Grimmelmann is totally correct in the main thrust of his post:
I would like to say, though, that this secretly negotiated private “deal” is a terrible, terrible blunder on Google’s part, considered purely from the perspective of its own self-interest. Google has enjoyed a generally good relationship with many activists and civil society groups who want to protect individual freedoms online. Even if what Google is now proposing is good policy, the backroom nature of the process sends an unmistakable message to Google’s erstwhile allies: we’re with you only as long as it’s convenient for us.
and other good stuff besides.
That said it bears noting that while Grimmelmann begins his post with:
The Verizon-Google Net neutrality deal is now public. In brief: neutrality for Plain Old Internet, transparency but not neutrality for wireless, and nothing for “Additional Online Services” unless they “threaten the availability” of POI.
it may actually be a bit more complicated than that, as the actual framework appears to leave quite a bit of wiggle room.
Non-Discrimination Requirement: In providing broadband Internet access service, a provider would be prohibited from engaging in undue discrimination against any lawful Internet content, application, or service in a manner that causes meaningful harm to competition or to users. Prioritization of Internet traffic would be presumed inconsistent with the non-discrimination standard, but the presumption could be rebutted.
Network Management: Broadband Internet access service providers are permitted to engage in reasonable network management. Reasonable network management includes any technically sound practice: to reduce or mitigate the effects of congestion on its network; to ensure network security or integrity; to address traffic that is unwanted by or harmful to users, the provider’s network, or the Internet; to ensure service quality to a subscriber; to provide services or capabilities consistent with a consumer’s choices; that is consistent with the technical requirements, standards, or best practices adopted by an independent, widely-recognized Internet community governance initiative or standard-setting organization; to prioritize general classes or types of Internet traffic, based on latency; or otherwise to manage the daily operation of its network.
Additional Online Services: A provider that offers a broadband Internet access service complying with the above principles could offer any other additional or differentiated services. Such other services would have to be distinguishable in scope and purpose from broadband Internet access service, but could make use of or access Internet content, applications or services and could include traffic prioritization.
I would never seek to second-guess Grimmelmann’s read of the law here, and if he thinks this is still a fundamental neutrality policy, I believe him. But though this framework isn’t quite a tiered Internet, it isn’t exactly a flat neutrality policy either, at least of the kind, say, Tim Wu would advocate.
There are many ways in which Facebook might know your phone number. The easiest (and most common) way is to give it to them, by including it in your profile so that your Facebook Friends can look it up when they need to give you a ring.
So your Friends have your number, but that makes sense – after all, they probably already had your number, or could’ve gotten it easily. And Facebook has your number, and while I don’t think it makes sense to “trust” Facebook anymore, I think users can trust in the fact that even Facebook is not so colossally stupid as to do something like sell your phone number to used car hucksters.
But who else has access to your number?
Think no one? Think again. Are you sure that only your Friends have access to your profile info?
What about those Groups and Events – you know, the ones that start “I dropped my phone in a pond, send me your numbers!” Have you posted in them? Do you know their privacy settings? Have the privacy settings changed since you posted?
The ever entertaining Tom Scott – creator of invaluable Internet entertainment such as StupidFight – has just produced the privacy equivalent of a horror film. It’s called – simply and appropriately enough – “Evil”.
As Scott explains:
This site randomly displays the private phone numbers of unsuspecting Facebook users.
There are uncountable numbers of groups on Facebook called “lost my phone!!!!! need ur numbers!!!!!” or something like that. Most of them are marked as ‘public’, or ‘visible to everyone’. A lot of folks don’t understand what that means in Facebook’s context — to Facebook, ‘everyone’ means everyone in the world, whether they’re a Facebook member or not. That includes automated programs like Evil, as well as search engines.
Evil uses the graph API to search for groups about lost phones. It picks them at random, extracts some of the phone numbers, and then shows them here.
Here is Scott’s screencast of what Evil looks like when it is working:
So what should you do? Scott says:
Go into all the “lost number” groups you’ve ever joined. Ever. Delete your posts. (You might want to try searching for your own phone number on Google, too; it might turn up in unexpected places.)
The thing to remember here is that the fault doesn’t lie with the users. That is to say, the fault doesn’t like with the users any more than someone can be faulted for stepping on what appears to be a solid deck only to have it collapse under their feet because it wasn’t built to code.
It is patently ridiculous and unreasonable to argue that all of these users wanted their cell phone numbers and names to be accessible to the entire Internet. But that’s what has happened, because of stupid, unsafe, and (indeed) “evil” design.
(h/t Ian Brown and PVN)