In the physical world, privacy is evaluated as a series of probabilities and assumptions which are often anchored to a network of trust. If you write something on a piece of paper and hide it in your mattress, the likelihood that someone will find it is relatively small because paper is a very primitive data distribution technology. It has real, physical limitations which directly impact the probability that the information will be discovered. If you share information with your best friend or doctor or pastor, internally there are different evaluations of trust which are built on an unbounded series of factors. If they violate that trust and share the information with someone else, there is still a trust evaluation on the other end for the recipient who must determine if the source is reliable (are they making something up about you).

On the web, information moves differently. The data received can be a literal copy of the data sent regardless of how many times it hops around the nodes. The vast majority of our data is shared by proxy through faceless web services which we entrust to be good stewards of our data and our intentions. Out here, there is no such thing as private; only less public. Compounding the problem is what I refer to as the unidirectional path of online privacy which dictates that once something moves along the gradient of privacy (or the degree to which something is public information) towards being more public it can not be moved back to be more private. This is different from the physical world where information can potentially be taken back and disposed of. On the web, all data you see is technically a copy of some original source which most likely does not exist anymore because it was held in temporary memory. The rules and "social norms" of the web are different out here.

We recently have seen a shift in Facebook’s attitude towards privacy. Now, it seems, we are seeing Google test the waters of the new privacy standard (warning: link contains vulgarity):

I use my private Gmail account to email my boyfriend and my mother.

There’s a BIG drop-off between them and my other “most frequent” contacts.

You know who my third most frequent contact is?

My abusive ex-husband.

Which is why it’s SO EXCITING, Google, that you AUTOMATICALLY allowed all my most frequent contacts access to my Reader, including all the comments I’ve made on Reader items, usually shared with my boyfriend, who I had NO REASON to hide my current location or workplace from, and never did.

My other most frequent contacts? Other friends of Flint’s.

Oh, also, people who email my ANONYMOUS blog account, which gets forwarded to my personal account. They are frequent contacts as well. Most of them, they are nice people. Some of them are probably nice but a little unbalanced and scary. A minority of them — but the minority that emails me the most, thus becoming FREQUENT — are psychotic men who think I deserve to be raped because I keep a blog about how I do not deserve to be raped, and this apparently causes the Hulk rage.

Privacy is important. Let me say that again: Privacy is important! We have a lot of work to do. We’re still figuring out how data ownership and privacy works on the web. One thing, to me, is clear: people want to be treated closer to their local norms on the global stage.

Food for thought.