In a classic piece of ethnography from the 1940s, William Whyte carefully watched the interactions among Italian immigrants on a street corner in Boston’s North End.  Technology today has made the world like the street corner in the 1940s—it is now possible to make detailed observations on the behavior and interactions of massive numbers of people. These observations come from the increasing  number of digital traces left in the wake of our actions and interpersonal communications.
Mobile Phone Data for Inferring Social Network Structure, N. Eagle, A. Pentland & D. Lazar (pdf)

After several years of futile resistance I was assimilated by Facebook this week.  Ultimately, I decided that I wanted to keep in touch with friends, many of whom I’d lost contact with over the years.   I finally overcame my concern that I would come to know too much about some of them.   I get friend requests as my “circle” expands.  At this writing, I have twenty four friends.   FB also suggests “People you may know.”

Sometimes those suggestions can seem a little too good.  Caitlin Dewey wrote in the Washington Post last spring about how Facebook does it.  In Dewey’s telling, it’s all good math.  But, just how paranoid should I (we) be?

Last night I went to a very small party, where I met Jean for the first time.  This morning FB suggested Jean as a person I may know.    Dewey’s “good math” explanation would have that suggestion be the result of matching information from our profiles and our network.  But, my profile discloses nothing more than where I live (Boulder, Colorado) and where I went to school.  Jean’s profile has not much more.  We have no mutual FB friends.  We have no mutual FB interests (I have disclosed no interests to FB explicitly.)  I have not allowed FB to see my contacts.   It would actually make more sense for FB to suggest Jean’s husband, with whom I worked briefly in an exotic location, though not within the same organization.

So, is the timing just a coincidence, or did FB know or infer that we were at the same location last night?   I have installed the FB app, but I have turned off the location option (at least that’s their story).   Or, does FB know that I searched for the party address on Google Maps shortly before I left my house last night?  Did Jean do the same?

Association by proximity is ho-hum.  FB offers opt-in proximity alerts in its Nearby Friends service, but wondering about PYMK is a small industry on the internet and a few folks have seen evidence that physical proximity prompts PYMK suggestions.  But FB does not have permission to use my location, and in 2014 they denied that they use location data for PYMK (though the wording is such that FB could deny the denial if they are caught actually using location info).  Is FB inferring proximity from other information?  I don’t know.  I don’t know, but I am going to do a little experiment.

Let me offer up an idea I had several years ago that is even creepier–it is completely passive and there is no opt out.  It was such an evil idea that I thought about patenting it, but intelligence agencies are probably already doing this, so going through the expense and brain damage of applying for a patent would probably be a waste of time (and a source of trouble.)

Radio Frequency Identification (RFID) is a technology where a small transponder transmits an identification code upon interrogation by radio.  There are a variety of technologies, but some are small enough and inexpensive enough to be placed in clothing.  I have an RFID transponder on my car that allows automatic tolling on a nearby highway.  The RFID unit is a small windshield sticker that replaced a cell-phone-sized active, battery-powered transponder.   Passports issued since 2007 have an RFID transponder, as do many new credit cards.  There are real concerns about privacy with RFID, so standards have been developed that are intended to protect your identity from nefarious interrogation of a transponder.

But, as RFID tags used for inventory control become smaller and more common, even ubiquitous, the combination of RFID codes in the collection of clothes a person is wearing will provide a practically unique signature.   A particular RFID code is not necessarily unique, but a combination of several codes becomes virtually unique.   Of course, people will wear different clothes from day to day, but it is not difficult to imagine a data mining approach that would categorize different sensed combinations as being the same individual–I have not done the math, but detecting even two codes together would likely be a very  reliable signature.   Of course, once a set of signatures has been associated with Person X, then that individual can be tracked, and can be associated with other people by proximity in space and time.   RFID interrogators placed in airports, train stations, bus stations or even on streets or in shops, could provide a rich data set from which associations could be inferred.  Figuring out who Person X really is will not be too hard.

If you think this is far-fetched, take a look at what Disney is doing.  Just replace “object” with “person”.

What makes this seem particularly evil is that it is not opt-in, and you cannot opt out.  (Though you may be able to destroy RFID tags in your clothing (using a microwave oven–look it up), you won’t be able to do that with electronic equipment, your passport or your credit card.  Some technologies that vary returned codes according to an algorithm known, in principle, only to the manufacturer could also make social network discovery through RFID more difficult, but only if used in all RFID transponders.)

You are probably not crazy if you are a little paranoid about all of the information you are leaking.  My advice for your peace of mind:  Don’t try using face recognition in Picasa or Google Photos (or now Lightroom).  It’s creepy good and sometimes scarily wrong.