thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
[personal profile] thorfinn

So, as announced in LJ news: Facebook and Twitter Connect, Pingbacks have gone live. FB Connect is available for public posts you make (which is fine, and a feature I actually want on Dreamwidth.org), but it's also available for comments.

Anyone can set their account up to default to crosspost their comments to Facebook, then LJ will quietly do so for all their comments., including those that happen in other people's locked posts. That's a potential major accidental privacy violation just waiting to happen there. ETA: Sorry, I'm wrong, it doesn't do that on locked posts. It's still easy to do accidentally, though. I'm not at all sure why anyone would set up that option, but it's an extremely bad option to have available as a default.

ETA: In addition, if you have Pingbacks on (and they're on by default so go check your livejournal privacy settings), if you link from a locked post to any other URL that lives on a site which supports Pingbacks, that site (and if it's a blog, the blog owner) will get an excerpt of your locked post. Not just the link and linkback, LJ sends an actual excerpt of your locked post, regardless of what the remote site you're linking to is. That really is a major accidental privacy violation in progress.

When I first started using LJ several years ago, it was a site where privacy controls were strong and respected, and the space of social networking (Facebook and Twitter) where nothing is private was not really present. So I have locked content on my journal that is stuff that I want to keep actually private, not merely "pseudoprivate".

Unfortunately, since that time, LJ has been sold off to Russians who also have financial interests in Facebook and Twitter. As I posted in the past about why I dumped Livejournal in favour of Dreamwidth, there are pretty strong indicators that the software engineering quality around LJ keeps falling, and I have yet to see anything indicating a reversal of that trend. If anything, it's become even worse, with a very strong focus on new features very much purely being focused around making money from users however possible. Speculation abounds about LJ's profitability and continued long term existence as a result. Personally I would be concerned about the financial status of any service that is quietly running around trying to "monetise" everything possible.

Now, there are a number of quite valid reasons why you might not care about what's going on with LiveJournal:

  1. You may not know know that LJ is changing things. Easy to happen if you don't log in frequently, or don't check LJ [livejournal.com profile] news, or happen to have any friends who are concerned enough to post about it when you happen to read them, or any number of similar reasons.
  2. You may not particularly consider the potential loss of privacy an issue. If you don't make a lot of locked posts, and those you do make locked aren't even all that secret, then who cares, eh? Nothing to keep private, no privacy problem. That's actually my approach on Facebook - I assume everything I post there is public information, regardless of any privacy controls.
  3. You may not understand the privacy issue(s) at hand. The mash of conflicting tensions between sharing and privacy and the technological issues at hand is complicated, ugly, and messy. It really is, and it's hard to get to grips with sometimes, even when you are a security concerned technical person, let alone when you're not.
  4. You may not be worried by this particular small issue. However, small incremental changes for the worse tend to result in the mythical "live frog in pot on the stove" syndrome. No individual change in temperature ever provokes the frog to jump out of the pot, because it's below the threshold of notice and because the pot walls are a bit hot and high to jump over. The frog simply sits there until it cooks (or in this case, the service maybe suddenly disappears because it's not profitable any more).
  5. You've already jumped ship to dreamwidth.org, or have backups of your own journal and content via other means.

Whilst I don't really enjoy making things inconvenient for my friends and acquaintances still on LJ, I feel that I have to protect my privacy and content, which means making certain compromises and taking certain actions. Those have been to:

  • ditch LJ as anything except a "reposter" and for reading my friends who are still on LJ
  • take backups of my content, both a personal backup dump which I'd been doing for years, and via a full import to DW
  • turned off comments on my entire LJ (in response to the FB connect privacy issue)
  • post new content at DW [personal profile] thorfinn, crosspost to LJ [livejournal.com profile] thorfinn with disabled comments on LJ, redirecting people to DW to comment. Locked posts can still be read on LJ, but require a DW account to comment on, unlocked posts can be commented on using OpenID.
  • continue to read on LJ and also read on DW
  • turned off search engines in my LJ privacy settings
  • update my social networking sticky to explain in more detail why and how to switch to dreamwidth.org for anyone that wants to.

ETA: 2009-09-10 LJ News: Facebook and Twitter Connect, Pingbacks, updates - they've announced that they will (eventually) drop crossposting for locked posts. They also confirm that Pingbacks have a bug where you still receive them even if you turned them off - and that's the sort of bug that makes me worry that you might be sending them even if you turned them off.


So, in short, I'm still on LJ for reading and crossposting my blog posts, and I don't plan to change that. However, if you want to comment on content that I post, I really am sorry for the inconvenience, but you can either sign in on dreamwidth.org with OpenID (for unlocked posts) or obtain your own DW account (for all posts included locked ones). If you don't want to do that, I am sorry, but that's what I feel I must do to protect my privacy.

ETA for anyone who wants a DW account: news from [site community profile] dw_news Weekly Update: 8 September 2010:

VOX
Speaking of promo codes, Six Apart has recently announced that their Vox service is closing doors as of September 30. If you or a friend would like to move your Vox blog to somewhere that has the fine-tuned privacy controls that other options such as TypePad or Wordpress doesn't have, Dreamwidth would be a perfect fit! You can use the account creation code "VOX" to create an account.

(no subject)

Date: 2010-09-10 07:06 (UTC)
doushkasmum: (Default)
From: [personal profile] doushkasmum
Seems like a sensible policy to me. I think LJ are doing really dumb things. I think I will go with the option of only posting locked posts on DW, since I am less worried about public posts being cross posted.

(no subject)

Date: 2010-09-10 07:46 (UTC)
lirion: (Default)
From: [personal profile] lirion
In the interests of "fairness", they don't default crosspost comments on locked entries, people have to click them. However, they have fucked with the tab order so that tab takes you straight to the crosspost check box, so anyone who has muscle memory for tab -> enter to submit the comment, is a risk if they have the crosspost set up.
I still think it's hideous and an utter disaster and I'm far from pleased - as I ranted about recently.

Also, with pingbacks, I find this to be a big concern: " That's when I realized I was being linked to (but unable to access) locked entries. Multiple times."

So by enabling pingbacks, you might be being given access to other people's locked posts. Nice work lj, nice work.

Not to mention that my lj and stalkbook are under quite deliberately different names and yet it I were to enable the connect, my facebook name is prominently displayed on my profile...

Privacy, they are doing it wrong.

(no subject)

Date: 2010-09-10 09:47 (UTC)
From: (Anonymous)
The entire update is a clusterfuck, it's rife with privacy concerns.

No probs. I still think it's been made too easy for it to happen accidentally.

(no subject)

Date: 2010-09-10 08:01 (UTC)
tangent_woman: (Default)
From: [personal profile] tangent_woman
Wow. Pingbacks include great swathes of the text from locked posts?

*disables pingbacks*

(no subject)

Date: 2010-09-10 09:45 (UTC)
lirion: (Default)
From: [personal profile] lirion
Yah. Nasty isn't it?
Also, it makes me wary of linking anyone's post in case they do have pingbacks enabled. I wouldn't necessarily be saying anything I didn't mind being read, but, still, not being able to control it is just not on.

(no subject)

Date: 2010-09-10 10:50 (UTC)
tangent_woman: (Default)
From: [personal profile] tangent_woman
Yes, it certainly is a problem. I've broadcast it about as far as I can. I hate that users aren't being told about this stuff.

There will be trouble when private information is made public. If harm comes to people because of the incompetence and arrogance of the LJ management or crew that is bad enough, but there is also the risk that the impact could be detrimental to the whole blog/social networking sector.

(no subject)

Date: 2010-09-10 07:48 (UTC)
tangent_woman: (Default)
From: [personal profile] tangent_woman
"Anyone can set their account up to default to crosspost their comments to Facebook, then LJ will quietly do so for all their comments, including those that happen in other people's locked posts."

Is that so? When I tested it, the facebook ticky box was checked by default for public posts, but unchecked for private posts. Hmm. Perhaps I specified that at set-up, then forgot?

(no subject)

Date: 2010-09-10 08:56 (UTC)
damned_colonial: Convicts in Sydney, being spoken to by a guard/soldier (Default)
From: [personal profile] damned_colonial
Just FYI, you can add openid accounts to your access list so they can read your locked posts without a full DW acct.

(no subject)

Date: 2010-09-10 16:52 (UTC)
damned_colonial: Convicts in Sydney, being spoken to by a guard/soldier (Default)
From: [personal profile] damned_colonial
Ah, fair enough.

(no subject)

Date: 2010-09-11 10:07 (UTC)
From: [personal profile] longi
One thing I found particularly useful as a Paid LJ user was the Mass Security Tool which lets you mark all those entries you don't want forwarded to farcebook as private all in one go until you can transfer your journal to somewhere like DW or your own RSS capable hosting.

Speaking of which... I don't suppose you remember who posted that list of tools for downloading/transferring LJ posts (including comments) a while back?

(no subject)

Date: 2010-09-11 16:15 (UTC)
From: [personal profile] longi
Found it in Hasimir's LJ: Full details.

There's always LJ Book which makes a PDF book of your LiveJournal including all comments and pictures. I've used this. It's actually quite good.

April 2014

S M T W T F S
  12345
6789 101112
13141516171819
20212223242526
27282930   

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags