Social Issues

"Move Fast, Break Trust?"

This week’s blog post is written by fellow PhD Candidate Nicholas Gorski, who came across yet another bug in Facebook’s privacy during the latest rollout. The post germinates from a discussion about how the motto “Move Fast, Break Stuff” sounds fun for an engineer, but is this attitude apt when it comes to your relationships with your friends and family? As an explicit clarification to the engineers at Facebook: This post is intended to incite thought about attitudes towards privacy models, and not make any claims about coding abilities or the inevitability of bugs. —arnab


Mark Zuckerberg’s motto for Facebook, now used as company differentiator in engineering recruiting pitches, is “move fast, break stuff.” As previously reported, Facebook certainly broke things in changes pushed out Tuesday evening: By previewing the effects of your privacy settings, you were briefly able to see your profile as if you were logged in to a friend’s account, which enabled you to view your friends’ live chats as they were taking place, as well as look at pending friend requests.

Tuesday’s changes apparently also broke another privacy setting, though. By now, everyone is aware that Facebook exposes privacy settings for personal information in your profile. This includes items such as your Bio, description, Interested In and Looking For, and Religious and Political Views. However, Tuesday’s changes appear to expose this information to everyone in your network regardless of your privacy settings and even whether or not they are your friend.

[click the pictures to enlarge]
Screen shot 2010-05-06 at 2.27.40 PM

Screen shot 2010-05-06 at 2.27.49 PM

Try it out for yourself. First, set the privacy settings for some of your personal information to exclude certain friends of yours that are in your network, and then preview your profile as them. If the privacy breach hasn’t been fixed yet, your friend will still be able to see your personal information even though they shouldn’t be able to according to your privacy settings. As we mentioned, this extends beyond your friends: anyone in your network may be able to view your personal information (it may even extend beyond your network).

Screen shot 2010-05-06 at 2.27.55 PM

Screen shot 2010-05-06 at 2.28.02 PM

(Note: the privacy leak may have since been fixed… although an awful lot of people now have public quotations on their profiles.)

Unfortunately, it’s unlikely that this bug is going to get the attention that it deserves. Facebook is exposing a privacy policy to its users, but is broken such that it ignores this policy. Upon rolling out Buzz, Google was lambasted in the press for defaulting to a public privacy policy for your contacts – if you opted in to creating a public profile. In this case, Facebook let you set an explicit privacy policy, but then exposed that information anyway.

How could this seemingly minor privacy leak hurt anyone, you might ask? The canonical example of the danger of Buzz’s public contacts was the case of the female blogger with an abusive ex-husband. No harm actually befell this security-conscious blogger, but it certainly could have. In the case of Facebook’s privacy breach, the information that was made public was only profile information relating to your biography, religion and romantic preferences. Given the masses of Facebook users, how many people’s sexual preferences could have been inadvertently outed? How many people could have had potentially embarrassing biography information exposed to their parents, people in their network, or potential employers? The privacy safeguards are there for a reason, after all.

One might be inclined to write it off as a mistake, potentially a bug in a PHP script written by a junior software engineer — something hard to believe, given the reported talent of their employees. But Facebook’s motto, and their current agenda, makes it clear that the privacy leaks that have come to light this week are more than that. They are a product of corporate indifference to privacy; indeed, Facebook’s corporate strategy for monetizing their site depends on making as much of your information public as they can. The EFF has repeatedly sounded alarms about the erosion of privacy on Facebook, but is it too late?

Much of the information that was once personal and guarded by privacy settings has now migrated to the public portion of the site, and has been standardized in order to facilitate companies using your personal information to tie in to their marketing and advertising campaigns. The books that you like, the music that you listen to, your favorite movies: all of these are valuable data that companies will pay Facebook for, in aggregate. It will allow them to target you more specifically. When you expose this information publicly, though, are you really aware of how it will be used – not just today, but tomorrow? Information will persist forever in Facebook’s databases, long after you delete it from your profile.

In the meantime, Facebook’s corporate attitude of playing fast and loose with your profile information makes it likely that future privacy leaks will occur — that is, if any of your profile information remains private for much longer.

Visualizations for Navigation : Experiments on my blog

This is a meta post describing two features on this blog that I don’t think I’ve documented before. Apologies for the navel-gazing, I hope there’s enough useful information here to make it worth reading

Most folks read my blog through the RSS feed, but those who peruse the web version get to see many different forms of navigational aids to help the user around the website. Since the blog runs on Drupal , I get to deploy all sorts of fun stuff. One example is the Similar Entries module, that uses MySQL’s FULLTEXT similarity to show possibly related posts1. This allows you to jump around on the website reading posts similar to each other, which is especially useful for readers who come in from a search engine result page. For example, they may come in looking for Magic Bus for the iPhone , but given that they’re probable iPhone users, they may be interested in the amusing DIY iPhone Speakers post.

The Timeline Footer

However, given that this blog has amassed about a thousand posts over seven years now, it becomes hard to expose an “overview” of that much information to the reader in a concise manner. Serendipitous browsing can only go so far. Since this is a personal blog, it is interesting to appreciate the chronological aspect of posts. Many blogs have a “calendar archive” to do this, but somehow I find them unappealing; they occupy too much screen space for the amount of information they deliver. My answer to this is a chronological histogram, which shows the frequency of posts over time:

Each bar represents the number of blog posts I posted that month, starting from August 2002 until now2. Moving your mouse over each bar tells you which month it is. This visualization presents many interesting bits of information. On a personal note, it clearly represents many stages of my life. June of 2005 was a great month for my blog — it had the highest number of posts, possibly related to the fact that I had just moved to Bangalore, a city with and active Blogging community. There are noticeable dips that reflect extended periods of travel and bigger projects.

In the background, this is all done by a simple SELECT COUNT(*) FROM nodes GROUP BY month type query. Some smoothing is applied to the counts due to the high variance, for my usage, Height = Log base 4 (frequency) gave me pretty good results. This goes into a PHP block, which is then displayed at the footer of every blog page. The Drupal PHP snippets section is a great place to start to do things like this. Note that the chart is pure HTML / CSS; there is no Javascript involved3.

The Dot Header

Many of my posts are manually categorized using Drupal’s excellent taxonomy system. A traditional solution to this is to create sections, so that the user can easily browse through all my Poems or my nerdy posts. The problem is that this blog contains notes and links to things that I think are “interesting”, a classification that has constantly evolved as my interests have changed over the past decade. Not only is it hard for me to box myself into a fixed set of categories, maintaining the evolution of these categories across 7+ years is not something I want to deal with every day.

This is where tags and automatic term extraction come in. As you can see in the top footer of the blog mainpage , each dot is a topic, automatically extracted from all posts on the website. I list the top 60 topics in alphabetical order, where each topic is also a valid taxonomy term. The aesthetics are inspired by the RaphaelJS dots demo, but just like the previous visualization, it is done using pure CSS + HTML. The size and color of the dot is based on the number of items that contain that term. Hovering over each dot gives you the label and count for that dot, clicking them takes you to an index of posts with that term. This gives me a concise and maintainable way to tell the user what kinds of things I write about. It also addresses a problem that a lot of my readers have — they either care only about the tech-related posts (click on the biggest purple dot!), or only about the non-tech posts (look for the “poetry” dot in the last row!).

This visualization works by first automatically extracting terms from each post. This is done using the OpenCalais module (I used to previously use Yahoo’s Term Extractor, but switched since it seems Yahoo!‘s extractor is scheduled to be decommissioned soon). The visualization is updated constantly using a cached GROUP BY block similar to the previous visualization, this time grouped on the taxnomy term. This lets me add new posts as often as I like, tags are automatically generated and are reflected in the visualization without me having to do anything.

So that’s it, two simple graphical ways to represent content. I know that the two visualizations aren’t the best thing since sliced bread and probably wont solve World Peace, but it’s an attempt to encourage discoverability of content on the site. Comments are welcome!


1 I actually created that module (and the CAPTCHA module) over four years ago; they’ve been maintained and overhauled by other good folks since.

2 Arnab’s World is older than that (possibly 1997 — hence the childish name!), but that’s the oldest blog post I could recover.

3 I have nothing against Javascript, it’s just that CSS tends to be easier to manage and usually more responsive. Also, the HTML generated is probably not valid and is SUPER inefficient + ugly. Hopefully I will have time to clean this up sometime in the future.

If I had a million dollars

If I had a million dollars to spend, I would invest them in these two things:

Preventative secondary healthcare for rural areas:

They are not doctors. They are not nurses. They are illiterate women from India’s Untouchable castes. Yet as trained village health workers, they are delivering babies, curing disease, and saving lives—including their own.

and Cell Phones for developing areas :

Mobile phone ownership in India is growing rapidly, six million new mobile subscriptions are added each month and one in five Indian’s will own a phone by the end of 2007. By the end of 2008, three quarters of India’s population will be covered by a mobile network. Many of these new “mobile citizens” live in poorer and more rural areas with scarce infrastructure and facilities, high illiteracy levels, low PC and internet penetration.

bags, balls and boyfriends

Links today brought to you by Red Bull™, my abusive friend in a can pushing me through a rather crazy day.

  • Lego Schoolbag : If I was a 10 year old girl, I would give away my younger brother for this one.
  • Every expression in this picture is priceless. I like how our hero has resigned to prayer.
  • A hilarious sketch from Snuff Box, starring Matt Berry, who also stars in the hilarious britcom The IT Crowd.
  • Adobe is opening up the SWF and FLV formats with the Open Screen project. (No sir, this is not about Single White Females or Fine Looking Virgins.) Flash has been sort of open for a while, with projects like SWFTools and GNash, but this takes things to a whole new level, with a slew of bigwig corporate backers. Flash and FLV have been in my opinion the critical enablers to the online video revolution; and this is definitely a great step ahead. I’m curious to know what Microsoft’s Silverlight team is thinking, as well as the folks at Sun (who just opened up all of Java). And of course, let’s not to forget the Android folks who have a very pretty stack, but tacking on some Flash magic would definitely be a very big deal. Considering the significant overlap between supporters of the Adobe effort and the Google effort, this is going to be fun to watch.


In the light of the American Media Machine, I find this article very disturbing:

When University of Michigan social psychologist Norbert Schwarz had volunteers read the CDC flier, however, he found that within 30 minutes, older people misremembered 28 percent of the false statements as true. Three days later, they remembered 40 percent of the myths as factual.

Younger people did better at first, but three days later they made as many errors as older people did after 30 minutes. Most troubling was that people of all ages now felt that the source of their false beliefs was the respected CDC.

I’m really looking forward to the day when they’ll have a “Top Story” about how eating organic food inside hybrid vehicles causes certain chemical reactions in the food that trigger “bouts of homosexuality”.

Anti-God Starbucks cup has customer steaming

WorldNetDaily is running an article reporting Ohio customer Michelle Incanno’s problems with her Starbucks cup, which came with the quote:

“Why in moments of crisis do we ask God for strength and help? As cognitive beings, why would we ask something that may well be a figment of our imaginations for guidance? Why not search inside ourselves for the power to overcome? After all, we are strong enough to cause most of the catastrophes we need to endure.”

She says:

“As someone who loves God, I was so offended by that,” Michelle Incanno, a married mother of three who is Catholic, told the Dayton Daily News. “I don’t think there needs to be religious dialogue on it. I just want coffee.”

Haha, religious dialogue? This is philosophy, not religion. Plus, I’m not sure how a note on a cup constitutes a *dia*logue. But let us engage in the dialogue that Mrs Incanno did not want, since that’s what bloggers do. My problem is that Mrs Incanno is implying that God is this separate entity, this thing inside a church that she goes every week to worship. Frankly, viewpoints and protests such as these are exactly the kind of problems that result from blind faith. The unification of the “self” and the “almighty”, as opposed to the recognition of God as an object of worship has existed in many religions. In Vedic Hinduism, one is reminded of “Aham Brahmhasmi”, which loosely translates to “I am almighty”, referring to the same the power inside of us that the Starbucks quote talks of. Why do you have a problem with that, Mrs. Incanno? What of the symbolism behind the consumption of wine and bread? Does that not then represent an attempt to capture some of the magic in our own material body? My understanding is that Christianity in most of its forms forbids idolatry — and it is not the only religion to do so. It is a recurring theme across religions, where the crux of faith lies inside the believer. Then why have a problem with the quote? For all you know, there’s probably some frustrated, depressed suicidal yuppie who will want to have his last Venti Mocha Quadruple Espresso to go wash down that jar full of sleeping pills, who will read this quote and and realize that God Almighty is not going to fly down and hand him a pile of cash, that he needs to get off his ass and get his act together. Given the potential benefits, I think Mrs. Incanno is better off ignoring messages she does not understand.

Feels like minus twenty

(This is a Bloo emailer I just sent out. Bloo is a elitist clique I and a few others run at UofM; so a lot of the text here is pointless to most people reading this, including Bloo members. Just thought I’d put it up for public consumption as well)

Feels like minus twenty

Just thought of sending out a “Yo, wassup” email, since I have a presentation tomorrow that counts towards 50% of my grade in that course, and I feel like wasting my precious hours doing something futile. One day I’ll figure out the cause of this suicidal tendency of mine. Till then, you can peruse some truths:

1. They put Cocaine in Orange Chicken. I’m telling you.

2. Orange Chicken is best when there’s only a bit of it left in the container. That way, it’s been there for a while, the flavor has seeped in and stuff. Fresh OC is rather pointless; you could have had chicken pakoda in imli chutney instead.

3. MDX, or Mountain Dew eXtreme, available at Ugo’s is not a bad drink at all. There’s a girl who buys this drink often; she’s quite pretty, in my view.

4. Speaking of pretty girls; that abhorrent construction in front of Pierpont is an Arts and Drama center. Arts and Drama, as we all know, means pretty girls. In other words, bear the noise / dust, kids. It’s (eventually) good for you.

5. The CSE CAEN labs are pretty spiffy, ya know. Where else would you find whiteboard grafitti that says “Happy Valentine’s Day” in Devnagari? (and then someone added Persian). And someone even wrote “Thanda MATLAB Coca Cola”. Geeks, I tell you.

6. I once asked for a “Medium Mocha without Milk” at Mujos, and got a severe mocking from the barista there. You see, a Mocha is a Latte, which by definition is a milk laced coffee. So, if you ever want something that’s strong, nice and has a strong hint of chocolate that makes you go vrooom; ask for a “Double Espresso with Chocolate Syrup, no sugar”. Sexiest thing I’ve had between my lips in the last few months. Sexiest thing under 3 dollars, that is.

7. Now that you’ve read all this, all I can say is, dude, what?! You think that midterm will take care of itself? Go and study!

Pray for me,

| |

of bangalore and shameless bus conductors

There’s something really scary about the state of public transport in Bangalore. The bus conductors are also totally evil.

The reason this is unnerving is because Bangalore offers two modes of public transport to the common man – autorickshaws, and buses. While autorickshaw drivers are totally evil down to the bottom of their soul, I overlook this since this is the same in almost every Indian city. Maybe there’s an “Autowallahs and Satan” association panning Delhi, Bangalore and (reportedly) Chennai — with it’s primary mission to cheat and loot every customer till there’s none left. And it’s slowly invading Mumbai too, a city once known for the honest, professional auto-drivers who paid you back even the 50 paisa.

But I digress. This post is about bus conductors, who, in my eyes have always been the bastion of the strong-minded, hard-working but underpaid class that keeps the city running. Conductors in Delhi (DTC only, Bluelines are run by gremlins and don’t count) and Mumbai (BEST) are known for their no-nonsense attitude; but Bangalore busmen(and women — they have female conductors here) seem to weave a rather different tale. Not only are they spineless and corrupt, they try to assert their hallowed virtues onto the passengers as well. Here’s one of my many accounts with conductors on Bangalore buses:

Me: 1 ticket, Binnamangala please. (Hand him a ten rupee note, the ticket is for four rupees)
Him: (Takes note, returns six rupees, looks around)
Me: Excuse me, Ticket?
Him: makes face, offers me a one rupee coin
Me: Screw you! I don’t want your money, I want my ticket!
Him: Gives me an old, used six rupee ticket.
Me: What the….
Him: (Finally gives me the ticket I paid for.)

So what’s it with Bangalore that makes its conductors so evil? Considering the weather, the quality of life, the nature of the passengers; Bangalore conductors have a much better time than their Delhi and Mumbai counterparts. Maybe they’re paid really less salaries? I doubt it. Maybe they’re ex-auto drivers? Maybe. But what I believe is the real reason is the percentage of laptop-carrying, Nike-wearing bus passengers who give a damn for these trivial transactional details and would rather spend their precious time worrying about more important things.



To inaugurate the day, a chat transcript:

Arnab: did you know that a boy here was eaten up waist down?

Victim 23: sending one-liner messages

Arnab: here at iit...

Victim 23: what?????????

Arnab: by a panther

Victim 23: when?????????

Victim 23: oh no

Arnab: evening

Arnab: ya

Arnab: so we're all on high alert and stuff

Victim 23: thats horribleeee

Victim 23: okayy

Victim 23: who was this boy?

Arnab: AF Baba,,,, Btech 3rd year Civil

Arnab: you know anyone in iit?

Victim 23: okay

| |

Indie Pendence

A very Happy Independence Day to all Indian junta! (Also to all my friends in Congo and South Korea, who share their Independence / Liberation days with us)

While we're all cursing our fate and fuming at the fact that the National Holiday that falls on a Sunday this year, I thought I'd quote somethings I learnt in Class 9 civics class. First, I present you with the Preamble on the Indian Constitution. This is not just any paragraph. It defines the dream that our ancestors gave up their lives for, the vision that they sacrificed everything for.

Preamble to the Constitution of India