The London Chromaroma game has been criticised for demanding passwords. Mudlark’s Toby Barnes jumps to its defence
eWEEK’s suspicions were roused by a new game played out in London. In order to play it, users must hand over the password to their Oyster card account and Barclays Cycle Hire accounts.
One of the developers, Toby Barnes of Mudlark assured us that “security of our players’ data is absolutely crucial to us, and our community”. We rang him up to ask what he meant by that.
Security ‘as high as that of TfL’
Mudlark data is encrypted to a higher level than TfL, and Mudlark staff have no access to the database, only the game software can do that.
“We don’t have access to the data, and it is encrypted tighter than TfL encrypts its data,” he said. “The data is stored off site, using the same sort of encryption you’d use in a bank.”
The data which is accessed and stored in the Mudlark database is all two to three days old, said Barnes: “It is behind real time”.
If hackers gained access to the account details through Mudlark, they could not use the account for their own travel, or even to credit it with money, he said, so users are taking a small risk in this intance.
All these points are assertions by Barnes of course, and for potential users it comes down to whether you trust Mudlark as much as TfL, but he makes the point that users do already trust TfL to make the same sort of provision that he is talking about.
Companies should treat your data like a bank
But moving to his own personal opinion, he made an interesting further point, about who owns personal data: “If I give a company my data, that company should act like a bank,” he said,. “I expect the company to store it, and I should be allowed to have it back. I should be able to draw on that just as I can draw on money.”
People inevitably create shadows and trails in the data that is created when they use online services, said Barnes, and in a way, Chromaroma gives them that information back – or at least makes them aware of its power.
“People aren’t aware of the information they are creating,” he said. “By visualising that on the map, it is yours.”
In a way, the game models a way in which a user might offer other bodies a chance to use his or her property – the data they have created. In this instance, the data sharing can only be done fairly clumsily, by allowing the game to access your account and trusting that it will not abuse it – or inadvertantly allow others to misuse it.
In future this sort of access might be more widespread, and less trivial. For instance, a user can allow companies to access bank transaction details, in order to help optimise their finances (through something like mint.com).
And the potential for energy optimisation through smart grids is exactly about allowing this kind of access to account information.
“It is about you deciding where that info is held and who has access to that information,” said Barnes. He sees the game as a step towards a world where that is routinely done.