The Quora website launched two years ago, collating questions-and-answers on a variety of topics and receiving favourable write-ups in the media.
It's possible that you were one of the early sign-ups to the service, investigating whether you would find it useful, and don't visit the site much very often. Or you could be one of the die-hard Quora lovers who still gets value out of the site's community.
But there's something that all Quora users should know.
Earlier this month, Quora made a decision which changes your privacy on the site. And they did it without asking your permission first.
They decided to introduce "Views" - functionality which creepily reveals to others the articles you have been reading.
In a trick presumably learnt from a chorus of other uncaring social networking sites, Quora has left it up to the user to turn off the "Views" feature (opt-out) rather than the much more privacy-friendly alternative of asking users to opt-in if they really want others to see what articles they have read.
As we've said many times before - if a feature really is a huge benefit to the user, why do websites have so little confidence that they can encourage users to opt-in rather than thinking it's alright to reduce privacy without asking first?
Now, you may think - why would I care if people can see what questions I have read on Quora?
Well, here's a few examples of the kind of things you could have read:
Still comfortable?
Sandra Liu Huang, a product manager at Quora, tried to justify why the site enabled the "Views" feature by default in a CNET interview:
"It will help writers get feedback to improve the content they write. If it were an opt-in product it wouldn't be as useful to writers because not enough people may go turn it on. It will improve the content and help readers discover useful and interesting content more quickly."
If you don't like the idea of other people seeing what you are reading you have two options:
1) You can change your Quora account settings, by visiting Profile/Settings/Views and choosing "No". (This is the option that Quora enabled without asking your permission)
2) Another option, of course, is to delete your account. Quora helpfully provides a Q&A about how to delete your Quora account.
At the time of writing, over 1800 people have read the deletion article.
What do you think about this new feature of Quora?
Was there a better way for Quora to introduce the technology?
Should people be concerned that it was turned on by default, or are we living in the dark ages by being worried about this kind of thing?
Leave a comment below and let us know your thoughts.
Follow @NakedSecurity
Heh, and think that the list of people who read the "how to delete my account" article doesn't include those who deleted it after reading it!
I just logged in to Quora to change the Views setting (I haven't logged in for many months) and it's set to "No". Perhaps they've changed it to opt-in?
It would be nice to think that they had changed their minds, but I don't believe they have.
I logged into Quora for the first time in many months as well this morning, and found the "Views" option was set to "yes". See the screenshot in the article.
And Quora themselves seem to be attempting to justify their decision. I can't explain why you have seen something different - maybe they haven't rolled it out to all users yet? Who can say..
I think Quora may have reversed this policy change, but I'm not certain. The fact that it wasn't communicated, in advance, that the change would be made, to implement the definitely CREEPY view tracking, was rather wrong, in my opinion.
The fact that, at the moment, four weeks later, I am still uncertain whether or not the tracking feature has been fully "redacted" or not is almost as troubling.
Thank you, Graham Cluley for this write up. I wish I had read this when you posted it, four weeks ago. You got to the point more quickly and clearly than articles I read elsewhere!
I say, welcome to the Internet overall. You can't expect too much privacy on there. I can imagine Facebook going on the same route as the website Quora is doing right now. Granted, not that extreme, but it could still go with fairly concerning. That's just my opinion, though.
I am shocked that this was never submitted to reddit! The button in the left sidebar remains untouched. And redditors are so fond of Quora news.
:o)
Graham is thoughtful to have kept the comments open on this post, 533 days later.
apropos all this, having bought a Western Digital baby NAS unit (My Book Live) (a poor technical decision, in the event) I was 'encouraged/invited' to join a related site/service (sic) called Twonky - which purports to allow you to stream all your entertainment type content to all your devices - and get new content from their site(s). A sort of Airplay I assumed, made interesting by being useable on less than pretty new Macs!
Big snag is that their privacy policy wants to trawl your computer to use your contacts, your internet history, current and future activity, your private content etc etc - and whose terms allow them to use this gold in almost any way you can imagine - and some you did not know could exist - and, not content with that, to allow as yet unborn reasons and claims on your privacy and content to be permitted at their discretion with the very minimum of flimsy defences for the 'user'.
Donald Rumsfeld himself would be proud to have devised such a policy.
So, not wishing to pay a lawyer to check this out, 'no thanks' - and no thanks - to the bin then - option 2 it was.
Tom Wiseman,
Now seriously, you MUST have read an internet services Terms of Service agreement prior to now. Any service that is going to provide you with all sorts of great useful and FREE content, while providing you with this multi-device streaming service, is clearly going to require something in return. Just because we are on the internet, or online, does NOT mean that the expression, "You don't get SOMEthing for NOthing" is rendered invalid and obsolete.
Don't say bad things about Donald Rumsfeld, not in this regard! Facebook and many other social networking services release every piece of their users' personal information to any teenager in Australia, India or Kansas who wants to develop third-party app's. The U.S. government (or any other government, for that matter), needed to file subpoena's in order to get the same level of access! That was a ridiculous situation.
True, things seem to have changed. One aspect seems to be less formalized government access to information, which is ominous. Maybe Facebook et. al. will be more careful with users' private information. Unfortunately, the negative impact on our 4th Amendment constitutional rights will remain, and in ways that are difficult to anticipate.
I would not mind if they set it to on and then announced when you next logged in that there is this feature and it is turned on by default, go here to change the settings...but if they turn it on and never make it public that they did, then that is despicable.
They did announce it to everyone on the top of the homepage pretty clearly.
Not for me they didn't.
They have, however, bugged me to re-enable it since I turned it off. :-(
I strongly dislike any program that likes to share my "stuff" that I didn't ask for.
I've noticed the Yahoo FB application and some others started sharing the articles I had been reading too.
Thanks for the write-up. I thought they said adult content never has views and that you'd only be listed if you were already publicly following the topics on those example questions, e.g. Bad Breath and Necrophilia. Do you know if that's true?
One has to expect to be watched, followed, traced, and all without privacy and with the knowledge that it's all shared somewhere. We are not people when on the Internet; we are a statistic.
People sign up somewhere and expect a lot of care, consideration, and privacy, We should expect the opposite. If there is something we don't want others to know, do not pot it up on the 'net. If we don't want people to know what we search for, view, or visit, then avoid places that allow such offerings.
It's that simple really. Or better still, avoid social networks.
Gotta agree with Internaut- social Networks are minefield for the uninitiated and even , in some instances for the savvy folk. Anything that underhandedly changes the rules is a unethical, probabaly illegal and certainly dangerous to users.
My thoughts - ditch this one and look long and hard at Facebook ,Twitter et al - they are all fodder for hackers , spammers and provide all sorts of information that can be used by the site operators for their own dubious ends.
There's no purpose in announcing what they've done, after the fact. They could have just as easily announced the feature before hand, including mentioning the opt-in option.
The way they handled it was inexcusable.
People can say they don't care if others know what they've read, but it's nobody's business unless you, yourself, want it to be.
I don't want anyone checking my contact list, and that is what Quora is asking me to allow.
I can get whatever information they have elsewhere or live without it.
As a web publisher, I occasionally google my name, and surprise, surprise, the #1 spot on google was some site called Quora. I thought this was odd, because for a couple weeks, I had been getting notices that my facebook friends were “following me on Quora”.
Now, I’m very VERY particular about what sites I join, and NEVER use my facebook to join anything. On the Quora profile was a Christmas themed profile picture I used for about 2 weeks on facebook, and a list of interests seemingly scraped at random from my facebook like list. My facebook privacy settings are set to the highest levels.
I asked my friends who were “following me” and all 11 of them said they had not selected to follow me at all, 4 of them didn’t even know what Quora was. Only 2 of them were active users.
I deactivated the profile in the control panel, which was somehow linked to my facebook ID, removed the facebook ID sharing options, changed the profile picture to “f*ck quora” and my interests to the same, unfollowed the people it had started following for me, and have written them over a dozen times to their privacy@quora.com to DELETE the account, and STILL, the site came up for #1 google result for my name.
#1 without any activity and ZERO backlinks.
So I wrote an abuse complaint to google, and within a week the search result went down to the third page, but is still online, even with the “do not show to search engines” option clicked.
Today, I received an email “weekly digest” from Quora, and for the 7th time, clicked the “do not send me weekly digests” link and was told that no more digests would be sent to the email I ONLY use for facebook account login.
Quora is the spammiest, scammiest social site out there and I sincerely hope they go under soon, as hopefully the best way to get my profile finally removed.
QUORA SUCKS.
I just found Quora via a google search (on a Java topic). I was quite surprised to be presented with a "you shall not proceed unless and until you sign up with your google account or your facebook account" notice. Not in the least interested in doing so I clicked the "sign up using google" option just to see what blood they wanted. Well, it was no surprise perhaps to see they wanted to view my email address, and "View basic information about your account". Ah, I wonder what that means? So I have to click the tiny little "i" to the right-hand side to divine just what is meant by "basic information". Turns out, basic information is:
View your NAME, public profile URL, and PHOTO
View your gender and BIRTHDATE
View your COUNTRY, language, and timezone
Eh, I don't THINK so.
When you google something on the internet and a link is asking you all the questions in the comments above DON"T join. Everything you google has a 99% chance of being on another site. Remember "If it sounds too good to be true...It usually is."
I actually just hit my first Quora link, via Google, and it made me laugh. Who is stupid enough to use them? It's guaranteed that the answers are in other Google hits. ...and any "experts" who want their commentary locked up behind this sort of a firewall are people whose opinions I can do without. ...Who *started* this blitering idiocy?
Oh. "Ex-Facebook employees." ...Well, that's one less mystery, isn't it...
The other day I got one of the usual email digests from Quora and clicked on the message and it automatically opened a new tab and... I was automatically signed in to Quora. Without using my Quora password. And it was the first time I had signed in in a few weeks. And I clear my cookies and other history every day. So how did they manage to sign me in without me entering my password?
I checked my Quora account info and could not find the "View" option. My account did have a list of "Activities" which included anything I had posted or voted on. But not anything I had just looked at/read.
I checked another poster's profile to see if this info was shown to the public. Sure enough there it was.
Now, this stuff is all gleanable from the forum posts, but it would take some searching. I don't find any way not allow it from being listed on one's profile.
Has the "View" option been discontinued?