Facebook CEO Mark Zuckerberg called up Tweet-storm over his comments that the Age of Privacy is over.  Zuckerberg tells TechCrunch:

When I got started in my dorm room at Harvard, the question a lot of people asked was ‘why would I want to put any information on the Internet at all? Why would I want to have a website?’

And then in the last 5 or 6 years, blogging has taken off in a huge way and all these different services that have people sharing all this information. People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time.

But the internet has made privacy more complicated rather than vanquished it completely. The issue for both Zuckerberg’s Facebook and online users is that our expectations of privacy and the reality are far separated. The truth is we are just as private as people. But the internet changes the scale.

Expectations for privacy often revolve around the good intentions of the companies we give information to. Facebook and Google will keep our data secret, for our use only.  One study found that most people, rather than reading a website’s privacy policy, assume that if a website has one, it means they will keep the data protected.

Of course, this is far from the trust. Even the best intentioned websites have security breaches or mistakes that leave users open to privacy violations.  Several of my family members are still petrified to use their credit card online, not concerned by the dozens of credit card and social security number leaks done because some employee lost a laptop.

On Facebook, privacy concerns focus more on our personal data, like interests, pictures, and relationship status. Talk about a widespread case of narcissism. No one cares about every little college student’s love of the Big Lebowski or how they’ll take “whatever they can get”. My rule, if I don’t want people to know something, I don’t put it online because once its online, it’s up for grabs. Even if I deleted one of my old blog posts, there would still be ways to find them.

Shockingly, several studies show people will give out personal information, including passwords and income levels, if you simply ask or if you’re nice, offer them a chocolate bar.

And the data many expect to be private, or to use the buzzword, anonymized, but would be surprised to know how easy it can be for an intrepid researcher, like Latanya Sweeny, a computer science professor at Carnegie Mellon University who showed that just gender, zip code, and birth date are unique for about 87 percent of the U.S. population.

So expectations – people and companies want and keep data private (and apparently lots of people want your information too) but the reality is tons of data leaks out all the time, most people are unaffected because there’s so much data and yours isn’t that important, and it takes just a tiny bit to figure out who you are (even the stuff you feel safe sharing).

Zuckerberg is right that our concept of privacy is changing. When I first went on the internet, my mother forbade me from telling anyone my name or where I live, but now I post that all over. I regularly meet people in person that I first talked to online. I often recommend people buy the domain of their full name and build some kind of web presence for in case they get Googled (better the first link is something you know and control).

This is not because we keep less private. Just more people know. Like everyone who wants to. You had no problem telling a room full of strangers at a party what you do, where you live, and how you like your steak. Now, it’s incredibly easy to tell a world wide web full of strangers.

Privacy still matters. And more than an effort, it should at least be a challenge for bad guys to get good data. But now we’re not just teaching our kids (and adults) to not talk to strangers. It’s about common sense online. Knowing that anything you share can be shared again. And again and again. And it might never ever go away.

The judge presiding over the Viacom vs. YouTube case has ruled Google must hand over IP addresses and user names of its users and a list of the videos they watched, whether on YouTube or embedded on other sites (an estimated 12 terabytes).  Viacom is asking for this information to prove YouTube deals the majority in infringing material.

The result of this ruling is a privacy nightmare.  The Electronic Frontier Foundation has argued the judge’s ruing violates, ironically, the Videotape Privacy Protection Act that says the government can’t snoop your rental history (library books are fair game).  Google, however, has argued before that IP addresses aren’t personal data because they aren’t attached to a single person, says Google “in most cases, an IP address without additional information cannot [identify a user].”

Unfortunately, the IP address can get you pretty close.  It identifies the computer and location, including households and laptops.  The result isn’t just embarrassing users who watched far too much Dog on Skateboard videos.  It’s what does Viacom, the RIAA, and MPAA do with this list once its public.  Most of their effort in suing customers was finding the IP addresses.  Now Google’s handing them over on a silver hard drive.

Viacom obviously wants to analyze Google’s data itself, ignoring a study by Vidmeter.com that found copyrighted materials accounting for a fraction of YouTube viewership.  Based on their sample of more than 1.5 billion views of 6,725 videos, 9.23 percent were taken down.  Those remove videos accounted for only 5.93 percent of views.  You can read the full study here.  Viacom itself accounted for 2.37 percent of of views, the highest of for all content owners.  How they monetize that to $1 billion would be magic.

[Via Mathew Ingram}