Mixpanel just announced People Analytics. This service promises that, “you can tie any kind of data to your users to see exactly who they are and what they have done.” The analytics geek in my loves that idea. Directly tying everything you know about your customers including their name, photo, subscription information, etc. directly to how they are interacting with your site is really powerful.

It can give you insights into things such as how long a specific customer group spends on the site and what features they regularly use. Really great stuff, but the privacy professional in me gasped at the marketing pitch: “Now, you can empower your marketing team to take action on what they learn.” Yikes.

As someone said in the Hacker News post covering this: “I feel that this is one of those ‘great for data miners, terrifying for consumers’ moments.” There were a number of other posts...

Which would you guess is our privacy future?

• Option 1: No one cares about privacy - we share everything
• Option 2: Privacy becomes a recognized human right - we control our own data

Sorry privacy advocates, according to some of the best minds in privacy, option 1 is the correct answer.

Earlier this week I participated in discussions on the future of the privacy profession. The intentionally provocative presentations laid out a utopian future where big data is solving world problems, employees collaboratively interact with data, and corporate traveling moms get intimate time with their children from remote locales. All thanks to future technologies.

We’ve all seen these scenarios before, and they are entertaining to consider, but what struck me in the larger context of the presentations was the absence of any sense of hesitation on the part of the “future” user to share just about...

Applications designed for mobile devices must create a top-notch privacy experience. Even the smallest misstep could lead to a loss of trust and confidence. For a detailed review of privacy best practices for mobile application developers, read my guest post on FounderSync Blog.

Enjoy!

Behavioral tracking on the internet is a widely recognized problem. A 2009 article in the New York Times cites that two-thirds of Americans object in some way to online tracking. Despite that public sentiment, there are few regulations and rules outside of some efforts in the US and Europe to prevent this practice. And while there are a myriad of sophisticated tools users can install that can help prevent tracking, some trackers are even more sophisticated. Using techniques such as browser fingerprinting these operations can subvert many of these tools.

Gary Kovacs, CEO of Mozilla, gave an excellent TED talk on the subject back in May called Tracking the Trackers. In this presentation he mentions an analogy that highlights the heart of the issue: “Imagine in the physical world if somebody followed our children around with a camera and a notebook and recorded their every movement.”

As a...

Biometrics is an interesting topic and privacy and security experts around the world struggle with how to utilize the unique opportunity it presents while protecting users. There are two hitches with biometrics.

One, we have no systems (yet) that are accurate 100% of the time. So implementers of biometric systems have to find the trade-off between false positives and false negatives. Secondly a biometric is, by definition, something you are which never changes. So if someone steals your biometric profile they have that unique unchangeable identifier. In contrast if someone steals your password you can simply change it.

Biometrics is something I personally hadn’t given much though to in a while but in the last couple of weeks a handful of stories caught my attention. While I can’t quite wrap them into a single theme I thought they were worth sharing, simply for the exercise of provoking...

Check out the two guest blogs posts that were published today:

• KillerStartups.com: The Five Practices Of The Privacy-Sensitive
• FounderSync.com: Overcome Resistance With Transparency

These are my first attempts at blog posts for either of these sites. If I get a good response from one or both I will post more.

If Facebook doesn’t get its act together with regards to privacy, the newly minted empire will soon start to crumble. There is already a small movement of people who are dropping-out of Facebook, but I suspect these numbers, while somewhat vocal on the internet, are an insignificant portion of those that continue to participate.

However, hardly a story discussing the risks leading up the Facebook’s IPO left out some mention of privacy problems. Whether it was the FTC settlement last year, or pending lawsuits, many analysts considered (and probably still do) Facebook’s lack of a solid reputation for respecting the public’s privacy rights as a huge risk to the company’s long-term success.

Personally I believe that the only reason why Facebook was able to take a laissez faire attitude towards privacy for so long this that its service is free. Consider what Dan Ariely documents in...

This afternoon on Hacker News there was a short, but significant bump of “Show HN” posts. These are requests on a social news site where budding entrepreneurs show their new projects and ask for feedback. Looking through this recent crop I was once again troubled by what I saw. There is a shocking lack of concern over privacy among these early-stage startups.

A basic privacy notice is a simple thing to create and people really do care about such things. Don’t believe me? A quick Google search revealed the following links:

• Tech firms’ data gathering worries most Californians, poll finds
• Facebook privacy concerns may dampen IPO
• Half of social networkers worried about privacy: poll
• Poll: Privacy Rights Under Attack
• Friday Poll: Will the Privacy Bill of Rights matter?
• Other public opinion polls on privacy

Tackling privacy is not complicated but it does require a bit of forethought and...

I’m putting the finishing touches on my e-book and I’ve been sending out early copies to some select folks to solicit feedback. Someone, who will remain anonymous, asked, “Why are you targeting startup founders and not the developers?” I thought this would be obvious but apparently I’m too enmeshed in my own little world.

I explained that I’m targeting the head of the startup because privacy is everyone’s responsibility. The responsibility does not fall on a single individual’s (or team’s) shoulders and therefore it’s the company leader that needs to make sure everyone is on board. The response to that simple explain still was still insufficient and required a more detailed explanation.

Given that, I thought it was worth sharing my explanation of how everyone participates in making sure the startup tackles privacy issues and compliance correctly. But, quickly, just to make sure we are...

I’m spending an inordinate amount of time on BrightTalk this week. I just wrapped up a second presentation this week on the platform. This was an (ISC)2 Think Tank discussion on identity management issues in the cloud. If this type of thing interests you check it out.