Imagine this: identity computing

October 25, 2012 | Leave a comment

I originally wrote this over on Google+.

I’m sat at my laptop, which has a monitor attached via a digital connection. On the other side of my desk is my phone, and a tablet.

That’s the setup I actually have right now, as I’m writing this. But all these devices (monitor aside) are connected to the Internet, rather than each other. And they’re mostly incompatible. What if they all knew about each other in relation to each other’s position? And what if they were part of one big, decentralized, identity-aware system?

I pull up my email, and with one mid-air gesture – swipe – it swooshes across to my second monitor. I grab a document, and with another gesture – swipe – it lands on my tablet. Finally, I take the project I’m working on, for example source code in an IDE, and with another gesture – swipe – it’s on my phone.

They’re all talking to each other as a mesh network, and because they’re all my devices, I can move applications to them with no problem, my computer and datastore always acting as the central hub, with authentication handled through my saved identity information.

Then you walk up holding a device (a phone, or a tablet), and I want to share that document with you. Swipe, thumbs up – after a gesture and a confirmation by both of us, you have the information running on your screen. I might revoke it later, but for now, you can read it and make suggestions. (And no, that thumbs up isn’t the default gesture, but I’m a cheeseball, and I like giving my data the thumbs up.)

You walk away, and your device switches seamless from the proximity mesh network to using the Internet to access the data and keep it synchronized. I decide to go for lunch, so I pick up my phone. My other devices lock down. While I’m at lunch, I can still check out all my data and applications through my phone, using my Internet connection. And as I walk back to my desk, my other devices unlock. I see that my colleague has used my laptop while I was away, but that’s cool; it will have used their phone as their identity, and they will have seen their own applications and data. In fact, these days I use my phone to authenticate everywhere – although I can choose any one of my devices to be my primary identity. I can pick a couple as secondaries, too, and I can always nominate a new primary if I lose or change my phone. And of course, this is my work ID; I can flip over to my personal ID, or a pseudonymous ID, if I need to. Depending on the permissions, I can even share data, applications and resources between IDs. (My work ID doesn’t let me do that, but I can certainly set my main personal ID and my pseudonym ID to share some stuff.)

Now that I’m back at my desk, I see that you’ve made some changes to the document. I accept them, revoke access, and swipe you a new document. Even though you’re not nearby, the Internet allows me to act as if you are. It’s as useful as it ever was, but it’s more of a long-range extender for my personal network, and a backup, than the place where I always live.

There’s no need for my applications to live in “the cloud”, although they could. But identity-aware decentralized computing gives me the freedom to share with the people I need to, on the devices that make sense at the time, in the place that makes sense at the time. My applications are smart enough to decouple form from function, so they adapt to the screen and capabilities of my choice (and the operating platform handles a lot of the heavy lifting here, making sure interfaces are consistent – and adhere to my settings – in the process). And my data can live anywhere I need it to.

You need to be wearing Google goggles to think this is a good idea

April 4, 2012 | 1 comment

Today, Google released this video of Google Glass, an augmented reality project:

Beautiful, right? It’s a virtual assistant that sticks with you wherever you go.

Exciting features debuted in the video include:

  • Automatic geo-tracking of both you and your friends.
  • Seamless photo-taking and live video broadcasting from anywhere you can put your head.
  • A head-up display that occupies some of the visual channel.
  • Everything you see – your visual reality – is augmented through a single company.
  • You are continuously recording information about the people around you as well as yourself.

Okay, I confess: by beautiful, I meant scary. Leaving aside the implications of having our ambient information spoon-fed to us rather than discerned through inference and discovery, this project opens an ethical can of worms, and asks important questions about Silicon Valley’s attitude towards other peoples’ privacy.

Indeed, traditionally, this isn’t a can of worms that Silicon Valley has been very good at dealing with. Android phones encourage you to link your friends’ accounts together, joining their Facebook details to their Google details, for example. There hasn’t been a strong line between information that is yours, information about you that you’re happy to share, and information that you’re gathering about other people. It seems clear to me that people should know what they’re sharing about themselves, should have to opt in to do so, and should not be able to share personal information about other people without those people opting in. That doesn’t seem to be an opinion that Silicon Valley shares with me. Most free services are a Katamari-like information-gathering free-for-all.

I’m a fan of many, many things that Google does, and kudos to the product team that’s putting Google Glass together. It’s a very significant achievement. But from a social perspective, there’s a lot of work still to be done.

Identity is the operating system

January 15, 2012 | Leave a comment

"Dude, you can make calls on your camera?!" (photo by @troy)I’ve got a phone number: +1 (312) 488-9373. Feel free to call or text it.

If I’m walking around, you’ll get me on my Samsung Galaxy S II. If I’m in transit (but not driving), you’ll probably get me on my iPad. If I’m at my desk, I’ll answer and take the whole call through my laptop. For you, the experience of contacting me will be exactly the same (give or take some background noise). For me, the experience fits my context: I can make and receive calls and texts on any of my devices. The same is true for email.

Consumption works the same way. All my important files are stored on Dropbox. If I need to get at something – for example, a work-in-progress piece of writing, or a receipt – I can pick up any of my Internet-connected devices and grab the contents. Similarly, my notes, which I take through Evernote: I can create and consume these anywhere.

A final example: I love movies. Watching them at the theater is still magical for me, but I also enjoy them elsewhere, depending on what kind of movie it is. (My favorite streamable new release right now is Midnight in Paris. A great film.)

At home, I use my dedicated media PC to play through a sound system and flat-screen monitor. It’s not perfect, but it works. Elsewhere, I might use my laptop or my iPad. On the road, I can play the same movie through the same service on my phone, or I may be able to take a downloaded version for offline consumption.

So far, so obvious. These are all known use cases that demonstrate why the consumer Internet is so powerful. But I have a question:

Shouldn’t applications, services and content be sold to me, instead of my devices?

Right now, I have to set each of my services up on each of my devices, and tell them to use the same account. That sometimes doesn’t work perfectly: for some reason, for example, I seem to have two Path accounts – one for my US handset, and one for my UK handset. I’m not sure how this happened.

Ideally, I want to sign up:

  1. Once for each device, to tell them that I own it, and where I store my identity.
  2. Once more for each service or application, to associate them with my identity.
  3. The filesystem would be networked and bound to the identity. So rather than storing it on its own infrastructure, Evernote would save notes to my filesystem, which could potentially be accessed by other networked software.
  4. Each identity would have an Internet-accessible unique identifier and point of entry.

The applications would then automagically become available on each of my devices. Crucially, when I go to buy or rent Midnight in Paris, it then is also available on all of my devices, because I’m renting via my identity rather than any one device. For the next 24 hours, say, I can stream the movie wherever is most convenient. If I buy a license for Microsoft Office, then it is licensed to my identity and I can use it on any of my devices.

This is literally a per-seat model for selling software. It makes buying and consuming simple, and will reduce piracy.

So here’s a follow-on question. It’s a dull-sounding one, but bear with me:

Wouldn’t this make enterprise provisioning dramatically easier?

Right now, system administrators in enterprise environments push software over their networks, and often refuse to allow non-approved hardware onto their infrastructure in order to make this easier. In an identity-centric model, though, where applications are delivered using Internet technologies:

  1. Software would be provisioned to identities rather than machines.
  2. The available identity domains and software on any given network could be locked down as appropriate (so, for example, I could bring in my smartphone but only use a sanctioned identity with it if I wanted to connect to the local network).

Wouldn’t this make consumer applications dramatically less annoying?

For me, the answer is “yes”. I don’t want to care about my devices and their capabilities, and I’m a CTO with a computer science degree. End users want their software to seamlessly “just work”, and they want to seamlessly be able to move content from one machine to another, or share to another person no matter what that thing happens to be, or where their data is stored. Right now, operating systems have become gatekeepers: bottlenecks that get in the way of users.

For me, this is the real application of a decentralized social web. It’s not just about sending messages around – it’s about using the Internet to create a fabric of interdependent applications where we retain control of our data (those identities and networked filesystems could be anywhere) while enjoying a simpler experience. Application providers and content owners sell more of their products, because they’re easier to consume, everyone loves their devices that little bit more, and every new product sold becomes a window onto a much bigger, connected ecosystem that is greater than the sum of its parts.

Photo by Troy Holden, released under a Creative Commons license.

Is it time to revive the Bill of Rights for Users of the Social Web?

September 25, 2011 | 2 comments

DataSharingSummit group photo

In some ways, the web industry seems to have lost its way. From empowering users and smashing incumbent gatekeepers, the emphasis is now on how to raise the next round of funding and convert active users into their maximum possible value..

My piece about Facebook, contextual identity and radical transparency continues to get a lot of attention, and the conversation continues. Dave Winer urged his readers to log out of Facebook, and Nik Cubrilovic countered that logging out doesn’t help. In short, when you log out, Facebook continues to remember who you are, and your account details are still sent whenever you access a Facebook resource (like a page or or a Like button anywhere). He goes on to say that:

Privacy today feels like what security did 10-15 years ago – there is an awareness of the issues steadily building and blog posts from prominent technologists is helping to steamroll public consciousness. The risks around privacy today are just as serious as security leaks were then – except that there is an order of magnitude more users online and a lot more private data being shared on the web.

It’s clear that privacy is becoming a business factor as well as something that some of us care about from an ethical standpoint, and that’s in large part due to Facebook bringing it to the public’s attention. I’m reminded of the Bill of Rights for Users of the Social Web, from 2007, which many of us signed as part of Marc Canter’s Data Sharing Summit. It was intended to address many of these issues before they became wider problems.

The meat of the Bill of Rights is:

We publicly assert that all users of the social web are entitled to certain fundamental rights, specifically:

Ownership of their own personal information, including: their own profile data; the list of people they are connected to; the activity stream of content they create;

Control of whether and how such personal information is shared with others; and

Freedom to grant persistent access to their personal information to trusted external sites.

At the meeting, a large and influential (at the time) web corporation suggested that the word “ownership” was a step too far, and that it should be enough for users to simply have control. Since then, I think it’s become acceptable to suggest that users own their data (as in the course of using a web service, a reasonable person would assume that he or she already does); instead, web services are granted an irrevocable license to use it.

Given this, and given the conversations we’ve been having as a community, perhaps the time is right to revive aspects of this document, and bring it up to date for 2011?

Photo: the Data Sharing Summit group, September 8, 2007. A prize for the first person to identify 90% of the people in the picture.

Next Page »