Why is orkut evil?

Orkut is a system whereby you set up an account which has information about you - your name, email address, location, likes & dislikes, etc - and allows you to connect yourself to other accounts by marking other people as "friends". The idea is to form a "social network" of people who are likely to either know each other or possibly should get to know each other. It's run by Google, in imitation of several other similar systems that have proved popular in the past.

The problem is that Google will now effectively have a detailed dossier on everyone who uses their system. They've always known that person X searched for "linux software" today and "star trek memorabilia" yesterday. But now they'll know precisely who person X is, where they live (postcode, anyway), and who their friends are. If you also happen to use Google's email service, "Gmail", then they'll also know what they said, when, and to whom. And Google never throws anything away. That dossier is permanent.

The usual response to privacy issues is, "I've got nothing to hide, so I'm not bothered about private information being in the hands of a reasonably well-intentioned organisation". Google are, by all accounts, reasonably well-intentioned. There's no indication that Google plans to use this for anything except inserting the odd small ad into your email. But that's now. Google could be a completely different company in a few years - they could have their backs to the wall, they could be bought out by a company with very different ethics. The data they store represents an incredible amount of power if used the right (or wrong) way, and we need more than just good intentions to protect ourselves against its misuse.

The most obvious way it can be misused is for commercial purposes, ranging from banks using the content of my private emails to make credit limit decisions, to spam mails pretending to be from my friends, written in their writing style, and even data ending up in the hands of organised crime.

Worse than that though is the prospect of the US government abusing the database. Google is a US company, bound by US law and ultimately answerable to the US government. It is open to the CIA at any time to subpoena Google (possibly in secret) to trawl for any connections which indicate "unamerican activity". They might find out, for example, that I marched to Hyde Park in protest against the invasion of Iraq. There are various sanctions they might put in place against me. They can stop me entering the country, prevent US companies employing me, stop me selling products in the US. They can inform their allies in other countries that I'm a suspicious character (without necessarily saying why) and all of a sudden every passport security check in Europe becomes a third-degree.

Now maybe this is paranoid, maybe it's not. The crucial point here is that these options are only available to the US government, because certain key technology companies with effective monopolies are based in the US. There's no European Google, so Europe can't counteract with its own sanctions against the US. The decisions of the US government are made according to only one criterion - the interests of US citizens. If those interests conflict with my interests, then I'm in trouble, because the US government holds all the technological cards.

Leaving the "out ta get me" arguments aside though, there's still problems with the amount of power Google itself has. If Orkut takes off it could be a crucial business tool. Ten years from now, when I submit my resume to a new employer, their first reaction might well be to look me up in Orkut. Now, Orkut reserves the right to kick you off their system if you abuse it; effectively they can blacklist you. The problem is that there's no way to appeal these decisions. It's easily possible that someone could steal my identity (very common practice nowadays) and use it to send spam or otherwise abuse Google's network. Google blacklists me, and suddenly I find it mysteriously hard to find employment. Complaints to Google are met with stubborn "Our policy is not to change decisions unless blah blah blah...", or possibly nothing at all.

Google isn't a particularly large company, they can't affort to hire thousands of people to sift through complaints all day. It's nice that they're a streamlined company that can just get things done, not a vast creaking bureaucracy. Unfortunately, they'll only get the right things done 99% of the time. If Google is at the centre of world commerce, and you find yourself in the 1%, then 99% just isn't good enough. That's why we have bureaucracy. 99% of the time they're just annoyingly slow, but the remaining 1% of the time they're all that stands between innocent people and ruin.

Google isn't the only problem here. In general, information technology is exponentially increasing the amount of data that is held about you, and the number of people who have access to that data. David Blunkett wants to intoduce compulsory ID cards for all UK citizens, linked to a central government database complete with fingerprints and iris scans. In the service economy, information is becoming more and more important to the way we run our lives - Blunkett eventually wants to get to the stage where I can use that ID card to buy a diet coke from the train station vending machine. But so far no-one's really given enough thought to how we protect ourselves from the possible abuses of that data. There haven't been any truly cataclysmic scandals yet, but just you wait.

Back to Orkut. Despite all of the above, I have now joined Orkut anyway. Why? Well first of all, simply not joining Orkut isn't going to stop the apocalypse. Everyone else could, and ultimately I'll be no more able to avoid joining than I'll be able to avoid having a passport. Secondly, Orkut does have a useful function for me - as a kind of hyper-linked telephone directory. So when I meet Jim's friend Dave at the pub and he suggests I borrow his copy of Trainspotting, I can email him the next day despite the fact that I don't know his email address or his last name.

Instead of boycotting the system, I'd like to encourage it to be used carefully. Use it, but give it as little information as you can. I've only given my name, age, photo and email address. That's enough for friends to find me, and that's all I'll use the system for. But I'm still nervous about the system, and I'll be watching Google's activity carefully.

Update 2005-09-23

Orkut now requires you to use a Google account to login, and they explicitly acknowledge that they may combine information from the two services for marketing purposes. This means that the "detailed dossier" I talked about above is now a reality, and is being actively used by Google to deduce even more information about you.

Also, it seems that the initial enthusiasm for Orkut tailed off very hard indeed. The vast majority of people have no interest in entering their personal details into a people database. The only people I'll ever be able to keep in touch with through Orkut are people who are already obsessively online anyway, so there isn't as much point to the exercise as I thought.

Putting these together, I decided that now is the time to cancel my Orkut account, and my Friendster account while I'm at it. I still have a Yahoo profile somewhere, which I'll keep, since I never use Yahoo search, so there's no chance of Yahoo pulling the same trick. It's also extremely unlikely that Yahoo will ever be taken over by Google, Microsoft, or anyone else I don't want looking over my shoulder.

If you notice my personal details lurking around anywhere on the internet they shouldn't be, especially Orkut or Friendster, I'd appreciate it if you could let me know, so I can attempt to get it removed.

Back to my homepage
Matthew Exon
Last modified: Fri Sep 23 12:00:42 CEST 2005