Top 10 Problems with Sharing Personal Information Online
We are in the process of taking a good hard look at the way personal information is currently shared online. When we speak of personal information, we are referring to your name, age, date of birth, education, work experience, credit score, address, professional licenses etc. etc. etc. Basically, the things that make you “you”…
Naturally, we are looking to solve some of the following, but in fairness there is no “silver bullet” when it comes to solving all of the current online identity and personal information management issues. This is due to the fact that when it comes to identity, people have different needs in different places and at different times. We have seen some major strides being made lately (OAuth, OpenID, Dataportability.org) but there is still much further to go…
Top 10 reasons sharing personal information online is flawed:
1. Sharing personal information online is not safe.
The current process of submitting and housing your personal information in many, many different locations leads to more possibilities for your personal information to be mishandled or misused. Regardless of what a company says, the truth is they do not have much of a vested interest in protecting your personal information and you can be sure that all of the employees within that company certainly could care less. Other than if the media finds out, there really is no motivation for a company to really protect your information. They won’t get fined, the customer has no recourse, and some of the time a company may not even know one of their employees did something wrong. So if you can’t really trust one company, what happens when 100s or even 1000s of companies have access to your personal information? You simply begin multiplying the probability that something bad can happen to your personal information.
If you think maybe it is just small, shady companies that might do something wrong with your information, look into what happened to 38 million Italian citizens’ tax records, 25 million British peoples’ sensitive financial information lost by the tax authorities, and the recent uproar created over the Deutche Telekom incident.
2. Sharing personal information online is not secure.
This very closely ties in to number one and is of course one of the more obvious ones but the fact is when you submit your personal information online you have no way to ensure the security of that information once you click that submit button. You can of course submit your information via SSL (secure socket layer, the thing where you see the “Verisign” logo when purchasing something) but that only handles the transmission of that information. There are no standards or processes in place to ensure that your information will be handled securely once it is in someone else’s hands. The reason for this is that every company defines “security” differently and in truth, we the users don’t even really know what to look for. We are left to hope each time we submit our information that EACH company will keep our info safe and under lock and key. Please see above for the effectiveness of hoping…
3. Sharing personal information online is one-directional.
Of all the problems on the list, this flaw probably has the furthest to go. The fact that sharing personal information online is one-directional means that when you submit your information anywhere online it becomes very tough to interact with that info to update, edit or change, especially across multiple websites. Of course, most websites offer the option of allowing me to log in and edit or update my info but is that a really effective method to manage the 1000s of companies that hold my personal information. I recently moved and had to change my address. The process of updating every company I interact with (cell phone, credit card, etc.) was not my idea of fun. I try avoid speaking to my cell phone company at all costs.
The point is that it was a hassle just to change my address, but what about when I graduate with a new degree, get a new job, receive a professional license or any of the hundreds of other things that happen to people over the course of their life. There are databases out there that have old, static information about me that I a) might not want them to have anymore or b)might want to the opportunity to update. Fixing this is one of the goals of Project VRM (Vendor Relationship Management), which you can think of as the opposite of Customer Relationship Management. Essentially, the customer has one place to manage all of the companies they interact with. Not a small task and we admire Doc Searls for the effort he has put into this project thus far. It is something we are watching with interest.
4. Sharing personal information online lives in “silos”.
Your personal information living in “silos” simply means that each website, network, community or place where you have submitted your personal information has no relation to the other. Who I am on Linkedin has no relation to my BeenVerified Profile and they are not able to interact to give a better picture of who I am and what I have accomplished. Each community holds their own database of information and there are no standard methods for, while still keeping the user in control, passing around this information. Ross, my co-founder, is ridiculous with modifying any piece of computer equipment to be placed in a car and is recognized as an expert on the car forums where other wonks like him hang out. However, if he wanted to, he would have no way of sharing that “expert” status with say a wikipedia posting regarding car tuning so that readers would get a true sense of his expertise.
This is something we are very interested in fixing and if you have users with information that you think is important for them to be able to share throughout the web, feel free to contact us.
5. Sharing personal information online requires releasing username/password information.
In order for personal information to be shared from one website to another (for example, your gmail contacts with a social network) websites have traditionally asked for username and password information in order to go and collect your information from another site. This is HORRIBLE on many levels and the OAuth protocol was built to stop this process and our own co-brandable web service requires using the OAuth process to ensure that we pass information only after a user has logged into BeenVerified on OUR domain.
If a website asks for your username and password to access another website on your behalf, tell them they seriously need to think about re-building their process.
6. Sharing personal information online is repetitive.
Is there anything worse than having to fill out the same signup form over and over and over and… OpenID to the rescue! Well, sort of.
OpenID does a good job of ensuring that you have less passwords to remember and can get you signed up and logged in faster. The problem is that more websites need to adopt it and there is only so much information that the protocol currently supports. For example, if I wanted to pass along my current place of work that option is not currently supported and it would require me to fill out additional information which defeats the OpenID purpose. OpenID is a great, lightweight option for the social networks, blogging, or “fun” type of stuff on the web but what should we do about enterprise or places online where more serious types of transactions take place?
7. Sharing personal information online requires complete disclosure.
In order for me to obtain a mortgage quote today, I would need to visit a mortgage lending site and enter in almost all of my personal information, which would then require the lender to run a credit report in order to provide me with a proper quote. We feel this is one of the 10 problems that can be fixed the easiest and fixed the best. Specifically, it should be possible for a user to say “I want a mortgage” but not have to tell the lender EVERYTHING about them, just receiving the credit score from a trusted source would be good enough. Not sure who coined it first but the proper term for this is “selective disclosure”…
This doesn’t apply to just mortgages, think about being able to apply for a job and show the credentials you have but still be able to remain anonymous (your name, address, etc.) in order to not have to worry about losing your current job. What about being able to edit a wiki article on abortion, prove your expertise as a doctor but again not actually have to show your name. There are many instances where showing all of who you are is unneseccary and leads to supplying information that you should be able to keep private. BeenVerified is working on this too.
8. Sharing personal information online has high value to businesses but zero to user.
So Facebook is worth $15 Billion (Capital B) based off their zillion users. But how much of that dollar value do the users actually get? If you answered ZERO, smart one you are. Facebook has no idea how they are going to make money off their network (advertising, of course!) but they have that valuation because of the control they have over all of that user data. At the end of the day people can talk all they want about “eyeballs” but that is just lip service. The real value of most of the “rich” web companies is that they have a user base that they can extract data from.
9. Sharing personal information has too many standards, protocols, and formats.
Oh boy, this one might annoy some people but the fact is that there are currently too many protocols, formats, standards, intitiatives, organizations, movements, and revolutions regarding user data. I’m not going to list which ones I think are good or bad because we really don’t know until they become standardized. The problem is that while we are waiting for standards to be formed we are losing out on the ability to move forward and enhance the current online environment. Blogs became huge because of RSS and even more importantly this whole Internet thing got to where we are because of Windows…GASP! did I just say?
We root for the success of all open formats and protocols but mostly we are rooting for some of them to just become standards that are widely used.
10. Sharing personal information online has no mechanism to know what information to trust about another individual in an on-demand, real-time basis.
This is BeenVerified’s main problem statement that we are trying to solve. In the current online environment there is no way to know if any information you are viewing about someone is true. If you meet someone online (Craigslist, Monster, Match.com; it doesn’t matter where) there is no method for verifying that the person a) is who they claim b) has accomplished what they claim. Of course, you can google them but that information requires a couple extra steps and even then you do not know if that information is true. Now in some instances that might not matter, but in others in might be extremely important. If I am looking to hire a freelancer to do web design for me, knowing that he has the PHP (programming) skills he claims is certainly important in my decision to hire him.
Now it’s not just the individual users who have this problem. Businesses have a big problem of combating fraud, spam, etc. all because the web is built with no personal identifier system, which of course is a VERY, VERY good thing. I certainly do not want every website to know who I am and certainly do not want every website I visit to be tracked and see where I have gone (there is already a company that does that). However, businesses (and employers) need a way to know who they are selling to and working with just as much as individual online users do. Additionally, owners of online communities and places where people meet and interact would like to build environments where users can trust each other, not out of the goodness of their heart but because they will be able to increase revenue if users are interacting more on their platform than their competitors.
![[del.icio.us]](http://images.del.icio.us/static/img/delicious.small.gif){kind=small}
