‘Locked’ Ning Networks? Access, Copyright and Privacy

Claude AlmansiBy Claude Almansi
Editor, Accessibility Issues

Context

On September 14, 2010, after Ning had postponed the deadline for shutting nonpaying networks for the umpteenth time, I wrote:

I will not write another full post about Ning until the non paying groups have been deleted, or Ning gets bought by a more efficient firm, or disappears. But I’ve opened a Ning page on the wiki of ETC Journal where I shall attempt to keep track of what happens at Ning.

in a comment to my Why Unjoin Ning Networks that Won’t Pay (Aug. 28, 2010).

And now I am writing one, even though nonpaying groups have not been deleted and no one — to my knowledge — has shown any interest in buying Ning.  Motive: a discussion entitled “Deletion of Free Ning Networks?” started by Alex on September 18 in the Ning Creators network. Though it disappeared very quickly, there is a copy archived with WebCite® on the same day: http://webcitation.org/5sq785FZF.

Eric Suesz — senior community manager at Ning — participated in this discussion, stating that “All free Ning Networks are now locked and can’t be accessed.” This is simply untrue.

The Ning “lock”

To illustrate how the Ning lock works, let’s use http://piusplacenow.ning.com, which is the network created by Alex, about whose nondeletion he wondered academically — he successfully migrated it to http://piusplacenow.spruz.com —  in the above mentioned discussion. In fact, it is now greyed, with most of the content covered overlaid by a Ning form:

http://piusplacenow.ning.com/  with the Ning lock described above.

The page can be scrolled, but its links cannot be clicked.

How the lock works

The source of the “locked” page shows that its table layout is done by using the <DIV> tag combined with CSS instructions (clear explanation by Jonathan Snook in Getting your DIVs to behave like TABLEs 2004-07-15), and that the grey film and the overlaid form that prevent normal use is created by the following DIVs:

<div class="xg_overlay" id="xj_temporary_overlay"></div>
<input type="hidden" id="xj_migration_lightbox_title" value="The Pius Place Now currently unavailable" />
<div id="xj_migration_lightbox_body" style="display:none">
  <div class="xj_contactnc">
<form method="post" action="http://piusplacenow.ning.com/main/embed/contactNC">
<input type="hidden" name="xg_token" value="599e5cc9669c9a70b035eac4981a5a62" /><input type="hidden" name="t" value="70dGsRxpkqvMKMmQrrqk8g==,Kz28sffaiWTMe+Quyl5OtPAgbfvTMJC/ztXevaFdc/KJ8bIGQ551WoFeV5oqa0i0" />
<div class="xj_top">
<p>
    Sorry, this network is currently unavailable.    If you are the Network Creator, <a href="http://piusplacenow.ning.com/main/authorization/signIn">click here to sign in</a>.</p>
<p>If you have questions, please contact the The Pius Place Now administrators by filling out the form below:</p>
</div>
<fieldset class="noborder clear dy-form-1">
    <dl>
        <dt class="nobr"><label for="name">Your Name</label></dt>
        <dd><input type="text" class="textfield dy-input-wide" id="name" name="name" /></dd>
    </dl>
    <dl>
        <dt class="nobr"><label for="email">Your Email Address</label></dt>
        <dd><input type="email" class="textfield dy-input-wide" id="email" name="emailAddress" /></dd>
    </dl>
    <dl>
        <dt class="nobr"><label for="question">Your Question</label></dt>
        <dd><textarea id="question" class="textarea dy-input-wide" name="description"></textarea></dd>
    </dl>
    <dl>
        <div id="xj_recaptcha_div" data-key="6LehigcAAAAAADjv-vta_dpH1AoOrTX_-KszqcNb"></div>
    </dl>
    <dl>
        <dd><input type="submit" class="button" value="Send" /></dd>
    </dl>
</fieldset>
</form>
</div>

This means that anyone can make a working version of any page in any “locked” Ning network by copy-pasting its source in a web editor and removing the above-quoted DIVs.

But it also means that linearized versions of these pages are not affected by the lock.

Screen reader and Web Developer users can read and navigate “locked” networks

As screen readers used by people who are blind or have other print disabilities linearize table layouts, these people are not affected by this crude “locking” trick, which is a nice reversal of the usual situation where they get locked out by insensitive web designers.

Maybe Ning deciders thought these people were just a minority they could ignore? True, few people who do not need a screen reader have one. Nevertheless, there is a very popular Firefox addon called Web Developer (16,794,847 downloads as I write this) whose “Linearize Page” feature also disables the Ning lock. About this feature, see Ann Smarty’s excellent How to Use “Linearize Page” Option of Web Developer Addon. And if we apply it to http://piusplacenow.ning.com, the grey film disappears and the masking form gets shoved to the very bottom of the page. See screenshot in https://etcjournal.files.wordpress.com/2010/09/pp_main_linearized_bottom.jpg.

The rest of the linearized page (see screenshot for its top https://etcjournal.files.wordpress.com/2010/09/pp_main_linearized_top.jpg) works normally, i.e., all links to other pages of the network can be opened. Of course, the linearizing process will have to be repeated in the new page if you use Web Developer, but this should not be an issue if you use a screen reader.

Anybody can use a “locked” network actively via its mobile version

As explained by Ning in View your social network on an iPhone:

If you would like to access the mobile version of your social network, you can find it by adding “/m” to the end of your social network’s address.  For example, the address for the mobile version of “http://examplenetwork.ning.com/&#8221; is “http://examplenetwork.ning.com/m&#8221;

Thus, via http://piusplacenow.ning.com/m, I have been able to join, reply to a discussion and add a video — see http://piusplacenow.ning.com/video/blocked-ning-video-autostarts?xg_browser=iphone — to the network on Sept 23, 2010,  as shown by its activity page   http://piusplacenow.ning.com/m/activity/log/list.

Legal issues

Even though anybody can use the linearizing solutions described above to bypass the Ning lock, it does not follow that everybody does. In fact, Ning Creators discussions between people angered by the repeated extensions of the paying deadline for free networks suggest that most of them accepted Ning’s statement that “All free Ning Networks are now locked and can’t be accessed” without looking further into that lock. For instance,  Ash Ketchum [01], after starting the free ning sites…..?? discussion on Sept. 8, 2010, where he and others irritatedly counted the days during which the free sites were still readable, wrote “victory! yeeei” on Sept. 15, after the free sites were apparently locked.

And while it is possible to join and add content to a “locked” network via its mobile phone version, you cannot manage it this way. And in turn, this means that its creator and administrators have no way to delete law-infringing content added via this version.

Moreover, the lock creates legal issues on existing content, too.

Copyright issue

Videos uploaded to the Ning server via a network start automatically. They keep doing so in formerly free networks where the Ning lock is implemented. Therefore if the user has not linearized the viewing page as above, the Ning form hides more than half of the player and the text description of the video: in other words, the Ning lock hides copyright and attribution indications given in the video and/or in the description, even though the video is being played.

In all countries that have a copyright law, preventing access to this information is illegal. And in countries where copyright law protects the moral rights of authors, defacing the performance of a video by partially hiding it is illegal, too.

Privacy issue

People who joined a Ning network when it was free did so under Ning’s Privacy Policy, available at  http://about.ning.com/legal/privacy.php. The present version (archived with WebCite® at http://webcitation.org/5ru8jfd9W), “Effective: July 20, 2010”,  states:

You may, at any time, update, correct, or delete certain categories of Personal Information that you have provided to us by signing in to your network or the Ning Platform and updating the Personal Information. Additionally, you may update, correct, or delete certain categories of Personal Information within your My Pages by following the directions here.

The Deactivate your account on a Ning Network page linked to in the second sentence  states:

If you ever decide you don’t want to be a part of a Ning Network, you can leave it and delete your content (or choose to keep it on the Ning Network). For security reasons, we are not able to delete any of the content that you have added to the Ning Networks you belong to. You will need to delete your own content. You can do this by leaving each Ning Network you belong to. Repeat this process for all Ning Networks you’ve joined.

In turn — this is getting more and more like The King’s Breakfast by A.A. Milne, minus the happy ending —  the Leave a Ning Network page linked to in the last sentence of this latter quotation says:

  1. Sign in to the Ning Network.
  2. Click on the “Settings” link in the right hand column of the Main page.
  3. On the My Settings page, you’ll see a link to remove yourself and all of your content from the Ning Network on the bottom of that page.
  4. When you click this link, you’ll have the option to tell administrators why you’re leaving by clicking the arrow on the left to open the comment field. By default, the box to delete your content from the Ning Network you are leaving will be selected, but if you wish to leave your content, deselect this box.
  5. When you’re finished, click “Leave” and confirm that you want to leave the Ning Network, and whether you will be deleting your content.

People who take the Ning lock at face value, as Ning intends, can do none of these things. Therefore, by imposing this lock Ning violates its own privacy declaration and the data protection laws at the origin of this declaration.

True, the overlaid form offers the possibility to contact the network creator. However while network creators can sign in, once they do, they cannot suspend members in order to hide their profile information. They only have three possibilities: “Select a Plan,” “Archive my content,” “Take my network offline.”  But these options do not help at all:

  • If a network has been locked, it means by now that its creator does not want to select — and pay for — a Ning plan.
  • “Archive my content” is a misnomer, inasmuch as it comprises also content provided by other members of a network, not only by its creator.
  • “Take my network offline” would not solve the issue of members who want to modify or delete some or all of their personal data: it would only hide these data from the public, but they would still be kept in the Ning server.

Why the paltry tricks and untruths?

In view of the otherwise technically competent interventions by Eric Suesz in other discussions at Ning Creators, it seems highly improbable that he believed that “[a]ll free Ning Networks are now locked and can’t be accessed,” as he wrote in the already quoted “Deletion of Free Ning Networks?” discussion. It seems more likely that, as senior community manager at Ning, he had to apply a policy decided by Ning powers-that-be.

But why this policy of  paltry tricks and untruths?

“I think the natives are getting restless,” Brian quipped in another Ning Creators discussion entitled When Will I See Better Design Control, Better everything?

As we have seen, some of the “restless natives” who had already opted for a Ning plan and were irritated by seeing nonpaying networks being granted extension after extension by Ning were assuaged by this very flimsy lock.

But the restless natives Brian had in mind — the ones who participate in the When Will I See Better Design Control, Better everything? thread — are not going to be taken in by a trick that cannot even fool a screen reader or a few lines of CSS in software. They are people who agreed to pay because they hoped that this would bring back the  experience of 2007, when Ning was an open project where people experimented with code at their own risk and loved it.

As they are not getting that, for the time being, they are concentrating their ferocious analyses on the structural problems due to Ning’s attempt to make self-contained networks from what was a network of networks. But what if  JP or some other  restless natives, who participated in the When Will I See Better Design Control, Better everything? thread,  turn their analytic attention to the source code or to the mobile version of one of these allegedly locked networks?

Mightn’t they decide that a platform whose managers resort to such idiotically inefficient tricks and untruths is hopelessly unreliable?

Privacy: Ning and EU countries (update)

In NING is NOT a “SAFE Harbor” (2010-10-07 – archived in http://webcitation.org/5tIoWwEG1), a discussion on Ning Creators, AngelBCN raises a very important implication of Ning’s change from being a network of networks to being a platform hosting networks. Now that network creators “own” their networks, they are also responsible for their legality. And data protection laws in EU countries say that you cannot move EU people’s personal data to a server in the US unless this server complies with the criteria of a “safe harbor”, described  in the European Commission’s decision 2000/520/EC.

Therefore, as Ning is not among the hosting services complying with these criteria that are  listed in https://safeharbor.export.gov/list.aspx,  creators of European Ning networks might be violating their countries’ data protection laws.

In her reply to AngelBCN, Jenny wrote, apparently in the name of Ning: “… please know that we’d already begun exploring the idea of joining this Safe Harbor. We’ll keep you updated on this front.”

Being recognized as a safe harbor may not be simple for Ning. True, they are working on completely erasing the traces of the global Ning ID which users had when Ning was a network of networks, and which should have disappeared on July 20 – see Addressing Sign-in/Sign-up issues (2010-09-21) by Sridatta Viswanath, who foresees that the issue will be solved by the end of October.

However, other aspects of Ning’s handling users’ data seem hardly compatible with being a safe harbor.  For instance, decision 2000/520/EC states that:

Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate…

And Ning blocked this possibility for users of unpaid networks, while still hoarding their personal data.

Decision 2000/520/EC also states that:

An organization must offer individuals the opportunity to choose (opt out) whether their personal information is (a) to be disclosed to a third party(2) or (b) to be used for a purpose that is incompatible with the purpose(s) for which it was originally collected or subsequently authorized by the individual. Individuals must be provided with clear and conspicuous, readily available, and affordable mechanisms to exercise choice.

And on July 20, Ning gave network creators

  • access to their members’ data, including the e-mail address used to sign in, with the capacity to download these data as a .csv file,
  • the possibility change their members’ passwords

without notifying Ning users about this change (see Ning, Inc. Privacy Policy – Effective: July 20, 2010 – archived at http://webcitation.org/5ru8jfd9W).

Maybe these serious data protection issues (there might be other ones: I haven’t done a thorough check) will be corrected together with those pertaining to the lingering Ning ID by the end of October. Otherwise, Europeans who created Ning networks should seriously think of moving them to another platform, where they won’t be liable for the way their members’ data are hosted, lest they violate their country’s privacy laws.

This is why I created the Ning and Privacy Facebook group, where people can share and discuss information about these issues in a more democratic way than in comments to this blog post.  They actually concern all Ning users, even if less acutely than the European network creators.

6 Responses

  1. The bypass of the Ning “lock” on unpaid networks, via e.g. the mobile version created by adding /m/ to their URL, still works.

    I am going to try and check this once a day by adding content to http://piusplacenow.ning.com/m/“, so that it’ll show in http://piusplacenow.ning.com/m/activity/log/list.

  2. The mobile version of the “locked” non-paid Ning networks is still working, but the update of their activity feed is a bit slow. It might also be true of paying networks, though.

    Yet another critical thread on Ning Creators has been deleted: “The New File Manager Is A Joke!!!!”, launched by “JP” on September 30, 2010, at http://creators.ning.com/forum/topics/the-new-file-manager-is-a-joke, which now says “Our apologies – this page was not found”.

    Maybe the discussion will show up again, if it should prove handy for Ning to refer to it. Anyway, there are several archived copies at WebCite®.

    The new File Manager is one of the “special features” only people who pay for Ning’s Pro .Plan can use – actually just a file uploader as there were already on MSN communities back in 1999.

    JP was criticizing its lack of structure..

  3. “1 day ago” (Oct. 5 2010 Ning time? I wish the Ning and other social network softwares would date everything instead of using silly wordings like “1 day ago” for recently published content) John added a comment to his 2 policy questions I can’t find in your FAQs discussion post:

    “Here is another issue. Apparently people can still access my networks through a phone and I can’t moderate content. Who is legally responsible if members post illegal content (example pedophilia) on my sites? If you don’t want to answer my questions publically you should at least answer them privately. Should I open a ticket for this?
    Best,
    John”

    But there has been no answer from the Ning team so far.

    Actually, the best way to read “locked” Ning networks seems to be via the Opera browser, which gives the links to all the features. Here is a screenshot of the In a locked network group I created in the allegedly locked http://piusplacenow.ning.com network, as seen with Opera:

    http://piusplacenow.ning.com/group/inalockedningnetwork seen with Opera

    No need to re-linearize the page: the only issue is that you have to go to the mobile version http://piusplacenow.ning.com/m to sign in or sign up, but afterwards you can use the normal version.

  4. http://piusplacenow.ning.com/ has now been “undergoing maintenance” (Ning’s newspeak for unpaid networks it has taken offline) for a couple of months now.

    However, Ning’s privacy officerJon Stueve has now announced in blog.ning.com/2011/01/eu-safe-harbor-certified.html that Ning is “EU Safe Harbor certified”.
    In fact, Ning is now on the EU safe harbor list https://safeharbor.export.gov/list.aspx.
    Oddly, though, the page for Ning on that list, safeharbor.export.gov/companyinfo.aspx?id=10948 says:

    Do you agree to cooperate and comply with the European Data Protection Authorities? No

    The equivalent page for Facebook has:

    Do you agree to cooperate and comply with the European Data Protection Authorities? Yes

    In a comment to blog.ning.com/2011/01/eu-safe-harbor-certified.html, I have asked why “no” to that question. The comment is still awaiting moderation.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s