Privacy is always better through sepia-tinted glasses

In Information Security ByRyan Farmer / 5th February 2013

Facebook-Acquires-Instagram

Instagram has done one thing well. And no it’s not turn HD 8MP snaps of man plus dog’s meals in to Polaroid-esque travesties of blurriness, reminiscent of ‘70s snappers. What the photo filter app-maker (or photo-sharing and social-networking service if you sign up to marketing hyperbole) has done though is highlight that there isn’t a total sense of apathy and disinterest in security and privacy amongst the greater public, they just need something to care about – a sepia-toned champion if you will.

As word of a renewed privacy policy swept across Twitter, Tumblr, and Pinterest, the cool kids were up in arms, albeit at the duress of coattail-riding ‘celebrities’ like Kim Kardashian (a more orange than sepia skinned hero granted, but we take what we can get). How can you not own a photo you took on your own phone? There is one school of thought here that rationalises the situation – you own the unaltered photo which you took; but as you’ve over-exposed/scratched/generally ruined it with their app, then the output belongs to Instagram. By their logic, any image manipulation produces a new photo that is the property of the editor. That’s the kind of proprietary nonsense that even Apple’s legal team would turn their noses up at. This isn’t something anyone wants – my HTC has similar filter editing built in, and plenty of HDRs and digital cameras do their own image and balance correction on-device. Whilst we’re on the subject of what you can do ‘on-device’, in what world did Instagram think it was a good idea to not let users take pictures offline? Seriously?

Despite what Instagram, Zuckerberg, or anyone else claims the true intention of the shift was, the subsequent backtrack was unsurprising both in its speed and scope of the policy turnaround. For a company fresh off the back of a $1bn acquisition and enjoying the associated buzz of riding the crest of the Facebook wave, the whole move was a PR disaster and the damage has already been done. If you believe some news outlets, the app has lost half of its daily user base as a result of the debacle, and competitors have stepped up to try and fill the ‘vintage filter’ void.

But is it fair to blame companies like Instagram, YouTube, Facebook, et al for tying to monetise their offerings? After all they host literally petabytes of users’ content. It isn’t just servers that cost, but staff, cooling, and ground rent. And really, what were they going to use those pictures for? Which third parties were they hoping to sell them to? As nice as that shot of a sun-drenched deckchair on Brighton beach is in black and white, it’s not like stock photo repositories are going to be teeming with low-res shots of your shenanigans for sale. Let’s face it, Instagram got jealous of Facebook and LinkedIn with their user content advertising, and got caught up in the ‘we should be doing that too’ mentality that is synonymous with social media… except they forgot to offer an opt-out like those other bastions of user privacy (eventually) did.

So there’s one very important lesson Instagram has given us – users care about privacy and security when they have a vested interest, if it’s something they use out of choice rather than necessity, they are more than ready to get up-in-arms about it. Well actually there are multiple lessons, but if there’s one more fortune cookie of wisdom here… It might be best to explain the purpose of a policy before rolling it out, even if it’s just for awareness, hearts, minds, and warding off mutiny.