Many new applications do a great job of making it easy and free for you to post your information online. In a lot of cases, your data is combined with other people's data, to pull helpful or interesting relationships out of aggregate data ("People who bought this book also bought...."). Your photos on your hard drive are not as useful as your photos on Flickr, where others can comment on them, find them via tags, share them, and make them into photo-related products.
Obviously, though, this shift has many implications for privacy, and it is worth wondering what the future of privacy is for web application users. A security breach on one of the most popular hosted web applications could easily reveal private information about thousands or even millions of the site's users. An employee of one of the largest providers could access information about the site's users without anyone knowing. How should a user of these applications think about these risks?
Right now, most application providers either don't talk about these risks or simply ask users to trust that they have their best interests in mind; and as far as we know, the companies providing these applications do in fact make great efforts to respect the privacy of their users. As users, though, the "trust us" proposition does not offer much in the way of reliability of certainty. We essentially must rely on the harm that a large-scale privacy breach would cause the provider as counter-incentive against allowing one to occur.
As developers of Wesabe, and online personal finance community, we think about these questions a great deal. We believe that there is a significant benefit to consumers in anonymously combining their financial data online, since this allows us to produce an aggregate view of where consumers find the best values (sort of like a reverse FICO score -- a value rating for businesses). However, this project asks our users for a lot of trust. We decided from the outset that, as a startup without the name recognition of a Google or Yahoo, and simply as people interested in providing privacy and security to our users, that we should come up with as many approaches as possible that would help us protect Wesabe users' privacy.
Many of these techniques are generally applicable. While there is a fair amount of information online for individuals who want to protect their own privacy, we found little for web application developers interested in protecting their users' privacy; so, we want to document what we've learned in hope of making these techniques more common, and developing better critiques and improvements of the approaches we've taken so far. Below, we outline four techniques we use at Wesabe which we think any web application developer should consider using themselves, and describe the benefits and drawbacks to each.
Keep Critical Data Local
As a web application developer, the best way to ensure that you protect the privacy of a user's data is not to have that data at all. Of course, it's hard to develop a useful application without any data, but it is worth asking, is there any information you don't absolutely need, which you could make sure not to have at all?