thorfinn: <user name="seedy_girl"> and <user name="thorfinn"> (Default)
[personal profile] thorfinn

So, as announced in LJ news: Facebook and Twitter Connect, Pingbacks have gone live. FB Connect is available for public posts you make (which is fine, and a feature I actually want on, but it's also available for comments.

Anyone can set their account up to default to crosspost their comments to Facebook, then LJ will quietly do so for all their comments., including those that happen in other people's locked posts. That's a potential major accidental privacy violation just waiting to happen there. ETA: Sorry, I'm wrong, it doesn't do that on locked posts. It's still easy to do accidentally, though. I'm not at all sure why anyone would set up that option, but it's an extremely bad option to have available as a default.

ETA: In addition, if you have Pingbacks on (and they're on by default so go check your livejournal privacy settings), if you link from a locked post to any other URL that lives on a site which supports Pingbacks, that site (and if it's a blog, the blog owner) will get an excerpt of your locked post. Not just the link and linkback, LJ sends an actual excerpt of your locked post, regardless of what the remote site you're linking to is. That really is a major accidental privacy violation in progress.

When I first started using LJ several years ago, it was a site where privacy controls were strong and respected, and the space of social networking (Facebook and Twitter) where nothing is private was not really present. So I have locked content on my journal that is stuff that I want to keep actually private, not merely "pseudoprivate".

Unfortunately, since that time, LJ has been sold off to Russians who also have financial interests in Facebook and Twitter. As I posted in the past about why I dumped Livejournal in favour of Dreamwidth, there are pretty strong indicators that the software engineering quality around LJ keeps falling, and I have yet to see anything indicating a reversal of that trend. If anything, it's become even worse, with a very strong focus on new features very much purely being focused around making money from users however possible. Speculation abounds about LJ's profitability and continued long term existence as a result. Personally I would be concerned about the financial status of any service that is quietly running around trying to "monetise" everything possible.

Now, there are a number of quite valid reasons why you might not care about what's going on with LiveJournal:

  1. You may not know know that LJ is changing things. Easy to happen if you don't log in frequently, or don't check LJ [ profile] news, or happen to have any friends who are concerned enough to post about it when you happen to read them, or any number of similar reasons.
  2. You may not particularly consider the potential loss of privacy an issue. If you don't make a lot of locked posts, and those you do make locked aren't even all that secret, then who cares, eh? Nothing to keep private, no privacy problem. That's actually my approach on Facebook - I assume everything I post there is public information, regardless of any privacy controls.
  3. You may not understand the privacy issue(s) at hand. The mash of conflicting tensions between sharing and privacy and the technological issues at hand is complicated, ugly, and messy. It really is, and it's hard to get to grips with sometimes, even when you are a security concerned technical person, let alone when you're not.
  4. You may not be worried by this particular small issue. However, small incremental changes for the worse tend to result in the mythical "live frog in pot on the stove" syndrome. No individual change in temperature ever provokes the frog to jump out of the pot, because it's below the threshold of notice and because the pot walls are a bit hot and high to jump over. The frog simply sits there until it cooks (or in this case, the service maybe suddenly disappears because it's not profitable any more).
  5. You've already jumped ship to, or have backups of your own journal and content via other means.

Whilst I don't really enjoy making things inconvenient for my friends and acquaintances still on LJ, I feel that I have to protect my privacy and content, which means making certain compromises and taking certain actions. Those have been to:

  • ditch LJ as anything except a "reposter" and for reading my friends who are still on LJ
  • take backups of my content, both a personal backup dump which I'd been doing for years, and via a full import to DW
  • turned off comments on my entire LJ (in response to the FB connect privacy issue)
  • post new content at DW [personal profile] thorfinn, crosspost to LJ [ profile] thorfinn with disabled comments on LJ, redirecting people to DW to comment. Locked posts can still be read on LJ, but require a DW account to comment on, unlocked posts can be commented on using OpenID.
  • continue to read on LJ and also read on DW
  • turned off search engines in my LJ privacy settings
  • update my social networking sticky to explain in more detail why and how to switch to for anyone that wants to.

ETA: 2009-09-10 LJ News: Facebook and Twitter Connect, Pingbacks, updates - they've announced that they will (eventually) drop crossposting for locked posts. They also confirm that Pingbacks have a bug where you still receive them even if you turned them off - and that's the sort of bug that makes me worry that you might be sending them even if you turned them off.

So, in short, I'm still on LJ for reading and crossposting my blog posts, and I don't plan to change that. However, if you want to comment on content that I post, I really am sorry for the inconvenience, but you can either sign in on with OpenID (for unlocked posts) or obtain your own DW account (for all posts included locked ones). If you don't want to do that, I am sorry, but that's what I feel I must do to protect my privacy.

ETA for anyone who wants a DW account: news from [site community profile] dw_news Weekly Update: 8 September 2010:

Speaking of promo codes, Six Apart has recently announced that their Vox service is closing doors as of September 30. If you or a friend would like to move your Vox blog to somewhere that has the fine-tuned privacy controls that other options such as TypePad or Wordpress doesn't have, Dreamwidth would be a perfect fit! You can use the account creation code "VOX" to create an account.

Identity URL: 
Account name:
If you don't have an account you can create one now.
HTML doesn't work in the subject.


If you are unable to use this captcha for any reason, please contact us by email at

Notice: This account is set to log the IP addresses of people who comment anonymously.
Links will be displayed as unclickable URLs to help prevent spam.

April 2015

12131415 161718

Most Popular Tags

Style Credit

Expand Cut Tags

No cut tags