger, then he or she can use this service to turn over the needed credentials. This service is no longer available since September 2011 and therefore not discussed any further. 7.1.2. Analysis of constraints The screenshot contains different kinds of fonts that either attract a lot of attention or almost no attention at all. The calls to action such as ‘Your e-­‐mail address’ are black and bold and almost as visible as the red title mentioning that Netlog needs a few things before it can get started. Next to this column is an information icon this does not provide any extra information. The title of this column is bold and the colour of the font is grey instead of black. The body text that says how fast this method of signing in through Messenger or Facebook is, is smaller and in a normal font. There is another smaller and therefore harder to read font: ‘Already registered?’ and ‘By registering you declare to agree to the Terms & Conditions’ is grey upon a grey background which makes it less prominent as the other words on the page. If we order the readability of these different kinds of information we get the following list descending from very readable to least readable: ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 36 1. ‘We need a few things before you can get started’ 2. Registration information 3. Automatic registration through Facebook or Messenger, 4. ‘Become a member’, 5. ‘Already registered? Log in now’ and 6. ‘By registering you declare to agree to the terms & conditions’ We can see that calls to action are first, forms are second, but closely followed by the automatic registration. The ‘Already a member’-­‐link and the informed consent option are last. This shows us that the visual constraints used in this registration form nudge users to fill in the registration form as a top priority while reading the terms of service is last. The informed consent is actually placed after the button with a call to action to become a member. So, all the freshly signed in users who are more or less used to click these call to action-­‐buttons have a bigger chance to fail to notice that they declare to agree to the unread terms and services. This is a cultural constraint, which again steers users away from reading these terms.
Figure 9 Fill in the security code After the provision of the needed information, the user is asked to enter the security code. Another physical constraint is build in, the constraint to be able to read the security box. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 37 Figure 10 Netlog e-­‐mail with account confirmation request After filling out the security code, we were informed that a mail was sent to the provided e-­‐mail address. This confirmation request implies two physical constraints, users need to provide a working e-­‐mail address and they need to confirm that they own this address by clicking on a link in the received e-­‐mail. After receiving the confirmation mail and following its confirmation link, a user is registered. This is however only the first step, Netlog requires more information to work at full capacity. For example, one is immediately asked to add friends in the next step: Figure 11 Find your friends on Netlog ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 38 In this case we have given our Hotmail account information in order to add friends. This proved to be tedious because Netlog suggested too many contacts. Some of these contacts were 6 years old and were only mailed once. This is not so user friendly because all contacts were checked by default to be imported. We refrained from adding all these contacts and went back to the previous menu to select the ‘Skip this step’ option. The default option of Netlog to select all connections is a logical constraint because it takes too long as a user to uncheck all the boxes manually. This leads to the perceived affordance that Netlog wants to add all contacts of other media. It is possible to skip this step and this is shown in the same way as the terms and services was shown. In order of priority the user is steered to first add friends before skipping this step. Netlog gave the option to further complete the profile by adding optional information or performing other actions such as: uploading a profile picture, adding friends, adding pictures, filling in interests, filling in the ‘About Me’ text, adding cool videos and choosing or creating an own skin. The indication of the profile completeness is a visual feedback that refers to a logical constraint. This information gives users the impression that they should fill in all this extra information or perform the necessary steps described in the profile completeness box. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 39 Figure 12 More friends, more fun Users who do not add friends through other media such as Facebook, Hotmail, etc., are reminded multiple times that this possibility exists. This visual feedback shown in Figure 12, was shown multiple times. This gives users the impression that adding friends is a necessary step in the Netlog registration process, which makes this a perceived affordance. The obtrusiveness of this pop-­‐up works almost as a physical constraint and is therefore steering users until they add enough friends to stop being confronted with the pop-­‐up. 7.1.3. Explicit information gathering 7.1.3.1. Basic data
There are more personalisation options offered when a user surfs to the ‘manage’ page of Netlog. Users can fill in more information about their basic data, which is already partly filled in during registration, first name, last name, gender, ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 40 date of birth, location and native language. It is also possible to further fill in what a user does during the day (profession, company, job title, hobbies), what a user is looking for on Netlog (friendship, relationship or business contacts), what a user’s love status is, whether they are interested in men, women or both and they can also write a short introduction text. The user gets the choice to fill this information in and also to decide whether it should be shown on their profile. 7.1.3.2. Other information
In this tab users are able to present where they went to school and what degree they got in what kind of study. In the ‘interview’ tab users are asked many questions to further talk about themselves. These are all optional questions (see Annex 4 Netlog Interview p.123). Finally, users can also add their instant messenger account to their profile so that other users can contact them over there as well. 7.1.3.3. The grey zone of ‘Logs’
The ‘Logs’ tab keeps users up to date about their and other users’ activities around Netlog. For ‘normal’ users, the users who do not pay for a premium account, the logs are limited to who visited a page of their profile on what day. For premium users it is also possible to see with what other visitors interacted, to make their own visits to other profiles invisible to the owners of those profiles and to get more statistical information of other users. This information can be about how much male vs. female visitors visited, how old they were, etc. We did not research this any further. It is however important that normal users have a physical constraint to visit other profiles anonymously and this means that browsing anonymously is only an affordance for premium members. It is important to note that users are able to map who has visited their profile and that obfuscation options plus more detailed reports are available for premium users. The premium package is called a Backstage pass. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 41 Figure 13 Example of a log 7.1.3.4. Information gathering processes described in the privacy statement To discern what information Netlog gathers implicitly, we read the privacy statement of Netlog. This was the shortest privacy statement of all researched social media platforms. In this statement Netlog described what they collected, to what purpose this data served, how long they stored this data, how they shared PII with third parties, they disclosed their use of cookies and web bugs and they inform users about their rights. As a general rule Netlog sees public data as all the information given on Netlog; communicated on the platform, thus information shared on profiles, blogs, shouts, pictures, videos, events, music, links, messages, ratings, contributions to guestbooks and links with groups and other users. They perceive settings and administrative data as private, these are things visible to the user only. Before we interpret affordances of this public-­‐private divide, we will look at what they do with this data. 7.1.3.4.1.
Purposes We have discerned two broad categories for the purposes of data collection. These are either to keep the service working or to serve advertising to users. Table 3 Data used for the service or advertising Service Advertising ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 42 publish the information intended to be made public by you, under the conditions specified in your privacy settings allow you to correctly use the Website in accordance with your settings send you communications about the Website, as well as our other products and services provide you with advertisements tailored to your profile perform general administration customer generate anonymous statistics about the (users of the) Website, to improve the Website or convey statistical information to third parties investigate fraud and infringements of our Code of Conduct The Website uses cookies to identify The Website also uses a cookie and an you as a user of the Website, to AdPath pixel (‘web-­‐bug’) to allow remember your preferred language third parties to tailor advertisements and to facilitate navigation on the to your profile.23 Website Logging of time date and URL of all Logging of time date and URL of all Netlog pages, searches on Netlog, Netlog pages, searches on Netlog, technical information about browser technical information about browser and computer, URL of the referring and computer, URL of the referring websites websites 7.1.3.4.2.
Data sharing with third parties The information sharing practices are very similar to the public-­‐private division Netlog made: ‘Third parties can access all information intended to be made public by you, under the conditions specified in your privacy settings.’24 And this implies that they share the following data for the purpose of targeted advertising: ‘browser type, IP address, current and previous URL you are visiting (and search query), age, gender, and geographical location with our advertisement provider. This information may subsequently be used by other websites for the display and management of targeted advertisements.’25 7.1.3.4.3.
Storage 23 The privacy statement is no longer up to date, the AdPath cookie is not picked up by Ghostery. This is probably related to the fact that Bluelithium has also disappeared from the web (this was bought by Yahoo! and shows no online activity ever since). 24 http://en.netlog.com/go/about/legal/view=privacy#footnote8 25 Idem. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 43 Netlog stores the information uploaded by users for the time the service is being used and to a maximum of 6 months after the deletion of the information or the deletion of the user account. Logs are stored for 6 months after the initial creation of the log. Lastly, cookies are stored on users’ computers for 100 days. The physical storage location is not disclosed, Netlog only warns that this place might be outside the EU borders. 7.1.3.4.4.
Rights Netlog also reminds users of their rights with regard to their privacy. They have the right to get access to their personal data free of charge and they have the right to correct it. And they can also object to the use of their personal data for direct marketing purposes. This last right is not optimally respected. Netlog directs its users to the Networking Advertising Initiative where users can learn how to opt out from targeted advertising. This right is not guaranteed and the link does not provide adequate opt-­‐out options. The user needs to be aware of the specific behavioural advertiser companies that cooperate with Netlog. Even if users are fully aware of these companies, which are not mentioned on the website, it is impossible to opt-­‐out fully because Quantcast is no longer part of the NAI initiative. Figure 14 Cookies on Netlog26 Users are only informed about their right to op-­‐out of targeted advertising but they should also be informed about their right to opt-­‐out of being tracked by cookies of third parties. This is not mentioned in the privacy statement. 7.1.4. Commodification of PII The commodification of PII and the valorisation of Netlog in general is based on two large systems. There is the Netlog currency system where users can buy, earn and spend credits in various ways and the second system is the advertising 26 These cookies were detected with the Ghostery plugin for Firefox, which shows what cookies are tracking you and which cookies are blocked from doing this (these are striked through). ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 44 system. We will address the currency system first and move on with the advertising services afterwards. 7.1.4.1. Credits
Credits are the currency of Netlog and they can be bought or earned by performing various ‘tasks’ on the Netlog platform. Before we look at the ways of earning credits, which is the main commodification part of the credit system, we delve into the different ways this currency can be used. Credits can be spent in four different ways. First of all credits can be used to play games, for example in the game Pet Party you can spend diamonds or saphire on items in the game which provide advantages or are aesthetically more pleasing. Pet Party also seamlessly integrates ‘Sponsored Play’, which is a service that lets someone else, a company, pay for the needed diamonds in the game. All a user has to do is follow the steps shown in the figure below. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 45 Figure 15 SponsorPay This is the most emblematic example of PII commodification, the user is asked to choose an offer27 or complete a form and is then rewarded with diamonds. To give an idea of the pricing, 20 diamonds are worth 2 euro if they are bought with a credit card or Paypal (Netlog, 2011b). Users can also earn credits by buying products of Netlog partners. In this case PII is of a lesser importance because the user is directly engaging with the product of a partner. This purchase however does require personal information in order to fulfil the transaction. 27 Choosing an offer usually requires personal data as well. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 46 Figure 16 Examples of SponsorPay (Netlog, 2011a) Thirdly, users can also promote the use of Netlog by inviting new users. If 10 users respond to a user’s invitation and activate ‘trust’, which is basically giving your mobile number, the user is given 10 credits. These credits are not worth much since a user needs 150 of them to do a 2 euro purchase or 5 euro for 360 if purchased instead of earned. This implies that a user must invite 360 friends to earn credits worth 5 euro. The fact that Netlog promotes this might imply that other people become users who are steered to share their phone number. Figure 17 Invite friends Credits can also be used to purchase a backstage pass, which is a premium account that grants users the right to browse other profiles anonymously, gather more information about users who visit a profile, show more statistics about friends and visitors and to show off the fact that a user has a premium account (also access to exclusive skins, smileys, filters, richer profile, priority at the helpdesk and much more). ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 47 Also, credits can be used to put something in the spotlight. Users can buy spotlight exposure to push their message further: ‘Sometimes, though, you might want to blurb something to the whole world or show everyone cool pictures and videos of yours. That's why we've created the Spotlight!’ (Netlog, 2011c) Lastly, users can purchase apps or things in apps that run on the Netlog platform. For example, users may give each other gifts through the ‘gifts’ application and some of these gifts cost credits. 7.1.4.2. Advertising
Before we start the analysis of Netlog’s advertising services, we need to clarify the research process. Part of the data gathering took place in August 2011, but this data was no longer available online after September 201128. This information is still absent in December 2011. We did find a link to national ad sales partners who were responsible for the sales of the ad inventory. Belgacom Skynet is responsible for the Belgian ad sales. For now we will describe the services in the document provided by the Belgian ad sales partner, Belgacom Skynet (2011). The unavailability of the data was caused by a dead link. We inquired about the missing information at Netlog via e-­‐mail29. We were informed that Belgacom Skynet has not taken over Netlog marketing communication but is merely selling their ad space as a partner. 7.1.4.2.1.
Services sold by Belgacom Skynet Belgacom Skynet is responsible for various kinds of advertising. These are however not all the sellable services sold by Netlog. Netlog also sells integrated products, which go beyond advertising spaces. These services try to integrate the brand or product by developing a page, skin or even by supporting a forum to foster conversation between the brand and the users of Netlog. These services are not mentioned since they do not require PII. Three types of advertising are sold by Belgacom Skynet: mobile advertising, display advertising and take-­‐overs. Instead of going in to the specific kinds of advertising, we first look at common characteristics among these types of advertising. All ads are served on a Run of Site (ROS) basis, this implies that they can appear anywhere on the site. This is contrary to Run on Category (ROC), which directs 28 http://www.massivemedia.eu/advertising/ 29 Segers T. Mailed by: Heyman R. (18th November 2011). ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 48 ads to specific categories in stead of the whole site. As a whole, the advertisements can still be targeted by language or country since all ad partners are national. Secondly, the audience of Netlog is very age specific and therefore already a priori a specific segment. After enquiring what kind of targeting was available, we got an answer that the advertisements sold by Belgacom Skynet are also targetable through age, location and gender.30 Belgacom offers diverse kinds of banners, pop-­‐up messages and videos and special buys like larger leaderboards (this is a banner), a take-­‐over (which takes over the theme of a background) and an interstitial, which is an ad shown between the navigation from one part of the site to the other. Ads can be bought for a specific period which is billed in Cost per Week (CPW) or Cost per Day (CPD), but it is also possible to pay for the amount of times an ad is shown Cost per Mille (thousand) impressions or CPM. The following mobile advertising is also offered by Belgacom Skynet: banners that can be adapted to specific tabs or an ROS banner with either 50 or 25 % Share of Voice (SOV)31 for one week. The tab specific banners can be targeted to particular contexts such as; Homepage, Messages, Shouts, Notifications, Friends, Logs, Profile or ROS in general. 7.1.4.2.2.
Older services Netlog used to offer targeted advertising similar to Facebook. This service is a self-­‐service where marketers could choose particular demographics and interests to target an audience. 30 Tom Segers informed us about the targeting possibilities after we reported a dead link by e-­‐mail. The correspondence can be found in the annex of this document. Segers T. Mailed by: Heyman R. (18th November 2011). 31 Share of voice is the amount of exposure and ad receives on a medium. If SOV is 100%, the ad is the only shown ad. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 49 Figure 18 Netlog targeted advertising Figure 19 shows how it is possible to target language, gender, age, location (which is targetable to specific regions), sexual preferences, relationship status and interests. Next to the targeting criteria users of this service are also able to further define how their add is going to look. They have to define a title, a text body and upload an image. After that the advertisement will look like the one below in figure 20. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 50 Figure 19 Example of a Netlog advertisement Next Netlog asks what the budget and the timing of the advertisement are. Netlog charges 2 euro CPM or 2 euro for 1000 impressions. As for the timing, users or the service can specify the start and end date of the campaign. 7.1.4.2.2.1.
Net offer Net offer is the service behind the currency earning system. In this service firms have to define what they offer, on what website they offer it and lastly they have to provide a point of completion that sends back a signal that the earned credits or saphire should be given by Netlog. This service is particular interesting because companies using the Net offer service get user data ‘The offer will present the user with a form containing all the client's requested fields. Data Netlog already owns will be prefilled with the exception of phone number. The form is hosted by Netlog. The partner only needs to specify a method of receiving the data (GET parameters, XML/JSON api, etc)’(Netlog, 2010) But, they can also ask this data again as part of their survey or offer. Users are required to fill this in before they get the credits. 7.1.5. Conclusion In order to map the perceived and the complete context of affordances, we first map the constraints that steer user behaviour and secondly we map the affordances of the commodification process on Netlog. Users are being nudged away from the terms of service. This is the only place where the privacy statement is mentioned during the registration process. Secondly, users are steered to share as much information as possible and they are even tempted to attract as much new users as possible. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 51 The affordances of the commodification process are more clearly shown if users participate in the Netlog currency model. In order to receive credits users have to fill in information in surveys, which signifies a trade. Users may be aware that log files about their behaviour are shared but they are not really informed about the various targetable options offered to marketers on Netlog. We can conclude that there might be a big difference between the perceived and the complete context because users are only informed of the commodification process in the privacy statement. They might perceive the affordance that they are served advertising, but it is much harder for users to understand how these mechanisms work. 7.2. Facebook www.facebook.com Founders Mark Zuckerberg, Eduardo Moskovitz and Chris Hughes USA February 2004 800 million (July 2011) October 2011 Saverin, Dustin Country of origin Established Users (global) Data collection Facebook is the biggest SNS for the moment with 800 million active users, of these active users more than half sign in daily ("Statistics," 2011). The Facebook Platform also has a reach over more than 900 million objects (pages, events, groups, etc.) that are related to users one way or the other. Facebook also states that they are connected to 7 million apps and websites, which makes Facebook’s presence on the web enormous and never seen before in the history of the Internet. The interconnectedness of Facebook throughout the web and with its users is symbolised in the Open Graph. This database of relations between users and objects has been recently updated to specify relations more specifically than the previous ‘like’ attribute. It is also updated in such a way that it now records and publishes these relations or actions of users with an object in the Open Graph in an automated way (MacManus, 2011). ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 52 We will analyse Facebook as proposed by the method section, but we will put an extra emphasis on the Open Graph because it is unique in social media and it opens up new ways to advertise. During the simulation of the registration procedure the researcher enabled private browsing on Firefox32 because this disables all pre-­‐existing cookies Firefox had stored from Facebook. This was necessary to make a new account. 7.2.1. Information collected upon registration Figure 20 Facebook registration step 1 32 The browser was Firefox 9.0 used on a mac OS X version 10.6.8. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 53 The following information is required to submit to Facebook in order to become a member: (1) first name, (2) last name, (3) e-­‐mail address, (4) password, (5) gender and (6) birthday. The birthdate is asked, ‘to encourage authenticity and provide only age-­‐appropriate access to content’ . Facebook allows users to toggle the visibility of their age on or off after the registration process. Figure 21 date of birth We have chosen a newly generated identity in order to observe what kind of information was required. To do this we made use of the random identity generator (Works, 2011) and we got the following identity, a female, aged 27, Josie van Rietschoten. We had to make a fake email address as well. Facebook did not accept the first fake address33. We proceeded with a specifically created Hotmail address that was accepted directly. 33 We made use of Yopmail.com to generate a fake email address. The e-­‐mail address was not accepted by Facebook. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 54 Figure 22 Security check The second step requires the user to fill in the security check in order to assure users are human and not bots or scripts. This is however not the only thing this dialog shows, it also mentions that users provide full consent by clicking on the green sign up button. This is less clear because it is grey and below the ‘Sign Up’-­‐
button. The second step is very similar to Netlog’s visual constraint to ask for consent, both are placed below the ‘Sign Up’-­‐button, which makes it a logical constraint and secondly, the description of what happens if the button is pushed is also grey on a grey background. There is however a difference, Facebook mentions both terms of use and the privacy policy. The third step takes the user to three dialog boxes to further finalise their Facebook profile. The user is first asked to find friends through the use of one of the following accounts, Windows Live Hotmail, Windows Live Messenger, Yahoo! or another non-­‐specified email service. We skipped this step and were prompted to add a person called ‘Sophie Dooley’. This was not a request but someone who ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 55 Facebook thought we might know. We have checked whether Josie van Rietschoten really existed, but she did not according to Google. It remains unclear how Facebook determines these connections.34 Thirdly, the user is asked to fill in extra profile information, secondary school, university and employer. This step can be skipped as well. The user can choose to either upload or take a webcam picture as profile photo. Since we skipped all steps, our profile still suggested that we should find friends, upload a picture or find friends with the Facebook search function. Figure 23 Facebook profile completion The registration process is very similar to that of Netlog. Both use logical constraints to fill in more information. We should also remark that these constraints are not there for economical gain only, these steps are necessary to make the service useful and thus to optimise the user experience. 34 This person appears to come from the UK. But it was hard to find more information because there were multiple Sophie Dooley’s. We presume this is due to the fact that Firefox private browsing mode made other sites as well think we came from the UK. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 56 7.2.2. Facebook information gathering practices during use of the service Here we summarise the changes implemented on Facebook after the F8 conference held on the 23rd of September 201135. We need to analyse the system used on this platform because it provides information to every Facebook page and was changed in an important way. These changes are most visible in the frictionless sharing application and the new, more information-­‐rich way of sharing. The analysis will be done in the following order: first of all we address the most important changes under the hood which enable the more viewable/tangible changes for users which are then analysed as the ‘Social Channels’: News Feed, Ticker and Timeline. 7.2.2.1. Open Graph Beta
The Open Graph is a Web 2.0 technology that links all user data with anything users have liked or (chosen to) indicate(d) some kind of affiliation with. This was extended in 2010 to include items outside of Facebook such as third party websites and pages. After the release of several new features on the F8 conference of September 2011, the social graph is again extended to provide a more fine-­‐grained view on what users are doing. Users are no longer limited to only ‘liking’ content. More actions are now available for them. Every user defines his relation to an object through an action (that was predetermined by a developer). For example, users are able to cook a recipe, read an article, etc. Developers of Facebook apps are able to define this object and the action with pictures, dates, etc. Figure 24 Open Graph 35 F8 is Facebook’s yearly conference for developers and entrepreneurs who work in social media. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 57 Figure 25 defining actions in the Open Graph 7.2.2.2.
Frictionless sharing
In order to publish this information on Facebook, developers may use the new frictionless sharing feature, which enables users and developers to post activities without performing any communication action. This means that users no longer need to like an article after they have read it, it just posts that e.g. ‘User A read article B’, one of the social channels provided by Facebook. Figure 26 Frictionless sharing Frictionless sharing is bounded by permissions, these are called Authenticated Referrals: ‘If your app integrates with Open Graph, you can have visitors immediately publishing Open Graph actions on your behalf, as they will have already authorized your app.’ (Facebook, 2011c) ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 58 7.2.2.3.
Authenticated referrals
In order to activate frictionless sharing, developers need to make use of a new feature called ‘authenticated referrals’. These make sure that every user (subscribed to the app or not) is already logged in through Facebook. This should prompt the Auth dialog in case the user is not yet subscribed to the app and it automates all traffic from and to Facebook if the user is already subscribed to the service (or has given the requested permissions). ‘This feature grants you the opportunity to build a deeply personalized experience for Facebook visitors as soon as they arrive at your app. If your app integrates with Open Graph, you can have visitors immediately publishing Open Graph actions on your behalf, as they will have already authorized your app.’ (Facebook, 2011b) The first time an app is activated, users are prompted to agree on the amount of required information. This required information is needed for the application to work. This means that the user’s negation of access to this information disables the application. The permissions range from publishing the action on one of the social channels to RSVP36 events on behalf of the user. A complete list of possible permissions can be found in the annex p. 143. Figure 27 Required permissions 36 An RSVP (Répondez s’il vous plaît) is an event invitation and to RSVP (verb) is to accept or decline the invitation. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 59 Developers are also able to define a second dialog, the extended permissions dialog. These permissions are optional and therefore users can deny access to the sources requested by the app. Figure 28 Optional permissions 7.2.2.4.
News Feed
The News Feed was announced on September 5, 2006. ‘Now, whenever you log in, you'll get the latest headlines generated by the activity of your friends and social groups.’ (Sanghvi, 2006) At the time many users and critics reacted negatively. Journalists and Facebook did not understand where the fuzz was all about since this data was already available. Boyd and Stutzman showed why this is problematic: ‘The common argument for feeds is that ‘the information is out there anyway’. So it stands, if you wanted to, you could replicate the functionality of feeds by checking your friend's profiles every day. This argument fails because this is not how Facebook users use the service. Facebook users log in to check their messages, respond to pokes, use profiles as ‘white pages’, coordinate events -­‐ they aren't logging in to surf profiles endlessly {…}’ (Stutzman, 2006) The News Feed was supplemented with a Mini-­‐feed that displayed recent news of one user as well. Facebook added granular controls to limit the amount of information published to the News Feed after the numerous actions of Facebook users. This is not the only controversy that surrounds the News Feed. It was unknown how Facebook decided what information was published and which was left out until Weber reverse engineered this algorithm (Weber, 2010). Weber’s illustrative experiment revealed the News Feeds’ bias against newcomers, also links are more likely shown than regular status updates and popular people (people with many friends) remain popular while the less popular remain less popular. The News Feed was redesigned after the F8 conference of September 4, 2011. Users were able to select recent or top news before these changes. The new News Feed offered three distinct ways of showing news; ‘Top story, Recent ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 60 stories and From earlier today’. These types of stories are part of the main column on a user’s profile. Facebook’s Mark Tonkelowitz compares the Top Story feature to a newspaper. These are structured to show readers the most important news first. The News Feed is different because it displays news chronologically. This is no longer the case, from now on news is ordered by its importance. ‘If you haven't visited Facebook for a while, the first things you'll see are top photos and statuses posted while you've been away. They're marked with an easy-­‐to-­‐spot blue corner.’ (Tonkelowitz, 2011) The new News Feed has another important related feature, the subscribe button. Users are able to subscribe to their favourite friends (or other people of interest) in the following ways: • All updates: Everything your friend posts • Most updates: The amount you'd normally see • Important updates only: Just highlights, like a new job or move (Rait, 2011) These choices of subscription influence the amount of updates received from that person. There are far more status updates and other publishable stories and these are shown on the News Ticker. The News Ticker is the improvement on News Feed for those users who feel that there is a lag on the old News Feed. The ticker publishes in real time and enables users to reply instantaneously: ‘Now when a friend comments, asks a question or shares something like a check in, you'll be able to join the conversation right away. Click on anything in ticker to see the full story and chime in – without losing your place.’ (Tonkelowitz, 2011). Lastly, we will describe the Timeline feature that replaced the older profile. The Timeline implementation is very similar to the new News Feed system. Facebook had the impression that users were missing important events on their profile. Timeline arranges the most important events in a chronological order. 7.2.2.5. Social plugins
Facebook developed Social plugins as a means to make websites and applications more social. These are plugins to run on a website or a Facebook application that publish to Facebook and or the website or app. We will not scrutinise these social plugins in detail because they work very similar. If a user is not signed in, the user will see an anonymous dialog on the website, for example saying how many users have read or liked an article. The user can choose to login and like or comment to the article, depending on the plugin. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 61 If the user is already logged in, the plugin provides more social information if this is available. This social information is for example who of their friends has already read an article or recommends one for further reading. 7.2.3. Commodification of PII Facebook has changed its privacy policy on September 23, 2011. This used to be a long text, but Facebook decided to make this more interactive and grouped information according to theme or kind of privacy issues that may arise. We have chosen to elaborate on the following themes presented by Facebook that involve the commodification of PII: ‘How advertising works’, ‘Sharing with other websites and applications’ and ‘Information we receive and how it is used’ (2011d). It is still possible to read the full privacy policy or as they refer to it, their Data Use Policy (2011e). The next part is an analysis of the new interactive privacy statement because it provides an example of an alternative way to inform users about their process of commodifying PII. The section ‘How advertising works’ in the interactive privacy statement addresses how advertising works for ‘Personalised adverts’, ‘Adverts + social context’, ‘Sponsored stories’ and ‘Featured content’. The services described in the Data Use Policy are comparable to our own mapping of the commodification of PII on Facebook. We have therefore merged the information of the privacy statement with what we found about the commodification of PII through analysis of the Facebook developer and advertising pages. 7.2.3.1. Advertising
Facebook enables advertisers to contact users of Facebook in the following ways, through personalised adverts, social advertising and sponsored stories. These three forms are all paid advertising. The service ‘Personalised adverts’ is completely described in the interactive privacy statement by showing what an advertiser can choose and do to advertise on Facebook. A screenshot of the menu an advertiser sees when they start with the second step is shown to the users. Users are also suggested to try this for themselves if they wish to better understand what this service entails. Facebook mentions twice that it does not give any personal information to advertisers (Facebook, 2011d). The advertiser only knows the amount of people who share these criteria. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 62 Before advertisers can target their audience, they need to design their advert. This means that they have to specify the destination37, enter a title, a body and lastly upload an image shown with the advert. The last step was not mentioned in the data use policy. Figure 29 Design your advert In the next step advertisers can target up to 25 countries or choose to target specific cities. The targetable demographics are age and gender. Facebook points out that some age ranges are not possible due to laws in specific regions. Next it is also possible to target interests in broad categories or by typing in more specific interests. It is also possible to target connections, this implies that not all users with the corresponding features are targeted but a specific sub selection. This sub selection of users is either connected to a page, event or app or not connected to any. This option enables advertisers to target people who are not yet connected to their brand on Facebook. Lastly, advertisers can also target advanced demographics such as sexual preferences, the kind of relationship they are having at the moment and the languages the users speak. Education and work are also targetable, it is possible 37 The destination is the place were users are directed to if they click on the advertisement. This can be inside Facebook; a group, an event, a page or to an external URL. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 63 to target whether users are university graduates, studying at a university, studying at secondary school or a specific workplace. After advertisers place the order, they can follow how many people saw or clicked on the advertisement and these reports are again anonymous. They do mention that some advertisers may place cookies on users’ computers. Facebook also informs users that they also offer premade categories such as ‘moviegoer’ or ‘sci-­‐fi fan’. This implies that Facebook has profiled categories on its own. The information provided by Facebook to its users in the data use policy is more complete than the information we inferred from the service by doing all the steps of this advertising self-­‐service. Advertisers can choose to pay either for impressions or for clicks on their ads. They need to enter a bid. If multiple advertisers target the same audience, than the highest bidder is helped first, this is the case for both clicks and impressions. Facebook also mentions that they couple a social context to their advertisements, ‘an advert for a sushi restaurant may be paired with a news story that one of your friends likes that restaurant's Facebook Page.’ (Facebook, 2011f) They do not only couple social context to ads, they also couple social context to stories38. Figure 30 Sponsored stories Sponsored stories are things that would normally appear in the News Feed but these have been given extra visibility if advertisers pay for them. These sponsored stories are shown in the right column under the heading ‘Sponsored Story’(2011i). Because Sponsored stories are regular stories that would have been published to the News Feed anyway, Facebook does not offer an opt-­‐out for this feature. Users are advised to delete these specific sponsored stories if they do not like them to be extra visible. This is in contrast with social adverts, which are opt-­‐out. 38 A story in Facebook is an event described in the News Feed or News Ticker of Facebook. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 64 Facebook has its own similar sponsored stories service to promote Facebook related services. This service is called ‘Featured content’. Featured content advertises Facebooks own applications and services by adding social content to them. There is no option to opt-­‐out of this or to change anything about them in privacy settings. Sponsored stories and social context in adverts are changeable in the privacy setting. We will illustrate this in the last part of this section about Facebook’s definition of public information. 7.2.3.2. Sharing with other websites and applications
Sharing information with other websites and applications is done through the Facebook Platform. We will analyse the different ways PII is shared through this platform. This is not a part of advertising because no payment is needed for the communication of these actions. They can however be used for advertising purposes. Here we will explain how websites and applications use user information. Applications always get the user ID of the user and his or her friends’ User IDs. Each application also gets the age range, locale39 and gender. Each app requires different kinds of information to operate and these are shown in the Open Auth dialogs which have already been described in the previous section. Facebook mentions that these permissions can be accessed in the privacy settings menu for applications and websites. If users are uncomfortable with these information sharing practices, they can opt-­‐out of these apps individually or disable the platform as a whole. Apps also receive information about users through other users, and this is not limited to the user ID alone (as mentioned above). Users should also define what other apps might gather through befriended users when they use an application. The whole list is an opt-­‐out list shown in figure 32. 39 Locale lets applications know what language a user speaks. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 65 Figure 31 PII brought through friends in apps Even if a user chooses to opt-­‐out of all these categories, he or she will still leak the following PII through friends, friend list, gender and public information. The only way to opt-­‐out of this is to stop using the Platform (Facebook, 2011h). The use of this information is limited to the use within the connection between the friend who gave permission and the person to whom the data refers. Users can also connect with Facebook to other websites. This action is described in a technical way, but Facebook did not refer to the fact that this way of registering with a website also prompts an Open Auth Dialog. Instead of elucidating on this, Facebook mentions how they encrypt the data exchange between website and Platform if data is merged from both sources to auto fill-­‐in data required for the website. Social plugins are another way to interact with Facebook on other websites. Facebook presents this service as a way to make websites more social. The owner of the website does not receive other information than the fact that a user has interacted with one of the social plugins on the website. Facebook admits that they gather specific types of data: ‘This may include the date and time you visit the site, the web address or URL you're on, technical information about the IP address, browser and the operating system you use, and, if you are logged in to Facebook, your User ID.’ (Facebook, 2011d) ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 66 Instant personalisation is an integrated form of the Platform in which the website or service integrates its services with Facebook. If users visit the website for the first time, they will be shown a message that this site personalises its content with Facebook information. It is possible to opt-­‐out this service by clicking disable. The personalisation process is described for a music website: ‘it can access your music interests to suggest songs you may like, and access your friends' music interests to let you know what they are listening to. Of course it can only access you or your friends' music interests if they are public.’ (Facebook, 2011h) Figure 32 Instant personalisation dialog box Lastly, users are informed about the way pages capture PII. PII is gathered explicitly when users interact with a page and Facebook defines this information as public. But pages may also host their own content from their own servers and this makes it possible to gather user information in the same way as other websites track users through cookies and server logging. 7.2.3.3. Public information
Facebook mentions that public information is being shared but we have not defined what this public information is. Public information is defined in this section as either information the user chose to make public or information that is always publicly available. Facebook offers a very straightforward definition of public information chosen to be made public: ‘Choosing to make your information public is exactly what it sounds like: anyone, including people off of Facebook, will be able to see it.’ (Facebook, 2011g) Facebook reminds that this information can imply the following: • can be associated with you (i.e. your name, profile picture, Facebook profile, user ID etc.) even off Facebook • can show up when someone does a search on Facebook or on a public search engine • will be accessible to the games, applications and websites you and your friends use • will be accessible to anyone who uses our APIs such as our Graph API. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 67 The degree of what information is public can be changed in the privacy settings, but this does not exclude all information. Name, Profile picture, Network and Username are always public. It is also possible to choose this through a dialog box often shown next to an information disclosure action on Facebook: Figure 33 Sharing box Facebook also suggests as a rule of thumb that if this box does not appear, that the information will be public. The Data use policy itself should be analysed as well. This greatly differs from all the other privacy policies because it is shown as an interactive document. Figure 34 Data use policy Each topic of this Data use policy summarised the points it addresses and these points could be expanded to read all the required information. In the expanded information links were provided for content that needed further explanation. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 68 Figure 35 Sharing with other websites and applications 7.2.4. Conclusion We first report on the various constraints used to steer users in certain directions and after that we look at the specific affordances of Facebook’s commodification process and other ways PII is being used. Users are steered away from the terms of service and privacy statement in a way very similar to Netlog. However, Facebook did provide a link to the privacy statement. Users were also taken through numeral steps to add friends or extra information. Thus users were steered to share as much as possible. Frictionless sharing is the best signifier of the affordances related to PII and the way users are steered into this. All information is published automatically with as less user effort as possible. Users are alerted to these practices once, when they start to use the specific app or website in relation with their Facebook account. Due to the unobtrusive nature of frictionless sharing, users are enabled to share as much as possible by default. This disables users to question what they should share. Advertising is enabled by default but the social aspect can be turned off by users. It is an affordance of the system to enable social advertising by default. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 69 Sponsored stories and Facebook’s advertising for Facebook’s features are impossible to opt-­‐out from. It is an affordance that Facebook uses PII for advertising, but this PII is not sold to third parties. Third parties buy anonymous ad space, based upon a chosen profile. Lastly, Facebook is very open and clear about the flows of information on and off its platform. These are clearly described in the privacy statement. Here is also mentioned that Facebook tracks users through other websites if they have social plugins installed. It is a real affordance that users are unable to opt-­‐out of this. This tracking is also done on Internet users who are not a member of Facebook. In general Facebook offers more options to opt-­‐out in the following decreasing amount of options: interpersonal communication, app and website communication, advertising with third parties, Facebook’s own advertising and tracking. This implies that it is impossible to opt-­‐out from Facebook’s own advertising, while it is less cumbersome or even easy to customise personal communication from a privacy settings perspective. For users it is again hard to imagine what their perceived context looks like. It is however true that users can be aware of the real affordances if they read the privacy statement. Due to its interactive nature this statement is far more comprehensible than others. Thus the biggest question remains whether users read and understand this or not. In future research we should analyse their attitude towards gathering information about their privacy on social media. Remark We have only addressed issues related to the use of PII for commercial purposes. Facebook had much more information in its Data use policy with regard to appearing on search engines and how to manage the privacy settings. The privacy statement itself is an interesting object of analysis and especially a comparison with the other platforms would be interesting, but this is not part of this analysis. 7.3. LinkedIn www.linkedin.com Founders Konstantin Guericke, Reid Hoffman, ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 70 Allen Blue, Eric Ly, Jean-­‐Luc Vaillant USA May 2003 135 million (November 2011) January 2011 Country of origin Established Users (global) Data collection At the moment of writing, LinkedIn has just finished its first two weeks of its Initial
Public Offering (IPO), which started on May 19, 2011. As of November 3, 2011, LinkedIn operates the world’s largest professional network on the Internet with more than 135 million members in over 200 countries and territories. Due to this
IPO a lot more financial data of the social network site is publicly available. It is
therefore very relevant to discuss the commodification of PII in this case and it is also
relevant as a case study because it is one of the first social media IPOs.
Figure 36 LinkedIn's annual net revenue by product Silicon Alley Insider’s Yarow and Angelova (2011) identify three revenue streams
based upon the IPO filing by LinkedIn (Form S-1 Registration Statement, 2011).
These revenue streams are: (1) Premium subscriptions, (2) Marketing solutions and
(3) Hiring solutions. In the last part of this section we will describe how these
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 71 products are sold. We will first analyse the registration and afterwards the three
revenue streams constructed by LinkedIn.
7.3.1. Upon registration LinkedIn registration requires the following steps. To register, one has to fill in: (1)
first name, (2) last name, (3) e-mail address and (4) password. For the sake of
example, we used a fake identity, named Jorick Nuis.40
Figure 37 Join LinkedIn Today The asterisk shown next to ‘Join Now’ refers to another part of the page. Almost at
the bottom of the page, another asterisk is shown, followed by ‘By clicking Join Now or using LinkedIn, you are indicating that you have read, understood, and agree to LinkedIn's User Agreement and Privacy Policy.’ (2011i) This message is shown
below a search toolbar, which makes this notification again logically and visually
constrained for users to see.
The next step requires a user’s professional information, employment status, country,
postal code, company and job title. After this step Jorick was prompted to see whom
he already knew on LinkedIn. Jorick’s e-mail address was already filled in and if he
pressed continue, LinkedIn was going to connect to his Hotmail address. Jorick got
the option to allow LinkedIn to monitor his contacts for a whole year by default, even
40 This identity was generated by http://www.fakenamegenerator.com/. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 72 when Jorick himself was not logged in. We changed this period into one day. We also
made sure he had one contact in his list.
Joricks account was now fully functional, but before he could proceed, he had to
choose his ‘Plan Level’. The Plan Level is the status of the LinkedIn account, this can
be basic (and free) or paid, starting with 24.95 dollar for one month. The basic plan
was chosen.
7.3.2. Extra information LinkedIn provides the option to invite more people through the homepage and on the
profile page Jorick is notified that his profile is only 25% completed. In order to
change this, LinkedIn suggests that he gives the following information:
Next to the above-mentioned optional additions to a LinkedIn member profile, it is
also possible to add the following: a profile picture, past positions, education,
recommendations, connections, websites, Twitter-account, summary, specialties,
groups joined, honours and awards, interests, apps (similar to Facebook apps, but also
different since these are almost always from a third party service related to jobs such
as: Projects and teamspaces, Portfolio display, etc.), personal info (such as birthday,
Instant Messenger ID, marital status, phone and address).
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 73 7.3.3. Privacy settings Privacy settings are not directly available through the home page or the profile page.
We found the settings via the ‘Help Center’-button on the lower left side. It suggested
the ‘Can’t find settings’ or ‘sign out’ links as first topics of the FAQ section. This
possibly means that many users were unable to find the privacy settings.
The settings are needed for two commodification related issues. LinkedIn makes use
of social advertising like Facebook: ‘LinkedIn may sometimes pair an advertiser's message with social content from LinkedIn's network in order to make the ad more relevant. When LinkedIn members recommend people and services, follow companies, or take other actions, their name/photo may show up in related ads shown to you.‘ (LinkedIn, 2011f) There is yet another setting where users may want
to opt-out. LinkedIn advertises outside of its own platform and calls this partner
advertising. This will be explained in the section commodification of PII.
7.3.3.1. Implicit information gathering
LinkedIn describes its PII uses in the privacy policy, which is directly accessible at
the bottom of each page (LinkedIn, 2011h). We were able to discern three motivations
or uses for PII. We will cluster the deployed technologies per use.
Firstly, LinkedIn collects information through its website and customer service
website (LinkedIn, 2011b) in order to map the site usage: ‘We may collect
information about the fact that you use certain features and functionality of LinkedIn,
interact with third party Platform Applications like InApps, click on ads, or
participate in research initiatives like polling and surveys on LinkedIn.’ (LinkedIn,
2011b) To map this, LinkedIn makes use of log files and cookies. The difference
between these two technologies lies in the fact that cookies are stored locally on the
client’s computer, and log files are stored on the server of LinkedIn. It was not
disclosed what particular technology was used for what sort of data.
These technologies collect the following: ‘{…} when you visit the LinkedIn website
we automatically receive the URL of the site from which you came and the site to
which you are going when you leave LinkedIn.’(LinkedIn, 2011b) They also receive
the IP address, of the device or proxy used to access the site, operating system, type of
browser and e-mail patterns. If the platform is reached through a mobile device, the
following is collected: with the rest of the above-mentioned, the mobile device
operating system and the name of the ISP. (LinkedIn, 2011b)
7.3.4. Commodification of PII The commodification of PII consists of two large sorts of services. LinkedIn serves
targeted ads in a similar way like Facebook and Netlog, by offering demographics and
other possibly relevant criterions for advertisers. The other commodification process
allows access to more relevant information through paid accounts (premiums). These
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 74 accounts can be either individual or per company. We will first address the
advertising options and afterwards the premium accounts.
7.3.4.1.
Targeted advertising
LinkedIn advertises on its own platform and through its advertising network,
LinkedIn Audience Network. In order to do this, it makes use of web beacons and
cookies. Web beacons are a means to place cookies through an image, for example a
gif or a jpeg filetype. They are also called pixelbugs because they only measure one
on one pixel and are invisibly embedded in an image such as an ad or the background
of a website41. The main use of web beacons is explained by LinkedIn itself:
‘We may include a file, called a web beacon, from an ad network within pages served
by LinkedIn. The web beacon allows the ad network to provide anonymized,
aggregated auditing, research and reporting for advertisers. Web beacons also
enable the ad networks to serve ads to you when you visit other websites. Because
your web browser must request these advertisements and web beacons from the ad
network’s servers, these companies can view, edit or set their own cookies, just as if
you had requested a web page from their site.’(LinkedIn, 2011h)
Third parties are not the only ones performing behavioural advertising. LinkedIn has
its own advertising network inside and outside the platform. In order to advertise
cookies are placed on users’ devices to categorize users: ‘Advertisers can target
LinkedIn’s inCrowds – pre-defined and scalable audience segments such as Corporate
Executives, Small Business Professionals and IT Professionals – or they can work
with LinkedIn to define their own custom audience segments.’(LinkedIn, 2011h) This
quote pertains to a press release regarding their ad network, however the same system
applies for publicity inside LinkedIn.
These cookies, shared with third parties contain the following information: ‘Any
information provided to third parties through cookies will not be personally
identifiable but may provide general segment information (e.g., your industry or
geography, career field, or information about your professional or educational
background)’(LinkedIn, 2011h)
The cookies are more in particular shared with the affiliate network of Collective
Media42: ‘The LinkedIn Audience Network offers advertisers one of the most accurate
41 More information about cookies can be found in 5.3.4 Cookies p. 15. 42 Collective Media is an American online advertising network founded by Joe Apprendi in 2005 and is now ranked eleventh most viewed ad network in America. Facebook has taken the tenth place. Flosi, L. (2011). comScore Media Metrix Ranks Top 50 U.S. Web Properties for February 2011. Reston: comScore. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 75 audience data sets available on the web along with the confidence of knowing that
their brands will only appear on sites with high editorial standards.’(LinkedIn, 2011h)
7.3.4.1.1.
Advertising by LinkedIn members LinkedIn rolled out LinkedIn Ads on January 26 of 2011. The project has been in beta
since July 2008 under the name LinkedIn DirectAds. (LinkedIn) The new and public
useable version has more targeting options than the beta: job title, company name or
LinkedIn Group are now also targetable (LinkedIn). This is an addition to the already
targetable geography, job function, industry, company size, seniority43, age and
gender.
43 Senority is the position of someone in a company. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 76 Figure 38 LinkedIn Ads (Walsh)
The extra targeting possibilities were added due to ‘advertiser demand for more
specific categories to narrow audiences down. Intelliworks, for instance, which sells a
software-as-a-service platform for higher education clients, wanted to be able to run
ads focused on LinkedIn users with job titles like ‘enrollment counselor’ or
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 77 ‘admission officer’ to better reach those particular executives.’44 In order to safeguard
against privacy issues, LinkedIn built in a threshold to make sure that individuals
cannot be targeted. And as already mentioned, LinkedIn only shares generalised PII
with third parties.
As of 2008, LinkedIn launched its Audience Network in cooperation with the affiliate
network of Collective Media. LinkedIn is the first social network service to monetise
its network of users outside its own platform. This is in contrast with Facebook,
which only advertises on its own platform.
The Ad campaigns are also different from other social media ads because they consist
of sub campaigns called variations. These variations are variations of the first ad, i.e.
another header and body text, and they appear for the same Ad campaign.
We have simulated a campaign until the last step, the payment of the service. The
LinkedIn Ads require a LinkedIn login. After this step we needed to fill in the
Campaign name and at least one Ad variation with a headline of maximum 25
characters and a description of maximum 75 characters:
Figure 39 Create a new Ad45
These campaigns are shown on two places on the website (see image below) and on
LinkedIn’s Audience Network.
44 Jack Choe, Senior Product Manager, LinkedIn, cited in Walsh, M. (26/01/2011). "LinkedIn Adds Job Title, Company Names To Text Ad Targeting." Online Media Daily. Retrieved 30/05/2011, from http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=143
517&nid=123028. 45 Holdford, D. (2008). Content analysis methods for conducting research in social and administrative pharmacy. Research in Social & Administrative Pharmacy, 4(2), 173-­‐181. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 78 Figure 40 Positions of Ads
The selection of the targets is the next step. We have chosen to target academics who
recently started as a PhD student in Belgium through the following job titles (which
were suggested as soon as PhD was entered): Phd Student, Phd Candidate, Phd
Researcher, Phd Fellow, Phd Scholar, Phd Graduate Student, Visiting Phd Student,
Industrial Phd Student and Research Phd Student. We also limited the geography to
Belgium. This campaign had an estimated 3068 LinkedIn members and each click
through46 would start at a minimum bidding of two dollar. It was also possible to buy
1000 impressions, which also costs two dollar.
LinkedIn uses an auction system and therefore suggests a bidding range to indicate
what other advertisers are bidding at the moment to get their ad to a similar audience.
This implies that more popular audiences are more expensive to target. Advertisers
who target these audiences are also more likely to enter a bidding war. The result of
this bidding war is that parties who pay less are shown less until the highest bidder
exceeds his budget. Our suggested bidding range was 3.35-3.89 dollar. This means
that if we bid less, we have a smaller chance of getting shown or clicked upon.
LinkedIn implied that bidding less could result in no exposure at all.
46 A click through is a way of billing the advertiser for every time a user clicks on an ad. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 79 7.3.4.1.2.
Marketing solutions LinkedIn Marketing Solutions (LinkedIn, 2011g) is a part of LinkedIn designated for
companies who consider marketing through LinkedIn. The approach of advertising is
similar to that of individual advertising described in the last paragraph, it only differs
in scale. A company can engage the LinkedIn population directly through direct mail
and advertising or indirectly through its company pages, whitepapers, groups or
sponsorships (Answers, Polls, Applications and Events) (LinkedIn, 2011g).
Companies can construct a company page with the following tabs: overview, products
and services and careers. If a company overview or other pages have been made, the
company has access to an analytics tab that shows data about its followers.
The tabs ‘Products and Services’ and ‘Careers’ are the only tabs that can be targeted
towards specific audiences. This means that multiple versions of the same tab exist,
i.e. a tab can be targeted towards business partners and another can be targeted
towards people who have an interesting profile as future employee. Companies can
specify these audiences in the same way as Ad campaigns are targeted. The company
overview tab can show ads, which we will describe more broadly in the next section
about ads for companies.
7.3.4.1.3.
Display ads Display ads have the same target variables as ads mentioned in the ‘Advertising by
Linkedin members’ paragraph. The only difference here is that ads can vary in scale,
they can be standard IAB-compliant ads,47 they can take over a whole page
(Homepage Takeover ads), they can be spread through different media (Content Ads)
or they are pushed through a recommendation system (Recommendation Ads). They
differ on yet another issue, all of these ads can be used in combination with a third
party tracking tool which enables companies to track users. This is however limited to
click and impression tracking with http cookies only (LinkedIn, 2011a).
7.3.4.1.4.
Partner messages The other way to engage members is through Partner Messages. These Partner
Messages are similar to one of the advantages offered in the subscription plans (listed
below 7.3.4.2 Premium accounts p. 82) wherein members can contact other
members outside their own network. In this special case these contacts are for
advertising purposes and can be compared to direct mail (LinkedIn, 2011g).
The other indirect means of contact with members of LinkedIn are not described here
since they do not involve a direct use of PII unless they advertised in one of the
47 Standard IAB-­‐compliant ads are ads with standards chosen by the Interactive Advertising Bureau, which represents the interactive advertisers. http://www.iab.net/iab_products_and_industry_services/1421/1443/1452 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 80 aforementioned methods. We move on to the last use of PII and also the biggest
revenue stream, Hiring Solutions.
7.3.4.1.5.
Hiring Solutions LinkedIn’s Hiring Solutions (LinkedIn, 2011c) offer three sorts of services, to post
jobs, find top talent and brand the company as an attractive employer. We will
analyse them in the same order.
The Post a Job feature is analogous to LinkedIn Ads because it is the same selfservice model, but this time to post a job for potential applicants (LinkedIn, 2011i).
This model works with a fixed fee of 195 dollar to post one job for 30 days. We tried
to find PhD students with a marketing background. We therefore had to fill in the
following required fields: Job Title, Company, Location, Type (full-time/part-time),
Experience (i.e. Junior level), Industries (five choices is the maximum), Functions,
Job Description. The other fields were facultative: compensation, referral bonus,
desired skills & experience and company description. There are two more options
present, to show your profile as the hiring master or not and whether the applications
should be collected through LinkedIn or through an external website. Once this was
finished we were shown a list of possible candidates, which were already following a
PhD and the extra option to buy a 95 dollar package to unlock the 24 matches shown
to us. The last step asked for the credit card credentials. A paid job post of 195 dollar
would remain posted on LinkedIn and are guaranteed to appear in search results and
Twitter48, for 30 days.
The Find top talent (LinkedIn, 2011c) category is comparable to the Talent
subscription for members. This time the subscription, Recruiter and Recruiter
Professional Services, offers collaboration and even more options to organize profiles
and communicate with possibly interesting members. The difference between both
packages is that the Recruiter Professional Services automates the software package
by outsourcing it to a third party. The last product in this service is Talent Direct,
which sends direct mail (Inmail) to all targeted members.
The last service called Build your talent brand (LinkedIn, 2011c) offers various ways
to brand a company or to advertise its vacant positions to LinkedIn members. The
career page was already mentioned. Jobs can be advertised as well through
Recruitment Ads, the system is similar to normal ads, however more job relevant and
extendable to the Work with us service. This service provides ads on the profiles of
employees in order to make them work as brand ambassadors. Lastly, LinkedIn
provides Recruitment Insights, a service to optimise recruitment. This service surveys
48 Job posts are tweeted by @LinkedIn_Jobs. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 81 target candidates, shapes the message accordingly, benchmarks against other
competitors and measures the effectiveness of the campaign.
7.3.4.2. Premium accounts
As already mentioned, our identity of Jorick was offered a choice between a basic
subscription and various premium subscriptions. We will list the functionality of the
basic subscription and the premium subscriptions here.
Table 4 LinkedIn accounts Services
Premium
Basic
Create a professional profile and build your ✔
✔
network
Join industry or alumni groups
✔
✔
Search & apply for jobs
✔
✔
See who’s viewed your LinkedIn Profile
✔
Limited
View the professional profiles of over 100 ✔
Limited
million people
Send messages to people you aren’t directly ✔
✗
connected to
Premium search filters & automated search ✔
✗
alerts
Save profiles into folders
✔
✗
Add notes & contact info to any profile
✔
✗
Reach out to over 100 million users
✔
✗
These are not the only subscription plans, every Premium subscription plan has three
levels ranging between a monthly fee of 19.95 dollar and 499.95 dollar. There are
three different kinds of subscription plans, each with a certain customer in mind: the
Business49 subscription, which is targeted for business owners who would like to find
new contractors, experts and business partners.50 Secondly, there is a special plan for
job seekers, called Job Seeker (LinkedIn, 2011d), which promotes job seekers in
various ways (i.e. through a Job Seeker Notification Badge and ranking higher via
Featured Applicant status). Lastly, recruiters have their special plan as well to find
relevant applicants, Talent (LinkedIn, 2011k). These three sets of plans have in
common that communication on LinkedIn is easier (contact everyone through Inmail,
introduce yourself to company/expert/potential employee, let anyone contact you with
49 These subscriptions range between the following annual fee, 19.95 $ to 74.95 $. 50 Tim Smith (CEO, GridCentric) quoted in LinkedIn. (2011j). Subscription Plans. Retrieved 30/05/2011, from http://www.linkedin.com/subscriptionv2?displayProducts=&trk=hb_ft_upyracc
t. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 82 Openlink) and information is easier accessible (through searches, who viewed your
profile, and more specific for the Business and Talent plans, search filters, automated
searches, folders to organise profiles, a Reference Search to get the real story of a
candidate, expanded profiles and see names of 3rd degree and group connections).
7.3.5. Conclusion In this conclusion we bring together the constraints that are put on the user and what
the affordances are during registration51, the privacy statement and the
commodification of PII on LinkedIn.
LinkedIn used the strongest visual constraints to keep the attention away from the
privacy statement and the terms of service. This was achieved by mentioning it away
from the ‘Sign up’-button. Users were further logically constrained to fill in as much
information as possible. Lastly, it was also possible to connect with an e-mail account
in order to add existing contacts from the e-mail account to LinkedIn. Users could
expect that this is only needed once, during registration, but LinkedInk keeps the email account for a whole year.
Users were also constrained in finding the privacy settings. These settings were set to
default with regard to social advertising and participating in LinkedIn’s ad network
outside the platform.
LinkedIn also physically constrains users’ possibilities in order to sell them premium
accounts. These accounts enable users to contact more people and to engage with the
service in a richer way.
It is a perceived and real affordance that third parties may advertise. LinkedIn does
not get into detail about the various ways this might happen, so these real affordances
are unclear to the user and not part of the perceived affordances. It does ensure that
this is completely anonymous by providing broad categories and minimum amounts
of targetable audiences.
7.4. Twitter www.twitter.com Founders Jack Dorsey, Noah Glass, Evan Williams, Biz Stone 51 LinkedIn also required users to fill in a working e-­‐mail address, first name, last name and password. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 83 Country of origin Established Users (global) Data collection USA March 2006 175 million (November 2011) March 2011 Twitter is the social media service known for its short (140 character long) way of letting its users share brief messages via the Internet. This kind of social media service is also sometimes denoted as micro-­‐blogging. The platform is not to keen on giving away the amount of active users. In March 2011 Twitter made public that they had 175 million accounts. 7.4.1. Upon registration Figure 41 Twitter Sign up (Twitter, 2011a) The first solicitation of user PII is necessary to start the Twitter service as seen in the screenshot above. After (1) the full name, (2) e-­‐mail address and (3) password are given, the user is required to agree upon a proposed (4) username or to choose another one. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 84 Figure 42 Twitter create my account As shown in the second screenshot, the privacy statement and terms of service are shown in a less clear way. The ‘Create my account’ button is very visible compared to the grey smaller notice. This notice is however very important because it briefly mentions that by clicking the aforementioned button, the user agrees to the terms of service and privacy statement. If the user is however attracted by this notion, she is also notified of the fact that ‘Others will be able to find you by name, username or email.’ This can be changed in the settings after the creation of the user account. We should also notice that it is important for the user to confirm her email address by clicking on a link provided in a mail to this address. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 85 Figure 43 Twitter interests After the creation of the account, the user is asked to choose her first ten accounts to follow, this the first non mandatory step. Twitter also monitors this and only those who have read the privacy statement and terms of service know this. Thus in this way, the disclosure of which accounts are being followed are either explicit or implicit depending on the reading of the terms and privacy statement on the previous page. The second, optional step of the registration consists of adding friends to the Twitter account. We have not performed this step and continued to Daisy’s homepage. This step is very comparable to other social media wherein they also offer to access your contacts in mail clients such as Gmail, Yahoo, Hotmail, AOL and LinkedIn (in this particular case). It is also possible to find friends by searching for them by name, username or e-­‐mail address. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 86 Figure 44 Twitter Friends ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 87 Figure 45 Twitter other steps Lastly, Twitter shows what options are still left to do in order to really start using the service. Firstly, one can write a first Tweet. Secondly, it is possible to upload a profile picture or write a short bio or to get Twitter on a mobile by sms or an application. 7.4.2. Twitter Privacy statement Twitter refers very little to advertising during the service in its privacy statement: ‘We may use your contact information to send you information about our Services or to market to you.’ (2011e) It is however mentioned that Twitter does keep the following information about its users: location information (if this is agreed upon), Log data (IP address, browser type, referrer52, pages visited, search terms, interactions with ads and interaction with links), they use both sessional as persistent cookies and third parties such as Google Analytics may also gather information because they are service providers. 52 The referrer is the url a user comes from. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 88 7.4.3. Twitter marketing solutions Twitter’s ‘Start advertising’ webpage shows three options to start advertising for companies. Contrary to LinkedIn and Facebook, it is not possible for individuals unless they are willing to pay at least 5000 dollar. This is also shown as a preference of Twitter in their question: ‘Who will be advertising?’ (Twitter, 2011d) It is suggested that this should only be an advertiser company or a brand name.(Twitter, 2011d). Next to the company or brand name every advertiser or brand should also share the following information: twitter username, interested in either promoted accounts, tweets or trends, the estimated budget (as previously mentioned starting from 5000 dollar), estimated start date, country or region, non-­‐profit (optional) and information about the person filing the request for advertising on Twitter: first name, last name, email, agency name (optional), city and phone. Twitter offers three promoted services in order to boost a company’s visibility on Twitter. The promoted service helps tweets, trends or accounts to be featured in search results and suggested items to follow. The promoted services are amplified to reach new users who are not following a particular brand. 7.4.3.1. Promoted tweets
Promoted Tweets are a new form of advertising unique to Twitter that enable you to speak to users that don't currently follow your account (Twitter, 2011c). Figure 46 Promoted tweet (Twitter, 2011c) The promoted tweet is, as mentioned by Twitter, very similar to a normal tweet: it needs to be tweeted just like a normal tweet. After this, the tweet gets promoted by being more visible in search results for key words associated with the tweet. Twitter is also working with other parties to promote the tweets outside Twitter.53 Twitter does not charge for impressions (the mere watching 53 “We have begun to make Promoted Tweets and Promoted Trends available beyond Twitter.com – something we have discussed doing since launching Promoted Tweets in April. We are currently testing syndication of Promoted Products with a select number of partners, including HootSuite and TweetDeck. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 89 or exposure to a tweet), it charges for Cost-­‐per-­‐Engagement (CPE). CPE is defined as any interaction with the tweet such as retweeting, replying to it, clicking on it or adding it to favourite tweets. Thus, promoted tweets are as Twitter puts it a means to ‘engage beyond your core followership’ (Twitter, 2011c) . Next to the actual tweeting, this service is supplemented with ‘Advertiser analytics’ a tool to follow the activities related to the selected service (this can be either promoted tweets, trends or accounts). And these metrics give information about the frequency of the previously mentioned CPE interactions. These partners will run Promoted Tweets in searches and also highlight Promoted Trends, sharing in Twitter’s revenue for these products.” Twitter. (2011c). Promoted Tweets. Retrieved 23/06/2011, from http://business.twitter.com/advertise/promoted-­‐tweets/ ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 90 This service is still in beta and therefore only available to a small selection of advertisers. It is however possible for other advertisers to get notified when this service launches officially. Twitter tries to market its service as something distinct of search advertising or more recent social advertising: ‘Since all Promoted Tweets start out as regular Tweets, there is not a single ‘ad’ in our Promoted Tweets platform that isn’t already an organic part of Twitter. This is distinct from both traditional search advertising and more recent social advertising.’(Twitter, 2011c) 7.4.3.2. Promoted trends
‘Every minute of every day, Twitter is host to vast, viral conversations that capture some of the hottest topics of the moment.’ (Twitter, 2011c) These viral conversations are called trending topics and appear in the lower left corner of the twitter webpage. It is also possible to promote a topic in order to make it more visible in the trending topic list. Figure 47 Twitter trends However, not every topic is a feasible candidate to become a promoted topic, the topic requires a certain minimum of users twittering about the topic before it can be promoted: ‘If a topic doesn't already meet a minimum level of popularity on Twitter, it can't be a Promoted Trend.’ (Twitter, 2011c) In order to fully understand how a promoted trend works we need to elaborate further on trending topics. Trending topics are generated through an algorithm ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 91 that takes into account how many times a topic, which is defined by putting a ‘#’ in front of it, is mentioned in tweets. It is possible to look at trends in particular regions if the region has a large enough volume of tweets to identify trends (Twitter, 2011c). These trends and hash tags (#) are also searchable. (This service is also supplemented with the same analytics service) 7.4.3.3. Promoted accounts
‘Promoted Accounts are built to turbocharge your ability to gain new followers on Twitter.’ (Twitter, 2011b) This turbocharging of twitter account visibility is done like the two other forms of promoted objects on Twitter. Twitter makes use of a recommendation algorithm to point out new interesting twitter accounts to follow. These accounts are shown on the right side of the twitter page. Figure 48 Twitter Promoted accounts (Twitter, 2011b) The recommendation algorithm will not show the account to all users but to those users who are most likely interested in the account due to the fact that they are already following certain similar accounts. 7.4.4. Conclusion and remarks Twitter does not differ much from the other platforms described above, here users are also constrained to read the terms or the privacy statement. Twitter did show a readable part of the terms of service, this was not done on any of the ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 92 other platforms. Users were also steered to fill in more information after the registration was done. It is less likely that users perceive PII commodification related affordances through the privacy statement because these are not clearly mentioned. The advertising service is however very clearly visible since these are shown in yellow boxes as opposed to normal (not sponsored) content. In this way visual feedback is used to inform users. It is hard for the researcher and therefore also for the user to get a grasp of the real affordances of the commodification of PII since these are only available for parties who wish to advertise on Twitter. Thus it is perceived that users are being targeted, but it is unclear how this is being done. 7.5. StumbleUpon www.stumbleupon.com Founders Country of origin Established Users (global) Data collection Garrett Camp, Geoff Smith, Justin LaFrance and Eric Boyd USA November 2001 20 million (October 2011) October 2011 StumbleUpon announced that they reached 20 million members in October 2011 (Camp, 2011). The amount of users is not the most important statistic information of this social media platform. StumbleUpon exceeded the amount of referral traffic54 of any social media platform in 2011. It has a 50,34 % market 54 Referral traffic is the amount of traffic generated from a given website. Each time a user loads a webpage, information is sent to the server of the corresponding website. This information contains the referrer, the url the Internet user came from. The domain stumbleupon.com refers more traffic to ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 93 share in social media (Facebook has 37,4 %) (Gray, 2011). We also chose this platform because it integrates sponsored messages even more subtle (or obfuscated) than Twitter. StumbleUpon differs from the other platforms because its main service is to recommend websites in line with the preferences of a user. StumbleUpon has its own website but this online contact point is not as important as the toolbar, which navigates users from website to website. A ‘stumble’ is initiated by clicking the stumble-­‐button, which loads a new web page tailored to user needs. Users may choose to give thumbs up or down according to their appreciation or to share the discovered content with befriended users. This process provides the high referral traffic since stumble sessions usually do not end after one stumble. 7.5.1. Upon registration StumbleUpon registration can be done in two ways. One can simply register by filling in all the required information: (1) e-­‐mail address, (2) username, (3) password, (4) gender (‘this helps to find the best sites for you’ according to SU) and (5) birthday55). It is also possible to register through Facebook. In the latter case more information is given to StumbleUpon.56 other websites than facebook.com. Referral traffic is an important value because it shows how much a website is visited. 55 SU demands from its users that this information is truthful, but they do not require users to fill in their full name. It is clear that they do this for legal requirements as shown here: “By using the Services, you represent and warrant that: (a) all required registration information you submit is truthful and accurate; (b) you will maintain the accuracy of such information; (c) you are thirteen (13) years of age or older; and (d) your use of the Services does not violate any applicable law or regulation.” StumbleUpon. (2011c). Terms of Service. 06/10/2011, from http://www.stumbleupon.com/terms/ 56 Name, profile picture, gender, networks, user ID, list of friends, and any other information a user has shared with anyone. SU is also allowed to mail, post on the wall, access any of the aforementioned data any time and to access the profile information (activities, interests and birthday). ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 94 Figure 49 StumbleUpon registration Users are steered to click the ‘Get Started’ button before reading the user agreement or privacy policy. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 95 Figure 50 StumbleUpon registration via Facebook In the case of full tedious manual registration as opposed to automatic registration, another box is also checked that says that users agree on being contacted by friends by e-­‐mail. 7.5.2. After registration 7.5.2.1. Profile completion
After the registration SU collects the following information if this is provided by the user. It has already collected name, gender, birthday, email address, (this is not shared and kept to SU administration purposes only) and address (or general physical location). The rest of the information is optional and includes information about the user, lifestyle and interests. The optional information includes an introduction, a user’s website, reason for use of SU (websurfing, friends, dating, business and/or community), line of work, education, politics, religion, personality, relationship, children, ethnicity, height, sexuality, drinking, smoking, exercise, star sign, language knowledge, things a user likes, music, books, movies, TV shows and favourite websites. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 96 Figure 51 Optional information This information is collected by SU and can be categorised as explicitly disclosed personal information, because it is disclosed knowingly. SU offers the possibility to limit the access to the following types of information e-­‐mail address (this makes it possible to be found through e-­‐mail address or not), favourites (show favourites, this can be filtered to show no favourites, all favourites or only non-­‐
adult favourites) and interests (these can be filtered in an analogous way to favourites). Further more it is also possible for users to allow messages of other users or not. SU does not allow much privacy options in fact they only offer the aforementioned three options to limit visibility for e-­‐mail address, favourites and interests. However, it is also possible to see the other optional fields as privacy options. By not filling in the requested information, no information is shared. 7.5.2.2. During stumbling
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 97 SU also gathers user data while users are rating stumbled content. This is not only made clear in the privacy statement, but also by showing it during the first use of the SU toolbar. ‘When you click on the rating buttons in the Toolbar, you are explicitly sending information about your preferences for the site currently displayed in your browser. StumbleUpon uses this information in order to improve its recommendations to you, and to others. By default, other users can see your non-­‐adult ratings.’ (StumbleUpon, 2010) Rating is an action and therefore we see this as an explicit disclosure of information. The action of stumbling is harder to define as an explicit information disclosure action. 7.5.3. Implicit PII gathering
StumbleUpon gathers information of its users in a less clear way through the use of its toolbar and logging: ‘As you navigate our Website or use the StumbleUpon Services, certain information may also be collected passively, including your Internet protocol address, browser type, operating system, time of day, general physical location, and browser language.’ (StumbleUpon, 2010) Next to information related to the user’s browser, his viewing habits are also stored. We assess this type of information gathering as even more implicit since no user action is required to disclose information. Unless we account the mere use of the service as an information disclosure. ‘If you are using or logged into the StumbleUpon Services, or are ‘stumbling’ with the Toolbar (or StumbleVideo), the Toolbar (or StumbleVideo) will transmit to StumbleUpon’s servers information regarding which pages you view when you visit another member’s profile page, click ‘stumble’, or watch a video through the StumbleUpon Services.’ (StumbleUpon, 2010) 7.5.3.1. Tools for PII gathering
The SU privacy statement mentions two means to gather information through technology. These two technologies are the SU toolbar and cookies. They also gather information through the forms and menus needed to inform StumbleUpon about a user’s taste. 7.5.3.2. The use of PII
The use of PII can be divided in three large sub divisions: to provide users with the service, to improve the service and to serve advertisements. We will address all categories because some of them are important to understand the advertising model. 7.5.3.2.1.
Providing the service ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 98 As already mentioned, users are required to fill in a minimum of information to register. They can also fill in more information. This extra information is shared with other users when they look at another user’s profile. Profiles can be viewed by clicking on the discoverer of a certain page, by searching for users or by matching users. The latter is done by clicking on the option ‘Meet another stumbler’. This option lets you stumble other users that are likely to have favourites or interests shared with the user stumbling other users. This feature looks a lot like a feature found on dating sites57. Users can see the following information: Figure 52 User profile The username, picture, age and location. Underneath this general profile information the stumble history of a users is shown. It is possible to view all the things a user has rated, discovered, reviewed and chosen as an interest. Next to this information the profile also contains data on the amount of favourites, followers, users that a user follows, discoveries, reviews and reviews of the stumbler (these are comments of other stumblers about the stumbler). Underneath this general data (at the bottom right of Figure 52 User profile) two circles are drawn that vary in overlap. This symbolises the similarity between the visiting stumbler and the other stumbler. 7.5.3.2.2.
Improving the service 57 It is very particular how I am directed to girls around my own age. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 99 In order to improve the service, SU logs user data in order to allocate resources to keep the service performance up. Secondly, SU gathers information about the stumbling process itself in order to provide new websites, to minimize the chance of seeing a website twice (this implies that they have knowledge of every site a user visited) and to provide users with new suggested interests, based upon previous discoveries, stumbles or selected interests. 7.5.3.2.3.
Advertising Advertising purposes are also mentioned in the uses of private information: ‘We may also use your Personal Information to provide you with electronic newsletters or promotional e-­‐mails, should you request to receive such communications from us.’ (StumbleUpon, 2010) E-­‐mail is not the preferred medium to promote new products: ‘We may also contract with third parties in order to promote the products and/or services of these third parties by placing ads on the Website or through the StumbleUpon Services. We may use Anonymous Information and information that was posted by members of the StumbleUpon Services to tailor the display of ads to the interest of the members of our community.’ (Own highlighting) (StumbleUpon, 2010) We analyse the use of personal information further in the next paragraph. This use of PII is difficult to grasp without referring to SU’s monetization of PII through its service. 7.5.4. Advertising model
StumbleUpon rolled out an advertising initiative in March 2011: ‘StumbleUpon Paid Discovery delivers an engaged target audience directly to you: no clicking through ads or links. 100% engagement, 100% of the time.’ The service provided gives advertisers the opportunity to include their websites within the StumbleUpon recommendation engine. The chosen plan (light, standard or premium) enables advertisers to choose certain demographics and interests to filter out an audience of potentially interesting users. v Light 0.05$/visitor Ø SU recommends this plan for web publishers who seek to drive traffic. These proposed web publishers are offered to choose an audience from the following criterions interest, location and demographics. Every visitor referred to by SU is worth 0.05 dollar. v Standard 0.10$/visitor Ø This plan expands the targeting and is suggested for brands that would like to engage their audience. The possibilities are expanded to types of devices. (StumbleUpon, 2011b) The service is also expanded in terms of reporting that includes site performance, visitor data, traffic analysis, website quality score and an integration with Google Analytics. But what is most important, all visitors that are chosen by a Standard service ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 100 subscriber are directed to this site and only secondary to a Light subscribers’ website. v Premium 0.25$/visitor Ø The Premium service is very similar to the Standard subscription. The Premium only differs from the Standard in priority of directing the same audience. Premium subscriptions get priority above all other subscriptions. The service is further explained on the SU Marketing Blog and summarising this will help the reader to understand how this campaign actually works. The service summarised is the Standard subscription with the reporting feature. StumbleUpon has used its own advertising feature to advertise two things, their Paid Discovery service and the new Ipad App. We will summarise the Ipad App advertising campaign. The SU marketing department defined their campaign mission as: ‘We needed to do some work to quickly spread the word to our users and ensure they were able to easily find our app.’ (Krawczyk, 2011) They copied their ‘landing page’, the page paid to be viewed by Paid Discovery, from other app advertisers who directly referred to the specific SU Ipad app page. The Standard Paid Discovery campaign can target to demographics, interests and platforms. Although this campaign could have been directed to Ipad users only, SU expanded its targetable audience to the following interests, shown in the column ‘Topics’. These interests were chosen as interests related to the likelihood of having an Ipad. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 101 Figure 53 Campaign monitor (Krawczyk, 2011) As shown in the table above, the selected interests all show the amount of traffic generated, the engagement and virality. This is very interesting because it may serve as an indicator where the most engaged customers are hiding by interest. To fully understand Paid Discovery, it is necessary to repeat what SU is about as a social media service: ‘StumbleUpon’s revolutionary platform lets users surf the best of the web by ‘stumbling’ to sites that match their interests, simply by hitting a button on their browser or mobile device.’ (StumbleUpon, 2011a) Users are served different websites which have a very high chance to be liked (in this case ‘thumbed up’) and the mindset of these users can be described as ‘looking to discover new and interesting content, and will give you valuable feedback (thumbs up or thumbs down ratings) if you provide them with an entertaining, enlightening, or informative experience.’ (StumbleUpon, 2011a) This open mindset and the fact that well chosen landing pages are delivered as if they are user selected pages makes Paid Discovery a very unobtrusive means of advertising. ‘Ideally every StumbleUpon user should appreciate advertisements as on of their own Stumbles.’ (StumbleUpon, 2011a) To achieve this level of unobtrusiveness, SU offers content guidelines. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 102 The unobtrusiveness is further supported by the very small icon shown on the toolbar. In figure 56 the icon or the word that indicates a Paid discovery is marked with a red circle. Figure 54 Paid discovery indicator58 7.5.5. Conclusion StumbleUpon shows the same constraints as the other platforms, which favours signing up above reading terms of service or privacy statements. Users of this service are also visually constrained to see a difference between advertised and normal content. It is a real affordance that advertised content is shown in a way that it may be perceived as regular content. This is according to StumbleUpon a good thing. For the perceived and complete context this is however troublesome because users may not be aware of the real affordance that they are being shown advertisements. 8. General conclusion
8.1. Main findings If we look at the constraints used by social media, than we can see that users are being steered away from expanding their perceived context into the complete context. They are being directed towards using the service without consideration with regard to their PII. Secondly, users are encouraged to provide as much personal information as possible. This is achieved through the use of logical constraints, which show up as stepwise instructions to guide the registration process. We do 58 There is difference in appearance because the first toolbar is a plugin of Firefox and the other one is shown in Chrome. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 103 recognize the need for this information as a requirement to make the provided service more satisfactory, but it also serves a second goal which is never mentioned during the registration process: advertising. The real affordances of the commodification of PII are only mentioned in the privacy statement, which is always placed below the button to register. This step is illogical because users declare to have read and understood the terms and conditions and the privacy policy related to the use of the service. This message is also shown under the sign-­‐in button, which implies that it is also a logical constraint to keep users from reading the privacy statement. Although the privacy statement an sich was not the object of analysis, it is one of the only sources of information for users of social media. Users can also learn what happens with their PII from the various marketing services offered by their social media platform. This leads us to think that information with regard to their privacy is only read when users are actually looking for it. If users read the privacy statement they are still not entirely aware of the real affordances of the tools that are being used to register and target them personalised advertisements. This is the case because the affordances are described very general instead of specific and related to the actual services provided. However this was not the case for Facebook where everything was described in detail. The real affordances of advertising on social media analysed in this report are that the advertisements are always personalised to a minimum of gender, location and age. Due to the different kinds of advertising we will talk about three broad tendencies in advertising on social media: targeted advertising, social advertising and integrated advertising. Targeted advertising is advertising targeted through various criteria. The real affordance here is that almost any information added by users to their profile can be used to target them. This form of advertising is called anonymous because no personal information like e-­‐mail address, name or other directly related identifier is attached to the package sold to the advertiser. This is so because advertisers buy a list and are only told how big the list is and that every person on the list has the criteria chosen by the advertiser. In that sense advertisers are not even buying addresses but only the service of getting their ad delivered to these addresses. K-­‐anonymity is implicitly taken into account as no targeted advertising allows targeting single users through their criteria. The minimum number of K as the group of users identifiable is not given. Future research could map what number K should be according to users and advertisers. Social advertising ads a social layer to the ad shown by mentioning who of their friends also has a relation with the product or brand advertised. With this new ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 104 form of advertising it is possible to target users who have no pre-­‐existing relation with the product or brand. Although Facebook and LinkedIn enable this practice by default, it is possible to opt-­‐out. This real affordance is hard to perceive without reading about it for it is never showed to the user who is portrayed in the ad. Integrated advertising also ads a social layer, but dresses the ad up as a part of their service. The perceived affordance of this service is that users do not see the real affordance: this is an advertisement and not a part of the content provided by the service. All platforms give visual feedback to inform the user of its true content. The visual constraint put on this visual feedback varies, Twitter colours this content, Facebook and LinkedIn place them in the advertising column and StumbleUpon provides a barely noticeable icon. 8.2. Discussion Users may perceive the affordance that they are a targetable audience on social media, but it is almost impossible to grasp to what degree they are targetable and how this process is done. This is made so hard because privacy statements are only accessible for those who look for it and even then they do not always provide sufficient information. We can therefore question whether privacy statements are really the best way to inform users of the real affordances related to the commodification of PII. There may be alternatives such as showing shorter versions or even graphical presentations. It could also be possible to add a link to every advertisement that explains how and why the advertisement is shown. This is already being researched for individual ads (Hastak & Culnan, 2010). ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 105 Figure 55 Interest based ads icon Lastly, we would like to remark that the current ways of receiving agreement or consent are failing to really achieve this. Users are steered away from reading the statement and if they try they are confronted with an abstract -­‐ often difficult to understand -­‐ text. We need to find ways to achieve informed consent or to develop systems that no longer presuppose such a strong emphasis on individual user knowledge and consent. A first solution could be to set opt-­‐in as default instead of an opt-­‐out, as this would better protect the unaware. Users could also be shown questions that test their knowledge of the real affordances of the usage of PII on social media. Users are already being tested to see whether they are human or not through an image, which shows characters only readable to humans. Besides these kinds of measures on user level, we also need to take a look at the possibilities on technological level. The goal would then be to mitigate the responsibilisation of individuals who use or are affected by social media. This can also be done by making the underlying social networking infrastructures and the organisations that run them more accountable. 8.3. Future research Future research needs to focus on how the perceived context can be expanded, while also assessing the minimum amount of perceived context is needed for users to grasp the commodification of PII. User research needs to map the attitudes of users and their willingness to inform themselves. This way we may ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 106 map a limit to users’ willingness to understand their privacy with regard to the commodification of PII on social media. Secondly, more research is needed on the (critical) marketing side. What are the affordances of personalised advertising and are there no limits to this personalisation? It could very well be that not every kind of message is well received through social media and lastly do advertisers value the privacy of their audience? Thirdly, we should focus on the macro economic level of the commodification of PII on social media. Personalised and social advertising may have a new and unseen potential. However we do need to take critical look at how political economic power is distributed, by investigating to what extent large companies have for example power over users, buyers of ad space and governments. We need to investigate the possible effects of this situation and how sub-­‐optimal developments can be remedied for both users as advertisers. Our future research will focus on the attitudes and practices of advertisers that work with social media in Flanders and make use of PII. Next we will also start to investigate user attitudes, practices, capabilities and knowledge regarding their personal information on social media. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 107 9. References
7,500 Online Shoppers Unknowingly Sold Their Souls. (2010, 15/04/2010). Fox News SciTech Retrieved 03/12/2011, from http://www.foxnews.com/scitech/2010/04/15/online-­‐shoppers-­‐unknowingly-­‐
sold-­‐souls/ Acquisti, A., & Gross, R. (2009). Title: Predicting Social Security numbers from public data PROCEEDINGS OF THE NATIONAL ACADEMY OF SCIENCES OF THE UNITED STATES OF AMERICA, 106(27), 10975-­‐10980. Adobe. (2009). Flash Player: Settings Manager -­‐ Global Security Settings panel. Retrieved 09/02/2011, from http://www.macromedia.com/support/documentation/en/flashplayer/help/se
ttings_manager04.html Adobe. (2011). What Are Third-­‐Party Local Shared Objects? Retrieved 02/02/2011, from http://www.adobe.com/products/flashplayer/articles/thirdpartylso/ Aitken, R., Gray, B., & Lawson, R. (2008). Advertising effectiveness from a consumer perspective. International Journal of Advertising, 27(2), 279-­‐297. Austin, E. W., & Johnson, K. K. (1997). Immediate and delayed effects of media literacy training on third graders' decision making for alcohol. Health Communication, 9(4), 323-­‐349. Author Q&A with Eli Pariser. (2011). Amazon, from http://www.amazon.com/gp/product/1594203008/ref=as_li_qf_sp_asin_il_tl?ie
=UTF8&tag=thefilbub-­‐
20&linkCode=as2&camp=1789&creative=9325&creativeASIN=1594203008 Barth, A., Datta, A., Mitchell, J., & Nissenbaum, H. (2007). Privacy and Contextual Integrity: Framework and Applications. Paper presented at the IEEE Symposium on Security and Privacy,. Belgacom, S. (2011). The first pan-­‐European social portal. Retrieved 06/10/2011, from http://www.skynetcorporate.be/ boyd, D. (2006). Facebook's "Privacy Trainwreck": Exposure, Invasion, and Drama. Apophenia Blog Retrieved 10/04/2010, from http://www.danah.org/papers/FacebookAndPrivacy.html Camp, G. (2011, 12/10/2011). 20 Million Stumblers! StumbleUpon Blog Retrieved 21/10/2011, from http://www.stumbleupon.com/sublog/20-­‐million-­‐
stumblers/ Ciriani, V., S., D. C. d. V., Foresti, S., & P., S. (2008). K-­‐Anonymous data mining: a survey Advances (pp. 105-­‐136): Springer. Cohen, N. S. (2008). The valorization of surveillance: Towards a political economy of Facebook. Democratic Communiqué, 22(1), 5-­‐22. Eckersley, P. (2009). How Online Tracking Companies Know Most of What You Do Online (and What Social Networks Are Doing to Help Them). Electronic ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 108 Frontier Foundation Retrieved December 22, 2010, from http://www.eff.org/deeplinks/2009/09/online-­‐trackers-­‐and-­‐social-­‐networks Facebook. (2011a). Advertise on Facebook. Retrieved 04/011/2011, from https://http://www.facebook.com/ads/create/ Facebook. (2011b). Auth Dialog. Facebook Developers Retrieved 06/10/2011, from https://developers.facebook.com/docs/beta/authentication/ Facebook. (2011c). Auth Dialog. Facebook Developers, from https://developers.facebook.com/docs/beta/authentication/ Facebook. (2011d, 23/09/2011). Data use policy. Retrieved 03/12/2011, from https://http://www.facebook.com/about/privacy/ Facebook. (2011e, 23/09/2011). Data use policy (full text). Retrieved 03/12/2011, from https://http://www.facebook.com/about/privacy/ Facebook. (2011f, 23/09/2011). How advertising works. Data use policy Retrieved 03/12/2011, from https://http://www.facebook.com/about/privacy/advertising -­‐ socialcontext Facebook. (2011g). Information we receive and how it is used. Data use policy Retrieved 03/12/2011, from https://http://www.facebook.com/about/privacy/your-­‐info -­‐ inforeceived Facebook. (2011h). Sharing with other websites and applications. Data use policy Retrieved 03/12/2011, from https://http://www.facebook.com/about/privacy/your-­‐info-­‐on-­‐other Facebook. (2011i). Sponsored stories, build word of mouth. Naturally. Facebook Ads Retrieved 03/12/2011, from https://http://www.facebook.com/ads/stories/ Flosi, L. (2011). comScore Media Metrix Ranks Top 50 U.S. Web Properties for February 2011. Reston: comScore. Form S-­‐1 Registration Statement. (2011). Delaware: Securities and Exchange Commission. Graham, P. (2005). Web 2.0. Paul Graham Retrieved 07/08/2011, from http://www.paulgraham.com/web20.html Gray, K. (2011, 26/10/2011). The Lifecycle of a Web Page on StumbleUpon. StumbleUpon Blog Retrieved 23/11/2011, from http://www.stumbleupon.com/sublog/the-­‐lifecycle-­‐of-­‐a-­‐web-­‐page-­‐on-­‐
stumbleupon/ Hastak, M., & Culnan, M. J. (2010). Online Behavioral Advertising “Icon” Study, Summary of Key Results: Future of Privacy Forum. Hildebrandt, M. (2008). Chapter 2: Defining Profiling -­‐ A New Type of Knowledge? In M. Hildebrandt & G. S. (Eds.), Profiling the European Citizen: Cross-­‐
Disciplinary Perspectives (pp. 17-­‐45). Amsterdam: Springer. Holdford, D. (2008). Content analysis methods for conducting research in social and administrative pharmacy. Research in Social & Administrative Pharmacy, 4(2), 173-­‐181. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 109 Hoofnagle, C., Jay, C., & King, J. (2008). Research Report: What Californians Understand About Privacy Offline. IBBT-­‐SMIT, L., IBBT-­‐MICT, C&E, ICRI, CUO. (2010). EMSOC, User Empowerment in a Social Media Culture, IWT proposal for an SBO with societal finality: IBBT-­‐SMIT, LSTS, IBBT-­‐MICT, C&E, ICRI, CUO. Jensen, C., Potts, C., & Jensen, C. (2005). Privacy practices of Internet users: Self-­‐
reports versus observed behavior. Human-­‐Computer Studies, 63, 203-­‐227. Kaplan, A. M., & Haenlein, M. (2009). Users of the world, unite! The challenges and opportunities of Social Media. Business Horizons, 53(1), 59-­‐68. Krawczyk. (2011). Marketing @ StumbleUpon: How we use paid discovery. http://www.stumbleupon.com/ads/blog/how-­‐we-­‐use-­‐paid-­‐discovery/ LinkedIn. (2011a). Advertising Specifications v. 2011.1.0. LinkedIn Retrieved 30/05/2011, from http://adspecs.linkedincreatives.com/ LinkedIn. (2011b). Help Center. Retrieved 30/05/2011, from https://help.linkedin.com/ LinkedIn. (2011c). Hiring Solutions LinkedIn. Retrieved 30/05/2011, from http://www.linkedin.com/hiring LinkedIn. (2011d). Job Seeker. Retrieved 30/05/2011, from http://www.linkedin.com/subscriptionv2?displayProducts=&family=jss&trk=ho
me_level LinkedIn. (2011e, 26/01/2011). LinkedIn Text Advertising Service Emerges from Beta with Enhanced Targeting Capabilities LinkedIn Press Centre Retrieved 30/05/2011, from http://in.press.linkedinlabs.com/node/142 LinkedIn. (2011f). Manage Social Advertising. Settings Retrieved 03/12/2011, from https://http://www.linkedin.com/settings/?trk=hb_acc LinkedIn. (2011g). Partner Messages. LinkedIn Marketing Solutions Retrieved 30/05/2011, from http://marketing.linkedin.com/solutions/partner-­‐
messages/partner-­‐messages LinkedIn. (2011h). Privacy Policy, LinkedIn Privacy Policy Highlights. Retrieved 30/05/2011, from http://www.linkedin.com/static?key=privacy_policy&trk=hb_ft_priv -­‐ pri-­‐top LinkedIn. (2011i). Step 1: Compose Job. Retrieved 30/05/2011, from http://www.linkedin.com/jobs/post?editAttributes=&trk=rsh_paj_paj LinkedIn. (2011j). Subscription Plans. Retrieved 30/05/2011, from http://www.linkedin.com/subscriptionv2?displayProducts=&trk=hb_ft_upyracc
t LinkedIn. (2011k). Talent. Retrieved 30/05/2011, from http://www.linkedin.com/subscriptionv2?displayProducts=&family=talent&trk
=home_level Lipschutz, K. (2011, 20/08/2011). Stumblers Out-­‐Refer Facebookers. Adweek Retrieved 04/01/2012, from http://www.adweek.com/news/technology/stumblers-­‐out-­‐refer-­‐facebookers-­‐
134287 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 110 MacManus, R. (2011, 25/09/2011). The New Facebook: 3 Major Implications. Read Write Web Retrieved 02/12/2011, from http://www.readwriteweb.com/archives/the_new_facebook_3_major_implicatio
ns.php McGrenere, J., & Ho, W. (2000). Affordances: Clarifying and evolving a concept. Paper presented at the Graphics Interface 2000. McStay, A. (2011). Profiling Phorm: an autopoietic approach to the audience-­‐as-­‐
commodity. Surveillance & Society, 8(3), 310-­‐322. Miyazaki, A. D. (2008). Online privacy and the disclosure of cookie use: Effects on consumer trust and anticipated patronage. Journal of public policy & marketing, 27(1), 19-­‐33. Mosco, V. (1998). The political economy of communication: rethinking and renewal. London: Sage. Netlog. (2010). Net Offer. Sales Wiki Retrieved 06/10/2011, from http://saleswiki.netnoc.eu/index.php/Net_Offer Netlog. (2011a). Earn Credits. Retrieved 06/10/2011, from http://en.netlog.com/go/credits/earn Netlog. (2011b). Pet Party. Games Retrieved 06/10/2011, from http://en.netlog.com/play/game/petparty Netlog. (2011c). Spotlight. Retrieved 06/10/2011, from http://en.netlog.com/go/manage/spotlight Nielsen, J. (2006). Participation Inequality: Encouraging More Users to Contribute. Retrieved 07/08/2011, from http://www.useit.com/alertbox/participation_inequality.html Norman, D. A. (1998). Design of Everyday Things. London: MIT Press. Norman, D. A. (1999). Affordance, conventions and design. interactions, 6(3), 38-­‐
42. O'Reilly Media. (2011). About O'Reilly. Retrieved 03/01/2011, from http://oreilly.com/about/ O'Reilly, T. (2005). What Is Web 2.0. O'Reilly Retrieved 07/08/2011, from http://oreilly.com/web2/archive/what-­‐is-­‐web-­‐20.html Pierson, J., & Heyman, R. (2011). Social media and cookies: challenges for online privacy. Info, 13(6), 30-­‐42. Punie, Y., Lusoli, W., Centeno, C., Misuraca, G., & Broster, D. (2009). The Impact of Social Computing on the EU Information Society and Economy. Seville: IPTS European Commission -­‐ Joint Research Centre. Rait, Z. (2011, 14/09/2011). Introducing the Subscribe Button. https://http://www.facebook.com/blog.php?post=10150280039742131 Sanghvi, R. (2006, 05/09/2006). Facebook gets a facelift. https://http://www.facebook.com/blog.php?post=2207967130 Schäfer, M. T. (2009). Participation inside? User activities between design and appropriation. In M. van den Boomen, S. Lammes, A.-­‐S. Lehmann, J. Raessens & ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 111 M. T. Schäfer (Eds.), Digital material tracing new media in everyday life and technology (pp. 147-­‐158). Amsterdam: Amsterdam University Press. Schwartz, J. (2001). Giving Web a Memory Cost Its Users Privacy. The New York Times Retrieved February 2, 2011, from http://www.nytimes.com/2001/09/04/technology/04COOK.html Soltani, A., Canty, S., Mayo, Q., Thomas, L., & Hoofnagle, C. J. (2009). Flash Cookies and Privacy. SSRN preprint, December 22, 2010, from http://papers.ssrn.com/sol3/papers.cfm Statistics. (2011). Facebook Retrieved 02/12/2011, from https://http://www.facebook.com/press/info.php?statistics StumbleUpon. (2010). Privacy Policy. Retrieved 06/10/2011, from http://www.stumbleupon.com/privacy/ StumbleUpon. (2011a). Paid Discovery Overview. Retrieved 06/10/2011, from https://http://www.stumbleupon.com/pd/help/overview/ StumbleUpon. (2011b). Plans & Pricing. Retrieved 06/10/2011, from https://http://www.stumbleupon.com/pd/index/plans/ StumbleUpon. (2011c). Terms of Service. 06/10/2011, from http://www.stumbleupon.com/terms/ Stutzman, F. (2006). How Facebook Broke its Culture. http://chimprawk.blogspot.com/2006/09/how-­‐facebook-­‐broke-­‐its-­‐culture.html Swisher, K. (2011). Twitter Poised to Close a Two-­‐Stage $800M Funding, With Half Used to Cash Out Investors and Employees. All Things D Retrieved 27/11/2011, from http://allthingsd.com/20110720/twitter-­‐poised-­‐to-­‐close-­‐a-­‐
two-­‐stage-­‐800m-­‐funding-­‐with-­‐half-­‐used-­‐to-­‐cash-­‐out-­‐investors-­‐and-­‐employees/ Tappenden, A. F., & Miller, J. (2009). Cookies: A Deployment Study and the Testing Implications. ACM Transactions on the Web, 3(3), 1-­‐49. Tibau, F. (2011, 20/07/2011). Het tweede leven van Netlog. Datanews Retrieved 29/11/2011, from http://datanews.knack.be/ict/nieuws/nieuwsoverzicht/2011/07/20/het-­‐
tweede-­‐leven-­‐van-­‐netlog/article-­‐1195066801757.htm Tonkelowitz. (2011, 09/11/2011). Interisting News, Any Time You Visit. https://http://www.facebook.com/blog.php?post=10150286921207131 Twitter. (2011a). Follow your interests. Retrieved 23/06/2011, from http://www.twitter.com Twitter. (2011b). Promoted Accounts. Retrieved 23/06/2011, from http://business.twitter.com/advertise/promoted-­‐accounts/ Twitter. (2011c). Promoted Tweets. Retrieved 23/06/2011, from http://business.twitter.com/advertise/promoted-­‐tweets/ Twitter. (2011d). Start Advertising. Retrieved 03/12/2011, from https://business.twitter.com/advertise/start. Twitter. (2011e, 23/06/2011). Twitter Privacy Policy. 03/12/2011, from https://twitter.com/privacy ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 112 Vander Wal, T. (2007). Folksonomy. vanderwal.net Retrieved 07/08/2011, from http://vanderwal.net/folksonomy.html Walrave, M. (2002). e-­‐Privacy.be Een betere berscherming van de privacy in Belgische websites, één jaar na het van kracht worden van de 'nieuwe' privacywet? : K.U. Leuven -­‐ Departement Communicatiewetenschap. Walsh, M. (26/01/2011). LinkedIn Adds Job Title, Company Names To Text Ad Targeting. Online Media Daily Retrieved 30/05/2011, from http://www.mediapost.com/publications/?fa=Articles.showArticle&art_aid=143
517&nid=123028 Warren, S. D., & Brandeis, L. D. (1890). The right to privacy. Harvard Law Review, 4(5). Weber, T. E. (2010, 18/10/2010). Cracking the Facebook Code. Innovation, from http://www.thedailybeast.com/blogs-­‐and-­‐stories/2010-­‐10-­‐18/the-­‐facebook-­‐
news-­‐feed-­‐how-­‐it-­‐works-­‐the-­‐10-­‐biggest-­‐secrets/ Whittaker, S., Terveen, L., Hill, W., & Cherny, L. (1998). The dynamics of mass interaction. 257-­‐264. Woo, J. (2006). The right not to be identified: privacy and anonymity in the interactive media environment. New Media & Society, 8(6), 949-­‐967. Works, C. (2011). Fake Name Generator. Retrieved 3/10/2011, from http://www.fakenamegenerator.com/ Yarow, J., & Angelova, K. (2011, 18/05/2011). CHART OF THE DAY: Where LinkedIn's revenue comes from. Silicon Alley Insider Retrieved 30/05/2011, from http://www.businessinsider.com/chart-­‐of-­‐the-­‐day-­‐where-­‐linkedins-­‐
revenue-­‐comes-­‐from-­‐2011-­‐5 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 113 10. Two-page Dutch summary
In deze studie werd onderzocht hoe persoonsgegevens op sociale media worden verzameld en gebruikt om economische waarde te genereren. Sociale media werd hierin gedefinieerd als een platform gebaseerd op web 2.0 toepassingen waarop door de gebruiker gecreëerde inhouden (UGC) worden gedeeld. Deze UGC varieert qua creativiteit van één muisklik tot het maken van nieuwe audiovisuele inhouden. De producenten van UGC zijn niet langer beperkt tot amateurs maar kunnen nu ook professionelen zijn. Oorspronkelijk was het de bedoeling om na te gaan hoe gebruikers van sociale media gesegmenteerd werden in profielen die dan verkocht worden aan reclamebureaus die op zoek zijn naar een specifiek publiek. De beslissing om een bepaald publiek uit te kiezen wordt echter vaak buiten sociale media genomen. Sociale media treden eerder op als postbode. Sociale media beheren de adressen waar reclameboodschappen worden afgeleverd en houden bij welke personen geïnteresseerd zijn in wat voor soort reclame. Reclamebureaus stellen adressenlijsten samen op basis van de verschillende eigenschappen die door sociale media over hun gebruikers werden verzameld. Dit onderzoek heeft dus nagekeken hoe sociale media (Netlog, Facebook, LinkedIn, Twitter en StumbleUpon) persoonsgegevens verzamelen en aanbieden om reclame te verspreiden. Om dit te bereiken werd er telkens een volledige registratie gesimuleerd gecombineerd met een beschrijving van hoe het medium werkt om op die manier in kaart te brengen welke informatie er wordt verzameld. Hiernaast werd ook een mapping gedaan van de verschillende reclamediensten en manieren waarop persoonsgegevens worden gebruikt. Deze informatie werd verzameld aan de hand van privacy policies en informatie voor reclamebureaus. Het proces van informatieverzameling op de verschillende sociale media vertoont enkele gemeenschappelijke kenmerken. Gebruikers worden aangemoedigd om zoveel mogelijk informatie vrij te geven. Gebruikers worden hierin aangespoord via een stapsgewijs registratieproces waarin de lineaire opbouw van het proces er voor zorgt dat het bijna logisch is om deze gegevens vrij te geven. Privacy-­‐rechten en algemene voorwaarden worden zoals de kleine lettertjes op een contract weergegeven, ze zijn slecht leesbaar en staan vaak na de handeling om het ‘contract’ of de voorwaarden te ondertekenen. Inzake opties op sociale media die betrekking hebben tot het verzamelen van informatie valt op dat deze standaard op een maximum blootstelling van persoonlijke informatie staan. Dit is dus een opt-­‐out in plaats van een opt-­‐in. Opt-­‐in wordt nochtans door België en Europa verplicht. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 114 Qua reclameboodschappen op sociale media zijn er drie vormen te onderscheiden: gepersonaliseerde reclame, sociale reclame en geïntegreerde reclame. Iedere reclame op sociale media kan gepersonaliseerd worden op een minimum van de volgende demografische gegevens: gender, leeftijd en locatie. Vaak zijn de opties echter veel dieper en kan er tot opleidingsniveau, relatiestatus en seksuele voorkeur worden gespecifieerd. Naast diepgaande vormen van publiekssegmentatie is het mogelijk om de reclameboodschap een sociaal karakter te geven. Dit wil zeggen dat het oude mond-­‐tot-­‐mond principe online wordt toegepast. Eén gebruiker reageert op een merk of product en deze actie wordt gebruikt om vrienden van deze gebruiker aan te sporen te kijken naar een reclameboodschap. Als laatste vorm van reclame experimenteren Facebook, Twitter en StumbleUpon met geïntegreerde reclame. Geïntegreerde reclame is reclame die qua vorm lijkt op inhouden die door gebruikers worden gegenereerd (UGC) en dus niet meer tussen de gebruikelijke reclameboodschappen staan. Het grote voordeel hiervan is volgens StumbleUpon dat gebruikers meer open staan voor deze vorm van reclame omdat ze het niet ervaren als reclame. Uit dit onderzoek kunnen we afleiden dat het voor gebruikers moeilijk is om te begrijpen wat er met hun persoonsgegevens gebeurd omdat informatie hieromtrent slecht gecommuniceerd wordt doordat de privacy policy op een slechte plaats staat, maar ook omdat deze niet eens gelezen dient te worden om hem goed te keuren. Hiernaast wordt het voor gebruikers moeilijker om te vatten wanneer hun persoonsgegevens voor reclamedoeleinden worden gebruikt omdat de reclame zelf moeilijker te onderscheiden is van ander inhouden op deze platformen. In toekomstig onderzoek willen we in kaart brengen hoe reclamebureaus specifieke profielen uitkiezen en waarom ze dit doen op sociale media. Ten tweede zal er al een eerste verkennend onderzoek naar gebruikers plaatsvinden om in kaart te brengen wat gebruikers weten en vinden van het gebruik van hun persoonsgegevens op sociale media. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 115 11. Annexes
11.1.
Annex 1 Netlog Settings Findability in search results means that users' profile, pictures, blog messages, videos etc. to be shown in the search results. The nickname is searchable throughout the whole net even if this function is turned off. These are opt-­‐out by default. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 116 E-­‐mail settings are also opt-­‐out. These options include receiving updates regarding your profile and how other users interact with it (updates, visitors, pictures) But also info about new games, game updates, special offers in general and the Netlog newsletter. Alerts give a more fine-­‐grained choice regarding what kind of alerts Netlog should offer a user. For example, here one can configure whether a notification should be send if someone signs a users guestbook. All but one box were checked, the unchecked box was that a user should not be notified by email when another friend uploads a picture or a video. Next to the e-­‐mail notification it is also possible to be notified by bubble, a bubble is the red box with a number ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 117 within the tabs on the above menu shown below:
It is also possible to connect with Messenger, this way it is possible to find friends, import messenger pictures and publish Netlog shouts and status updates. These options are also available for Facebook (no status and shouts supported), Windows Live (not only messenger is added, updates are also shown in Hotmail), Twitter (twitter is accessible but the site does not mention what would happen if a user is connected, OpenID (is an option to login to other websites with an url provided by Netlog and OAuth (gives you the opportunity to share data with another site (for example to share pictures with an album printing service). Profile access is default set so that everyone can visit a users profile although this can be changed to only friends, some netlog members, only netlog members or, as already mentioned, everyone. There is a special option checked, friends of friends can see the users profile. And two others, members who are not allowed to see the profile are also allowed to ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 118 send a message (this is not allowed by default) or to only see a limited profile.(not checked by default because this profile has to be made the option some netlog members can be specified by trust, age, nationality, region and members of certain groups. A limited profile shows your profile picture, your age, your online status and a personal message. You can edit the personal message below. Communication is the option to choose who can communicate in any way on this medium: through messages, comments and ratings (options are everyone, friends and their friends, friends and nobody). Shouts can be seen by everyone by default but it is also possible to choose for friends. Comments are approved automatically (and thus also published) but it is also possible to approve them the first time someone comments, or only after the user reviewed them. In the logs option you can uncheck whether comments should be shown in the logs of a user’s friends. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 119 The feeds menu displays the possibility to use rss-­‐feeds in order to stay informed of the blog, pictures, videos, music, shouts, links and recent updates (which are al above mentioned actions). It is also possible to view more personal feeds that are linked to information on the users account and his or her friends, Netlog advises not to share these feeds with others. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 120 Whitelist is very straightforward and shows who is able to see your profile, contact you and post comments On the blacklist particular users can be blocked. 11.2.
Annex 2 Mail Netlog Beste Rob
Deze link was blijkbaar inderdaad niet correct aangepast.
Al onze Ad Sales verlopen inderdaad momenteel via Belgacom Skynet.
Integrated products zijn nog steeds via eigen kanalen beschikbaar.
Alle ads lopen sowieso ROS, maar staat los van de targeting criteria. Je kan
steeds kiezen voor Age, gender, Location op alle ROS display
mvg
Tom
TO M S E G E R S
Head
of
Business
Development Benelux
[email protected]
MASSIVE MEDIA NV
netlog.com/tomsegers
Emile Braunplein 18
M +32 472 93 48 39
B-9000 Ghent
Visit our corporate site
T +32 2 400 43 21
VAT BE 0859.635.972
This e-mail may contain proprietary and confidential information and is intended
for the recipient(s) only. If an addressing or transmission error has misdirected
this e-mail, please notify the author by replying to this e-mail. If you are not the
intended recipient(s), disclosure, distribution, copying or printing of this e-mail is
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 121 strictly prohibited.
Begin forwarded message:
From: Rob Heyman <[email protected]>
Subject: dead link advertising page Massive Media
Date: 17 november 2011 11:24:11 GMT+01:00
To: [email protected]
Cc: Jo Pierson <[email protected]>
Beste Jan Maarten Willems,
Wij hebben elkaar al eens ontmoet op de EMSOC Kick-off. Ik ben momenteel
bezig aan een state of the art van sociale media marketing services. En
daarin bekijk ik onder andere Netlog.
Nu heb ik een probleem en ik hoop dat jij mij daar mee kan helpen. Tijdens de
zomer kon ik nog aan alle informatie over de verschillende advertising
diensten van Netlog want je kwam via ʻAdvertise on Netlogʼ uit op een
advertisers page van Massive Media met daarop een overzicht. Deze
laatstgenoemde pagina geeft nu al meer dan een maand een 404 error.
Kan het zijn dat jullie deze paginaʼs niet meer gebruiken omdat jullie nu
samenwerken met Belgacom Skynet voor jullie ad sales? Of zijn jullie de ad
services aan het veranderen?
Ik zou ook nog langs deze weg willen vragen of jullie alles gaan outsourcen of
bijvoorbeeld jullie Brand Integration Service, Skin development en Gaming
Media bij Massive Media zelf houden. Kortom houden jullie de integrated
products zelf of worden die ook deel van de ad sales?
En dan nog een laatste vraag, de huidige producten aangeboden door
Belgacom Skynet omvatten enkel ROS ads, zijn jullie gestopt met targeted
advertising?
Met vriendelijke groeten,
Rob Heyman
Doctoraatstudent
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 122 IBBT-SMIT
EMSOC
Tel: +32 2 629 16 34
11.3.
Annex 3 Massive Media Products 11.4.
Annex 4 Netlog Interview Manage / Profile / Interview Layout Basic data Interview Accounts and Instant Messengers Top of Form Interests
Music Sports ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 123 Friends Technology Films Cars Internet Computers Traveling Nightlife Mobile phones Humour Dating Television More Show interests on your profile in a house in a flat I live
in a studio in a student apartment somewhere else I live
Colour of your hair
Do you dye your hair?
Do you use skin care products?
Do you use gel or hair spray?
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 124 Colour of your eyes
Weight (pounds)
Height (feet)
I (sometimes) wear
Do you have children?
-­‐-­‐ Yes No How many children do you have?
Nothing (not interested) Friendship I'm looking for
Love Sports friends Friends to go out with How often do you go on a holiday?
by car by bus by plane When I go on a holiday, I go
by train by boat hitchhiking by bike rest adventure On vacation, I'm looking for
culture luxury nightlife ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 125 relaxation something else My favourite holidays are
Paris Cologne Antwerp Brussels Budapest Athens Barcelona Madrid London Prague Favourite cities abroad
Copenhagen Lissabon Istanbul Berlin Cork Florence Granada München Milan Nice Rome ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 126 Valencia Venice Vienna Dublin Malaga Ankara Moscow skiing snowboarding scuba diving diving My favourite holiday sports are
sailing climbing water-­‐skiing surfing other Best travelling experience
Worst travelling experience
I sometimes have to travel abroad for my job
-­‐-­‐ Yes No How often do you play video games?
Action Favourite gaming type
Adventure Arcade ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 127 Role play Sports Simulation Kids Racing Strategy Massive Multiplayer Online Role Playing Game Shoot'em up Party Games Fight'em up Trading card Games Web Games Dreamcast Playstation GameCube N-­‐Gage PC Gaming Console
XBOX Other Playstation 2 Gameboy PSP Playstation 3 ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 128 Sega Nintendo Wii XBOX 360 Favourite games
How many hours do you sleep on average each night?
Smoker?
Tobacco brand (if smoker)
How often do you eat fastfood?
How often do you practise sports?
What do you usually drink when you go out?
Do you drink a lot of alcohol?
Favourite alcoholic drink
Cocktail
I don't drink beer!! Heineken Bass Guinness Favourite beer brand
Budweiser Michelob Fosters Coors Yuengling ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 129 Rochefort Youngs Victoria Bitter Tooheys Coopers West End Draught Chopper Heavy Duvel Carling Crown Lager Kokanee beer Scotch ale Newcastle Brown Ale Fuller Smith & Turner Amstel Batemans Bavaria Samuel Smith Stella Favourite non alcoholic drink
Casual Clothing style
Trendy Skate Classic ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 130 Extravagant Gothic Classy Bohemian Sexy Urban Goa Punk Street Rasta Jeans Soiree Denim Vintage 50's style 60's style 70's style 80's style Sporty Designer Labels Favourite clothing brand
What are you wearing now?
How many pairs of shoes do you have?
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 131 on foot by bike How do you go to school/to work?
by car by public transport by motorcycle Do you already have your driving licence?
4x4 Cars Oldtimers Monovolume Mini Coupé Cabriolet Car interests
Fast cars Tuning Trucks Break Car Audio Car Gadgets Formule 1 Rally Favourite car brand
Own car type
My motorcycle
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 132 Favourite motorcyle brand
call text e-­‐mail go online With my mobile phone, I can
take pictures play music install apps process text keep a calendar record videos Mobile brand
Favourite magazine
I read the newspaper
Favourite newspaper
How many pets do you have?
dog guinea pig cat What kind of pets do you have?
mice rabbit fish birds turtle ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 133 other Favourite pet(s)
Favourite event or party
An event I wouldn't want to miss
Pop Top50 French music 80s 70s Classic Gothic Funk Film Music Music style
Rap HipHop Jazz Acid Jazz Blues Rock Hard Rock Metal Underground Dance ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 134 Trance Techno House Vocal Dance Breakbeat Down Tempo Chill Hardcore Happy Hardcore Rave Country & Western Gospel Drum'n'Bass Hardstyle Punk Favourite radio station
Best dj, singer(s) or band(s)
Horror True story Drama What kind of movies do you like?
Cartoon 3D Animation Clay animation Fantasy ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 135 Musical Comedy Romantic movies Science Fiction Thriller Action Teen Movies Mystery Kungfu/Martial Arts Underground movies Film noir Favourite movies
Favourite actor/actress
TCM Cartoon Network MTV CNN BBC1 Favourite TV channel
BBC2 Nickelodeon Canal+ Red Canal+ Blue Canal+ Yellow Hallmark ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 136 Nat. Geographic Ch. NBC CBS HBO Cinemax Showtime ESPN Disney ABC American Movie Classics The SciFi Channel BET WE Discovery Animal Planet A & E -­‐ Arts & Entertainment Bravo C-­‐Span Court TV Comedy Central E! -­‐ Entertainment Television Fox FX Network History Channel ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 137 PBS Lifetime MSNBC Nick at Nite QVC Showcase Sky News TBS Superstation TNT Travel Channel Turner Classic Movies VH1 UPN The Weather Channel Favourite TV shows
At what time do you go to bed?
The best thing that ever happened to you
What do you hate?
The most irritating question
What was your most unpleasant experience until now?
The coolest person you've met this year?
What do you think is romantic?
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 138 Do you have friends that are living abroad?
What do you do when you are bored?
Homepage
Extra
What's your highest degree?
Do you support any good causes?
I play the lottery and hope to get rich someday
Are you a do-­‐it-­‐yourself enthusiast?
buy or build a house/flat rebuild/renovate my house/flat buy a (new) car get married have a baby start to live healthier My plans for this year are
practise more sports quit smoking study harder graduate find a girl/boyfriend move go and live by myself I love gadgets, so I have a(n):
DVD player DVD recorder ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 139 laptop LCD/Plasma TV surround system computer digital camera analogue camera video camera digital video camera GPS system iPod PSP other How often do you go to the cinema?
Do you go to night clubs?
Favourite night clubs
Disneyland Disney World Six Flags Phantasialand (Germany) My favourite theme parks are
Europa-­‐Park (Germany) Port Aventura (Spain) Alton Towers (England) Blackpool Pleasure Beach (England) The Magical World of Fantasy ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 140 Island (England) Thorpe Park (England) Efteling (The Netherlands) Gardaland (Italy) Liseberg (Sweden) Tivolli Gardens (Denmark) Bakken (Denmark) I like them all just as much I don't like theme parks Glastonbury Festival (England) Rock Werchter (Belgium) Roskilde Festival (Denmark) Montreux Jazz Festival (Switzerland) Oxegen (Ireland) T in the Park (Scotland) My favourite festivals are
EXIT Festival (Serbia) Benicassim International Festival (Spain) Pukkelpop (Belgium) Reading Festival (England) Leeds Festival (England) Electric Picnic (Ireland) Other Do you buy online?
©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 141 cookbooks crime fiction travel books books about human sciences novels foreign literature poetry My favourite books are
fiction novels non-­‐fiction books children's books school books history books sports books philosophy books other Favourite writer(s)
Do you have digital television?
-­‐-­‐ Yes No Do you sort your garbage?
My favourite perfume brand is
11.5.
Annex 5 Netlog ads sold by Belgacom Skynet ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 142 Figure 56 Belgacom Skynet Netlog products (Belgacom, 2011) Table 5 Belgacom Skynet Mobile Netlog products (Belgacom, 2011) m.netlog.be CPM Audience Sections Banner Brut contacts Ros 20,00 € 29.809.740 Homepage 25,00 € 2.409.810 Messages 30,00 € 1.768.500 Shouts 30,00 € 27.810 Notifications 30,00 € 92.310 Friends 30,00 € 428.220 Logs 30,00 € 437.940 Profile 30,00 € 23.851.890 11.6.
Annex 6 Facebook permissions This document discusses the various types of permissions that your app can request the user which enable your app to either read or write certain information on the user's behalf. To learn more about how to access these permissions for a user, please read our authentication documentation. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 143 Important Terms When referring to access tokens and permissions in our documentation, we use the following terms to describe the kinds of tokens and permissions you need to perform particular operations: Publicly available No access_token or permission is required. Any valid access_token Any valid access token returned by our APIs. An access token may not be valid if, for example, it has expired. No special permissions are required. Occasionally, this is referred to as a generic access_token. App access_token An access token for an application. This is obtained by authenticating the application with the APP_ID and APP_SECRET, as described under App Login in Authentication page. User access_token An access_token for a user, with no special permissions required. This is the access token returned by the Client-­‐side and Server-­‐side authentication flows. Page access_token An access_token used to manage a page. This is used when you want to perform an operation acting as a Page. This access token is retrieved by issuing an HTTP GET to /USER_ID/accounts or to /PAGE_ID?fields=access_token with the manage_pages permission. Getting /USER_ID/accounts will return a list of Pages (including app profile pages) to which the user has administrative access in addition to an access_token for each Page. Alternatively, you can get a page access token for a single, specific, page by issuing an HTTP GET to /PAGE_ID?fields=access_token with the manage_pages permission (you must ask for the access_token field specifically via the fields= parameter). See the documentation for the Page object for more information. NOTE: After November 1, 2011, manage_pages permission will be required for all access to a user's pages via this connection, i.e. for both reading the user's pages and also retrieving access_tokens for those pages. See the documentation for the User object for more information. A specific permission A permission, from the list below, that is required to perform a particular operation. For example user_checkins is required to read a user's checkins. In many cases, you can perform an operation without a specific permission, but can retrieve more information (or perform additional operations) with a specific ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 144 permission. In these cases, we will list the complete set of permissions, such as: 'any valid access_token or user_groups'. Basic Information When a user allows you to access their basic information in an auth dialog, you have access to their user id, name, profile picture, gender, age range, locale, networks, user ID, list of friends, and any other information they have made public. To get access to any additional information about the user or their friends you need to ask for specific permissions from the user. User and friends Permissions You can ask for the following permissions for users and friends in the scope parameter of the Auth Dialog. If you are using the Enhanced Auth Dialog, these permissions are non-­‐revocable; i.e. once users have allowed your application from the Auth Dialog, they cannot be revoked. User permission Friends permission Description friends_about_me Provides access to the ‘About Me’ section of the profile in the about property user_activities friends_activities Provides access to the user's list of activities as the activities connection user_birthday friends_birthday Provides access to the birthday with year as the birthday_date property friends_checkins Provides read access to the authorized user's check-­‐
ins or a friend's check-­‐ins that the user can see. user_about_me user_checkins Provides access to user_education_history friends_education_history education history as the education property ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 145 User permission Friends permission Description friends_events Provides access to the list of events the user is attending as the events connection friends_groups Provides access to the list of groups the user is a member of as the groups connection user_hometown friends_hometown Provides access to the user's hometown in the hometown property user_interests friends_interests Provides access to the user's list of interests as the interests connection user_likes friends_likes Provides access to the list of all of the pages the user has liked as the likes connection user_location friends_location Provides access to the user's current location as the location property user_notes friends_notes Provides access to the user's notes as the notes connection user_online_presence friends_online_presence Provides access to the user's online/offline presence friends_photo_video_tags Deprecated; not supported after November 22, 2011. Provides access to the photos and videos the user has uploaded, and photos and videos the user has been tagged in; this permission is equivalent to user_events user_groups user_photo_video_tags ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 146 User permission Friends permission Description requesting both user_photos and user_videos, or friends_photos and friends_videos. user_photos friends_photos Provides access to the photos the user has uploaded, and photos the user has been tagged in user_questions friends_questions Provides access to the questions the user or friend has asked friends_relationships Provides access to the user's family and personal relationships and relationship status user_relationships Provides access to the user_relationship_details friends_relationship_details user's relationship preferences friends_religion_politics Provides access to the user's religious and political affiliations friends_status Provides access to the user's most recent status message user_videos friends_videos Provides access to the videos the user has uploaded, and videos the user has been tagged in user_website friends_website Provides access to the user's web site URL user_work_history friends_work_history Provides access to work history as the work property user_religion_politics user_status ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 147 User permission email Friends permission Description N/A Provides access to the user's primary email address in the email property. Do not spam users. Your use of email must comply both with Facebook policies and with the CAN-­‐SPAM Act. Extended Permissions You can ask for the following extended permissions in the scope parameter of the Auth Dialog. If you are using the Enhanced Auth Dialog, these permissions are revocable, and are presented on the second page of the Dialog. In the Enhanced Auth Dialog flow, users can withhold individual permissions from this page. Note that publish_actions is a special permission, in that it will not appear on a second Dialog page, but is revocable from the Apps tab on the Account Settings page. See the Read Permissions Open Graph documentation for user and friends extended (i.e. revocable) permissions specific to Open Graph Beta. Permission Description read_friendlists Provides access to any friend lists the user created. All user's friends are provided as part of basic data, this extended permission grants access to the lists of friends a user has created, and should only be requested if your application utilizes lists of friends. read_insights Provides read access to the Insights data for pages, applications, and domains the user owns. read_mailbox Provides the ability to read from a user's Facebook Inbox. read_requests Provides read access to the user's friend requests read_stream Provides access to all the posts in the user's News Feed and enables your application to perform searches against the user's News Feed xmpp_login Provides applications that integrate with Facebook Chat the ability to log in users. ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 148 Permission Description ads_management Provides the ability to manage ads and call the Facebook Ads API on behalf of a user. create_event Enables your application to create and modify events on the user's behalf manage_friendlists Enables your app to create and edit the user's friend lists. Enables your app to read notifications and mark them as manage_notifications read. This permission will be required to all access to notifications after October 22, 2011. offline_access Enables your app to perform authorized requests on behalf of the user at any time. By default, most access tokens expire after a short time period to ensure applications only make requests on behalf of the user when the are actively using the application. This permission makes the access token returned by our OAuth endpoint long-­‐lived. publish_checkins Enables your app to perform checkins on behalf of the user. publish_stream Enables your app to post content, comments, and likes to a user's stream and to the streams of the user's friends. With this permission, you can publish content to a user's feed at any time, without requiring offline_access. However, please note that Facebook recommends a user-­‐initiated sharing model. rsvp_event Enables your application to RSVP to events on the user's behalf sms Enables your application to send messages to the user and respond to messages from the user via text message publish_actions Enables your application to publish user scores and achievements. Page Permissions Permission Description manage_pages Enables your application to retrieve access_tokens for pages the user administrates. The access tokens can be queried using the ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 149 Permission Description ‘accounts’ connection in the Graph API. This permission is only compatible with the Graph API. Bottom of Form ©EMSOC – IWT -­‐ Brussels Leuven Ghent -­‐ 2011 – Authors: Rob Heyman, Jo Pierson, Ike Picone 150