Is it time to revive the Bill of Rights for Users of the Social Web?

September 25, 2011 | 2 comments

DataSharingSummit group photo

In some ways, the web industry seems to have lost its way. From empowering users and smashing incumbent gatekeepers, the emphasis is now on how to raise the next round of funding and convert active users into their maximum possible value..

My piece about Facebook, contextual identity and radical transparency continues to get a lot of attention, and the conversation continues. Dave Winer urged his readers to log out of Facebook, and Nik Cubrilovic countered that logging out doesn’t help. In short, when you log out, Facebook continues to remember who you are, and your account details are still sent whenever you access a Facebook resource (like a page or facebook.com or a Like button anywhere). He goes on to say that:

Privacy today feels like what security did 10-15 years ago – there is an awareness of the issues steadily building and blog posts from prominent technologists is helping to steamroll public consciousness. The risks around privacy today are just as serious as security leaks were then – except that there is an order of magnitude more users online and a lot more private data being shared on the web.

It’s clear that privacy is becoming a business factor as well as something that some of us care about from an ethical standpoint, and that’s in large part due to Facebook bringing it to the public’s attention. I’m reminded of the Bill of Rights for Users of the Social Web, from 2007, which many of us signed as part of Marc Canter’s Data Sharing Summit. It was intended to address many of these issues before they became wider problems.

The meat of the Bill of Rights is:

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

Ownership of their own personal information, including: their own profile data; the list of people they are connected to; the activity stream of content they create;

Control of whether and how such personal information is shared with others; and

Freedom to grant persistent access to their personal information to trusted external sites.

At the meeting, a large and influential (at the time) web corporation suggested that the word “ownership” was a step too far, and that it should be enough for users to simply have control. Since then, I think it’s become acceptable to suggest that users own their data (as in the course of using a web service, a reasonable person would assume that he or she already does); instead, web services are granted an irrevocable license to use it.

Given this, and given the conversations we’ve been having as a community, perhaps the time is right to revive aspects of this document, and bring it up to date for 2011?

Photo: the Data Sharing Summit group, September 8, 2007. A prize for the first person to identify 90% of the people in the picture.

The Facebook Timeline is the nearest thing I’ve seen to a digital identity (and it’s creepy as hell)

September 23, 2011 | 48 comments

As an application developer, I have advance access to the Facebook Timeline that Mark Zuckerberg announced yesterday. Here it is:

Facebook timeline: main

At first glance, it’s a rather beautiful replacement for the social media profiles we’ve been using since forever. Rather than simply listing your latest content, the timeline allows any visitor to browse your life, literally from birth to the present day. (If you scroll down to the bottom, Facebook prompts you to add a baby photo. Aww.)

This definitely changes the paradigm for social media profiles. As Channel 4 News’s Benjamin Cohen says:

It’s interesting from a personal perspective to look back at the past five years but there’s so much that I wouldn’t want someone else to be reading. It seems like too much information about me for people to be able to discover. While it’s been possible for people to access my photographs from years ago, in a sense they were out of context. Now you can see context because of the posts I made myself and those made by my friends on my wall.

Facebook allows you to connect with an increasing number of sites and applications using your Facebook identity. You can write documents, share what you’re reading, play games, and so on – and for most people, this has been a welcome feature. Everything is controlled from one place, with one username and password, and it’s easier than OpenID. Great!

Facebook timeline: 2006Except now, when someone clicks through from anywhere on the web that uses Facebook Connect to see your profile, they’ll really see you: your life in context. It’s a contextual identity; something you won’t get from a real name, a passport, an ID card, or even a DNA profile. Whereas previously profiles were a collection of hand-picked pieces of information coupled with some things you’d shared recently, now you’ll see wedding photos, pictures of drunken nights on the town four years ago, and perhaps a status update you made when you were hurt and upset after something you’ve long forgotten that happened in 2006 – mixed up with more professional status updates and links, of course.

On one level, it’s brilliant. On another, it’s undeniably, pervasively creepy, to a level we’ve hitherto been unprepared for in human society. These things are designed to be forgotten, but with the Facebook Timeline, much of your life is all but indelible, published front and center until you go through each item individually and hide or delete it.

Nobody’s forced to use Facebook, of course, although for many it’s pretty much a mandatory part of the social experience. What worries me is the trend of radical transparency and social context throughout the web software industry, where it’s expected that everyone will share their lives unless they’ve got something to hide. On the surface, for white males like me living in California, there’s a lot to be said for this on an individual level; don’t lie, be up-front, wear your intentions and motivations on your sleeve. But ultimately the decision about what to share has to be the individual’s – if you don’t feel like sharing something, don’t. Radically transparent interfaces are designed in a way that leads to a kind of peer pressure for disclosure: everyone else is sharing information about A, B and C, so why are you being so evasive?

Furthermore, there’s something particularly jarring about squeezing emotional life events into a social database. Facebook has become a social operating system. Where “social” means “sharing pages, files and resources through electronic means,” that’s great: a much-needed step forward. Where it refers to relationships between human beings, it’s not required, and the idea of placing these things into neat, centrally-defined categories is distasteful.

Facebook Timeline: lost a loved one?

The case for allowing users to control not just their digital identities, but the platform that defines and stores their digital identities, is stronger than ever.

Update: I was quoted about the Facebook Timeline in the New York Times.

Does open source exclude high-context cultures?

September 21, 2011 | Leave a comment

Something to think about for anyone starting any online community:

High context cultures value personal relationships over process. You have to know someone before you can trust them and work with them. They also tend to be less explicit and rely more on tone of voice, gestures and even status to communicate. Typically Asian countries are more high context than Western countries. Think Korea and Japan.

[...] So if you start a project and send email to a bunch of folks and ask them to just jump in and contribute, which group do you think will get going more quickly? The low context culture folks.

Interesting comments, too.

Building a responsible online community for pulmonary fibrosis: real names won’t cut it here

In my spare time, I’m building an independent community for idiopathic pulmonary fibrosis (IPF) researchers, doctors, sufferers and their families. IPF is a degenerative lung disease which builds up scar tissue over time, restricting the patient’s ability to breathe. It’s generally fatal and has no cure. My idea is to promote the discussion of the facts behind the illness, and approaches that have worked for different people. (Even things like, what’s the best oxygen generator?)

My aim is to release the community this Saturday, to sit in line with Pulmonary Fibrosis Awareness Week (which is all this week), but I’m rebooting it, and my day job requires significant attention, so there’s a good chance it may slip. It’ll be ready when it’s ready – but I wish I could put it out there today.

Obviously, it needs to be easy to use, even for very non-technical people. It has to be accessible, work on older browsers, take a very short amount of time to participate in, and so on. I have one big ground rule, which has been hard to fulfill with existing platforms:

An identity spectrum.

On one side of the coin, medical insurance in the US is a mess, and I don’t want participation in the community to adversely affect anyone’s ability to get medical attention. For this reason, pseudonyms should be allowed. Furthermore, while passwords are generally hashed so that nobody can gain access to them, I want to do this with email addresses. Because most people like to email the heck out of their users, nothing out there supports this.

On the other side of the coin, the doctors and researchers involved in the community need to be trusted – so I think verified identities are good idea, with a simple, manual, offline verification procedure.

In other words, users have control over how much or how little they share. If they want to receive email updates, they understand that their email address will be stored on the community servers; otherwise it won’t be. On the other side, if they want to publicly verify that they are, indeed, who they say they are, that’s fine too. And somewhere in the middle, people can choose to share selected information about themselves, either publicly or to other users.

This is very different to the work I do for my day job, or the decentralized social web I often advocate for. Privacy, choice over identity and the ability to feel protected when (literally) talking about matters of life and death are important.

I will, of course, make my work available to the community.

NB: this was originally published over on Google+, and there’s a great conversation developing over there.

Next Page »