Posted 12:33 PM (0) comments

Getting Privacy Right

The Burton Group's Bob Blakley writes ("Gartner Gets Privacy Dead Wrong") a seminal piece on privacy - what it is, what it isn't and how to protect it. In the course of his blog entry he manages to pretty much dismiss most of the work that's been done under the rubric of "privacy" (which, as he notes, is really about secrecy) over the past dozen years.

As he writes: "That's how privacy works; it's not about secrecy, and it's not about control: it's about sociability. Privacy is a social good which we give to one another, not a social order in which we control one another."

It's an issue I've brought up a number of times in the past. Last year, for example, I discussed where many "...have gone wrong is to equate privacy with anonymity. You don’t have to be anonymous to maintain the privacy of your data. Again going back 100 years when you went into the bar and everybody knew your name there was also much about you that wasn’t known. Most things about you, in fact, weren’t known. Those things we want to keep private - our medical data, financial data, legal situation, etc. - were kept private. But people did know who you were, and perhaps where you lived, or worked, who your family was - and no one thought that was strange."

Secrecy and anonymity are not privacy, and the quicker we all understand that the quicker we can move to protect privacy.

Labels: Burton Group, privacy, social networks

Posted 9:39 AM (0) comments

verification: All a Twitter

Twitter news is usually well below my radar, but today's post on the Twitter Blog does deserve some comment.

It seems that Twitter will be rolling out a "verification service" this summer as a way to combat celebrity (and other) impersonators. Why the impersonations should be a problem (since most that I've heard of are patently obvious fakes), I don't know. Except, of course, that Twitter could be sued (and has been) for allowing them.

While the verification service is being rolled out, Twitter advises: "Another way to determine authenticity is to check the official web site of the person for a link back to their Twitter account." That's provided, of course, that the "official" web site has been properly verified!

Not everyone will get the "Verified by Twitter" mark, though, as "...due to the resources required, verification will begin only with a small set." But we are assured that "The experiment will begin with public officials, public agencies, famous artists, athletes, and other well known individuals at risk of impersonation." I'll be waiting for my invitation...

Labels: humor, reputation, social networks, verification

Posted 9:40 PM (0) comments

Makes me look nice...

The Register's Ted Dziuba makes me look like a group-hugging flower-child with his latest story ("OpenSocial, OpenID, and Google Gears: Three technologies for history's dustbin"):

"What about OpenID, the best damned federated authentication scheme the world has ever seen, but nobody in the world can figure out how to use?"

or

"This situation gets really dangerous when you start to involve people from San Francisco. Every person who lives in San Francisco has the intention of starting a nonprofit organization of some sort. Therefore, if you collect a bunch of Web 2.0 engineers in San Francisco, the inevitable outcome is the OpenSocial Foundation: a nonprofit organization that only exists to support an API for programming social network applications."

Peace and love, children.

Labels: Google, openid, social networks

Posted 8:33 AM (2) comments

Whose data is it?

The Burton Group's Bob Blakley has a great post ("Antisocial Networking") today about the Facebook-Scoble story. The essence (or, at least one essence) of Bob's note is that relationships are a different order of data from attributes. As he says:

"Even the fact of your relationship with Scoble is not Scoble’s property, it is common property, like the kids in a joint custody arrangement. Both you and Scoble are obligated by the laws of relation here and here to treat the fact that you have a relationship, and also the details of the relationship, according to certain understandings and social conventions. If you don’t believe this, meditate on whether you think it would be OK for adultfriendfinder.com, match.com, and linkedin to share friend lists. The information Scoble tried to take out of Facebook is NOT Scoble’s property; it is relationship information. Scoble is not free to do whatever he pleases with relationship information; if he violates social understandings and conventions by disclosing the existence of or certain information about his relationship with you in the wrong context, he may embarrass or endanger you, and he will certainly endanger the relationship."

And that's what it's all about.

Of course, not all relationships are reciprocal. I have a relationship with Edith Piaf - I'm a great admirer of her singing. The relationship isn't reciprocated, of course, and not only because she's been dead for many years. But I also have a relationship with the very lively Tom Hanks, of whom I'm a fan. I don't think Tom is one of my regular readers, though, so I doubt the "fan" relationship is reciprocated.

Human relationships may need to be classified similarly to mathematical transitivity. There are:

• reciprocal relationships (e.g., a is friends with b and b is friends with a);
• non-reciprocal relationships (e.g., a is a fan of b but b is not a fan of a);
• relatively reciprocal relationships (e.g., a is father to b, b is daughter to a); and
• asymmetric relationships (e.g., a loves b, b can't stand a).

Some of these relationships will need joint permission for publication, some won't. Some will allow unidirectional publication, some will require it. It's not going to be easy, it's not going to happen soon, but a relationship calculus is going to be necessary for this to work at all.

Labels: attributes, ownership, relationship, social networks

Posted 5:42 PM (0) comments

Promulgating the social graph

Julian Sanchez, over at Techdirt gets it while many in the identity community - and even more who are involved in social networking - don't.

"Intuitively, it makes sense for users to be able to make whatever use they please of information about their own social networks. But in a social network, "your" information is someone else's as well."

Exactly!

The point about relationship data is that there is a relationship. And a relationship, like a contract, has two sides (well, it could have more - but that's kinky). Both sides need to be involved in the decision to distribute the relationship data. Both sides need to agree. Unless, of course, the whole "friendship" is one way. But imaginary relationships are best had with imaginary friends...

Labels: social networks, user centric

Posted 8:25 AM (1) comments

More on ownership

David Recordon has now further developed the ideas ("We Are Opening the Social Graph") first presented in the "Thoughts on the Social Graph" manifesto he wrote along with Brad Fitzpatrick. It's an important work, but begins with a flaw which may, ultimately, prove fatal.

"Your lists of friends and connections on the social websites that you use, sometimes called your social graph, belongs to you. No one company should own who you know and how you know them."

This is a strawman argument, though, as no company claims to own this data. And, in fact, there can be no ownership of what amounts to, simply, a group of facts. What companies do own, however, are the tools for constructing the graph. And, I fear, too many will see the tools - and their output - and claim it as their own.

But consider this analogy:

You take your dirty clothes to the laundromat. You wash them in the washers there, then dry them in the dryers. The laundromat doesn't claim 'ownership' of your clothing (either dirty or clean), but neither can you claim 'ownership' of the cleaning process nor of the equipment (the 'tools') used to do the cleaning. You pay the laundromat for the use of their tools and processes and , in return, you're presented with clean clothes. The "cleanliness" was always present in the clothes, it simply needed some processing to bring it out.

So, too, your friends and relationships need processing in order to form a rational 'social graph'. You can pay some company (either in cash or in kind) to do that for you (like the laundromat) or you can buy or "roll your own" tools to do so (just as you can buy your own washer and dryer).

The sooner we can get away from the disastrous "ownership" meme, the sooner we can get to the fun and interesting parts of identity.

Labels: identity, ownership, social networks

Posted 4:27 PM (0) comments

Yenta, the "social graph"

Brad Fitzpatrick & David Recordon have issued a manifesto called "Thoughts on the Social Graph," where that is defined as the global mapping of everybody and how they're related (see this Wikipedia entry for more detail).

Brad & David decry the effort needed to involve your friends, family, acquaintances, etc. in the activities presented by the Next Big Thing in social networks - whether that's aggregating current thoughts, current locations, current activities, etc. As they say, not only do you have to fill in all of your personal details at each new site:

"You also have to have usernames, passwords (or hopefully you use OpenID instead), a way to invite friends, add/remove friends, and the list goes on. So generally you have to ask for email addresses too, requiring you to send out address verification emails, etc. Then lost username/password emails. etc, etc. If I had to declare the problem statement succinctly, it'd be: People are getting sick of registering and re-declaring their friends on every site."

What they're proposing is a service (open source, at that):

"...which collects, merges, and redistributes the graphs from all other social network sites into one global aggregated graph. This is then made available to other sites (or users) via both public APIs (for small/casual users) and downloadable data dumps, with an update stream / APIs, to get iterative updates to the graph (for larger users)".

But, as I've said before, I don't want to aggregate every relationship I have. I especially don't want to aggregate them where the whole world (or even just that part I'm "related" to, i.e. all the members of my 'social graph') can see all of my relationships!

There's a reason why people create different personas for different on-line communities - they really do wish to keep parts of their life seperate from other parts. Do I really want my children to know how I interact with my work-related friends? Do I want all of my clients to figure out who my other clients are? Do I really want the feds to be able to easily create a dossier of all my contacts? No. No. And, um, definitely no.

The portable relationship graph is a nice idea, but only when all parties to each relationship agree to the port.

Labels: openid, social networks